urlscan.io logo urlscan.io
SecurityTrails logo

winning-wizard.com Open in urlscan Pro
2606:4700:3034::6815:5fc2  Public Scan

Go To Rescan Add Verdict Report
URL: https://winning-wizard.com/
Submission: On December 30 via manual from HK — Scanned from CH
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 39 IPs in 7 countries across 21 domains to perform 266 HTTP transactions. The main IP is 2606:4700:3034::6815:5fc2, located in United States and belongs to CLOUDFLARENET, US. The main domain is winning-wizard.com.
TLS certificate: Issued by GTS CA 1P5 on November 8th 2023. Valid for: 3 months.
This is the only time winning-wizard.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
18 2606:4700:303... 13335 (CLOUDFLAR...)
8 192.0.77.37 2635 (AUTOMATTIC)
4 2a00:1450:400... 15169 (GOOGLE)
3 2606:4700:10:... 13335 (CLOUDFLAR...)
43 2a00:1450:400... 15169 (GOOGLE)
11 192.0.77.2 2635 (AUTOMATTIC)
2 192.0.76.3 2635 (AUTOMATTIC)
1 2606:4700:10:... 13335 (CLOUDFLAR...)
3 2a00:1450:400... 15169 (GOOGLE)
1 54.39.156.32 16276 (OVH)
1 15 2a00:1450:400... 15169 (GOOGLE)
1 2 63.34.161.226 16509 (AMAZON-02)
30 2a00:1450:400... 15169 (GOOGLE)
5 2a00:1450:400... 15169 (GOOGLE)
4 37.157.6.237 198622 (ADFORM)
6 9 142.250.184.194 15169 (GOOGLE)
5 11 104.18.36.155 13335 (CLOUDFLAR...)
14 2a00:1450:400... 15169 (GOOGLE)
4 2a00:1450:400... 15169 (GOOGLE)
2 184.30.17.67 16625 (AKAMAI-AS)
1 142.251.173.156 15169 (GOOGLE)
1 2600:9000:223... 16509 (AMAZON-02)
7 2600:1f18:1ac... 14618 (AMAZON-AES)
1 172.217.16.134 15169 (GOOGLE)
6 37.157.2.249 198622 (ADFORM)
2 216.58.212.162 15169 (GOOGLE)
1 23.108.101.160 59253 (LEASEWEB-...)
22 2a00:1450:400... 15169 (GOOGLE)
4 142.250.185.194 15169 (GOOGLE)
1 2600:9000:226... 16509 (AMAZON-02)
2 2606:4700::68... 13335 (CLOUDFLAR...)
10 52.209.50.140 16509 (AMAZON-02)
2 108.128.186.239 16509 (AMAZON-02)
1 2a00:1450:400... 15169 (GOOGLE)
1 54.73.206.118 16509 (AMAZON-02)
4 2600:9000:243... 16509 (AMAZON-02)
1 2600:9000:215... 16509 (AMAZON-02)
20 192.229.202.7 15133 (EDGECAST)
266 39
18    2606:4700:3034::6815:5fc2 (United States)

ASN13335 (CLOUDFLARENET, US)
winning-wizard.com
8    192.0.77.37 (San Francisco, United States)

ASN2635 (AUTOMATTIC, US)
PTR: wordpress.com
c0.wp.com
4    2a00:1450:4001:831::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.googleapis.com
3    2606:4700:10::ac43:2794 (United States)

ASN13335 (CLOUDFLARENET, US)
static.addtoany.com
43    2a00:1450:4001:829::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
pagead2.googlesyndication.com
11    192.0.77.2 (San Francisco, United States)

ASN2635 (AUTOMATTIC, US)
PTR: i0.wp.com
i0.wp.com
2    192.0.76.3 (San Francisco, United States)

ASN2635 (AUTOMATTIC, US)
stats.wp.com
pixel.wp.com
1    2606:4700:10::6814:5063 (United States)

ASN13335 (CLOUDFLARENET, US)
s10.histats.com
3    2a00:1450:4001:829::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.gstatic.com
1    54.39.156.32 (Québec, Canada)

ASN16276 (OVH, FR)
PTR: ns562579.ip-54-39-156.net
s4.histats.com
15    2a00:1450:4001:806::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
googleads.g.doubleclick.net
2    63.34.161.226 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-63-34-161-226.eu-west-1.compute.amazonaws.com
fw.adsafeprotected.com
30    2a00:1450:4001:81c::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
tpc.googlesyndication.com
5    2a00:1450:4001:82a::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.googletagservices.com
4    37.157.6.237 (Denmark)

ASN198622 (ADFORM, DK)
track.adform.net
9    142.250.184.194 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s11-in-f2.1e100.net
cm.g.doubleclick.net
11    104.18.36.155 (None, )

ASN13335 (CLOUDFLARENET, US)
dsum-sec.casalemedia.com
14    2a00:1450:4001:830::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fundingchoicesmessages.google.com
4    2a00:1450:4001:830::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.gstatic.com
2    184.30.17.67 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a184-30-17-67.deploy.static.akamaitechnologies.com
widgets.outbrain.com
1    142.251.173.156 (United States)

ASN15169 (GOOGLE, US)
PTR: wi-in-f156.1e100.net
bid.g.doubleclick.net
1    2600:9000:223f:8a00:8:48e:53c0:93a1 (United States)

ASN16509 (AMAZON-02, US)
static.adsafeprotected.com
7    2600:1f18:1aca:4282:3137:249d:649b:b354 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
dt.adsafeprotected.com
1    172.217.16.134 (United States)

ASN15169 (GOOGLE, US)
PTR: fra15s46-in-f6.1e100.net
ad.doubleclick.net
6    37.157.2.249 (Denmark)

ASN198622 (ADFORM, DK)
s1.adform.net
2    216.58.212.162 (United States)

ASN15169 (GOOGLE, US)
PTR: ams15s22-in-f162.1e100.net
www.googleadservices.com
1    23.108.101.160 (Jurong Town, Singapore)

ASN59253 (LEASEWEB-APAC-SIN-11 Leaseweb Asia Pacific pte. ltd., SG)
b1t-sindc1.zemanta.com
22    2a00:1450:4001:830::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
s0.2mdn.net
4    142.250.185.194 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s52-in-f2.1e100.net
googleads4.g.doubleclick.net
1    2600:9000:2260:4600:5:98ca:e7c0:93a1 (United States)

ASN16509 (AMAZON-02, US)
creative-libraries.lemonpi.io
2    2606:4700::6811:190e (United States)

ASN13335 (CLOUDFLARENET, US)
cdnjs.cloudflare.com
10    52.209.50.140 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-209-50-140.eu-west-1.compute.amazonaws.com
content.lemonpi.io
2    108.128.186.239 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-108-128-186-239.eu-west-1.compute.amazonaws.com
log.lemonpi.io
1    2a00:1450:4001:81c::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google.com
1    54.73.206.118 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-73-206-118.eu-west-1.compute.amazonaws.com
track.ghgjarvis.com
4    2600:9000:243d:ba00:f:7bbd:36c0:93a1 (United States)

ASN16509 (AMAZON-02, US)
assets.lemonpi.io
1    2600:9000:2156:fe00:1:5992:c8c0:93a1 (United States)

ASN16509 (AMAZON-02, US)
image.lemonpi.io
20    192.229.202.7 (United States)

ASN15133 (EDGECAST, US)
mediaservice.audi.com
Apex Domain
Subdomains		 Transfer
73 googlesyndication.com
pagead2.googlesyndication.com — Cisco Umbrella Rank: 102
tpc.googlesyndication.com — Cisco Umbrella Rank: 148
1 MB
30 doubleclick.net
googleads.g.doubleclick.net — Cisco Umbrella Rank: 33
cm.g.doubleclick.net — Cisco Umbrella Rank: 219
bid.g.doubleclick.net — Cisco Umbrella Rank: 840
ad.doubleclick.net — Cisco Umbrella Rank: 139
googleads4.g.doubleclick.net — Cisco Umbrella Rank: 515
211 KB
22 2mdn.net
s0.2mdn.net — Cisco Umbrella Rank: 300
2 MB
21 wp.com
c0.wp.com — Cisco Umbrella Rank: 8588
i0.wp.com — Cisco Umbrella Rank: 3858
stats.wp.com — Cisco Umbrella Rank: 2814
pixel.wp.com — Cisco Umbrella Rank: 2796
154 KB
20 audi.com
mediaservice.audi.com — Cisco Umbrella Rank: 117633
2 MB
18 lemonpi.io
creative-libraries.lemonpi.io — Cisco Umbrella Rank: 12681
content.lemonpi.io — Cisco Umbrella Rank: 11742
log.lemonpi.io — Cisco Umbrella Rank: 11978
assets.lemonpi.io — Cisco Umbrella Rank: 14626
image.lemonpi.io — Cisco Umbrella Rank: 16079
341 KB
18 winning-wizard.com
winning-wizard.com
54 KB
15 google.com
fundingchoicesmessages.google.com — Cisco Umbrella Rank: 1404
www.google.com — Cisco Umbrella Rank: 2
72 KB
11 casalemedia.com
dsum-sec.casalemedia.com — Cisco Umbrella Rank: 578
6 KB
10 adform.net
track.adform.net — Cisco Umbrella Rank: 4289
s1.adform.net — Cisco Umbrella Rank: 8194
234 KB
10 adsafeprotected.com
fw.adsafeprotected.com — Cisco Umbrella Rank: 900
static.adsafeprotected.com — Cisco Umbrella Rank: 602
dt.adsafeprotected.com — Cisco Umbrella Rank: 567
108 KB
7 gstatic.com
fonts.gstatic.com
www.gstatic.com
128 KB
5 googletagservices.com
www.googletagservices.com — Cisco Umbrella Rank: 206
322 KB
4 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 29
3 KB
3 addtoany.com
static.addtoany.com — Cisco Umbrella Rank: 3986
29 KB
2 cloudflare.com
cdnjs.cloudflare.com — Cisco Umbrella Rank: 204
62 KB
2 googleadservices.com
www.googleadservices.com — Cisco Umbrella Rank: 138
2 outbrain.com
widgets.outbrain.com — Cisco Umbrella Rank: 2138
15 KB
2 histats.com
s10.histats.com — Cisco Umbrella Rank: 15174
s4.histats.com — Cisco Umbrella Rank: 14862
5 KB
1 ghgjarvis.com
track.ghgjarvis.com — Cisco Umbrella Rank: 95818
151 B
1 zemanta.com
b1t-sindc1.zemanta.com — Cisco Umbrella Rank: 33388
151 B
266 21
Domain Requested by
43 pagead2.googlesyndication.com winning-wizard.com
pagead2.googlesyndication.com
googleads.g.doubleclick.net
tpc.googlesyndication.com
fw.adsafeprotected.com
s0.2mdn.net
www.googletagservices.com
30 tpc.googlesyndication.com googleads.g.doubleclick.net
www.gstatic.com
tpc.googlesyndication.com
winning-wizard.com
s0.2mdn.net
pagead2.googlesyndication.com
22 s0.2mdn.net winning-wizard.com
s0.2mdn.net
s1.adform.net
20 mediaservice.audi.com
18 winning-wizard.com winning-wizard.com
15 googleads.g.doubleclick.net 1 redirects pagead2.googlesyndication.com
googleads.g.doubleclick.net
14 fundingchoicesmessages.google.com pagead2.googlesyndication.com
11 dsum-sec.casalemedia.com 5 redirects googleads.g.doubleclick.net
11 i0.wp.com winning-wizard.com
10 content.lemonpi.io creative-libraries.lemonpi.io
s0.2mdn.net
9 cm.g.doubleclick.net 6 redirects googleads.g.doubleclick.net
8 c0.wp.com winning-wizard.com
7 dt.adsafeprotected.com googleads.g.doubleclick.net
6 s1.adform.net track.adform.net
s1.adform.net
winning-wizard.com
5 www.googletagservices.com googleads.g.doubleclick.net
4 assets.lemonpi.io
4 googleads4.g.doubleclick.net winning-wizard.com
4 www.gstatic.com googleads.g.doubleclick.net
4 track.adform.net googleads.g.doubleclick.net
s1.adform.net
4 fonts.googleapis.com winning-wizard.com
googleads.g.doubleclick.net
tpc.googlesyndication.com
s0.2mdn.net
3 fonts.gstatic.com fonts.googleapis.com
3 static.addtoany.com winning-wizard.com
static.addtoany.com
2 log.lemonpi.io creative-libraries.lemonpi.io
2 cdnjs.cloudflare.com s0.2mdn.net
2 www.googleadservices.com winning-wizard.com
2 widgets.outbrain.com googleads.g.doubleclick.net
2 fw.adsafeprotected.com 1 redirects googleads.g.doubleclick.net
1 image.lemonpi.io cdnjs.cloudflare.com
1 track.ghgjarvis.com
1 www.google.com tpc.googlesyndication.com
1 creative-libraries.lemonpi.io s0.2mdn.net
1 b1t-sindc1.zemanta.com googleads.g.doubleclick.net
1 ad.doubleclick.net googleads.g.doubleclick.net
1 static.adsafeprotected.com googleads.g.doubleclick.net
1 bid.g.doubleclick.net googleads.g.doubleclick.net
1 pixel.wp.com winning-wizard.com
1 s4.histats.com s10.histats.com
1 s10.histats.com winning-wizard.com
1 stats.wp.com winning-wizard.com
266 39

This site contains links to these domains. Also see Links.

Domain
bit.ly
Subject Issuer Validity Valid
winning-wizard.com
GTS CA 1P5		 2023-11-08 -
2024-02-06		 3 months crt.sh
*.wp.com
Sectigo ECC Domain Validation Secure Server CA		 2023-11-28 -
2024-12-28		 a year crt.sh
upload.video.google.com
GTS CA 1C3		 2023-11-20 -
2024-02-12		 3 months crt.sh
static.addtoany.com
E1		 2023-12-27 -
2024-03-26		 3 months crt.sh
*.g.doubleclick.net
GTS CA 1C3		 2023-11-20 -
2024-02-12		 3 months crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2023-05-13 -
2024-05-11		 a year crt.sh
*.gstatic.com
GTS CA 1C3		 2023-11-20 -
2024-02-12		 3 months crt.sh
histats.com
R3		 2023-11-23 -
2024-02-21		 3 months crt.sh
fw.adsafeprotected.com
Amazon RSA 2048 M02		 2023-03-29 -
2024-04-27		 a year crt.sh
tpc.googlesyndication.com
GTS CA 1C3		 2023-11-20 -
2024-02-12		 3 months crt.sh
track.adform.net
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2023-09-06 -
2024-09-19		 a year crt.sh
*.google.com
GTS CA 1C3		 2023-11-20 -
2024-02-12		 3 months crt.sh
*.outbrain.com
DigiCert TLS RSA SHA256 2020 CA1		 2023-12-14 -
2024-12-14		 a year crt.sh
static.adsafeprotected.com
Amazon RSA 2048 M02		 2023-07-07 -
2024-08-04		 a year crt.sh
dt.adsafeprotected.com
Amazon RSA 2048 M02		 2023-05-09 -
2024-06-07		 a year crt.sh
*.doubleclick.net
GTS CA 1C3		 2023-11-20 -
2024-02-12		 3 months crt.sh
*.zemanta.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2023-08-16 -
2024-09-05		 a year crt.sh
www.googleadservices.com
GTS CA 1C3		 2023-11-20 -
2024-02-12		 3 months crt.sh
*.lemonpi.io
Amazon RSA 2048 M02		 2023-06-18 -
2024-07-16		 a year crt.sh
create.choreograph.com
Amazon RSA 2048 M02		 2023-05-12 -
2024-06-09		 a year crt.sh
www.google.com
GTS CA 1C3		 2023-11-20 -
2024-02-12		 3 months crt.sh
*.ghgjarvis.com
Amazon RSA 2048 M02		 2023-09-22 -
2024-10-19		 a year crt.sh
mediaservice.audi.com
GeoTrust TLS RSA CA G1		 2023-08-04 -
2024-08-03		 a year crt.sh

This page contains 29 frames:

Primary Page: https://winning-wizard.com/
Frame ID: 08FB5CA5BE8CA18E19326AAEFD575D9F
Requests: 68 HTTP requests in this frame

Frame: https://static.addtoany.com/menu/sm.24.html
Frame ID: 22F88F64978DCFB4F2D076AFEB06F702
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20231207/r20190131/zrt_lookup_fy2021.html
Frame ID: 513755567EB49953D6D49F382A370611
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5514539878247004&output=html&adk=1812271804&adf=3025194257&lmt=1703838992&plaf=7%3A2&plat=3%3A128%2C4%3A128%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&plas=260x1080_l%7C260x1080_r&format=0x0&url=https%3A%2F%2Fwinning-wizard.com%2F&ea=0&pra=5&wgl=1&easpi=0&asro=0&asiscm=1&aslmt=0.4&asamt=-1&asedf=0&asefa=1&aseiel=1~2~4~6&aslcwct=150&asacwct=25&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1703948437638&bpp=3&bdt=284&idt=237&shv=r20231207&mjsv=m202312070101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=131603339930&frm=20&pv=2&ga_vid=8791465.1703948438&ga_sid=1703948438&ga_hid=680330077&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C31079438%2C31080104%2C95320884&oid=2&pvsid=3836462664446130&tmod=1211932927&uas=0&nvt=1&fsapi=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=1&uci=a!1&fsb=1&dtd=251
Frame ID: 627316518F7100F666CB66FDDE796D9A
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5514539878247004&output=html&h=280&slotname=8337643687&adk=1212762373&adf=854766408&pi=t.ma~as.8337643687&w=950&fwrn=4&fwrnh=100&lmt=1703838992&rafmt=1&format=950x280&url=https%3A%2F%2Fwinning-wizard.com%2F&ea=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1703948437641&bpp=1&bdt=287&idt=253&shv=r20231207&mjsv=m202312070101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=131603339930&frm=20&pv=1&ga_vid=8791465.1703948438&ga_sid=1703948438&ga_hid=680330077&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=325&ady=107&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C31079438%2C31080104%2C95320884&oid=2&pvsid=3836462664446130&tmod=1211932927&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&fsb=1&dtd=256
Frame ID: 78A7B65F36124A51D043B3C213610475
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5514539878247004&output=html&h=280&slotname=8337643687&adk=3925734055&adf=1310535254&pi=t.ma~as.8337643687&w=625&fwrn=4&fwrnh=100&lmt=1703838992&rafmt=1&format=625x280&url=https%3A%2F%2Fwinning-wizard.com%2F&ea=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1703948437642&bpp=1&bdt=288&idt=256&shv=r20231207&mjsv=m202312070101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C950x280&nras=1&correlator=131603339930&frm=20&pv=1&ga_vid=8791465.1703948438&ga_sid=1703948438&ga_hid=680330077&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=325&ady=982&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C31079438%2C31080104%2C95320884&oid=2&pvsid=3836462664446130&tmod=1211932927&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&fsb=1&dtd=258
Frame ID: 3728883636153BFF9B3CEE8376FD161A
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5514539878247004&output=html&h=600&slotname=8337643687&adk=2691795975&adf=592498440&pi=t.ma~as.8337643687&w=285&fwrn=4&fwrnh=100&lmt=1703838992&rafmt=1&format=285x600&url=https%3A%2F%2Fwinning-wizard.com%2F&ea=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=4&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1703948437642&bpp=1&bdt=288&idt=266&shv=r20231207&mjsv=m202312070101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C950x280%2C625x280&nras=1&correlator=131603339930&frm=20&pv=1&ga_vid=8791465.1703948438&ga_sid=1703948438&ga_hid=680330077&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=990&ady=412&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C31079438%2C31080104%2C95320884&oid=2&pvsid=3836462664446130&tmod=1211932927&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&cms=2&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=4&uci=a!4&fsb=1&dtd=268
Frame ID: 94D39C9C7048FED4B4DFAA873ADD20EB
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5514539878247004&output=html&h=280&slotname=8337643687&adk=1212762373&adf=54630664&pi=t.ma~as.8337643687&w=950&fwrn=4&fwrnh=100&lmt=1703838992&rafmt=1&format=950x280&url=https%3A%2F%2Fwinning-wizard.com%2F&ea=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1703948437643&bpp=1&bdt=289&idt=269&shv=r20231207&mjsv=m202312070101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C950x280%2C625x280%2C285x600&nras=1&correlator=131603339930&frm=20&pv=1&ga_vid=8791465.1703948438&ga_sid=1703948438&ga_hid=680330077&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=325&ady=3598&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C31079438%2C31080104%2C95320884&oid=2&pvsid=3836462664446130&tmod=1211932927&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=5&uci=a!5&btvi=1&fsb=1&dtd=270
Frame ID: C86ED0DB4FAA2EDDFE1E3AF0B9319C9B
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CNbtueECEMHwhesCGM7bjNwBMAE&v=APEucNXa1ns_n01FgAlwYLG_pGPFYK8iTZs8G7Nno_I3paU3gjJJEmxg44LSLX1PProXp9Mprvxx8NRGQoNWWoLwJrihGvQySw
Frame ID: 4450B482419F98679C75033059B6C646
Requests: 4 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/js/dv3.js
Frame ID: B9B309B6494E3514C75312DB88E46B61
Requests: 27 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CI7aIRDx3jgY3pbHgQIwAQ&v=APEucNVZT1xfpzUssAzuu7eWC4dsikQXvR26rbFWO_iKOlquCMR6HDfaHCsn8dvK5sNzS697zQkD_DY5lxmi5jFkflwP6tpZfg
Frame ID: 75EBCDBA8B213A96250E9C77DBE6EF98
Requests: 4 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/js/dv3.js
Frame ID: 9DBA3576EE07F31633A2B26A9ABD754C
Requests: 20 HTTP requests in this frame

Frame: https://www.gstatic.com/mysidia/e21910fd923a6283b5d44b2382eabc86.js?tag=client_fast_engine_2019
Frame ID: 37B1E2C9BC256F3646F3AB532EB90A89
Requests: 12 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/zrt_lookup_fy2021.html?fsb=1
Frame ID: E9FACCA1819AEF5195EFE3300B8B0656
Requests: 4 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/zrt_lookup_fy2021.html?fsb=1
Frame ID: 70B5532F68DCCDE2933BDB7FB1E7CDAA
Requests: 18 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CLDpvwEQ1Z7BARjonYLjATAB&v=APEucNXJW3Bqy4q2Znph14o_jqLi2FVOk0j0Z9YD9d5jS8JsG94OsB43IhKb2sZ5QLZWU0JVq-1uM2kq7IENdv7vrl-pZkXyiA
Frame ID: A19C19C76ACEECF1C70042DDE4A87F77
Requests: 4 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/13402203902053885324/NORQAIN_Holiday_Season_Google_Ad_970x250_EN.html
Frame ID: 5F0D2B14AAC72E4572590A2636D5929C
Requests: 9 HTTP requests in this frame

Frame: https://widgets.outbrain.com/n2d/widget/widget.js
Frame ID: 222172EB75A431795E4470615D3D2666
Requests: 6 HTTP requests in this frame

Frame: https://static.adsafeprotected.com/sca.17.6.2.js
Frame ID: 760030EF680A44076D1CD5AF151EC9EF
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/62bHydCX.html
Frame ID: 7BB43267F1E1524B64F5A5B2CC62E7B0
Requests: 3 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/1_7gewjyGlqcOFIguOJ5AHUn6L-zJDTVPaBHJ2ADYro.js
Frame ID: 690FB19EA27618A7030AB8617CB9C23F
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/62bHydCX.html
Frame ID: C373510841AEBDE3672584D65179FE87
Requests: 3 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/6581696497198049359/index.html?ev=01_250
Frame ID: 8956D7BCAA0980E76F650C1C166859D0
Requests: 52 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/62bHydCX.html
Frame ID: 89EF241BF7056B0020AA70F914E580B2
Requests: 3 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/9373232566376595456/index.html?e=69&leftOffset=0&topOffset=0&c=j4kNvNO9b6&t=1&renderingType=2&ev=01_250
Frame ID: 438062FB12ED8A9BDF5E3E0BAF124654
Requests: 12 HTTP requests in this frame

Frame: https://s1.adform.net/Banners/Elements/Files/2043002/14061508/14061508.js?ADFassetID=14061508&bv=258
Frame ID: 48C740673EE0E1BB72800EE979756659
Requests: 5 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/Dtt_-LR3WxpzwV0Gscftq1A_D1owstvxoTnWWhwY4Ow.js
Frame ID: C3AE5B9A2053D2BEE6C14C6C16A88CA5
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 80382D589ECBEABBE4D18753C92435A4
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: ACA4A72646A194BDC325435898B89399
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Winning Wizard - Info Bisnis dan Teknologi

Detected technologies

Overall confidence: 100%
Detected patterns
  • <link rel=["']stylesheet["'] [^>]+/wp-(?:content|includes)/
  • /wp-(?:content|includes)/
Overall confidence: 100%
Detected patterns
  • bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
Overall confidence: 100%
Detected patterns
  • TweenMax(?:\.min)?\.js
Overall confidence: 100%
Detected patterns
  • addtoany\.com/menu/page\.js
Overall confidence: 100%
Detected patterns
  • 2mdn\.net
Overall confidence: 100%
Detected patterns
  • googlesyndication\.com/
  • 2mdn\.net
Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com
Overall confidence: 100%
Detected patterns
  • /([\d.]+)/jquery(?:\.min)?\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Overall confidence: 100%
Detected patterns
  • jquery[.-]migrate(?:-([\d.]+))?(?:\.min)?\.js(?:\?ver=([\d.]+))?

Page Statistics

266
Requests

96 %
HTTPS

50 %
IPv6

21
Domains

39
Subdomains

39
IPs

7
Countries

6866 kB
Transfer

11513 kB
Size

20
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 69
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEK9zsRePNZBF8YFh0QiI4rU&google_cver=1
Request Chain 70
  • https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
  • https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZZAwllHC-kvLSQ1bpil8dAAA HTTP 302
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEMkSBXC97USd_ffPdwhAwEk&google_cver=1
Request Chain 72
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEMkSBXC97USd_ffPdwhAwEk&google_cver=1
Request Chain 73
  • https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
  • https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZZAwllHC-kvLSQ1bpil8dAAA HTTP 302
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEMkSBXC97USd_ffPdwhAwEk&google_cver=1
Request Chain 117
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEMkSBXC97USd_ffPdwhAwEk&google_cver=1
Request Chain 118
  • https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZZAwllHC-kvLSQ1bpil8dAAA HTTP 302
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEMkSBXC97USd_ffPdwhAwEk&google_cver=1
Request Chain 120
  • https://fw.adsafeprotected.com/rfw/bgd/1293200/68276434/xbbe/creative/adj?p=APEucNWjb7k4z6ksbwr_EymUgrle98HQs0X3QvM75jUQP4EoJvSFYek&d=CokBAKAmf-ACY51Mbu46b5NBeb-3r6LuBjGvbdlXZcUa6K-f_eZZyc3hF8sBDVRlE1s4VQT4-OHaiCOVHIvu5-YuWKROcrwtDoo0qsMoc_2mGxYNaFd2KCJ8NZyoQC1oH2xuuGixArLh5haL1kcqobiYF6g5niVrVF5Ohzs1KYETo7J7Z1Cd-G_be-wSuRcAoCZ_4OWYsr6vc4NSe1ykZfcriAmSQ_S2vk65uMeLo0CVWol9fyNv3QbZjJKPDP9-BQL5Zgzy4cF3lrjoPn7sR_HGlIrNOFDTyE2gpV1Mck-Llv3ZtYhpmTFT2NiBo8KpXTRdDP_rlV_M5_xtCQpoac7d22XgJv_ZSw6FfB1mIpjUk_wnZbW6AijWZNjyEuisrUHG6C1i9GKeXeD-obm2h5jrubqZI9h6lndhK-eHmOpLs_WUtQAjnTh5nTC0GY_84e37-i1vqQVu6BUxcaLECq4WTdx0CJEYpNZLLcrxaUqkqwsAyWxuCawn_TXit-0UyRx8kabBtiFu--uT8RqyBLi1xytXTef34ImVY4iHiaydFyve_POy5fACeAkHjtLK_elvamzuLKK4f0HG_hkYqKTajRC23nDqueDQELW-D92bdjBCTKqagJVP5QkslcW2DwiHPMCKCsqMqV0saqQcU7D3z7H9EeGatuF41pZ5_Oo2PbYAoVNA0mz6tIxqfhZw2jrkkAfNj2NcKoWWr8pWVfnR8JrQ2fMHqiWpoDmWApf3_W3Z7QaoXT0b_G3S9ieMi8kj_5__S02_3geuvDKwL-etDNiQGZLbVefW_TTw3dOPWhnfadKuU02EuuuABbtkcEmxRHptXfyD5qg1xmj_9SVe65AFLuLFRSnzjHeH1LhfbPSA_mSUNVVuEnR08CckbV-DpTyhPNp0_tn7pNaYJXM8OUZ5p73A2x-0E5C_XRPgaWEx5kbjB4tRMsn2mdqwbp7_Vj8r0t7CvdQDQvRWNRBYGyijNua3ooqF3wE0VHwl2hRCGchClwQZ3BZdMyPjh6UXZtx7kJ5DV5tSwX-6QHNvO7S5j68M3PsqwxD_DYHtcVI64VV1Du9I7F_LwEQoSknY-k9io_pLRedlEF6gvvI5R4VRjHcUdsJb0qXooBiUKpvDF34q7aLzZVUgoyJDgonVW3w_VPgAGr4Mn3Ol6S3_vNUikbrulDCKDV1pA2BRFNoeTmOBDsMgXV_KqN2p7QfU3o9BYXoPrdARZoLAadKHk8PbC11EzjPy8jajabozWLdeh55kSczLjdR73p7tALEf7Sk4-2bRC7KUIl5tD25qDye2kfpBtJe3KEZVwWGftWNnVPzT3RMz7HL-vyWewq0QADu85zumcTIkDwxyh96BvL_iMlKb4wC8PSTrj-L3xpsgSTDDOpHYsx1u1uz5KVOUOm6aVLERRipYUYcRBw80KHOHkNiSoUTwCb5TVfcXu29nvL5W5Z_vSlqaLWktX7S9zY96QancvsRSzeJgWjUpModyXjZObNmCIBE6bteDcisA-6lS3oJLchUBqatzo4VbECYK4cQ1yi1iBHdE5YDle6gl28bgURvfF5ZFqnwdeDaBnXyJW8U91q4YU7jdIgaCkDN8BQL-sz5aEEi6IoBhEa-RpKrf5j3ODF6pYUPvqMeu8MuDEtGNck5CfQbSHQi97x4203TdFh1aS7Hn0wZuVCQ7ptqid5cICXUrWYh5GsixCV2_A3MVR3l93y3UKcCh1jHMNhTw2nTBfUH6Ql4N69bqMhZ8szQuSCs2bztl-IgtPc53kP0wPhvk4kWbPLSpPF3eH7y0PObojAWq7nclCJ3IGhjVktep0cS4pNvvbv591By0I4VVYrLIOnLCxPgh21aBehiZrAKzele63dLU237PC-3jOlNx6XvTjJSXXpG3Wc67kaRd-aSlpOrZhBFzSc4Cy4P3t2FvIOViP4AxnN8q530930IeiJZnVjgrGC3U63XeREerJzu_Tzw3KGxH88z208Wy_h7coXTB-jNqVRxF6_TenrfJdnQxWuTLPbPjx5PqZ9bt-NC9xbo2-ejvCLY62Fbcf78dg_pCuEgu6YNBO0_2URhHbz4F3jaxZhoAjYyJFJER7T_JD2TIPBR4WIlg6bPXe25ttCIiTR0VvWjDcf25xipEGrV8oeIKG1Hts3pgtlxzy8m8GIGPOAgKycCZZybWRh4GUAF6H7gAj09b3hxOuCfN-MhONaztvIpqsqjkFzRbj9MWqDLhoDuCC2hs1R8bjdQSts1ppBdJe98uEOh-Kwipof5abGpkBOdwCH78uvyrda1fKM7GVGTQ3qU34QFZgdDgqtOLrcuTjr8IWZxOOJ6PT0bAazT5yCiqyWyvnIdaLrl38MPe9xIu1rVglAM8uFDRdCNGh_qJpVyOJpl-gde3wIsngK5AwzF-vdjfdm2FUhp_cBfZjZoY8u2sosw2zH3bInLor7cX-j5cMfDH9OWgsfhzanL2tRfzj_rPHaEVIkYMWk8kCtq93No8PDtkT7D9bngJ__RVcXzilgkIMzUgkS3KVQdB6g_G8lNvjpw77ZY9pRe3Nmg31QbGSJ39939bjUhW6B-ncp0Ax5VTWq2h97yidaYunG-dksC5kaYR8e1VTDqaox_lajGAebmZyP5NEWwl41HzLf35wtwAI8hIgJM01qHaHEhWMts_0-RN7Rn476fkMk2xviGkO_Kkwv3ekJ3qQllqoDlxf_2Tm80I_N5fWhmcJWAancZutwMhRXqPgtZDClzdV11eeOTU73PN8pNwMZzNAYzhBlVmnW6qNdqH7qJKMpYM0TqCs6LEtPXSVAY1zL6MmtA3lZkcIgIhI8P2qkp2aq72oW0gcb73Osfta1gIbjg7bf4LZBaSWw4ZNg5rFD4caRFi7uxg0EWjjVWfSiCnLE0ays4AA2EhtHJLkyw8GFL4-wB8QKegHpoZeUZTz6yzfHPeo8ci6YbA14uhyn6_D8x-nG5piAO2X-6Kh8atF3x5Uvo6f-Q2N70go-IZIcVazCItXAhHeVTyDKHvbxAZ-nL-xV4e-OUaXvJleL4KENejq9JhWUpB8rQwDb-GWN8GwiBatAwbnIOT18qhyybJLWH9NM3fqhH8JbB3mwbFyEFeO94zk3Vvhi3df3MHfhOdsa7E5mZHNGTIWf8rkyZMOb97mKcq-M5Z8ZDRbVRc5k-4b37YnuJQmgOxh1ATl3Dk7Zz_oUSTAYayB_x2swYq7edHglEcyNj4Pjus2mer5pk1ruzkRETOr2jRtyXHPcxlr3z7J7FhGAr7G_p4U2ARyK4hJgD5kHgHYfRS-uPheBpaD2A8hK8FKZh9ey4l7XBqxRqiAuDAr8p8kJCQ4u0d6iLQJTb_zpkq4TX7RsDmWBC0_zFgQpEYCSUDdq5DFu1TZDPNSlutH1Mqn8eE0SLi5c0I47m1WAz58srga8YHV9qjQW5rnp-12tsVFpMzRz14DtezDhDQAcV7OS4FfltEe1BhcUd9EdDKgHVHrnId1I7RDI05gG4UNmJfsp-83xOe8e0QQMvwVZBMdQNpHGZw94H28IQre47BZay1RmRBu5bfSrWptuBIE-Mu6XdNha1lb3-1nmUyhxBHL3mDTaq29tipC7r7OYDNkGufeG9opWHCg-6FozHuzIzk6gukjdPZU2VKxE8-lmGa_U5jFRaUcHAXh8o0FUq7ObBuBF-FFSYEfae-DJ4aIpiHjbG0hzIzC41u3520Sx7It15ZZBDWhPVNcu-hNV6MeYScdXkvs82UsOJqV0gtr6yj_GskWitxReJkeT4B128GJZIrGtoXBv3kcGU8xTMGlHTO-PtBS8XnV20mtPsFCwAG0ccLNM0SEZbRkJnh1KOh2LMnYkL1iEomvTOUZP3gyx0ZNbHcLnhkTiKu15sW31po7RS6dLarzv9_RIFPVfb6fh1R9OYeVOUdwy0ksxVek_aLVZUr_JSYoy9Ww2C5BxqE9NvtPRBVP_QLfSReU_dcON7ys6wex6FluE_g-TvVXd328pBd3O8YqlqTDex8zm68vBXkvYTb85_wyLnvfphLj6PSxnHqxsYU-8Fo23M1di4gvZcZDs7QVCONxAS_Hc-vvrXigcEgc1y1Fj92ORCiVGq8lhxYfTdZNiIbgJOZPHCAsrwTKRuSu-D5u9WI3kW6W3CoA4LEKuvjQCn7VMvtS9QQ6NpDuocSX-L8GlQIBBJOAC8eF__R6z350mtWU7bxVE-dCiKyamors4v_2d55sscYKfnriiCrkn2lVD18Ba2V_-NHSyHnG3euLB9-li74AUJs190cej2GTX7mqxnsGAFgAQ&cry=1&bundleId=&ias_dspID=3&ias_campId=1010057126&ias_pubId=pub-5514539878247004&ias_chanId=1&ias_placementId=19343253581&bidurl=https://winning-wizard.com/&ias_dealId=&adsafe_par&ias_impId=v4~~ABAjH0iZ-WHXd5qJyEoiVKlOQcbQ&adsafe_url=https%3A%2F%2Fwinning-wizard.com&adsafe_type=g&adsafe_url=https%3A%2F%2Fwinning-wizard.com%2F&adsafe_type=c&adsafe_url=https%3A%2F%2Fgoogleads.g.doubleclick.net%2F&adsafe_type=f&adsafe_url=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fads%3Fclient%3Dca-pub-5514539878247004%26output%3Dhtml%26h%3D280%26slotname%3D8337643687%26adk%3D3925734055%26adf%3D1310535254%26pi%3Dt.ma~as.8337643687%26w%3D625%26fwrn%3D4%26fwrnh%3D100%26lmt%3D1703838992%26rafmt%3D1%26format%3D625x280%26url%3Dhttps%253A%252F%252Fwinning-wizard.com%252F%26ea%3D0%26fwr%3D0%26fwrattr%3Dtrue%26rpe%3D1%26resp_fmts%3D3%26wgl%3D1%26uach%3DWyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.%26dt%3D1703948437642%26bpp%3D1%26bdt%3D288%26idt%3D256%26shv%3Dr20231207%26mjsv%3Dm202312070101%26ptt%3D9%26saldr%3Daa%26abxe%3D1%26prev_fmts%3D0x0%252C950x280%26nras%3D1%26correlator%3D131603339930%26frm%3D20%26pv%3D1%26ga_vid%3D8791465.1703948438%26ga_sid%3D1703948438%26ga_hid%3D680330077%26ga_fc%3D0%26u_tz%3D60%26u_his%3D2%26u_h%3D1200%26u_w%3D1600%26u_ah%3D1200%26u_aw%3D1600%26u_cd%3D24%26u_sd%3D1%26dmc%3D8%26adx%3D325%26ady%3D982%26biw%3D1600%26bih%3D1200%26scr_x%3D0%26scr_y%3D0%26eid%3D44759876%252C44759927%252C31079438%252C31080104%252C95320884%26oid%3D2%26pvsid%3D3836462664446130%26tmod%3D1211932927%26uas%3D0%26nvt%3D1%26fc%3D1920%26brdim%3D0%252C0%252C0%252C0%252C1600%252C0%252C1600%252C1200%252C1600%252C1200%26vis%3D1%26rsz%3D%257C%257CeE%257C%26abl%3DCS%26pfx%3D0%26fu%3D128%26bc%3D31%26psd%3DW251bGwsbnVsbCxudWxsLDNd%26ifi%3D3%26uci%3Da!3%26fsb%3D1%26dtd%3D258&adsafe_type=bed&adsafe_jsinfo=,id:9d336324-3795-3518-8ec5-3c1f383e25f4,c:yiqDB1,sl:outOfView,em:true,fr:false,thd:1,mn:jsserver-primary-765c58974b-5bxg4,rg:ie,pt:1-5-15,wc:0.0.1600.1200,ac:NaN.NaN.336.280,am:i,cc:NaN.NaN.336.280,piv:0,obst:0,th:0,reas:r,mu:10000,br:c,bru:c,an:n,oam:0,scm:carre1,mtim:2,mot:0,app:0,maw:0,fm:tZW203D+11%7C12%7C13%7C1411%7C151*.1293200-68276434%7C1511%7C1611%7C17%7C18%7C19%7C1a%7C1b%7C1c1%7C1d1,idMap:151*,ex:e2,pl:CV8L.VEBo.0YtC,rmeas:1,rend:0,renddet:IMG.us,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:0,b11:0,cnod:1,gm:0,tt:rjss,et:18,oid:3185fdeb-a724-11ee-9100-32a296c953ca,v:19.8.466,sp:0,st:0,fwm:0,wr:1600.1200,sr:1600.1200,ov:0 HTTP 302
  • https://bid.g.doubleclick.net/xbbe/creative/adj?p=APEucNWjb7k4z6ksbwr_EymUgrle98HQs0X3QvM75jUQP4EoJvSFYek&d=CokBAKAmf-ACY51Mbu46b5NBeb-3r6LuBjGvbdlXZcUa6K-f_eZZyc3hF8sBDVRlE1s4VQT4-OHaiCOVHIvu5-YuWKROcrwtDoo0qsMoc_2mGxYNaFd2KCJ8NZyoQC1oH2xuuGixArLh5haL1kcqobiYF6g5niVrVF5Ohzs1KYETo7J7Z1Cd-G_be-wSuRcAoCZ_4OWYsr6vc4NSe1ykZfcriAmSQ_S2vk65uMeLo0CVWol9fyNv3QbZjJKPDP9-BQL5Zgzy4cF3lrjoPn7sR_HGlIrNOFDTyE2gpV1Mck-Llv3ZtYhpmTFT2NiBo8KpXTRdDP_rlV_M5_xtCQpoac7d22XgJv_ZSw6FfB1mIpjUk_wnZbW6AijWZNjyEuisrUHG6C1i9GKeXeD-obm2h5jrubqZI9h6lndhK-eHmOpLs_WUtQAjnTh5nTC0GY_84e37-i1vqQVu6BUxcaLECq4WTdx0CJEYpNZLLcrxaUqkqwsAyWxuCawn_TXit-0UyRx8kabBtiFu--uT8RqyBLi1xytXTef34ImVY4iHiaydFyve_POy5fACeAkHjtLK_elvamzuLKK4f0HG_hkYqKTajRC23nDqueDQELW-D92bdjBCTKqagJVP5QkslcW2DwiHPMCKCsqMqV0saqQcU7D3z7H9EeGatuF41pZ5_Oo2PbYAoVNA0mz6tIxqfhZw2jrkkAfNj2NcKoWWr8pWVfnR8JrQ2fMHqiWpoDmWApf3_W3Z7QaoXT0b_G3S9ieMi8kj_5__S02_3geuvDKwL-etDNiQGZLbVefW_TTw3dOPWhnfadKuU02EuuuABbtkcEmxRHptXfyD5qg1xmj_9SVe65AFLuLFRSnzjHeH1LhfbPSA_mSUNVVuEnR08CckbV-DpTyhPNp0_tn7pNaYJXM8OUZ5p73A2x-0E5C_XRPgaWEx5kbjB4tRMsn2mdqwbp7_Vj8r0t7CvdQDQvRWNRBYGyijNua3ooqF3wE0VHwl2hRCGchClwQZ3BZdMyPjh6UXZtx7kJ5DV5tSwX-6QHNvO7S5j68M3PsqwxD_DYHtcVI64VV1Du9I7F_LwEQoSknY-k9io_pLRedlEF6gvvI5R4VRjHcUdsJb0qXooBiUKpvDF34q7aLzZVUgoyJDgonVW3w_VPgAGr4Mn3Ol6S3_vNUikbrulDCKDV1pA2BRFNoeTmOBDsMgXV_KqN2p7QfU3o9BYXoPrdARZoLAadKHk8PbC11EzjPy8jajabozWLdeh55kSczLjdR73p7tALEf7Sk4-2bRC7KUIl5tD25qDye2kfpBtJe3KEZVwWGftWNnVPzT3RMz7HL-vyWewq0QADu85zumcTIkDwxyh96BvL_iMlKb4wC8PSTrj-L3xpsgSTDDOpHYsx1u1uz5KVOUOm6aVLERRipYUYcRBw80KHOHkNiSoUTwCb5TVfcXu29nvL5W5Z_vSlqaLWktX7S9zY96QancvsRSzeJgWjUpModyXjZObNmCIBE6bteDcisA-6lS3oJLchUBqatzo4VbECYK4cQ1yi1iBHdE5YDle6gl28bgURvfF5ZFqnwdeDaBnXyJW8U91q4YU7jdIgaCkDN8BQL-sz5aEEi6IoBhEa-RpKrf5j3ODF6pYUPvqMeu8MuDEtGNck5CfQbSHQi97x4203TdFh1aS7Hn0wZuVCQ7ptqid5cICXUrWYh5GsixCV2_A3MVR3l93y3UKcCh1jHMNhTw2nTBfUH6Ql4N69bqMhZ8szQuSCs2bztl-IgtPc53kP0wPhvk4kWbPLSpPF3eH7y0PObojAWq7nclCJ3IGhjVktep0cS4pNvvbv591By0I4VVYrLIOnLCxPgh21aBehiZrAKzele63dLU237PC-3jOlNx6XvTjJSXXpG3Wc67kaRd-aSlpOrZhBFzSc4Cy4P3t2FvIOViP4AxnN8q530930IeiJZnVjgrGC3U63XeREerJzu_Tzw3KGxH88z208Wy_h7coXTB-jNqVRxF6_TenrfJdnQxWuTLPbPjx5PqZ9bt-NC9xbo2-ejvCLY62Fbcf78dg_pCuEgu6YNBO0_2URhHbz4F3jaxZhoAjYyJFJER7T_JD2TIPBR4WIlg6bPXe25ttCIiTR0VvWjDcf25xipEGrV8oeIKG1Hts3pgtlxzy8m8GIGPOAgKycCZZybWRh4GUAF6H7gAj09b3hxOuCfN-MhONaztvIpqsqjkFzRbj9MWqDLhoDuCC2hs1R8bjdQSts1ppBdJe98uEOh-Kwipof5abGpkBOdwCH78uvyrda1fKM7GVGTQ3qU34QFZgdDgqtOLrcuTjr8IWZxOOJ6PT0bAazT5yCiqyWyvnIdaLrl38MPe9xIu1rVglAM8uFDRdCNGh_qJpVyOJpl-gde3wIsngK5AwzF-vdjfdm2FUhp_cBfZjZoY8u2sosw2zH3bInLor7cX-j5cMfDH9OWgsfhzanL2tRfzj_rPHaEVIkYMWk8kCtq93No8PDtkT7D9bngJ__RVcXzilgkIMzUgkS3KVQdB6g_G8lNvjpw77ZY9pRe3Nmg31QbGSJ39939bjUhW6B-ncp0Ax5VTWq2h97yidaYunG-dksC5kaYR8e1VTDqaox_lajGAebmZyP5NEWwl41HzLf35wtwAI8hIgJM01qHaHEhWMts_0-RN7Rn476fkMk2xviGkO_Kkwv3ekJ3qQllqoDlxf_2Tm80I_N5fWhmcJWAancZutwMhRXqPgtZDClzdV11eeOTU73PN8pNwMZzNAYzhBlVmnW6qNdqH7qJKMpYM0TqCs6LEtPXSVAY1zL6MmtA3lZkcIgIhI8P2qkp2aq72oW0gcb73Osfta1gIbjg7bf4LZBaSWw4ZNg5rFD4caRFi7uxg0EWjjVWfSiCnLE0ays4AA2EhtHJLkyw8GFL4-wB8QKegHpoZeUZTz6yzfHPeo8ci6YbA14uhyn6_D8x-nG5piAO2X-6Kh8atF3x5Uvo6f-Q2N70go-IZIcVazCItXAhHeVTyDKHvbxAZ-nL-xV4e-OUaXvJleL4KENejq9JhWUpB8rQwDb-GWN8GwiBatAwbnIOT18qhyybJLWH9NM3fqhH8JbB3mwbFyEFeO94zk3Vvhi3df3MHfhOdsa7E5mZHNGTIWf8rkyZMOb97mKcq-M5Z8ZDRbVRc5k-4b37YnuJQmgOxh1ATl3Dk7Zz_oUSTAYayB_x2swYq7edHglEcyNj4Pjus2mer5pk1ruzkRETOr2jRtyXHPcxlr3z7J7FhGAr7G_p4U2ARyK4hJgD5kHgHYfRS-uPheBpaD2A8hK8FKZh9ey4l7XBqxRqiAuDAr8p8kJCQ4u0d6iLQJTb_zpkq4TX7RsDmWBC0_zFgQpEYCSUDdq5DFu1TZDPNSlutH1Mqn8eE0SLi5c0I47m1WAz58srga8YHV9qjQW5rnp-12tsVFpMzRz14DtezDhDQAcV7OS4FfltEe1BhcUd9EdDKgHVHrnId1I7RDI05gG4UNmJfsp-83xOe8e0QQMvwVZBMdQNpHGZw94H28IQre47BZay1RmRBu5bfSrWptuBIE-Mu6XdNha1lb3-1nmUyhxBHL3mDTaq29tipC7r7OYDNkGufeG9opWHCg-6FozHuzIzk6gukjdPZU2VKxE8-lmGa_U5jFRaUcHAXh8o0FUq7ObBuBF-FFSYEfae-DJ4aIpiHjbG0hzIzC41u3520Sx7It15ZZBDWhPVNcu-hNV6MeYScdXkvs82UsOJqV0gtr6yj_GskWitxReJkeT4B128GJZIrGtoXBv3kcGU8xTMGlHTO-PtBS8XnV20mtPsFCwAG0ccLNM0SEZbRkJnh1KOh2LMnYkL1iEomvTOUZP3gyx0ZNbHcLnhkTiKu15sW31po7RS6dLarzv9_RIFPVfb6fh1R9OYeVOUdwy0ksxVek_aLVZUr_JSYoy9Ww2C5BxqE9NvtPRBVP_QLfSReU_dcON7ys6wex6FluE_g-TvVXd328pBd3O8YqlqTDex8zm68vBXkvYTb85_wyLnvfphLj6PSxnHqxsYU-8Fo23M1di4gvZcZDs7QVCONxAS_Hc-vvrXigcEgc1y1Fj92ORCiVGq8lhxYfTdZNiIbgJOZPHCAsrwTKRuSu-D5u9WI3kW6W3CoA4LEKuvjQCn7VMvtS9QQ6NpDuocSX-L8GlQIBBJOAC8eF__R6z350mtWU7bxVE-dCiKyamors4v_2d55sscYKfnriiCrkn2lVD18Ba2V_-NHSyHnG3euLB9-li74AUJs190cej2GTX7mqxnsGAFgAQ&cry=1&bundleId=
Request Chain 135
  • https://googleads.g.doubleclick.net/pagead/adview?ai=CdDQCljCQZZ3TA-r77OsPu4WnyA3M99f6dPDw4cy6EmQQASCIy_VlYPWFgID8A6AB67K59wLIAQmpAgyeJXmM8LM-qAMByANIqgT_AU_QQ-s77NG_93JKvbw5Y7OmJYTxlqa8lvaeUX0aRxqwFBW-xmn-xLOkjFFZ7v1PIFgg0VHWOfQznk-1yWkc6fVlzNxEXiTG42Zdyi-4RuQK1QS6hvqvkKdyEP-5YEYVpgAP8c3JW42TEwwOuzwv3b3qWwkSUNI5Vur87PwKVgqBHN06Sp2M06SuHU1YUETgzIKqUT_5HzHqp9-lKeZTouI4rxc42RtXJanWaPcQddg_76xSjdL0syZF3HE7OLDuh9PhDUMs0X3hbd0UZ06jrEJwmzm7yc5mt8BgCFz1zHBWp42vRuphYDl-iIBQbhxDsLIeDUoHTIUEp2Ij6w5KfcAE5tuJrZIEiAXH5cKlOpIFBAgEGAGSBQQIBRgEoAYugAf9zMaIAagH2baxAqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB9XJG6gHpr4b2AcA8gcEEJG4BdIIHwiAYRABGB8yAooCOgSAQIBASL39wTpYh83uyra3gwOaCSZodHRwczovL25vcnFhaW4uY29tL2RlL2NvbGxlY3Rpb25zL2FsbIAKAcgLAaIMFCoSChDktLEC7rWxArW4sQKsurEC2gwQCgoQoMnisqam_PlxEgIBA9gTDdAVAZgWAYAXAbIXHAoaCAASFHB1Yi01NTE0NTM5ODc4MjQ3MDA0GAA&sigh=KkX_gtkVEuc&uach_m=%5BUACH%5D&ase=2&nis=4&cid=CAQSTwAvHhf_O3G3P9FAnzuLjiZfBoVdwu4K54NfCeYaHSvSiNh6KLWHLka68BzOprD2CK9kyup_tspsGU2XdAHnu17G6ORJc0eqoJYamDO1TBcYAQ&template_id=419&cbvp=2&vis=1 HTTP 302
  • https://www.googleadservices.com/pagead/ar-adview/?nrh={%22aggregation_keys%22:{%221%22:%220x591100e9f7deea740000000000000000%22,%222%22:%220xec8e16fd24c755f20000000000000000%22,%223%22:%220xa3a0fe80d3b5a3da0000000000000000%22,%224%22:%220xaf3b848ac44b29880000000000000000%22,%225%22:%220x16f19b50079d74be0000000000000000%22},%22debug_key%22:%2210720482444494169843%22,%22debug_reporting%22:true,%22destination%22:%22https://norqain.com%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%22787372395%22],%2222%22:[%22true%22],%224%22:[%2212-30%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%2217467222973253563953%22}&andc=true

266 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
winning-wizard.com/ 		103 KB
17 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://winning-wizard.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3034::6815:5fc2 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
fdfc9b7fdc5fa9fe0636a49b9d7a3c99bdc2f798c9ad482578877a693f4f6f2f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language
de-CH,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
83db2741aa54bb09-MXP
content-encoding
br
content-type
text/html; charset=UTF-8
date
Sat, 30 Dec 2023 15:00:37 GMT
last-modified
Fri, 29 Dec 2023 08:36:32 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ISmjIOaFDboBAFFblgZagYeSGFFRPu1X5b0JAj3dTb7ClGPoovKPp2Kbzby9RnpCYGAfPtALyJaZpi0xw1Okwh9UmS0uobHQXdTzaXSmaKLMrhQOB3n7p%2FZizpuNMUv484KhLEKYDC%2Fdhi2HdG8ylpQ%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
strict-transport-security
max-age=31536000; includeSubDomains; preload
vary
Accept-Encoding
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-xss-protection
1; mode=block
style.min.css
c0.wp.com/c/6.4.2/wp-includes/css/dist/block-library/ 		107 KB
13 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://c0.wp.com/c/6.4.2/wp-includes/css/dist/block-library/style.min.css
Requested by
Host: winning-wizard.com
URL: https://winning-wizard.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.77.37 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
wordpress.com
Software
nginx /
Resource Hash
698b89c0da3d319754d6a837b5e6d4e6a42dc402d9ffd7559b8c4cb29c644340
Security Headers
Name Value
Strict-Transport-Security max-age=15552000

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://winning-wizard.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nc
HIT hhn 2
date
Sat, 30 Dec 2023 15:00:37 GMT
content-encoding
br
strict-transport-security
max-age=15552000
last-modified
Sun, 05 Nov 2023 19:40:32 GMT
server
nginx
vary
Accept-Encoding
access-control-allow-methods
GET, HEAD
content-type
text/css
access-control-allow-origin
*
cache-control
max-age=31536000
timing-allow-origin
*
alt-svc
h3=":443"; ma=86400, h3=":443"; ma=86400
expires
Sun, 29 Dec 2024 15:00:37 GMT
mediaelementplayer-legacy.min.css
c0.wp.com/c/6.4.2/wp-includes/js/mediaelement/ 		11 KB
3 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://c0.wp.com/c/6.4.2/wp-includes/js/mediaelement/mediaelementplayer-legacy.min.css
Requested by
Host: winning-wizard.com
URL: https://winning-wizard.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.77.37 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
wordpress.com
Software
nginx /
Resource Hash
b7908a015a567ec2363011df2475368dbff34360e9da3fdff50604d6395fb646
Security Headers
Name Value
Strict-Transport-Security max-age=15552000

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://winning-wizard.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nc
HIT hhn 2
date
Sat, 30 Dec 2023 15:00:37 GMT
content-encoding
br
strict-transport-security
max-age=15552000
last-modified
Tue, 29 Sep 2020 15:53:06 GMT
server
nginx
vary
Accept-Encoding
access-control-allow-methods
GET, HEAD
content-type
text/css
access-control-allow-origin
*
cache-control
max-age=31536000
timing-allow-origin
*
alt-svc
h3=":443"; ma=86400, h3=":443"; ma=86400
expires
Sun, 29 Dec 2024 15:00:37 GMT
wp-mediaelement.min.css
c0.wp.com/c/6.4.2/wp-includes/js/mediaelement/ 		4 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://c0.wp.com/c/6.4.2/wp-includes/js/mediaelement/wp-mediaelement.min.css
Requested by
Host: winning-wizard.com
URL: https://winning-wizard.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.77.37 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
wordpress.com
Software
nginx /
Resource Hash
2e10d353ff038c2cad3492fc17801af3e6ef2669c9e9713bdb78b1dcb104c4fe
Security Headers
Name Value
Strict-Transport-Security max-age=15552000

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://winning-wizard.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nc
HIT hhn 2
date
Sat, 30 Dec 2023 15:00:37 GMT
content-encoding
br
strict-transport-security
max-age=15552000
last-modified
Fri, 07 Jun 2019 20:45:02 GMT
server
nginx
vary
Accept-Encoding
access-control-allow-methods
GET, HEAD
content-type
text/css
access-control-allow-origin
*
cache-control
max-age=31536000
timing-allow-origin
*
alt-svc
h3=":443"; ma=86400, h3=":443"; ma=86400
expires
Sun, 29 Dec 2024 15:00:37 GMT
jquery-ui.css
winning-wizard.com/wp-content/plugins/faq-schema-for-pages-and-posts//css/ 		18 KB
4 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://winning-wizard.com/wp-content/plugins/faq-schema-for-pages-and-posts//css/jquery-ui.css?ver=2.0.0
Requested by
Host: winning-wizard.com
URL: https://winning-wizard.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3034::6815:5fc2 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9d8f82c45b478f1a5b6945e093836b3f52dd160470090a30e4baa0173d8cb2b3
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://winning-wizard.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 30 Dec 2023 15:00:37 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
41218
content-encoding
br
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
last-modified
Sun, 19 Mar 2023 12:29:28 GMT
server
cloudflare
etag
W/"64170028-4995"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
text/css
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gk9%2FKqnlGEmMzYUrFI%2FI4eZu4nZfEDBWLf%2FN91zKS3S3fCMEQ3WlanJPwJpeeaHXqgVDbsw4P3stJLoIgEEYW71DdhK%2BsI1aDBBDhAR5zQuEfS%2Bfm72EPZHT6CTQFy21r1O17FBT576huYXAAuC1uBA%3D"}],"group":"cf-nel","max_age":604800}
cache-control
max-age=31536000
cf-ray
83db27458f84bb09-MXP
expires
Sun, 29 Dec 2024 03:33:39 GMT
faq-schema-ultimate-public.css
winning-wizard.com/wp-content/plugins/faq-schema-ultimate/public/css/ 		98 B
466 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://winning-wizard.com/wp-content/plugins/faq-schema-ultimate/public/css/faq-schema-ultimate-public.css?ver=1.0.0
Requested by
Host: winning-wizard.com
URL: https://winning-wizard.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3034::6815:5fc2 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
547dda3c14b284819be511be1e410da94a5efc6ccc4a9afe1c75394f9333191a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://winning-wizard.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 30 Dec 2023 15:00:37 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
41218
content-encoding
br
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
last-modified
Tue, 28 Mar 2023 03:39:28 GMT
server
cloudflare
etag
W/"64226170-62"
x-frame-options
SAMEORIGIN
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=y3guTZ0fI9xi%2Fiuc%2B71qsdhZMXwhiUJ6SFOCLnDjtmfocp32teLzMSfZnv1QfrazdUT6IXfzs3VE1c6%2B8bUdRaf0ustFobF0Or%2FzieQirxZc1fNg4do%2FX9nW5HvQqmS13N%2BsBB2q2l%2FfxjvOAg3rRdM%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css
vary
Accept-Encoding
cache-control
max-age=31536000
cf-ray
83db27458f89bb09-MXP
expires
Sun, 29 Dec 2024 03:33:39 GMT
widget-areas.min.css
winning-wizard.com/wp-content/themes/generatepress/assets/css/components/ 		3 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://winning-wizard.com/wp-content/themes/generatepress/assets/css/components/widget-areas.min.css?ver=3.3.1
Requested by
Host: winning-wizard.com
URL: https://winning-wizard.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3034::6815:5fc2 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e6b4122b94b82886e32952c07c78d342647b3a38a2834f4489e0922308a95eab
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://winning-wizard.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 30 Dec 2023 15:00:37 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
41218
content-encoding
br
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
last-modified
Tue, 17 Oct 2023 02:37:12 GMT
server
cloudflare
etag
W/"652df358-d1e"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
text/css
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lGdfIsueKQ2Q6eBkUrOH79XYj3wyQrRcj3uJq3gNtnmbmxSbmm7hAbkAS0AKOakZPxNO9R2i73t3uds6yMqaugLHqzhckTq7wWSpcwU5GVx36sp7gU2a8kXBRDmaHY8B%2BpQOpzW9AvEMkilIRhHshSI%3D"}],"group":"cf-nel","max_age":604800}
cache-control
max-age=31536000
cf-ray
83db27458f8abb09-MXP
expires
Sun, 29 Dec 2024 03:33:39 GMT
main.min.css
winning-wizard.com/wp-content/themes/generatepress/assets/css/ 		19 KB
5 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://winning-wizard.com/wp-content/themes/generatepress/assets/css/main.min.css?ver=3.3.1
Requested by
Host: winning-wizard.com
URL: https://winning-wizard.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3034::6815:5fc2 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0468af8d74ba377eec707308168b6bfcd146fe0a2669a11a9af0128ad85b3bc2
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://winning-wizard.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 30 Dec 2023 15:00:37 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
41218
content-encoding
br
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
last-modified
Tue, 17 Oct 2023 02:37:12 GMT
server
cloudflare
etag
W/"652df358-4c6e"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
text/css
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FphXEbgSFY7h%2BRgsSKbNJdCu45JNmcVafc36U%2FNJq2%2B68LjcJQvkbTBxgSiTsjf%2FOH%2FzShEs2SrL7MGAj0ZlVu4h6cjYk0bS28kpJnSRishANfAkBoXKVwzgB%2FfwiOxMA%2BkJHeBtx3UKN9ysAKjfNBI%3D"}],"group":"cf-nel","max_age":604800}
cache-control
max-age=31536000
cf-ray
83db27458f8cbb09-MXP
expires
Sun, 29 Dec 2024 03:33:39 GMT
style.css
winning-wizard.com/wp-content/themes/gpclassic/ 		19 KB
5 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://winning-wizard.com/wp-content/themes/gpclassic/style.css?ver=1697510907
Requested by
Host: winning-wizard.com
URL: https://winning-wizard.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3034::6815:5fc2 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0b829f09c0e84bf2a97e4871d794d7511d44bccb14fa767033f9859b3cdf8a6b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://winning-wizard.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 30 Dec 2023 15:00:37 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
41218
content-encoding
br
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
last-modified
Tue, 17 Oct 2023 02:48:27 GMT
server
cloudflare
etag
W/"652df5fb-4dc8"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
text/css
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xEnDI3bLUWF6imHCmF2nqePYHgGTMl4CvYtdJHrX%2BBM8%2BPJ4QksG%2F%2F9VerbJm4TP9XOpaCpDFaY2alCBIQQANaO7Hd38MFcN2CGLx%2FIFYFb5AqPsECzTxsn8FEDG8A3vAeEXa96pgpBug%2BbW62n6bZs%3D"}],"group":"cf-nel","max_age":604800}
cache-control
max-age=31536000
cf-ray
83db27458f8ebb09-MXP
expires
Sun, 29 Dec 2024 03:33:39 GMT
css
fonts.googleapis.com/ 		19 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Inter%3A100%2C200%2C300%2Cregular%2C500%2C600%2C700%2C800%2C900&display=auto&ver=3.3.1
Requested by
Host: winning-wizard.com
URL: https://winning-wizard.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
5059eaa623cb4b0af00382ddc489b94c3babbef4db39e8a05c85599786b69adb
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://winning-wizard.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Sat, 30 Dec 2023 15:00:37 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Sat, 30 Dec 2023 15:00:37 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Sat, 30 Dec 2023 15:00:37 GMT
addtoany.min.css
winning-wizard.com/wp-content/plugins/add-to-any/ 		2 KB
827 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://winning-wizard.com/wp-content/plugins/add-to-any/addtoany.min.css?ver=1.16
Requested by
Host: winning-wizard.com
URL: https://winning-wizard.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3034::6815:5fc2 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c19e3e4151ea4933fa9ba9703c51fe20ad469237771214b1c5001d1b107ddef5
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://winning-wizard.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 30 Dec 2023 15:00:37 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
41218
content-encoding
br
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
last-modified
Fri, 17 Nov 2023 01:49:47 GMT
server
cloudflare
etag
W/"6556c6bb-644"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
text/css
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GXxuHXADQ4oBq7kny75QW3%2FY6lmBpqsOxabcaVZmGSA1lReQQDcLmcRmKBYa7yd4%2BLhiCh7kbLHiT%2FWLT0RC2ytLyHgctCm%2BZkwz922pkU%2Fx5BBm7DYz2lw93Ff1nxpDdvucRL77c3asRMHZ%2Bnss1ZU%3D"}],"group":"cf-nel","max_age":604800}
cache-control
max-age=31536000
cf-ray
83db27458f90bb09-MXP
expires
Sun, 29 Dec 2024 03:33:39 GMT
featured-images.min.css
winning-wizard.com/wp-content/plugins/gp-premium/blog/functions/css/ 		3 KB
815 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://winning-wizard.com/wp-content/plugins/gp-premium/blog/functions/css/featured-images.min.css?ver=2.1.2
Requested by
Host: winning-wizard.com
URL: https://winning-wizard.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3034::6815:5fc2 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7e545a7e4d7f69a26daa026799b6ab7caea7cfe6aa822b0038f63c14a5f69cf1
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://winning-wizard.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 30 Dec 2023 15:00:37 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
41218
content-encoding
br
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
last-modified
Tue, 17 Oct 2023 02:38:07 GMT
server
cloudflare
etag
W/"652df38f-d37"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
text/css
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Sq54h25UP8qa2VSodJ3ciodP1fQQildf9TwkWBWCuefwy%2F1HUBLJK3BSeUvy4kr%2BAb84qWi5XuIx%2FJ6ifZwOHjxf%2F8Jo0AZ%2BRK2tBX35s%2BEJJGBMOgTUO6kRHyyhu49seggHB1iEsViml6TECNjZ72g%3D"}],"group":"cf-nel","max_age":604800}
cache-control
max-age=31536000
cf-ray
83db27458f93bb09-MXP
expires
Sun, 29 Dec 2024 03:33:39 GMT
offside.min.css
winning-wizard.com/wp-content/plugins/gp-premium/menu-plus/functions/css/ 		6 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://winning-wizard.com/wp-content/plugins/gp-premium/menu-plus/functions/css/offside.min.css?ver=2.1.2
Requested by
Host: winning-wizard.com
URL: https://winning-wizard.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3034::6815:5fc2 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
10e0a0cbd95b4ea35efc98fbff81df090292953d6da6e3f89c609993a672849c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://winning-wizard.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 30 Dec 2023 15:00:37 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
41218
content-encoding
br
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
last-modified
Tue, 17 Oct 2023 02:38:07 GMT
server
cloudflare
etag
W/"652df38f-1730"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
text/css
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FN0hQw76WPLqpECYJy5HFb0ogaB8HgHTUaUEhhfLuga2J5CmEtwUV56wdszKD1y43Y4b9sOliLuBafupUPndAn%2BSMnIAWaT8fdhGKioB0G9xzqK%2FWCPE9vAM3jCdtGfMevCxjhuSlDnXZjcSoXFaEJI%3D"}],"group":"cf-nel","max_age":604800}
cache-control
max-age=31536000
cf-ray
83db27458f95bb09-MXP
expires
Sun, 29 Dec 2024 03:33:39 GMT
0c14ce13-b507-4d69-9901-679161304d6a
https://winning-wizard.com/ 		1 KB
0 		Other
General
Check archive.org
Download Go to
Full URL
blob:https://winning-wizard.com/0c14ce13-b507-4d69-9901-679161304d6a
Requested by
Host: winning-wizard.com
URL: https://winning-wizard.com/
Protocol
BLOB
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
453cb806084fdabec32e286af2e88899f79022125c2527afffbec507975d2c22

Request headers

accept-language
de-CH,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Length
1245
Content-Type
text/javascript
jetpack.css
c0.wp.com/p/jetpack/12.9.3/css/ 		99 KB
17 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://c0.wp.com/p/jetpack/12.9.3/css/jetpack.css
Requested by
Host: winning-wizard.com
URL: https://winning-wizard.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.77.37 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
wordpress.com
Software
nginx /
Resource Hash
6a360e4e3e7c65709b0ffefc54e4f116ea6d8c9909e68ff4578284ebaf07c5f1
Security Headers
Name Value
Strict-Transport-Security max-age=15552000

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://winning-wizard.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nc
HIT hhn 2
date
Sat, 30 Dec 2023 15:00:37 GMT
content-encoding
br
strict-transport-security
max-age=15552000
last-modified
Wed, 20 Dec 2023 22:38:52 GMT
server
nginx
vary
Accept-Encoding
access-control-allow-methods
GET, HEAD
content-type
text/css
access-control-allow-origin
*
cache-control
max-age=31536000
timing-allow-origin
*
alt-svc
h3=":443"; ma=86400, h3=":443"; ma=86400
expires
Sun, 29 Dec 2024 15:00:37 GMT
page.js
static.addtoany.com/menu/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.addtoany.com/menu/page.js
Requested by
Host: winning-wizard.com
URL: https://winning-wizard.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:2794 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
54a41a067d6b8c3c9d9161cbcd63ef437b70029f56e12ad443d247c199d3054b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://winning-wizard.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 30 Dec 2023 15:00:37 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
13984
content-encoding
br
alt-svc
h3=":443"; ma=86400
referrer-policy
strict-origin-when-cross-origin
server
cloudflare
etag
W/"1360f39ce298a46ab4d839930011f62c"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VsSWIo6K2avX7fksE3dh29mjEq1rlTQiqoGnKVKmm1ZKmoSz%2Fauhc746MVGaZ4mez25qTymzzmOp2YakXNjLzBUOMYn50qe5owod%2BAW4W0xxorUdXzFAmInmL6mH0Mry8mkmqj%2Bp"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=86400, stale-while-revalidate=30, public
cf-ray
83db274699555a19-MXP
jquery.min.js
c0.wp.com/c/6.4.2/wp-includes/js/jquery/ 		86 KB
29 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://c0.wp.com/c/6.4.2/wp-includes/js/jquery/jquery.min.js
Requested by
Host: winning-wizard.com
URL: https://winning-wizard.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.77.37 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
wordpress.com
Software
nginx /
Resource Hash
cb6f2d32c49d1c2b25e9ffc9aaafa3f83075346c01bcd4ae6eb187392a4292cf
Security Headers
Name Value
Strict-Transport-Security max-age=15552000

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://winning-wizard.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nc
HIT hhn 2
date
Sat, 30 Dec 2023 15:00:37 GMT
content-encoding
br
strict-transport-security
max-age=15552000
last-modified
Mon, 28 Aug 2023 17:14:23 GMT
server
nginx
vary
Accept-Encoding
access-control-allow-methods
GET, HEAD
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=31536000
timing-allow-origin
*
alt-svc
h3=":443"; ma=86400, h3=":443"; ma=86400
expires
Sun, 29 Dec 2024 15:00:37 GMT
jquery-migrate.min.js
c0.wp.com/c/6.4.2/wp-includes/js/jquery/ 		13 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://c0.wp.com/c/6.4.2/wp-includes/js/jquery/jquery-migrate.min.js
Requested by
Host: winning-wizard.com
URL: https://winning-wizard.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.77.37 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
wordpress.com
Software
nginx /
Resource Hash
5274f11e6fb32ae0cf2dfb9f8043272865c397a7c4223b4cfa7d50ea52fbde89
Security Headers
Name Value
Strict-Transport-Security max-age=15552000

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://winning-wizard.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nc
HIT hhn 2
date
Sat, 30 Dec 2023 15:00:37 GMT
content-encoding
br
strict-transport-security
max-age=15552000
last-modified
Fri, 09 Jun 2023 05:49:24 GMT
server
nginx
vary
Accept-Encoding
access-control-allow-methods
GET, HEAD
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=31536000
timing-allow-origin
*
alt-svc
h3=":443"; ma=86400, h3=":443"; ma=86400
expires
Sun, 29 Dec 2024 15:00:37 GMT
addtoany.min.js
winning-wizard.com/wp-content/plugins/add-to-any/ 		129 B
643 B 		Script
General
Check archive.org
Download Go to
Full URL
https://winning-wizard.com/wp-content/plugins/add-to-any/addtoany.min.js?ver=1.1
Requested by
Host: winning-wizard.com
URL: https://winning-wizard.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3034::6815:5fc2 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
50679e0e3933c945348a2db0cc128bb14b57a60a74fabf8cae13acc14efbb2e1
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://winning-wizard.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 30 Dec 2023 15:00:37 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
MISS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding
br
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
last-modified
Fri, 17 Nov 2023 01:49:47 GMT
server
cloudflare
etag
W/"6556c6bb-81"
x-frame-options
SAMEORIGIN
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BLH0A0C%2FJeUephPhakCShc0G%2B3KfQWQkHw5ykzjiW9gnL4wHN2VPSLJi37LfeB3Swtg2NvPv%2FyCEu6tbOqHxSUwdQUm54fCJaFGfNjM%2FGltG9fYqqxv4S8s8O%2Bf3KhORRZXso%2FcyoZq8%2F9GjkKmkWoM%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
vary
Accept-Encoding
cache-control
max-age=31536000
cf-ray
83db274649a40e0f-MXP
expires
Sun, 29 Dec 2024 15:00:38 GMT
faq-schema-ultimate-public.js
winning-wizard.com/wp-content/plugins/faq-schema-ultimate/public/js/ 		838 B
786 B 		Script
General
Check archive.org
Download Go to
Full URL
https://winning-wizard.com/wp-content/plugins/faq-schema-ultimate/public/js/faq-schema-ultimate-public.js?ver=1.0.0
Requested by
Host: winning-wizard.com
URL: https://winning-wizard.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3034::6815:5fc2 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
57a50c99a31ef4e89e86664e96f6dfbdde163a2eb96e88b3b492c49aa4be2f37
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://winning-wizard.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 30 Dec 2023 15:00:37 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
41218
content-encoding
br
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
last-modified
Tue, 28 Mar 2023 03:39:28 GMT
server
cloudflare
etag
W/"64226170-346"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/javascript
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yaU5JPkfD4BHkEVBeQmMgUvrmS6LRt3eKpGvytP6eD%2BxcCsGD0dRuCkHSjDyJx0ClFvb91WWGGSZHp1RtEi0sYjAZH5VLoMh%2Fmi6QPvYSnDUFVj17qI72PqtzqJlgQpJoT519xt5N0KGXlbuqJtkrLs%3D"}],"group":"cf-nel","max_age":604800}
cache-control
max-age=31536000
cf-ray
83db27459fbbbb09-MXP
expires
Sun, 29 Dec 2024 03:33:39 GMT
adsbygoogle.js
pagead2.googlesyndication.com/pagead/js/ 		152 KB
51 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-5514539878247004
Requested by
Host: winning-wizard.com
URL: https://winning-wizard.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e2762f6add208043c0cbbec0b35291a223c9f75f509e79e83277516076c7dc1c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://winning-wizard.com/
Origin
https://winning-wizard.com
accept-language
de-CH,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 30 Dec 2023 15:00:37 GMT
content-encoding
br
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
51940
x-xss-protection
0
server
cafe
etag
1769406353857440579
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin
*
expires
Sat, 30 Dec 2023 15:00:37 GMT
ww-removebg-preview.png
i0.wp.com/winning-wizard.com/wp-content/uploads/2023/10/ 		17 KB
17 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i0.wp.com/winning-wizard.com/wp-content/uploads/2023/10/ww-removebg-preview.png?fit=501%2C88&ssl=1
Requested by
Host: winning-wizard.com
URL: https://winning-wizard.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
i0.wp.com
Software
nginx /
Resource Hash
0ce65499ae484159bdce018ce17657672852407efe4a6f7a68fefd43fc34d755
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://winning-wizard.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 30 Dec 2023 15:00:37 GMT
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=86400
content-length
17256
x-nc
HIT hhn 2
last-modified
Mon, 25 Dec 2023 15:26:48 GMT
server
nginx
etag
"a001c1302e727253"
vary
Accept
access-control-allow-methods
GET, HEAD
content-type
image/webp
access-control-allow-origin
*
cache-control
public, max-age=63115200
timing-allow-origin
*
link
<https://winning-wizard.com/wp-content/uploads/2023/10/ww-removebg-preview.png>; rel="canonical"
expires
Thu, 25 Dec 2025 03:26:48 GMT
winning-wizard-5-1.jpg
i0.wp.com/winning-wizard.com/wp-content/uploads/2023/12/ 		14 KB
15 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i0.wp.com/winning-wizard.com/wp-content/uploads/2023/12/winning-wizard-5-1.jpg?fit=537%2C302&ssl=1
Requested by
Host: winning-wizard.com
URL: https://winning-wizard.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
i0.wp.com
Software
nginx /
Resource Hash
994398dd55d214971a39c1e3f84b05713d93dc99e63fa339118154ddc2cefd54
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://winning-wizard.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 30 Dec 2023 15:00:37 GMT
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=86400
content-length
14508
x-nc
HIT hhn 3
last-modified
Sat, 30 Dec 2023 03:33:38 GMT
server
nginx
etag
"49f4aec304d6759c"
vary
Accept
access-control-allow-methods
GET, HEAD
content-type
image/webp
access-control-allow-origin
*
cache-control
public, max-age=63115200
timing-allow-origin
*
link
<https://winning-wizard.com/wp-content/uploads/2023/12/winning-wizard-5-1.jpg>; rel="canonical"
expires
Mon, 29 Dec 2025 15:33:38 GMT
winning-wizard-4-1.jpg
i0.wp.com/winning-wizard.com/wp-content/uploads/2023/12/ 		4 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i0.wp.com/winning-wizard.com/wp-content/uploads/2023/12/winning-wizard-4-1.jpg?resize=200%2C135&ssl=1
Requested by
Host: winning-wizard.com
URL: https://winning-wizard.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
i0.wp.com
Software
nginx /
Resource Hash
30a45b94d456d148192820f4dceb3563f97670dff2309fd731996f33d2ca288a
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://winning-wizard.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 30 Dec 2023 15:00:37 GMT
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=86400
content-length
3842
x-nc
HIT hhn 2
last-modified
Sat, 30 Dec 2023 03:33:38 GMT
server
nginx
etag
"260ec53deff5d6c1"
vary
Accept
access-control-allow-methods
GET, HEAD
content-type
image/webp
access-control-allow-origin
*
cache-control
public, max-age=63115200
timing-allow-origin
*
link
<https://winning-wizard.com/wp-content/uploads/2023/12/winning-wizard-4-1.jpg>; rel="canonical"
expires
Mon, 29 Dec 2025 15:33:38 GMT
offside.min.js
winning-wizard.com/wp-content/plugins/gp-premium/menu-plus/functions/js/ 		6 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://winning-wizard.com/wp-content/plugins/gp-premium/menu-plus/functions/js/offside.min.js?ver=2.1.2
Requested by
Host: winning-wizard.com
URL: https://winning-wizard.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3034::6815:5fc2 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9ab6ba1e7e051b464b2a5855abc359ba0f4cde98edc2335e2648bbfe5a35cf38
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://winning-wizard.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 30 Dec 2023 15:00:37 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
MISS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding
br
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
last-modified
Tue, 17 Oct 2023 02:38:07 GMT
server
cloudflare
etag
W/"652df38f-1631"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/javascript
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YSzRd6E%2BmBMNCXcRc%2BXtYcW0gCqk%2FxRCYsBm0R8wsPmy5OX62aKnRsErqTzxZPd5R%2BTcr7IqxUX5q7KCpFob3ZqV4yTN6sb553GqSr4%2BEguG7vcIJi3UGp3%2B1d692VCL5xDOPjjQbbHOaMhW3C%2Fjbsw%3D"}],"group":"cf-nel","max_age":604800}
cache-control
max-age=31536000
cf-ray
83db274629430e0f-MXP
expires
Sun, 29 Dec 2024 15:00:38 GMT
image-cdn.js
winning-wizard.com/wp-content/plugins/jetpack/jetpack_vendor/automattic/jetpack-image-cdn/dist/ 		701 B
888 B 		Script
General
Check archive.org
Download Go to
Full URL
https://winning-wizard.com/wp-content/plugins/jetpack/jetpack_vendor/automattic/jetpack-image-cdn/dist/image-cdn.js?minify=false&ver=132249e245926ae3e188
Requested by
Host: winning-wizard.com
URL: https://winning-wizard.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3034::6815:5fc2 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
27dd9b075cc59cf5f3c0f6ee075f4bd113782d81ce30a4f16aac669ecfdc4fa2
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://winning-wizard.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 30 Dec 2023 15:00:37 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
MISS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding
br
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
last-modified
Sat, 23 Dec 2023 01:34:14 GMT
server
cloudflare
etag
W/"65863916-2bd"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/javascript
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Iy2icI40Fd%2Bd4tSc8ciWDsN4rd9EzUG5LflwKZ0vdJOHpg4cnC%2FZQl8UOQwejR93oRTgCZZ1v1ROR2Z%2BnsCakjQNj2ihyZGmGy7arYh7iROYQhjiSp%2FvLOO5902xHIjCfMcCTPA9EzaxZggtFj0lAvo%3D"}],"group":"cf-nel","max_age":604800}
cache-control
max-age=31536000
cf-ray
83db2746294c0e0f-MXP
expires
Sun, 29 Dec 2024 15:00:38 GMT
core.min.js
c0.wp.com/c/6.4.2/wp-includes/js/jquery/ui/ 		21 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://c0.wp.com/c/6.4.2/wp-includes/js/jquery/ui/core.min.js
Requested by
Host: winning-wizard.com
URL: https://winning-wizard.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.77.37 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
wordpress.com
Software
nginx /
Resource Hash
ca7dce2391845e8aec7da135f33fabd10f74eed28a532ac66fd01f761fcfb42f
Security Headers
Name Value
Strict-Transport-Security max-age=15552000

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://winning-wizard.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nc
HIT hhn 2
date
Sat, 30 Dec 2023 15:00:37 GMT
content-encoding
br
strict-transport-security
max-age=15552000
last-modified
Thu, 02 Feb 2023 16:36:32 GMT
server
nginx
vary
Accept-Encoding
access-control-allow-methods
GET, HEAD
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=31536000
timing-allow-origin
*
alt-svc
h3=":443"; ma=86400, h3=":443"; ma=86400
expires
Sun, 29 Dec 2024 15:00:37 GMT
accordion.min.js
c0.wp.com/c/6.4.2/wp-includes/js/jquery/ui/ 		9 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://c0.wp.com/c/6.4.2/wp-includes/js/jquery/ui/accordion.min.js
Requested by
Host: winning-wizard.com
URL: https://winning-wizard.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.77.37 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
wordpress.com
Software
nginx /
Resource Hash
3b0a04f5aa3291e26f44613add53e1bbd56a09147f6a0b390dc4c3369dd1731d
Security Headers
Name Value
Strict-Transport-Security max-age=15552000

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://winning-wizard.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nc
HIT hhn 2
date
Sat, 30 Dec 2023 15:00:37 GMT
content-encoding
br
strict-transport-security
max-age=15552000
last-modified
Thu, 02 Feb 2023 16:36:32 GMT
server
nginx
vary
Accept-Encoding
access-control-allow-methods
GET, HEAD
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=31536000
timing-allow-origin
*
alt-svc
h3=":443"; ma=86400, h3=":443"; ma=86400
expires
Sun, 29 Dec 2024 15:00:37 GMT
frontend.js
winning-wizard.com/wp-content/plugins/faq-schema-for-pages-and-posts//js/ 		188 B
679 B 		Script
General
Check archive.org
Download Go to
Full URL
https://winning-wizard.com/wp-content/plugins/faq-schema-for-pages-and-posts//js/frontend.js?ver=2.0.0
Requested by
Host: winning-wizard.com
URL: https://winning-wizard.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3034::6815:5fc2 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c59b310ca0567c17489b7a3d7affa46e41c22971abd4f007e51384c4838c0d3d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://winning-wizard.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 30 Dec 2023 15:00:38 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
MISS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding
br
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
last-modified
Sun, 19 Mar 2023 12:29:28 GMT
server
cloudflare
etag
W/"64170028-bc"
x-frame-options
SAMEORIGIN
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=T3b2mVLTcOompeRyE2uhybuSWTufbTTl86o4lupIFrXJFz5vTP3FAYba6BWnqqap7qE0OMwSpz7d5vBZyB4CdDCELOhZ%2Foo08vyHLU%2BlEWaczJOt4q1QQ6K0N7A0rVpL3Z6vOvKfDvjSYeGIZFrOrIQ%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
vary
Accept-Encoding
cache-control
max-age=31536000
cf-ray
83db2746499b0e0f-MXP
expires
Sun, 29 Dec 2024 15:00:38 GMT
smooth-scroll.min.js
winning-wizard.com/wp-content/plugins/gp-premium/general/js/ 		7 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://winning-wizard.com/wp-content/plugins/gp-premium/general/js/smooth-scroll.min.js?ver=2.1.2
Requested by
Host: winning-wizard.com
URL: https://winning-wizard.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3034::6815:5fc2 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
be764d640a7efa0022ca94a330ec3c7f38f462016f79f400d06da583be69a31e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://winning-wizard.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 30 Dec 2023 15:00:37 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
MISS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding
br
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
last-modified
Tue, 17 Oct 2023 02:38:07 GMT
server
cloudflare
etag
W/"652df38f-1ae5"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/javascript
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=eNnoURMbEer3BTbYTerD04RDRCMxBiIke28kB3AQ043awCyeBzA7Fbkyorn%2FczS58hlXu2ylCfUq6lvbxlhZ6WaSiUfILPBbMYx4xn%2F9TYFRmu%2FZMPvKYCbionbkv2YZjhPhsoXQ3JKap5G02Pw4i00%3D"}],"group":"cf-nel","max_age":604800}
cache-control
max-age=31536000
cf-ray
83db2746499d0e0f-MXP
expires
Sun, 29 Dec 2024 15:00:38 GMT
menu.min.js
winning-wizard.com/wp-content/themes/generatepress/assets/js/ 		7 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://winning-wizard.com/wp-content/themes/generatepress/assets/js/menu.min.js?ver=3.3.1
Requested by
Host: winning-wizard.com
URL: https://winning-wizard.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3034::6815:5fc2 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
174066535cb768d1715ae34808cd4e83f16f23715524bfff79db8860e8c03296
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://winning-wizard.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 30 Dec 2023 15:00:37 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
MISS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding
br
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
last-modified
Tue, 17 Oct 2023 02:37:12 GMT
server
cloudflare
etag
W/"652df358-1b3f"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/javascript
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SwwD%2B%2BwbfyMkRKQaVNh6ZqgtJOiHI8HpFLsXo7e6NN4XFDC3nXl5SON9gHtQlwalkFdMzahfGMHpH9u6w6DG3dhVO7mWMNiS4y%2FeEfx%2F8%2FxVhPLbqu%2Bzzwd%2FgQQtTuCPJ8edOzvE0ZjPueAd4gCC8mU%3D"}],"group":"cf-nel","max_age":604800}
cache-control
max-age=31536000
cf-ray
83db2746499f0e0f-MXP
expires
Sun, 29 Dec 2024 15:00:38 GMT
modal.js
winning-wizard.com/wp-content/themes/generatepress/assets/dist/ 		5 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://winning-wizard.com/wp-content/themes/generatepress/assets/dist/modal.js?ver=3.3.1
Requested by
Host: winning-wizard.com
URL: https://winning-wizard.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3034::6815:5fc2 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6f6afb4882995bfc4d4023b9567cfbec2866639de4da43a19d46838ae2b5fc5e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://winning-wizard.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 30 Dec 2023 15:00:37 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
MISS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding
br
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
last-modified
Tue, 17 Oct 2023 02:37:12 GMT
server
cloudflare
etag
W/"652df358-12e3"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/javascript
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qWK1JVFLPmueQ%2FObnpfdR6ctFGAWnvWDiSbubQVVsBqUcsWDsD%2BidTADYFJQgHQf%2FylagIDF9L5XmEKxpaS2bnSA1mMK5d8klUv1SFiXm5cY9%2Fo5Wr61gtqCwPa77Mo4X4DY5tb9%2B4uI4Tv0hRrnu3A%3D"}],"group":"cf-nel","max_age":604800}
cache-control
max-age=31536000
cf-ray
83db274649a20e0f-MXP
expires
Sun, 29 Dec 2024 15:00:38 GMT
e-202352.js
stats.wp.com/ 		7 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://stats.wp.com/e-202352.js
Requested by
Host: winning-wizard.com
URL: https://winning-wizard.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.76.3 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software
nginx /
Resource Hash
ca7752fb33cf3a98c0f29bc4eec563112025da4109a0dcc69dabf5f861751258

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://winning-wizard.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-minify-cache
hit
x-nc
HIT hhn
date
Sat, 30 Dec 2023 15:00:37 GMT
content-encoding
br
server
nginx
x-minify
t
etag
W/13576-1695421998473.3982
vary
Accept-Encoding
access-control-allow-methods
GET, HEAD
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=31536000
alt-svc
h3=":443"; ma=86400
expires
Wed, 25 Dec 2024 04:07:10 GMT
js15_as.js
s10.histats.com/ 		11 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s10.histats.com/js15_as.js
Requested by
Host: winning-wizard.com
URL: https://winning-wizard.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6814:5063 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2defe59e357a7d0683c8283ac42841db404a0884cae2eaecebf4b676e559dede

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://winning-wizard.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 30 Dec 2023 15:00:37 GMT
content-encoding
gzip
cf-cache-status
HIT
last-modified
Thu, 16 Apr 2020 10:44:16 GMT
server
cloudflare
age
28895
etag
"-375139978"
vary
Accept-Encoding
content-type
text/javascript
cache-control
max-age=28800
accept-ranges
bytes
cf-ray
83db2746ab300e29-MXP
content-length
4547
UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa1ZL7.woff2
fonts.gstatic.com/s/inter/v13/ 		46 KB
46 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/inter/v13/UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa1ZL7.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Inter%3A100%2C200%2C300%2Cregular%2C500%2C600%2C700%2C800%2C900&display=auto&ver=3.3.1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
88df0b5a7bc397dbc13a26bb8b3742cc62cd1c9b0dded57da7832416d6f52f42
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://winning-wizard.com
accept-language
de-CH,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 26 Dec 2023 08:53:58 GMT
x-content-type-options
nosniff
age
367599
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
46704
x-xss-protection
0
last-modified
Wed, 13 Sep 2023 23:49:07 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 25 Dec 2024 08:53:58 GMT
winning-wizard-3-1.jpg
i0.wp.com/winning-wizard.com/wp-content/uploads/2023/12/ 		4 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i0.wp.com/winning-wizard.com/wp-content/uploads/2023/12/winning-wizard-3-1.jpg?resize=200%2C135&ssl=1
Requested by
Host: winning-wizard.com
URL: https://winning-wizard.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
i0.wp.com
Software
nginx /
Resource Hash
2d31720ef462a4707d4cd725a798c839ebd8a74df58793e6fc5233153105541e
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://winning-wizard.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 30 Dec 2023 15:00:37 GMT
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=86400
content-length
3942
x-nc
HIT hhn 3
last-modified
Sat, 30 Dec 2023 03:33:39 GMT
server
nginx
etag
"bc6921e5f639fbdd"
vary
Accept
access-control-allow-methods
GET, HEAD
content-type
image/webp
access-control-allow-origin
*
cache-control
public, max-age=63115200
timing-allow-origin
*
link
<https://winning-wizard.com/wp-content/uploads/2023/12/winning-wizard-3-1.jpg>; rel="canonical"
expires
Mon, 29 Dec 2025 15:33:39 GMT
winning-wizard-2-4.jpg
i0.wp.com/winning-wizard.com/wp-content/uploads/2023/12/ 		4 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i0.wp.com/winning-wizard.com/wp-content/uploads/2023/12/winning-wizard-2-4.jpg?resize=200%2C135&ssl=1
Requested by
Host: winning-wizard.com
URL: https://winning-wizard.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
i0.wp.com
Software
nginx /
Resource Hash
46c9d00376aee811e48bc9788885ae924414616864272d05c86796d505ab3b7b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://winning-wizard.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 30 Dec 2023 15:00:37 GMT
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=86400
content-length
3998
x-nc
HIT hhn 2
last-modified
Sat, 30 Dec 2023 03:33:39 GMT
server
nginx
etag
"d6c4cf210b5194b5"
vary
Accept
access-control-allow-methods
GET, HEAD
content-type
image/webp
access-control-allow-origin
*
cache-control
public, max-age=63115200
timing-allow-origin
*
link
<https://winning-wizard.com/wp-content/uploads/2023/12/winning-wizard-2-4.jpg>; rel="canonical"
expires
Mon, 29 Dec 2025 15:33:39 GMT
winning-wizard-1-4.jpg
i0.wp.com/winning-wizard.com/wp-content/uploads/2023/12/ 		5 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i0.wp.com/winning-wizard.com/wp-content/uploads/2023/12/winning-wizard-1-4.jpg?resize=200%2C135&ssl=1
Requested by
Host: winning-wizard.com
URL: https://winning-wizard.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
i0.wp.com
Software
nginx /
Resource Hash
25cb3d1ddb75dffa7e8e889118ad72d814f609ab7fdd70e211f9ddc9dbf3f6c9
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://winning-wizard.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 30 Dec 2023 15:00:37 GMT
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=86400
content-length
4874
x-nc
HIT hhn 2
last-modified
Sat, 30 Dec 2023 03:33:39 GMT
server
nginx
etag
"2a6ee550daa1c03f"
vary
Accept
access-control-allow-methods
GET, HEAD
content-type
image/webp
access-control-allow-origin
*
cache-control
public, max-age=63115200
timing-allow-origin
*
link
<https://winning-wizard.com/wp-content/uploads/2023/12/winning-wizard-1-4.jpg>; rel="canonical"
expires
Mon, 29 Dec 2025 15:33:39 GMT
winning-wizard-5.jpg
i0.wp.com/winning-wizard.com/wp-content/uploads/2023/12/ 		4 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i0.wp.com/winning-wizard.com/wp-content/uploads/2023/12/winning-wizard-5.jpg?resize=200%2C135&ssl=1
Requested by
Host: winning-wizard.com
URL: https://winning-wizard.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
i0.wp.com
Software
nginx /
Resource Hash
39ba31e1beb1585a6615f1a0a2dcb18f9914ddc9cf57452e40ff69c08d4a3c5d
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://winning-wizard.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 30 Dec 2023 15:00:37 GMT
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=86400
content-length
3710
x-nc
HIT hhn 4
last-modified
Sat, 30 Dec 2023 03:33:39 GMT
server
nginx
etag
"bbe331eaaa743ebe"
vary
Accept
access-control-allow-methods
GET, HEAD
content-type
image/webp
access-control-allow-origin
*
cache-control
public, max-age=63115200
timing-allow-origin
*
link
<https://winning-wizard.com/wp-content/uploads/2023/12/winning-wizard-5.jpg>; rel="canonical"
expires
Mon, 29 Dec 2025 15:33:39 GMT
winning-wizard-2-3.jpg
i0.wp.com/winning-wizard.com/wp-content/uploads/2023/12/ 		4 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i0.wp.com/winning-wizard.com/wp-content/uploads/2023/12/winning-wizard-2-3.jpg?resize=200%2C135&ssl=1
Requested by
Host: winning-wizard.com
URL: https://winning-wizard.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
i0.wp.com
Software
nginx /
Resource Hash
9a9e82b2cbbd63c55f0bca77d770dd7f3b059b01adf97beb8b9cb5291809571c
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://winning-wizard.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 30 Dec 2023 15:00:37 GMT
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=86400
content-length
4092
x-nc
HIT hhn 2
last-modified
Sun, 24 Dec 2023 19:23:40 GMT
server
nginx
etag
"f0189077e3817e29"
vary
Accept
access-control-allow-methods
GET, HEAD
content-type
image/webp
access-control-allow-origin
*
cache-control
public, max-age=63115200
timing-allow-origin
*
link
<https://winning-wizard.com/wp-content/uploads/2023/12/winning-wizard-2-3.jpg>; rel="canonical"
expires
Wed, 24 Dec 2025 07:23:40 GMT
winning-wizard-1-3.jpg
i0.wp.com/winning-wizard.com/wp-content/uploads/2023/12/ 		4 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i0.wp.com/winning-wizard.com/wp-content/uploads/2023/12/winning-wizard-1-3.jpg?resize=200%2C135&ssl=1
Requested by
Host: winning-wizard.com
URL: https://winning-wizard.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
i0.wp.com
Software
nginx /
Resource Hash
f896bfe7bc6440e86407b482ffb91c21180379318e933146b0ed337089fa3cfe
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://winning-wizard.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 30 Dec 2023 15:00:37 GMT
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=86400
content-length
4082
x-nc
HIT hhn 2
last-modified
Sat, 30 Dec 2023 03:33:39 GMT
server
nginx
etag
"361688e42c3ec925"
vary
Accept
access-control-allow-methods
GET, HEAD
content-type
image/webp
access-control-allow-origin
*
cache-control
public, max-age=63115200
timing-allow-origin
*
link
<https://winning-wizard.com/wp-content/uploads/2023/12/winning-wizard-1-3.jpg>; rel="canonical"
expires
Mon, 29 Dec 2025 15:33:39 GMT
winning-wizard-4.jpg
i0.wp.com/winning-wizard.com/wp-content/uploads/2023/12/ 		4 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i0.wp.com/winning-wizard.com/wp-content/uploads/2023/12/winning-wizard-4.jpg?resize=200%2C135&ssl=1
Requested by
Host: winning-wizard.com
URL: https://winning-wizard.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
i0.wp.com
Software
nginx /
Resource Hash
d217d9699cc9a98be5c13b4ceeabb14ab4a0fc2b7aa821897ed54ece6f281f08
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://winning-wizard.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 30 Dec 2023 15:00:37 GMT
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=86400
content-length
4572
x-nc
HIT hhn 4
last-modified
Sat, 23 Dec 2023 19:39:55 GMT
server
nginx
etag
"eb198c87de0d374e"
vary
Accept
access-control-allow-methods
GET, HEAD
content-type
image/webp
access-control-allow-origin
*
cache-control
public, max-age=63115200
timing-allow-origin
*
link
<https://winning-wizard.com/wp-content/uploads/2023/12/winning-wizard-4.jpg>; rel="canonical"
expires
Tue, 23 Dec 2025 07:39:55 GMT
winning-wizard-2-2.jpg
i0.wp.com/winning-wizard.com/wp-content/uploads/2023/12/ 		4 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i0.wp.com/winning-wizard.com/wp-content/uploads/2023/12/winning-wizard-2-2.jpg?resize=200%2C135&ssl=1
Requested by
Host: winning-wizard.com
URL: https://winning-wizard.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
i0.wp.com
Software
nginx /
Resource Hash
496d3e15e45caf61d752327228755dcc6e666da41fffc88a5ff474ff91f84302
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://winning-wizard.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 30 Dec 2023 15:00:37 GMT
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=86400
content-length
4280
x-nc
HIT hhn 2
last-modified
Sat, 30 Dec 2023 03:33:39 GMT
server
nginx
etag
"9eccc59856d3e240"
vary
Accept
access-control-allow-methods
GET, HEAD
content-type
image/webp
access-control-allow-origin
*
cache-control
public, max-age=63115200
timing-allow-origin
*
link
<https://winning-wizard.com/wp-content/uploads/2023/12/winning-wizard-2-2.jpg>; rel="canonical"
expires
Mon, 29 Dec 2025 15:33:39 GMT
sm.24.html
static.addtoany.com/menu/ Frame 22F8 		677 B
709 B 		Document
General
Check archive.org
Download Go to
Full URL
https://static.addtoany.com/menu/sm.24.html
Requested by
Host: static.addtoany.com
URL: https://static.addtoany.com/menu/page.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:2794 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5a4192e762a449dfd6e63bee835e0941627223c9159e8219acdd01881a1ac175
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://winning-wizard.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language
de-CH,de;q=0.9

Response headers

access-control-allow-origin
*
age
203
alt-svc
h3=":443"; ma=86400
cache-control
max-age=315360000, immutable
cf-cache-status
HIT
cf-ray
83db2746c98d5a19-MXP
content-encoding
br
content-type
text/html; charset=utf-8
date
Sat, 30 Dec 2023 15:00:37 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy
strict-origin-when-cross-origin
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=abSgg0yiw4cIh1UMaIcd%2BFSeseWfb9i%2B3wLo1UrPU5NjR5Jg2LhT23zAoZQZ0uWW%2FyAJnOQ5HqitLQKgVCPDh5YRoWnu7YJyFb0sIoQLdtZrIDOrkQLIx9NYVXjgDNS7MRXmRMJO"}],"group":"cf-nel","max_age":604800}
server
cloudflare
strict-transport-security
max-age=31536000; includeSubDomains; preload
vary
Accept-Encoding
x-content-type-options
nosniff
core.0lg1QMGN.js
static.addtoany.com/menu/modules/ 		70 KB
26 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.addtoany.com/menu/modules/core.0lg1QMGN.js
Requested by
Host: static.addtoany.com
URL: https://static.addtoany.com/menu/page.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:10::ac43:2794 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c03fc7c2991c6ff541ec79af79825f54c15ab7bbea66f5a0c6635300de5e2ffd
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://winning-wizard.com/
Origin
https://winning-wizard.com
accept-language
de-CH,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 30 Dec 2023 15:00:37 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
MISS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding
br
alt-svc
h3=":443"; ma=86400
referrer-policy
strict-origin-when-cross-origin
server
cloudflare
etag
W/"f7a2848ba5154bff921586a6e44f406d"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Dw2iz%2FIpUt7BEJvO%2FnqMEqUM7V61%2FCQYFCwm9khWN5Z7uyqrqj%2Fo98NYIr0jmUInGBddQn4GAZ0axI5ZSdAvyaS818KbPtEN4SlQ2A9f%2BVLLnqBU6ixu7vpY9Gxyq2FkzhJleDHjhmybbDS93QdEku6%2F"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=315360000, immutable
cf-ray
83db27470f76bab1-MXP
0.php
s4.histats.com/stats/ 		50 B
184 B 		Script
General
Check archive.org
Download Go to
Full URL
https://s4.histats.com/stats/0.php?4806435&@f16&@g1&@h1&@i1&@j1703948437577&@k0&@l1&@mWinning%20Wizard%20-%20Info%20Bisnis%20dan%20Teknologi&@n0&@o1000&@q0&@r0&@s0&@ten-US&@u1600&@b1:-122292467&@b3:1703948438&@b4:js15_as.js&@b5:60&@a-_0.2.1&@vhttps%3A%2F%2Fwinning-wizard.com%2F&@w
Requested by
Host: s10.histats.com
URL: https://s10.histats.com/js15_as.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.39.156.32 Québec, Canada, ASN16276 (OVH, FR),
Reverse DNS
ns562579.ip-54-39-156.net
Software
/
Resource Hash
6cdb7ebf1cdae37f1843ac95a8be89e189148869b2ebd724cbfa3b0aa13b9187

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://winning-wizard.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Sat, 30 Dec 2023 15:00:37 GMT
Connection
close
Content-Length
50
Content-Type
text/html;charset=UTF-8
show_ads_impl_fy2021.js
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202312070101/ 		399 KB
135 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202312070101/show_ads_impl_fy2021.js
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-5514539878247004
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
1d1980b2ff1c1bc1d1a109f41807602e60ffb9d741dd2d20ebdf818b785b0891
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://winning-wizard.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 30 Dec 2023 15:00:37 GMT
content-encoding
br
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
137924
x-xss-protection
0
server
cafe
etag
12092095142277381491
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=1209600
timing-allow-origin
*
expires
Sat, 30 Dec 2023 15:00:37 GMT
zrt_lookup_fy2021.html
googleads.g.doubleclick.net/pagead/html/r20231207/r20190131/ Frame 5137 		9 KB
4 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/html/r20231207/r20190131/zrt_lookup_fy2021.html
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-5514539878247004
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
1fc8dfdb8f646e934bf93bc6f793604bb12c6b304c04ac509aa86cdc1a2dbbea
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://winning-wizard.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language
de-CH,de;q=0.9

Response headers

age
4259
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, max-age=1209600
content-encoding
br
content-length
4130
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Sat, 30 Dec 2023 13:49:38 GMT
etag
5585625838579639069
expires
Sat, 13 Jan 2024 13:49:38 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
ads
googleads.g.doubleclick.net/pagead/ Frame 6273 		120 KB
32 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5514539878247004&output=html&adk=1812271804&adf=3025194257&lmt=1703838992&plaf=7%3A2&plat=3%3A128%2C4%3A128%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&plas=260x1080_l%7C260x1080_r&format=0x0&url=https%3A%2F%2Fwinning-wizard.com%2F&ea=0&pra=5&wgl=1&easpi=0&asro=0&asiscm=1&aslmt=0.4&asamt=-1&asedf=0&asefa=1&aseiel=1~2~4~6&aslcwct=150&asacwct=25&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1703948437638&bpp=3&bdt=284&idt=237&shv=r20231207&mjsv=m202312070101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=131603339930&frm=20&pv=2&ga_vid=8791465.1703948438&ga_sid=1703948438&ga_hid=680330077&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C31079438%2C31080104%2C95320884&oid=2&pvsid=3836462664446130&tmod=1211932927&uas=0&nvt=1&fsapi=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=1&uci=a!1&fsb=1&dtd=251
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202312070101/show_ads_impl_fy2021.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
6cefd1c1df05558f0881180e0294a02f9e64f8770693e275d1d38bd44f5765b9
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://winning-wizard.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language
de-CH,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private
content-encoding
br
content-length
32429
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Sat, 30 Dec 2023 15:00:38 GMT
expires
Sat, 30 Dec 2023 15:00:38 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
ads
googleads.g.doubleclick.net/pagead/ Frame 78A7 		151 KB
43 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5514539878247004&output=html&h=280&slotname=8337643687&adk=1212762373&adf=854766408&pi=t.ma~as.8337643687&w=950&fwrn=4&fwrnh=100&lmt=1703838992&rafmt=1&format=950x280&url=https%3A%2F%2Fwinning-wizard.com%2F&ea=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1703948437641&bpp=1&bdt=287&idt=253&shv=r20231207&mjsv=m202312070101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=131603339930&frm=20&pv=1&ga_vid=8791465.1703948438&ga_sid=1703948438&ga_hid=680330077&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=325&ady=107&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C31079438%2C31080104%2C95320884&oid=2&pvsid=3836462664446130&tmod=1211932927&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&fsb=1&dtd=256
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202312070101/show_ads_impl_fy2021.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
807f25ea453461a27415ffee61fe87d589337c6358053fe4e7b567585b6a772c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://winning-wizard.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language
de-CH,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private
content-encoding
br
content-length
43691
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Sat, 30 Dec 2023 15:00:38 GMT
expires
Sat, 30 Dec 2023 15:00:38 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
ads
googleads.g.doubleclick.net/pagead/ Frame 3728 		39 KB
14 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5514539878247004&output=html&h=280&slotname=8337643687&adk=3925734055&adf=1310535254&pi=t.ma~as.8337643687&w=625&fwrn=4&fwrnh=100&lmt=1703838992&rafmt=1&format=625x280&url=https%3A%2F%2Fwinning-wizard.com%2F&ea=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1703948437642&bpp=1&bdt=288&idt=256&shv=r20231207&mjsv=m202312070101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C950x280&nras=1&correlator=131603339930&frm=20&pv=1&ga_vid=8791465.1703948438&ga_sid=1703948438&ga_hid=680330077&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=325&ady=982&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C31079438%2C31080104%2C95320884&oid=2&pvsid=3836462664446130&tmod=1211932927&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&fsb=1&dtd=258
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202312070101/show_ads_impl_fy2021.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
301199b5e7bb7487d6d4a72b03c332d27a01a4ae7800705114ca615e3cf8ddb2
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://winning-wizard.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language
de-CH,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private
content-encoding
br
content-length
13996
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Sat, 30 Dec 2023 15:00:38 GMT
expires
Sat, 30 Dec 2023 15:00:38 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
ads
googleads.g.doubleclick.net/pagead/ Frame 94D3 		30 KB
12 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5514539878247004&output=html&h=600&slotname=8337643687&adk=2691795975&adf=592498440&pi=t.ma~as.8337643687&w=285&fwrn=4&fwrnh=100&lmt=1703838992&rafmt=1&format=285x600&url=https%3A%2F%2Fwinning-wizard.com%2F&ea=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=4&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1703948437642&bpp=1&bdt=288&idt=266&shv=r20231207&mjsv=m202312070101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C950x280%2C625x280&nras=1&correlator=131603339930&frm=20&pv=1&ga_vid=8791465.1703948438&ga_sid=1703948438&ga_hid=680330077&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=990&ady=412&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C31079438%2C31080104%2C95320884&oid=2&pvsid=3836462664446130&tmod=1211932927&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&cms=2&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=4&uci=a!4&fsb=1&dtd=268
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202312070101/show_ads_impl_fy2021.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
936ebd4ebd4b4482b4a673ba1b4860dc8a4387577547447a0f2fd2ab5831aee8
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://winning-wizard.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language
de-CH,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private
content-encoding
br
content-length
11704
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Sat, 30 Dec 2023 15:00:38 GMT
expires
Sat, 30 Dec 2023 15:00:38 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
ads
googleads.g.doubleclick.net/pagead/ Frame C86E 		731 B
527 B 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5514539878247004&output=html&h=280&slotname=8337643687&adk=1212762373&adf=54630664&pi=t.ma~as.8337643687&w=950&fwrn=4&fwrnh=100&lmt=1703838992&rafmt=1&format=950x280&url=https%3A%2F%2Fwinning-wizard.com%2F&ea=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1703948437643&bpp=1&bdt=289&idt=269&shv=r20231207&mjsv=m202312070101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C950x280%2C625x280%2C285x600&nras=1&correlator=131603339930&frm=20&pv=1&ga_vid=8791465.1703948438&ga_sid=1703948438&ga_hid=680330077&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=325&ady=3598&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C31079438%2C31080104%2C95320884&oid=2&pvsid=3836462664446130&tmod=1211932927&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=5&uci=a!5&btvi=1&fsb=1&dtd=270
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202312070101/show_ads_impl_fy2021.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
dd2b5fc733b2ae06229f554019201594468d1e3723c9e41048e83346766d4d5a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://winning-wizard.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language
de-CH,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private
content-encoding
br
content-length
356
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Sat, 30 Dec 2023 15:00:38 GMT
expires
Sat, 30 Dec 2023 15:00:38 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
g.gif
pixel.wp.com/ 		50 B
177 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.wp.com/g.gif?v=ext&blog=208278298&post=0&tz=7&srv=winning-wizard.com&j=1%3A12.9.3&host=winning-wizard.com&ref=&fcp=838&rand=0.9573430867715287
Requested by
Host: winning-wizard.com
URL: https://winning-wizard.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.76.3 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software
nginx /
Resource Hash
f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://winning-wizard.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

access-control-allow-origin
*
date
Sat, 30 Dec 2023 15:00:38 GMT
cache-control
no-cache
server
nginx
alt-svc
h3=":443"; ma=86400
content-length
50
content-type
image/gif
wp-emoji-release.min.js
winning-wizard.com/wp-includes/js/ 		18 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://winning-wizard.com/wp-includes/js/wp-emoji-release.min.js?ver=4fd0f5bc13853fae144764d9c4a67c2c
Requested by
Host: winning-wizard.com
URL: https://winning-wizard.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3034::6815:5fc2 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4f79a89d16a5f717110fe080c0bf90b7e05ff95a4c4983f64d33110bf5f9c230
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://winning-wizard.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 30 Dec 2023 15:00:38 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
MISS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding
br
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
last-modified
Thu, 30 Mar 2023 01:59:12 GMT
server
cloudflare
etag
W/"6424ecf0-4904"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/javascript
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=E7wVwFaTy0i0tI%2Fq1Y4Y%2FEp28HfICrwC0irc%2Fkff6LJwTUpsCajwp6S1H29%2FlO1noOE0TU7luZImacfg2C%2FTxjgp%2BAXcLfBz%2FfOtoYGWKGdUpE1mdWcTIEJma8TRlPHWayK2ZF5PvtorRmtokz5PE3w%3D"}],"group":"cf-nel","max_age":604800}
cache-control
max-age=31536000
cf-ray
83db2749ae950e0f-MXP
expires
Sun, 29 Dec 2024 15:00:38 GMT
pixel
googleads.g.doubleclick.net/xbbe/ Frame 4450 		478 B
199 B 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/xbbe/pixel?d=CNbtueECEMHwhesCGM7bjNwBMAE&v=APEucNXa1ns_n01FgAlwYLG_pGPFYK8iTZs8G7Nno_I3paU3gjJJEmxg44LSLX1PProXp9Mprvxx8NRGQoNWWoLwJrihGvQySw
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5514539878247004&output=html&h=280&slotname=8337643687&adk=3925734055&adf=1310535254&pi=t.ma~as.8337643687&w=625&fwrn=4&fwrnh=100&lmt=1703838992&rafmt=1&format=625x280&url=https%3A%2F%2Fwinning-wizard.com%2F&ea=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1703948437642&bpp=1&bdt=288&idt=256&shv=r20231207&mjsv=m202312070101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C950x280&nras=1&correlator=131603339930&frm=20&pv=1&ga_vid=8791465.1703948438&ga_sid=1703948438&ga_hid=680330077&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=325&ady=982&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C31079438%2C31080104%2C95320884&oid=2&pvsid=3836462664446130&tmod=1211932927&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&fsb=1&dtd=258
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
0414d0221112224b4c926de91a6e316f9d9aba685aa8b05fd0654848d8fcdf55
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5514539878247004&output=html&h=280&slotname=8337643687&adk=3925734055&adf=1310535254&pi=t.ma~as.8337643687&w=625&fwrn=4&fwrnh=100&lmt=1703838992&rafmt=1&format=625x280&url=https%3A%2F%2Fwinning-wizard.com%2F&ea=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1703948437642&bpp=1&bdt=288&idt=256&shv=r20231207&mjsv=m202312070101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C950x280&nras=1&correlator=131603339930&frm=20&pv=1&ga_vid=8791465.1703948438&ga_sid=1703948438&ga_hid=680330077&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=325&ady=982&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C31079438%2C31080104%2C95320884&oid=2&pvsid=3836462664446130&tmod=1211932927&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&fsb=1&dtd=258
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language
de-CH,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private
content-encoding
br
content-length
175
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Sat, 30 Dec 2023 15:00:38 GMT
expires
Sat, 30 Dec 2023 15:00:38 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
dv3.js
pagead2.googlesyndication.com/pagead/js/ Frame B9B3 		89 KB
31 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/js/dv3.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5514539878247004&output=html&h=280&slotname=8337643687&adk=3925734055&adf=1310535254&pi=t.ma~as.8337643687&w=625&fwrn=4&fwrnh=100&lmt=1703838992&rafmt=1&format=625x280&url=https%3A%2F%2Fwinning-wizard.com%2F&ea=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1703948437642&bpp=1&bdt=288&idt=256&shv=r20231207&mjsv=m202312070101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C950x280&nras=1&correlator=131603339930&frm=20&pv=1&ga_vid=8791465.1703948438&ga_sid=1703948438&ga_hid=680330077&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=325&ady=982&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C31079438%2C31080104%2C95320884&oid=2&pvsid=3836462664446130&tmod=1211932927&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&fsb=1&dtd=258
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
38eb0379c855f10a0e69073af6b54582216fa37b7e2b1563a1246bbf1ef49642
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 30 Dec 2023 15:00:38 GMT
content-encoding
br
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
31485
x-xss-protection
0
server
cafe
etag
7119415641918660631
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=600
timing-allow-origin
*
expires
Sat, 30 Dec 2023 15:00:38 GMT
adj
fw.adsafeprotected.com/rjss/bgd/1293200/68276434/xbbe/creative/ Frame B9B3 		264 KB
81 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://fw.adsafeprotected.com/rjss/bgd/1293200/68276434/xbbe/creative/adj?p=APEucNWjb7k4z6ksbwr_EymUgrle98HQs0X3QvM75jUQP4EoJvSFYek&d=CokBAKAmf-ACY51Mbu46b5NBeb-3r6LuBjGvbdlXZcUa6K-f_eZZyc3hF8sBDVRlE1s4VQT4-OHaiCOVHIvu5-YuWKROcrwtDoo0qsMoc_2mGxYNaFd2KCJ8NZyoQC1oH2xuuGixArLh5haL1kcqobiYF6g5niVrVF5Ohzs1KYETo7J7Z1Cd-G_be-wSuRcAoCZ_4OWYsr6vc4NSe1ykZfcriAmSQ_S2vk65uMeLo0CVWol9fyNv3QbZjJKPDP9-BQL5Zgzy4cF3lrjoPn7sR_HGlIrNOFDTyE2gpV1Mck-Llv3ZtYhpmTFT2NiBo8KpXTRdDP_rlV_M5_xtCQpoac7d22XgJv_ZSw6FfB1mIpjUk_wnZbW6AijWZNjyEuisrUHG6C1i9GKeXeD-obm2h5jrubqZI9h6lndhK-eHmOpLs_WUtQAjnTh5nTC0GY_84e37-i1vqQVu6BUxcaLECq4WTdx0CJEYpNZLLcrxaUqkqwsAyWxuCawn_TXit-0UyRx8kabBtiFu--uT8RqyBLi1xytXTef34ImVY4iHiaydFyve_POy5fACeAkHjtLK_elvamzuLKK4f0HG_hkYqKTajRC23nDqueDQELW-D92bdjBCTKqagJVP5QkslcW2DwiHPMCKCsqMqV0saqQcU7D3z7H9EeGatuF41pZ5_Oo2PbYAoVNA0mz6tIxqfhZw2jrkkAfNj2NcKoWWr8pWVfnR8JrQ2fMHqiWpoDmWApf3_W3Z7QaoXT0b_G3S9ieMi8kj_5__S02_3geuvDKwL-etDNiQGZLbVefW_TTw3dOPWhnfadKuU02EuuuABbtkcEmxRHptXfyD5qg1xmj_9SVe65AFLuLFRSnzjHeH1LhfbPSA_mSUNVVuEnR08CckbV-DpTyhPNp0_tn7pNaYJXM8OUZ5p73A2x-0E5C_XRPgaWEx5kbjB4tRMsn2mdqwbp7_Vj8r0t7CvdQDQvRWNRBYGyijNua3ooqF3wE0VHwl2hRCGchClwQZ3BZdMyPjh6UXZtx7kJ5DV5tSwX-6QHNvO7S5j68M3PsqwxD_DYHtcVI64VV1Du9I7F_LwEQoSknY-k9io_pLRedlEF6gvvI5R4VRjHcUdsJb0qXooBiUKpvDF34q7aLzZVUgoyJDgonVW3w_VPgAGr4Mn3Ol6S3_vNUikbrulDCKDV1pA2BRFNoeTmOBDsMgXV_KqN2p7QfU3o9BYXoPrdARZoLAadKHk8PbC11EzjPy8jajabozWLdeh55kSczLjdR73p7tALEf7Sk4-2bRC7KUIl5tD25qDye2kfpBtJe3KEZVwWGftWNnVPzT3RMz7HL-vyWewq0QADu85zumcTIkDwxyh96BvL_iMlKb4wC8PSTrj-L3xpsgSTDDOpHYsx1u1uz5KVOUOm6aVLERRipYUYcRBw80KHOHkNiSoUTwCb5TVfcXu29nvL5W5Z_vSlqaLWktX7S9zY96QancvsRSzeJgWjUpModyXjZObNmCIBE6bteDcisA-6lS3oJLchUBqatzo4VbECYK4cQ1yi1iBHdE5YDle6gl28bgURvfF5ZFqnwdeDaBnXyJW8U91q4YU7jdIgaCkDN8BQL-sz5aEEi6IoBhEa-RpKrf5j3ODF6pYUPvqMeu8MuDEtGNck5CfQbSHQi97x4203TdFh1aS7Hn0wZuVCQ7ptqid5cICXUrWYh5GsixCV2_A3MVR3l93y3UKcCh1jHMNhTw2nTBfUH6Ql4N69bqMhZ8szQuSCs2bztl-IgtPc53kP0wPhvk4kWbPLSpPF3eH7y0PObojAWq7nclCJ3IGhjVktep0cS4pNvvbv591By0I4VVYrLIOnLCxPgh21aBehiZrAKzele63dLU237PC-3jOlNx6XvTjJSXXpG3Wc67kaRd-aSlpOrZhBFzSc4Cy4P3t2FvIOViP4AxnN8q530930IeiJZnVjgrGC3U63XeREerJzu_Tzw3KGxH88z208Wy_h7coXTB-jNqVRxF6_TenrfJdnQxWuTLPbPjx5PqZ9bt-NC9xbo2-ejvCLY62Fbcf78dg_pCuEgu6YNBO0_2URhHbz4F3jaxZhoAjYyJFJER7T_JD2TIPBR4WIlg6bPXe25ttCIiTR0VvWjDcf25xipEGrV8oeIKG1Hts3pgtlxzy8m8GIGPOAgKycCZZybWRh4GUAF6H7gAj09b3hxOuCfN-MhONaztvIpqsqjkFzRbj9MWqDLhoDuCC2hs1R8bjdQSts1ppBdJe98uEOh-Kwipof5abGpkBOdwCH78uvyrda1fKM7GVGTQ3qU34QFZgdDgqtOLrcuTjr8IWZxOOJ6PT0bAazT5yCiqyWyvnIdaLrl38MPe9xIu1rVglAM8uFDRdCNGh_qJpVyOJpl-gde3wIsngK5AwzF-vdjfdm2FUhp_cBfZjZoY8u2sosw2zH3bInLor7cX-j5cMfDH9OWgsfhzanL2tRfzj_rPHaEVIkYMWk8kCtq93No8PDtkT7D9bngJ__RVcXzilgkIMzUgkS3KVQdB6g_G8lNvjpw77ZY9pRe3Nmg31QbGSJ39939bjUhW6B-ncp0Ax5VTWq2h97yidaYunG-dksC5kaYR8e1VTDqaox_lajGAebmZyP5NEWwl41HzLf35wtwAI8hIgJM01qHaHEhWMts_0-RN7Rn476fkMk2xviGkO_Kkwv3ekJ3qQllqoDlxf_2Tm80I_N5fWhmcJWAancZutwMhRXqPgtZDClzdV11eeOTU73PN8pNwMZzNAYzhBlVmnW6qNdqH7qJKMpYM0TqCs6LEtPXSVAY1zL6MmtA3lZkcIgIhI8P2qkp2aq72oW0gcb73Osfta1gIbjg7bf4LZBaSWw4ZNg5rFD4caRFi7uxg0EWjjVWfSiCnLE0ays4AA2EhtHJLkyw8GFL4-wB8QKegHpoZeUZTz6yzfHPeo8ci6YbA14uhyn6_D8x-nG5piAO2X-6Kh8atF3x5Uvo6f-Q2N70go-IZIcVazCItXAhHeVTyDKHvbxAZ-nL-xV4e-OUaXvJleL4KENejq9JhWUpB8rQwDb-GWN8GwiBatAwbnIOT18qhyybJLWH9NM3fqhH8JbB3mwbFyEFeO94zk3Vvhi3df3MHfhOdsa7E5mZHNGTIWf8rkyZMOb97mKcq-M5Z8ZDRbVRc5k-4b37YnuJQmgOxh1ATl3Dk7Zz_oUSTAYayB_x2swYq7edHglEcyNj4Pjus2mer5pk1ruzkRETOr2jRtyXHPcxlr3z7J7FhGAr7G_p4U2ARyK4hJgD5kHgHYfRS-uPheBpaD2A8hK8FKZh9ey4l7XBqxRqiAuDAr8p8kJCQ4u0d6iLQJTb_zpkq4TX7RsDmWBC0_zFgQpEYCSUDdq5DFu1TZDPNSlutH1Mqn8eE0SLi5c0I47m1WAz58srga8YHV9qjQW5rnp-12tsVFpMzRz14DtezDhDQAcV7OS4FfltEe1BhcUd9EdDKgHVHrnId1I7RDI05gG4UNmJfsp-83xOe8e0QQMvwVZBMdQNpHGZw94H28IQre47BZay1RmRBu5bfSrWptuBIE-Mu6XdNha1lb3-1nmUyhxBHL3mDTaq29tipC7r7OYDNkGufeG9opWHCg-6FozHuzIzk6gukjdPZU2VKxE8-lmGa_U5jFRaUcHAXh8o0FUq7ObBuBF-FFSYEfae-DJ4aIpiHjbG0hzIzC41u3520Sx7It15ZZBDWhPVNcu-hNV6MeYScdXkvs82UsOJqV0gtr6yj_GskWitxReJkeT4B128GJZIrGtoXBv3kcGU8xTMGlHTO-PtBS8XnV20mtPsFCwAG0ccLNM0SEZbRkJnh1KOh2LMnYkL1iEomvTOUZP3gyx0ZNbHcLnhkTiKu15sW31po7RS6dLarzv9_RIFPVfb6fh1R9OYeVOUdwy0ksxVek_aLVZUr_JSYoy9Ww2C5BxqE9NvtPRBVP_QLfSReU_dcON7ys6wex6FluE_g-TvVXd328pBd3O8YqlqTDex8zm68vBXkvYTb85_wyLnvfphLj6PSxnHqxsYU-8Fo23M1di4gvZcZDs7QVCONxAS_Hc-vvrXigcEgc1y1Fj92ORCiVGq8lhxYfTdZNiIbgJOZPHCAsrwTKRuSu-D5u9WI3kW6W3CoA4LEKuvjQCn7VMvtS9QQ6NpDuocSX-L8GlQIBBJOAC8eF__R6z350mtWU7bxVE-dCiKyamors4v_2d55sscYKfnriiCrkn2lVD18Ba2V_-NHSyHnG3euLB9-li74AUJs190cej2GTX7mqxnsGAFgAQ&cry=1&bundleId=&ias_dspID=3&ias_campId=1010057126&ias_pubId=pub-5514539878247004&ias_chanId=1&ias_placementId=19343253581&bidurl=https://winning-wizard.com/&ias_dealId=&adsafe_par&ias_impId=v4~~ABAjH0iZ-WHXd5qJyEoiVKlOQcbQ
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5514539878247004&output=html&h=280&slotname=8337643687&adk=3925734055&adf=1310535254&pi=t.ma~as.8337643687&w=625&fwrn=4&fwrnh=100&lmt=1703838992&rafmt=1&format=625x280&url=https%3A%2F%2Fwinning-wizard.com%2F&ea=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1703948437642&bpp=1&bdt=288&idt=256&shv=r20231207&mjsv=m202312070101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C950x280&nras=1&correlator=131603339930&frm=20&pv=1&ga_vid=8791465.1703948438&ga_sid=1703948438&ga_hid=680330077&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=325&ady=982&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C31079438%2C31080104%2C95320884&oid=2&pvsid=3836462664446130&tmod=1211932927&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&fsb=1&dtd=258
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
63.34.161.226 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-63-34-161-226.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
4d8acaab0c6de9d52b0c6111b91ab530855a52e0f3c42efd7b6b546ec2d5f5a3

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 30 Dec 2023 15:00:38 GMT
content-encoding
gzip
vary
accept-encoding
content-type
application/javascript;charset=utf-8
access-control-allow-origin
fw.adsafeprotected.com
cache-control
no-cache
access-control-allow-credentials
true
expires
Wed, 31 Dec 1969 23:59:59 GMT
window_focus_fy2021.js
tpc.googlesyndication.com/pagead/js/r20231207/r20110914/client/ Frame B9B3 		3 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20231207/r20110914/client/window_focus_fy2021.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5514539878247004&output=html&h=280&slotname=8337643687&adk=3925734055&adf=1310535254&pi=t.ma~as.8337643687&w=625&fwrn=4&fwrnh=100&lmt=1703838992&rafmt=1&format=625x280&url=https%3A%2F%2Fwinning-wizard.com%2F&ea=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1703948437642&bpp=1&bdt=288&idt=256&shv=r20231207&mjsv=m202312070101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C950x280&nras=1&correlator=131603339930&frm=20&pv=1&ga_vid=8791465.1703948438&ga_sid=1703948438&ga_hid=680330077&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=325&ady=982&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C31079438%2C31080104%2C95320884&oid=2&pvsid=3836462664446130&tmod=1211932927&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&fsb=1&dtd=258
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 30 Dec 2023 09:53:11 GMT
content-encoding
br
x-content-type-options
nosniff
age
18447
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1236
x-xss-protection
0
server
cafe
etag
15004572836499977866
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Sat, 13 Jan 2024 09:53:11 GMT
qs_click_protection_fy2021.js
tpc.googlesyndication.com/pagead/js/r20231207/r20110914/client/ Frame B9B3 		20 KB
9 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20231207/r20110914/client/qs_click_protection_fy2021.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5514539878247004&output=html&h=280&slotname=8337643687&adk=3925734055&adf=1310535254&pi=t.ma~as.8337643687&w=625&fwrn=4&fwrnh=100&lmt=1703838992&rafmt=1&format=625x280&url=https%3A%2F%2Fwinning-wizard.com%2F&ea=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1703948437642&bpp=1&bdt=288&idt=256&shv=r20231207&mjsv=m202312070101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C950x280&nras=1&correlator=131603339930&frm=20&pv=1&ga_vid=8791465.1703948438&ga_sid=1703948438&ga_hid=680330077&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=325&ady=982&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C31079438%2C31080104%2C95320884&oid=2&pvsid=3836462664446130&tmod=1211932927&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&fsb=1&dtd=258
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
8d6679c1ce1ac8605f5c410f30d1b06713479732043b75e81130cbe21b60e579
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 30 Dec 2023 01:54:19 GMT
content-encoding
br
x-content-type-options
nosniff
age
47179
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
8571
x-xss-protection
0
server
cafe
etag
5853369240893788875
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Sat, 13 Jan 2024 01:54:19 GMT
ufs_web_display.js
www.googletagservices.com/activeview/js/current/ Frame B9B3 		203 KB
65 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5514539878247004&output=html&h=280&slotname=8337643687&adk=3925734055&adf=1310535254&pi=t.ma~as.8337643687&w=625&fwrn=4&fwrnh=100&lmt=1703838992&rafmt=1&format=625x280&url=https%3A%2F%2Fwinning-wizard.com%2F&ea=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1703948437642&bpp=1&bdt=288&idt=256&shv=r20231207&mjsv=m202312070101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C950x280&nras=1&correlator=131603339930&frm=20&pv=1&ga_vid=8791465.1703948438&ga_sid=1703948438&ga_hid=680330077&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=325&ady=982&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C31079438%2C31080104%2C95320884&oid=2&pvsid=3836462664446130&tmod=1211932927&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&fsb=1&dtd=258
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
566012676f5d43acfea4dc0bc5d9bb2c0805d8775fcdd081b1c895310956829a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 30 Dec 2023 15:00:38 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
65731
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="active-view-scs-read-write-acl"
etag
"1702472459035717"
vary
Accept-Encoding
report-to
{"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
timing-allow-origin
*
expires
Sat, 30 Dec 2023 15:00:38 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame B9B3 		42 B
63 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-CgS7VcANQ0nFvcaieBGVTdiW2DW6FfsZE_kCGlCxAPOKpULY_FhlSnKKB6hnDSxfFj8I3SsUaoum9PR9FQR9rXk9nIcFEaKOPMsJgKW4j3vzhbelI
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5514539878247004&output=html&h=280&slotname=8337643687&adk=3925734055&adf=1310535254&pi=t.ma~as.8337643687&w=625&fwrn=4&fwrnh=100&lmt=1703838992&rafmt=1&format=625x280&url=https%3A%2F%2Fwinning-wizard.com%2F&ea=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1703948437642&bpp=1&bdt=288&idt=256&shv=r20231207&mjsv=m202312070101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C950x280&nras=1&correlator=131603339930&frm=20&pv=1&ga_vid=8791465.1703948438&ga_sid=1703948438&ga_hid=680330077&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=325&ady=982&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C31079438%2C31080104%2C95320884&oid=2&pvsid=3836462664446130&tmod=1211932927&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&fsb=1&dtd=258
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 30 Dec 2023 15:00:38 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
pixel
googleads.g.doubleclick.net/xbbe/ Frame 75EB 		478 B
199 B 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/xbbe/pixel?d=CI7aIRDx3jgY3pbHgQIwAQ&v=APEucNVZT1xfpzUssAzuu7eWC4dsikQXvR26rbFWO_iKOlquCMR6HDfaHCsn8dvK5sNzS697zQkD_DY5lxmi5jFkflwP6tpZfg
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5514539878247004&output=html&h=600&slotname=8337643687&adk=2691795975&adf=592498440&pi=t.ma~as.8337643687&w=285&fwrn=4&fwrnh=100&lmt=1703838992&rafmt=1&format=285x600&url=https%3A%2F%2Fwinning-wizard.com%2F&ea=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=4&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1703948437642&bpp=1&bdt=288&idt=266&shv=r20231207&mjsv=m202312070101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C950x280%2C625x280&nras=1&correlator=131603339930&frm=20&pv=1&ga_vid=8791465.1703948438&ga_sid=1703948438&ga_hid=680330077&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=990&ady=412&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C31079438%2C31080104%2C95320884&oid=2&pvsid=3836462664446130&tmod=1211932927&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&cms=2&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=4&uci=a!4&fsb=1&dtd=268
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
0414d0221112224b4c926de91a6e316f9d9aba685aa8b05fd0654848d8fcdf55
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5514539878247004&output=html&h=600&slotname=8337643687&adk=2691795975&adf=592498440&pi=t.ma~as.8337643687&w=285&fwrn=4&fwrnh=100&lmt=1703838992&rafmt=1&format=285x600&url=https%3A%2F%2Fwinning-wizard.com%2F&ea=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=4&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1703948437642&bpp=1&bdt=288&idt=266&shv=r20231207&mjsv=m202312070101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C950x280%2C625x280&nras=1&correlator=131603339930&frm=20&pv=1&ga_vid=8791465.1703948438&ga_sid=1703948438&ga_hid=680330077&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=990&ady=412&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C31079438%2C31080104%2C95320884&oid=2&pvsid=3836462664446130&tmod=1211932927&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&cms=2&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=4&uci=a!4&fsb=1&dtd=268
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language
de-CH,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private
content-encoding
br
content-length
175
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Sat, 30 Dec 2023 15:00:38 GMT
expires
Sat, 30 Dec 2023 15:00:38 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
dv3.js
pagead2.googlesyndication.com/pagead/js/ Frame 9DBA 		89 KB
31 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/js/dv3.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5514539878247004&output=html&h=600&slotname=8337643687&adk=2691795975&adf=592498440&pi=t.ma~as.8337643687&w=285&fwrn=4&fwrnh=100&lmt=1703838992&rafmt=1&format=285x600&url=https%3A%2F%2Fwinning-wizard.com%2F&ea=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=4&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1703948437642&bpp=1&bdt=288&idt=266&shv=r20231207&mjsv=m202312070101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C950x280%2C625x280&nras=1&correlator=131603339930&frm=20&pv=1&ga_vid=8791465.1703948438&ga_sid=1703948438&ga_hid=680330077&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=990&ady=412&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C31079438%2C31080104%2C95320884&oid=2&pvsid=3836462664446130&tmod=1211932927&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&cms=2&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=4&uci=a!4&fsb=1&dtd=268
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
38eb0379c855f10a0e69073af6b54582216fa37b7e2b1563a1246bbf1ef49642
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 30 Dec 2023 15:00:38 GMT
content-encoding
br
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
31485
x-xss-protection
0
server
cafe
etag
7119415641918660631
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=600
timing-allow-origin
*
expires
Sat, 30 Dec 2023 15:00:38 GMT
/
track.adform.net/adfscript/ Frame 9DBA 		2 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://track.adform.net/adfscript/?bn=70207642;gdpr=;gdpr_consent=;click=https://googleads.g.doubleclick.net/dbm/clk?sa=L&ai=C2hbkljCQZeH9BJrM7OsP-7em-Aa21oi7dPnW3e2_EvfSor3AARABIIjL9WVg9YWAgPwDyAEJqQIMniV5jPCzPqgDAcgDmwSqBKMCT9AjWEMNZVDFJirdhvE512aQo83TFNtqJxPdDlo4n7sBoa_CELdd1Z1aw6ksRFiuPoe_3VaLV4IClyLukOCdWc0HiCJNY1wuVflmfR6tDLLtfYLXzpCB-xyuMp0PePPkvYdM9m5MpqrNSAiCm0qxvMgsBOQuXmvoAZ-sYVCWS5bUc5RpQ1kr7lP_bNHQS9rYFitUdNojqqGKDHtUF5Xr7Q7dmWkqvqnz6SEhtkkrezeM3_clLIZT9fwXx9O4NsJNo0KA5eXpYycGrB3vDkDucUln2qKW8BoJ4OxPoGsWQgrMf4SV9BiDpoUtDqPMIDyP-Dh-reOc1ueT6xGStNA3JPlEVk-OKXW0zny8ZycI2xFOpVPowGKq9_72BFd4-djiuf02wASZ-eK4wgTgBAOIBdm28LhNkAYBoAZNgAeNgO9BqAfZtrECqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIHwiAYRABGB8yAooCOgSAQIBASL39wTpY767vyra3gwOACgGYCwHICwGADAGiDBAqDgoM5LSxAu61sQK1uLECqg0CQ0iwE5ntjRbIE4zJ-OMD2BMK2BQB0BUB-BYBgBcB6BcF&ae=1&num=1&cid=CAQSTgAvHhf_KX8M4q8RcZSge-n7HuKw9WxtyKduCWxfIN2rOJDW4sW2niQpWTh1XtlX0WI-VPErNvJ3liRZu-ml-QFnWRL6lsaoWLW1crSMbxgB&sig=AOD64_1Ah4Aq_brEldjf6Dcu8MiOz2KVvw&client=ca-pub-5514539878247004&dbm_c=AKAmf-C744wQ6TfEbM97bBiOo9OjLVn0H40IGKAAPEnRr0fw2cihFP4tR08LinsGJfgLyOX8cMjWKLdUTW5Gb4PqozxujcxWgs0aVaaAoa2T3KAcMriQwN0OLqmb8Z4-2hhb1iG9VituM4UaefSy--iVqf9E0gt7edaujgy6x-dnyxUeVz2kHDw&cry=1&dbm_d=AKAmf-Ct7dRR0nJDL1ucBICXUN30yNPQL4Ngo8TihdPj34LuZTZNxEmtWB0ltm03ZsSBezq0lAlKB7zJivYoTuFFWBwiHuPvtc0yDYbCVXAJlYWi83SMYteLt-ULDHo9POJ8UvjBOM5qoIjwi33omemTKjqmzv8ZjufYL6jamC6Ep7Ck-ZCwXt9XFRYBna5qfaHS1fXkL6ZmjOrqpTPztocDHKKyzZ60WAqjcfZd-DHE9UA7k4vCSqeUZdAIfuKZj62g9RU-DHnjTAvISMm4EeHtAZeczOTjlVmqNYkFhVG4B0EzogObRRqgkylwO-sdAUVE6z4VxhbK5jq1ugl3Ozd41RXF9NJeh698UQIScmGu2PcoNBKc834hjk2EthMrE5M1G3eCgn_9pjEKM97DwPWMdDGgiWtRpUtgSXCyCM7k9SUZYTU76qJpjLW3-5bEDorZjBp7GMHdB_NFLw4Pr4Ee8g3NFov9Tan5OQuKb5Rx4ocER5lgTGtmXh4-vK3TWnoLkJywEkL2dCW2DVHNP1Jlglg6RdFcsFTH8yW1I0LUd0oIhHSG_hc&adurl=
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5514539878247004&output=html&h=600&slotname=8337643687&adk=2691795975&adf=592498440&pi=t.ma~as.8337643687&w=285&fwrn=4&fwrnh=100&lmt=1703838992&rafmt=1&format=285x600&url=https%3A%2F%2Fwinning-wizard.com%2F&ea=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=4&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1703948437642&bpp=1&bdt=288&idt=266&shv=r20231207&mjsv=m202312070101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C950x280%2C625x280&nras=1&correlator=131603339930&frm=20&pv=1&ga_vid=8791465.1703948438&ga_sid=1703948438&ga_hid=680330077&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=990&ady=412&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C31079438%2C31080104%2C95320884&oid=2&pvsid=3836462664446130&tmod=1211932927&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&cms=2&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=4&uci=a!4&fsb=1&dtd=268
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.157.6.237 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software
nginx /
Resource Hash
1d2956d83bf9a27cb56e6459a9d083aa07caf5e98ec8a7d782e5c74a204d2635
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 30 Dec 2023 15:00:38 GMT
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubDomains
server
nginx
accept-ch
Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
vary
Accept-Encoding
content-type
text/javascript; charset=utf-8
access-control-allow-origin
*
p3p
CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
cache-control
no-cache, no-store, must-revalidate, no-transform
content-length
2404
expires
-1
window_focus_fy2021.js
tpc.googlesyndication.com/pagead/js/r20231207/r20110914/client/ Frame 9DBA 		3 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20231207/r20110914/client/window_focus_fy2021.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5514539878247004&output=html&h=600&slotname=8337643687&adk=2691795975&adf=592498440&pi=t.ma~as.8337643687&w=285&fwrn=4&fwrnh=100&lmt=1703838992&rafmt=1&format=285x600&url=https%3A%2F%2Fwinning-wizard.com%2F&ea=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=4&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1703948437642&bpp=1&bdt=288&idt=266&shv=r20231207&mjsv=m202312070101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C950x280%2C625x280&nras=1&correlator=131603339930&frm=20&pv=1&ga_vid=8791465.1703948438&ga_sid=1703948438&ga_hid=680330077&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=990&ady=412&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C31079438%2C31080104%2C95320884&oid=2&pvsid=3836462664446130&tmod=1211932927&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&cms=2&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=4&uci=a!4&fsb=1&dtd=268
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 30 Dec 2023 09:53:11 GMT
content-encoding
br
x-content-type-options
nosniff
age
18447
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1236
x-xss-protection
0
server
cafe
etag
15004572836499977866
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Sat, 13 Jan 2024 09:53:11 GMT
qs_click_protection_fy2021.js
tpc.googlesyndication.com/pagead/js/r20231207/r20110914/client/ Frame 9DBA 		20 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20231207/r20110914/client/qs_click_protection_fy2021.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5514539878247004&output=html&h=600&slotname=8337643687&adk=2691795975&adf=592498440&pi=t.ma~as.8337643687&w=285&fwrn=4&fwrnh=100&lmt=1703838992&rafmt=1&format=285x600&url=https%3A%2F%2Fwinning-wizard.com%2F&ea=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=4&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1703948437642&bpp=1&bdt=288&idt=266&shv=r20231207&mjsv=m202312070101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C950x280%2C625x280&nras=1&correlator=131603339930&frm=20&pv=1&ga_vid=8791465.1703948438&ga_sid=1703948438&ga_hid=680330077&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=990&ady=412&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C31079438%2C31080104%2C95320884&oid=2&pvsid=3836462664446130&tmod=1211932927&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&cms=2&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=4&uci=a!4&fsb=1&dtd=268
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
8d6679c1ce1ac8605f5c410f30d1b06713479732043b75e81130cbe21b60e579
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 30 Dec 2023 01:54:19 GMT
content-encoding
br
x-content-type-options
nosniff
age
47179
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
8571
x-xss-protection
0
server
cafe
etag
5853369240893788875
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Sat, 13 Jan 2024 01:54:19 GMT
ufs_web_display.js
www.googletagservices.com/activeview/js/current/ Frame 9DBA 		203 KB
64 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5514539878247004&output=html&h=600&slotname=8337643687&adk=2691795975&adf=592498440&pi=t.ma~as.8337643687&w=285&fwrn=4&fwrnh=100&lmt=1703838992&rafmt=1&format=285x600&url=https%3A%2F%2Fwinning-wizard.com%2F&ea=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=4&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1703948437642&bpp=1&bdt=288&idt=266&shv=r20231207&mjsv=m202312070101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C950x280%2C625x280&nras=1&correlator=131603339930&frm=20&pv=1&ga_vid=8791465.1703948438&ga_sid=1703948438&ga_hid=680330077&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=990&ady=412&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C31079438%2C31080104%2C95320884&oid=2&pvsid=3836462664446130&tmod=1211932927&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&cms=2&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=4&uci=a!4&fsb=1&dtd=268
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
566012676f5d43acfea4dc0bc5d9bb2c0805d8775fcdd081b1c895310956829a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 30 Dec 2023 15:00:38 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
65731
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="active-view-scs-read-write-acl"
etag
"1702472459035717"
vary
Accept-Encoding
report-to
{"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
timing-allow-origin
*
expires
Sat, 30 Dec 2023 15:00:38 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame 9DBA 		42 B
63 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-BUjVboCNVlHuUNiA332VQIoqtKiYkWZX2ivbb1KDAoENUs3sZ_KPkL-I1L3ov2g0js12XAVi6K0pa-HVBaPv03b5PfDtTV0EIU15DSrvbImj84mRk
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5514539878247004&output=html&h=600&slotname=8337643687&adk=2691795975&adf=592498440&pi=t.ma~as.8337643687&w=285&fwrn=4&fwrnh=100&lmt=1703838992&rafmt=1&format=285x600&url=https%3A%2F%2Fwinning-wizard.com%2F&ea=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=4&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1703948437642&bpp=1&bdt=288&idt=266&shv=r20231207&mjsv=m202312070101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C950x280%2C625x280&nras=1&correlator=131603339930&frm=20&pv=1&ga_vid=8791465.1703948438&ga_sid=1703948438&ga_hid=680330077&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=990&ady=412&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C31079438%2C31080104%2C95320884&oid=2&pvsid=3836462664446130&tmod=1211932927&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&cms=2&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=4&uci=a!4&fsb=1&dtd=268
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 30 Dec 2023 15:00:38 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
pixel
cm.g.doubleclick.net/ Frame 4450 		170 B
243 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=adscale&google_cm&google_dbm
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CNbtueECEMHwhesCGM7bjNwBMAE&v=APEucNXa1ns_n01FgAlwYLG_pGPFYK8iTZs8G7Nno_I3paU3gjJJEmxg44LSLX1PProXp9Mprvxx8NRGQoNWWoLwJrihGvQySw
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.184.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s11-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 30 Dec 2023 15:00:38 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
rum
dsum-sec.casalemedia.com/ Frame 4450
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEK9zsRePNZBF8YFh0QiI4rU&google_cver=1
43 B
335 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEK9zsRePNZBF8YFh0QiI4rU&google_cver=1
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CNbtueECEMHwhesCGM7bjNwBMAE&v=APEucNXa1ns_n01FgAlwYLG_pGPFYK8iTZs8G7Nno_I3paU3gjJJEmxg44LSLX1PProXp9Mprvxx8NRGQoNWWoLwJrihGvQySw
Protocol
H2
Server
104.18.36.155 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 30 Dec 2023 15:00:38 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BeSCLcCj38rDl8ny7eY%2FpgagrQots9w9fkD3Em4V7IH6rQT%2BjeQ6DxDDZf9cwpQG4trVTRtOJ1lbtfM8t8INy9fetvg4p1qpCz5Atcyd6eGIUVgqYW8IkoWESUX7t6M0lu0D%2FwLda38yQA%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type
image/gif
cache-control
no-cache
cf-ray
83db274e0c342397-ZRH
alt-svc
h3=":443"; ma=86400
content-length
43
expires
0

Redirect headers

pragma
no-cache
date
Sat, 30 Dec 2023 15:00:38 GMT
server
HTTP server (unknown)
content-type
text/html; charset=UTF-8
location
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEK9zsRePNZBF8YFh0QiI4rU&google_cver=1
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
313
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
rum
dsum-sec.casalemedia.com/ Frame 4450
Redirect Chain
  • https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
  • https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZZAwllHC-kvLSQ1bpil8dAAA
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEMkSBXC97USd_ffPdwhAwEk&google_cver=1
43 B
766 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEMkSBXC97USd_ffPdwhAwEk&google_cver=1
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CNbtueECEMHwhesCGM7bjNwBMAE&v=APEucNXa1ns_n01FgAlwYLG_pGPFYK8iTZs8G7Nno_I3paU3gjJJEmxg44LSLX1PProXp9Mprvxx8NRGQoNWWoLwJrihGvQySw
Protocol
H3
Server
104.18.36.155 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 30 Dec 2023 15:00:38 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=p6pDSHnfFYDLTe49okxSZKX%2F6sMN9hp3iYHJleamHJDVnZCr%2BJLD35I1aYbg22q1CsLPV024Sfog7xfhYCd54HxerJVc573ow31wq4dQA4WddiXndw34OQFkWFBE83kuqsltw4T%2BJ0q0rg%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type
image/gif
cache-control
no-cache
cf-ray
83db274e8e3e24c6-ZRH
alt-svc
h3=":443"; ma=86400
content-length
43
expires
0

Redirect headers

pragma
no-cache
date
Sat, 30 Dec 2023 15:00:38 GMT
server
HTTP server (unknown)
content-type
text/html; charset=UTF-8
location
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEMkSBXC97USd_ffPdwhAwEk&google_cver=1
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
313
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
pixel
cm.g.doubleclick.net/ Frame 75EB 		170 B
232 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=adscale&google_cm&google_dbm
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CI7aIRDx3jgY3pbHgQIwAQ&v=APEucNVZT1xfpzUssAzuu7eWC4dsikQXvR26rbFWO_iKOlquCMR6HDfaHCsn8dvK5sNzS697zQkD_DY5lxmi5jFkflwP6tpZfg
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.184.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s11-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 30 Dec 2023 15:00:38 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
rum
dsum-sec.casalemedia.com/ Frame 75EB
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEMkSBXC97USd_ffPdwhAwEk&google_cver=1
43 B
329 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEMkSBXC97USd_ffPdwhAwEk&google_cver=1
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CI7aIRDx3jgY3pbHgQIwAQ&v=APEucNVZT1xfpzUssAzuu7eWC4dsikQXvR26rbFWO_iKOlquCMR6HDfaHCsn8dvK5sNzS697zQkD_DY5lxmi5jFkflwP6tpZfg
Protocol
H2
Server
104.18.36.155 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 30 Dec 2023 15:00:38 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jXiRRQaFaPw7a5FKyK0VdUQiuBpPac05oOYTjsVJ4uSRWhDMgtlsKC%2BXXyMsxw%2Fh80GIdMlu5GvcjUkhDhCwgp1ofrdVK4w6OMpkrIMq6ofvKZdJPnPsO4%2B%2BNZ7XA1w3iTeiopNKZMjQ%2Bg%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type
image/gif
cache-control
no-cache
cf-ray
83db274e0c362397-ZRH
alt-svc
h3=":443"; ma=86400
content-length
43
expires
0

Redirect headers

pragma
no-cache
date
Sat, 30 Dec 2023 15:00:38 GMT
server
HTTP server (unknown)
content-type
text/html; charset=UTF-8
location
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEMkSBXC97USd_ffPdwhAwEk&google_cver=1
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
313
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
rum
dsum-sec.casalemedia.com/ Frame 75EB
Redirect Chain
  • https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
  • https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZZAwllHC-kvLSQ1bpil8dAAA
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEMkSBXC97USd_ffPdwhAwEk&google_cver=1
43 B
820 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEMkSBXC97USd_ffPdwhAwEk&google_cver=1
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CI7aIRDx3jgY3pbHgQIwAQ&v=APEucNVZT1xfpzUssAzuu7eWC4dsikQXvR26rbFWO_iKOlquCMR6HDfaHCsn8dvK5sNzS697zQkD_DY5lxmi5jFkflwP6tpZfg
Protocol
H3
Server
104.18.36.155 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 30 Dec 2023 15:00:38 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9U3V2W6JP698MEoabnIB8phAMMUbbHZcSoyGTRVDhaVGxodmggc8wVpgYDn1JFWcoEbHNutkSss9zmRtVAZ7rCwwUr7XLmdDKm5kHo7JPxMZq8EBRfeFLUVy48y2ybp2M%2Bz0dVoHlMGp4w%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type
image/gif
cache-control
no-cache
cf-ray
83db274e8e3b24c6-ZRH
alt-svc
h3=":443"; ma=86400
content-length
43
expires
0

Redirect headers

pragma
no-cache
date
Sat, 30 Dec 2023 15:00:38 GMT
server
HTTP server (unknown)
content-type
text/html; charset=UTF-8
location
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEMkSBXC97USd_ffPdwhAwEk&google_cver=1
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
313
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame B9B3 		0
20 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=9202124858556&version=m202309260101
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 30 Dec 2023 15:00:38 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame B9B3 		0
20 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=9202124858556&version=m202309260101&ct=76&x=1&cor=16226502418888030000
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 30 Dec 2023 15:00:38 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ad
googleads.g.doubleclick.net/dbm/ Frame B9B3 		16 KB
12 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-BTVSfg_BR6ZzaxAmYaAvcYGONwTqFYMu7Lt7z4XDR4MKGbxn2KQINF6rYwuyIiiJJr0RzOBbDVB0QJF-Ugh9Dc1wdtLTwlMK9Pz-2pFEw1Pbmfrqzrfug_2ceHM3hEnRl3IDopGAqj3lBN9p4ZU_KGTPthASRWqS2OEmWxeceOYOAICkU&cry=1&dbm_d=AKAmf-AnvNoGB1OZIrtGNzFX6c_U7z-_WCyCQ5o2FFHLfJMGNm9zDEcOTdJfHWwIZREYouoatGlC4bPhFQ6fqQHKHmec7ssoHeyDcFnO14pNL6nRt7l1j78D1WX3Tw7GLdyLCf3yuZACLRIW1NCS2DksDstQWob74dGVFeIaEwGWB_4DFiLnoXcBmLbFvA0YGL8qUAaVtMs_q9I4poXyStvjaVocmzZMIrXltK9FmHDBSOWk74VSGHq1is6Uc4dd2bYR8r8-i3tNgA3GRHzWxvEJgwl-F_7u1IG7gKp5buHj7atigeBU0ghPGB2cWzHfQsGyBktftT5BgvSsoVfun9go9lFPWAolhy2RaHkSGSL4l0nzHPAllF_isESUeFtlvwV_QTLe5qixVgAmSptVYcDfVwz84VCi6EiE_9yalD1BjbljbpBA36wQ3KvvW1mSBJ_X9nkq3l1A5qx9rRYuxZzrjfJWxcyag6oYo4_t3i_I3u9iwa33fDudfoaHw7IT9SygyC5C76sIb9-EidHx6-0aimc4sPvuGnGqXXFpB_twGFFAg7liQqmWK9BSHvvSh_jGxZ3rn8NZ0f7rIB0RJ_VlpUdsox8GYVkfLS1RdJLgIiP-C872OO7ejM68nqkMRgSRuq9GXDiwMXRuimkvIEcMksJBUXriJgH-qNONl3QrcDLsujcWuIxB9LFcYoHbtqGKVTHHY8fHd5C3WeVCXVf-j_eMAMt6I1Z_pQ3x-S98W6LxuLbmakV7XFHQI9_hvqxBW3JkiFGW3yVYiYaDvEMYROKEQdPItF4NYXyQb5OTjMTOt5yQU0XfMIkJyf9PMZMkNRXJbfuLOibnVouujPqiTgiBrZfAzjf16X_CPWU2sFwffCr3dNfBMjXlkQxJpbobjW4Q58QPeP9toAY-MsxNEehrOWP0pAho_sprCRMOaoYyZ3QNWeSSw_Gh7OBO9Bcnyk3-Hv1SbvqCmWHTVO8E9ItsQjj5_4-eYzXApuz453tNQ6v1cSlSB8uJvaLLz7QqQjkYtKroCzvInDQ6ZdnCqlpIOO9bToAdMD0iDkljThQAtW7WkvMwKrojKe9qWd0KQmjHFPsP2EqnQUI3sYaqLMwchsu_HGuaoMzlStP5Zt4KmvQW-tjlzWv_CK0beYlHI_iblCvtL-CasiUAEBTdpKbyaF00HbSwI3sABg87hWyrxTw2CaUDrToI0qYaVxTBbhAttKP2Ld0B2oHO-3mBd1zWhWdws0XyYX9MsLQD2tGNBft8y9u0XQHcdE8pHBtsF5LNk4bsgLYE5n_nSod0keA-zKDWQpx5LhBU9jM4-cdXJK7v4XIwbLD3lk5orUQOKa6ZjtgjRsrWxHL2bJU_x7Hl3RgIxTE9MwFS5UjOwx3OWKz0NLDuDtKWsSJxQlHvgOEQw2XwDXJIBM6ndVAYfIiBfIew5XX4jVZXZMMp1-hsaqVuFvrX8A6S3RKLfmD4DWgiYKJFB93889bI9vHXXqBc1keNvEyPLxtQnSAvfkB74Tkk4kLoyHrnKODlPqDTxYNY3eejNeLry2PPEyga0l5hQLMdxnyHAI2J06vVnfs6piXO07wx_cgTeAhvOpYaeUfiqykLLBASBybJXOlwDUmXj-aQniQ45I86TRnDNweWe1TKCGILWzDReJ70hMzSyGqFleWQPiSX71qpQ3O2HpxLml6fQRgnsA1KiYNZxPZGdgqAvpeIIl2ikb46tNTP6xw2HawDoSPDOwi4sz6fgXGrCHrDBrZZRa6PIcJptmlb6a3EfC9cgsVVzWGmzqRaZBm9dl5mtzP8dfKTlEKUcki9ICPKBbtO9CVtVebmx1qqdCMsp6Aq10SCDCB-xJeTa4RVlGjcEKm1BFn8E4Opw_ly2sw8g46tgh-K0gWQqz0IHrmTaaToQQR2um2eV3bd9Pn4HSQfNG4BFoy2iznB7YAmwvgXrfxM4X4AOBBBdh7KRKKGK2g41rVSxbzxfOinBSbMzG1t5T52LXIhMRxUk3mSeil-RYbX6bOwWLMimHGX6Kp8K_q2LZISRlmE8glGJsfMGxDO-Jp_CqQ697Tf03I4-u8Clkk6SjysEgBqKWmaVM1YVLO5wk3r-u35KlMNdBrPDEE5mAnRkvOc9ZFNIYkR1B6Bdw_yzwGfHQ1Zzg3bXTwxhYSDUNASZUn7DSQlC-D4hmGnONxuh1ive4lRJmCwIYG-xLmICdlCcgmSHo71gxS2RxhOhzWIaYP9kFp7Uf86_ZtOdYUX4JMo9_mgT7--zYTRY_sVaY1s4lYAYDuj7fnS45TwN6nVJVTO7tAoD7r_CpoK-JSxLVhfiZUfTtUZJYPdrfbSbR4MJFCAR4iYOG9QceEWrUC4MZ7gsTDb89EfkOKqi-9IuyfiRTinzsi9tFNR9QXrPTx_1aBREJtaW9T5WR3_0b2ciSyRaAYw1xAa4rdKKot-Mmb5bm1InYzLxjtT8EMnc3tC6r0irGeTVoTcpZ23Ud6zWGl5tpRW480wzmH9InMFW0uD77Sw1P2BoAZRaEKu7aHVumfUpSCoyopczSokPTcyDZ0ZT5Xz7sWcXwU2V_HwqpdFlodCQlcJYjqY6QkfJslM2HDb9BVBS7V3ckOjKV1h8AAjtyFNUy9fXWasoqteX6tHnoZkchGhuDvbFltVzT2KACJ21yxqgjzoLlPQ-gfZpuZfy6joog1ExtSvj_WwNbjTZJ_RWyoLsCnqLRe5y8ZtKZ2sqK_Xe8mQkoiaBvMH6L1-4OrxLxdA_oyaUFMmErcC6MO57Glk9IoFDq_cXPe2gmL43Xd1sLQ5AR0amr_uJxHoZer90UMxilezjZlaaJjMY3nSFXNcfPiWkz0H9uB9Sg6y1L87I7M-DbOw8t38gds3NTKBa7PMJLkHGCZ_X4Uitr9CxNyXOY80Ne17NfCgORPDp4r_yc6XAsFDrYcMuWwgAkfnXjfqwyIKEeErcWvsFVyRBn_iMuvIzfGdR2BUzbek1pYO__YXsTBivsygvnXlQRGPvOfjvMvj3fzGtQZjnP-4rk-iWRUpU97rDmcQyRzyQOUGzTpZL_nD9cuf_sHyQejhA-xqXBOc4jdxbW6mRkXjN3r2htfGVl8xLhSHfrQe4grksyTqzx6Zv85hsl0oAp43eA-YzqVS9Ac71MhjQ1CuRe3O-onMZ9VD13D3TfyQNkxrfwoVHc3XTmwhKyFK3iNzvLz59lkTNOZt51ZKgS1ZFA5ds1GLD9HL-y8dKgmOOGX7DhlunyUDnNUkmanjMtZcVfNaHOthJeW-HWlToHTjGQGGk6dAUjs7Fv52Wt-byoZxTE3IU8Y&cid=CAQSTgAvHhf_0es9-dJrVlO28VRPnQoismpqK7OL_9neebLHGCn564ogq5J9pVQ9fAWtlf_jR0sh5xt3riwffpYu-AFCbNfdHHo9hk1-5qsZ7BgB&dv3_ver=m202309260101&rfl=https%3A%2F%2Fwinning-wizard.com%2F&ds=l&xdt=1&iif=1&cor=16226502418888030000&adk=1761367584&idt=153&cac=0&dtd=7
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
36b8ecf8a419d5c862e6f43ed4ca15178bec2ea9e51865b8b4298a0cb3480e75
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5514539878247004&output=html&h=280&slotname=8337643687&adk=3925734055&adf=1310535254&pi=t.ma~as.8337643687&w=625&fwrn=4&fwrnh=100&lmt=1703838992&rafmt=1&format=625x280&url=https%3A%2F%2Fwinning-wizard.com%2F&ea=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1703948437642&bpp=1&bdt=288&idt=256&shv=r20231207&mjsv=m202312070101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C950x280&nras=1&correlator=131603339930&frm=20&pv=1&ga_vid=8791465.1703948438&ga_sid=1703948438&ga_hid=680330077&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=325&ady=982&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C31079438%2C31080104%2C95320884&oid=2&pvsid=3836462664446130&tmod=1211932927&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&fsb=1&dtd=258
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 30 Dec 2023 15:00:38 GMT
content-encoding
br
x-content-type-options
nosniff
server
cafe
content-type
text/javascript; charset=UTF-8
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
12251
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
reactive_library_fy2021.js
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202312070101/ 		160 KB
55 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202312070101/reactive_library_fy2021.js
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202312070101/show_ads_impl_fy2021.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
0dc2ab2774f0572fdc80c8cea27095c4b249ba628ae83ec41300b482fb4fe17e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://winning-wizard.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 30 Dec 2023 15:00:38 GMT
content-encoding
br
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
56010
x-xss-protection
0
server
cafe
etag
3995871780833024925
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=1209600
timing-allow-origin
*
expires
Sat, 30 Dec 2023 15:00:38 GMT
ca-pub-5514539878247004
fundingchoicesmessages.google.com/i/ 		182 KB
61 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://fundingchoicesmessages.google.com/i/ca-pub-5514539878247004?ers=2
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202312070101/show_ads_impl_fy2021.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:830::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
5fc78dd3dab9f937047daa5873919eacd4b24f5798653d0ff246031ac60ae865
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-UdMuA9QJxYSxL7P0cVQCXQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://winning-wizard.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 30 Dec 2023 15:00:38 GMT
content-security-policy
script-src 'report-sample' 'nonce-UdMuA9QJxYSxL7P0cVQCXQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
pragma
no-cache
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy
same-origin
server
ESF
vary
Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-frame-options
SAMEORIGIN
content-type
application/javascript; charset=utf-8
cache-control
no-cache, no-store, max-age=0, must-revalidate
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
timing-allow-origin
*
expires
Mon, 01 Jan 1990 00:00:00 GMT
gen_204
pagead2.googlesyndication.com/pagead/ 		0
20 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=ama_auto_rs&sts=pflna&evt=place&vh=1200&eid=44759876%2C44759927%2C31079438%2C31080104%2C95320884&hl=id&pvc=3836462664446130
Requested by
Host: winning-wizard.com
URL: https://winning-wizard.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://winning-wizard.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 30 Dec 2023 15:00:38 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame 9DBA 		0
20 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=5282216912859&version=m202309260101
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 30 Dec 2023 15:00:38 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame 9DBA 		0
20 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=5282216912859&version=m202309260101&ct=77&x=1&cor=9208084727775322000
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 30 Dec 2023 15:00:38 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ad
googleads.g.doubleclick.net/dbm/ Frame 9DBA 		34 KB
19 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-DYGB9JNURF-fPqMIOvByoHZjywC68KqrG-VH0R-6JN6pXcFjKCU2MToboD7nIaPWhK8nUuwALcA4EjVtIS-W7GoliqG3FQAufAyytoE6LpaosCi-lTiOncHJ5IiY9EbHaU7QeakUTza5HDnQaNNJ74VMmKPt8FbRLWkyQ1ia0UzLBnLsk&cry=1&dbm_d=AKAmf-DVC_0mRg0ZCQkqYpgFVHprG2Tg7n2yRKpdatVIAXp8QU3GlGmpbuMUEFi4IHgTOaawgwhtQVSu5Ol0Ix9oyHm3VfZvblRdO41N3kRU0ktg3x1PcNGiAaGAVHF_SFsUzCtLnsEbLfckPNw83Dm-MEpEhrPYjlpMVIzcZI2nFoJ5ZbGjnCMRkieSBNtsIkW9hXFQgkzZ3ykqbIqFvXWir1UbOLMs8cJZWjLcQq9urWj_2coDfnz0F5tvwequ08lWlIp2oesoCUFleVFrYDc-Vvz2iDzCSur9_WL3qPK0FJnD37tUnyaap3bCg4sgEwPP7sqye9ZEbmq2Lq7IAH-YiVr57nePQkpuJMmNKMzPiLz33AVj8tu2Tm30ev9n2thtFwq-I5ErJVsaSj8gKlfZDjPfoQ4xE5mrO03BJpfIa28oAe_8A5Pv26OOf7L4kgffxw27kuy6g-5lpZwEHcGAP3Pk7Qs2UhkB0iu7vf1o0pPExPVSxOzjFkHknTsJRKyTqGOskFWSDFD5Dx0FcM6RqQlBiKk3RAWdJF8fqT8v7QmmeDle_g3jl85h-dc2bZD-wufhyy_PHjaBsCl8_It4TOfL5bt19kaqe0ETur3iED6rja77L1btYy4O8KTcTwKG_vOa7Lu9HIkdT5xuieNx44cygN46fDIfyAAMNJRl-Q4d2MyYhuCguypC-Qv9m0dBnLFllA0hgAANVogSNXFbF7vnvKH1DtZ_GGEzOsa37CiZCKXGBiWhFPljjGWUJqlaj3iTU3V6YbhPYIgpmjWE_AGKqHYf925UIArkv7OUAgnP_Y7qRHGpGPnWpYmcFlqb2r3LTkBtEWeMJHOgxIKgRzbGHjSisHIrXma-szAhrCfZwc2AfymRrsO_7CtckvM8bHDv8uDuiWSqyhl2FQIac45Z3lnih-dxsw8nRuPRNI48dIpef2WvkkLgQXnENdmjQ4o6dP1duY0bFUCOG8fnWVEowjidpZuuRNfqQwYuUwLNJynifNnXEUR4PcCs40nhmVVQaJ2gEqXio8TfycA65RZYRqi-mnI_QppZrgFu-yuomkrp93xTdQf4EqJnA6nXIZdXc0VHISKItTJjBFBoE2_J583UKkj1OZHIkQ9CNOSme8JAtV8w9Xd3qa-t--P6zRe_2Jm3Z2U2vdPDOtIw2if5Jrh1LhLqWPAX492AtzHTrQq3eYRM0LTnWAbzUPhgJceB6B0ZBB-5TBw295RE5Bk37LNW6vl7hCGRThjpxXyj2X6-02MV9nJOp4SifJwJWHxNn7ilLSjxTgFYnqbTZ4Ro74KLdu3jB1xhzqw1dUkUXC4h_HUnd7uQ3qWYvigDSXeHpKFlNasa9nYfTik9bpwe65SV8MaLpjOxtOrAg0dheALkDyD96e8dqJvxF_VZVmIRoBuM9DtFv7DVLp2xmgZ74_wLAk_n6_yXEBlycuNL9hEvVPoaewGUapd8umJOiitBHR0_Urte4Kt7BJQa3eLJWjhcq2J4U6ctX77gQg0ZxQfxqh0-siFT6OT0cwEOcbKW6hi_km0CCoW0i6CRbFtHlW-HWDqKlHGAC33JFisVw7FihVY6cQ0UX6QB9nT-USEFJThb3e39QidFY4cNTI5GRrkBnQFqTnqz0tYYvWGCkhq5rY1dclTCCgsfZqx_M63hEF8N-2lcf4gu2FHsk5UPeCOx2wTg04AeYVnLXscPsI4Kdk6TQv5AcB-e61z-MrNUb4I35tKtjtpp3u63dPLmwTDO5pb1n2nWx2Of_eqMXyJI5EnahFy7z0xUSs--64z6RfUlUCrTKnJwoLEwGm-fmNp7kE1_VDL1d8hGFwK8DQtb8GCoNeAFaDfL7IwobtAT4QEbkkpmv_xBMCuxnc5XBRC8-yVeSUJcmVTglaO60UYmu-kq8YiAU23r6jw_tbmF8pp0zK7rw1XGKg-EfekdtUZvROfSGwWg4ttZNgSKgpuLFg0levsyWEdsQwOzHfQcwTMqzC9ecnYZYNLIj7a78vk0MQHfRabHlrsrEJ3Kr0RaKgjJik1XyRKGr8QyBy64FD2bAZoJ_iSXKb7F_5INcJA7CZkBs6hCqTidOvGxL514AXEn-wiYin9R2Na6CsaQlocs_9Km7FVqEXn-yWaCJ1w7-87_Ms9OTghtRy2815lJeAi9IuqfHDcHW-poO6srN9mALMDRsCPMlf5duKSckzhYUfIGnY59hnFSdv6_nbc4NLu5Uh8wqfq-4f1EuYr77TePmKKWz3yAdIbGRwlkSfwnJjboePR_l7Dt8BWchJybMuYq8ZH6z9-HTrmSyjWfuvn1i9fg5dewLJRNnn-2f3iOMLLkZK0cQjfDBbbnk1oQdNB_3OmBWpf3oaLhvxF2sCXW74pLN81hxuQjDN8-qLUNu-UbjOn7CEJEAXSRGGgkQjTxaTePzeE9hb9OsJWbyyChuhBpMGh-HoCm77einETB7TeTfHiuOKcQOBjoHYT5Bo7sQu5m8vp0UYeXa1zfZ3OXuZ962hAsSV6v6bBwBr_9VJxH3jzziGLvluUH2NkXhSqjuyeoTkcXtqeY5_tz6hLUSv5g6p4-UXZvZFoIY08ARb5vzg-v_hfq8jeMVR8sw5EXpGup1rnP-sHcv00T5jerFbGLi5PhpK2x2v5L66oR_FIP7qRsHseyK03uci0zy61Gm7yKfh7A18T-vTFunDAE8J0S8jzxrYwEcuqHn7XDKTlMPBaDAEb2pAqUIoDwvZJbDcbYgbiwVuYh2HHJxq9ryKvTqXVt1SOPti8FXREZROZNS4J1t0a-ONhHnqU1aCfBWyHvTHswGnGCTOTzdNoukSYs5pPMjRupzPsTjGU4jzMsY3MfmeYt7wUqHjSuhW7g_s-6O6Cd3-mLv90yxLTKLuRQRMrktFFlSWnDjKOJgN-7HnPVMtkLfM8tIOzID03GdRST8sy-suqhckiW_JwgPEzrnDBx7nRZS7yy1o5-XFQVtTrbSyl82FpjRgtKovq4GtolrPx7q1KMGF4rcMJu_he_QXLuLIxeKJAtv1ybltbSTVB9rn9h8AUzAdtQOEs5sAlT6po89U9eDd6hKqlJmS9mvbTx6LzGKXQjE41o6mjpFBB31DT3sb3MmmSVYIBGoAyiYF6tBY5GmTInMYHhKYwFEAgHscGxfIeJvf52W6Flr4KMmLhiahbaGnszl0JZm3kpzD6w16PizBaCHvmPEsaYBoiAAIeZoZIheHiX8-L-n8idK88PHCr6vOPsmZfsgkWeOIkbXDzO3Z3KmpJBYhD8Ggi82ilOqI4MDH7XG67c9hM8zkAz46RvQBbJdIFbaDRfDp88CRzvF2vpPQmpoO22n_ByGb1XhAYT6ync6F7QRS_pPckWhTnqbT-W_wvl-mg5bhvP5ROWhNvG-II9zxxTFXsLv0CgwUO8gYbmnh7KLkff875h_WDTrzYZmlgjyTfE9xlA8lR62TXqOvVh4XoJCfnngXvUgnLJ6kPIzm2kf5y8AjuQIaPxjpMQtyCY6w_v0NJq9SHvoi_ymnW5w1pZt7YI3bKD4wqoY4TKn0nrzUxIHSDsksfqWQGootftbJDOH-VftGHxwnSxX5KJf-vbqa6j8ZvYImBnmMn34X33S49l2S2xgVz_nbSQ76flKzBx7K3lQdHOJt4PG3x6sq9Xmp0z-ATFjKrzzt8NF-NCqR8eV-cqEwPI8NmAI1TUl5LmTVm9-Rm9c9TUhcF6Lrd7E9XjBhXTbOjSNhQR56jSj0PEu0E-gM5QEVP08QS4M5PqjTfWxS474HeJE6VfVA0DYgM9vgxPkYtGpy460TE4tg8v4GubJjIPga98IhjOPrrutq1Q8w0v57U3nWoJOfeQDT2NSfH6XJZNdkefr3-KBfsmjtMNW4kIL87HlR-_6Em60AWFOwz0SCWuBMq4mWEpsG8p5UTmWwx8KucI4ku2ZjFizIsSNScsemo25r3PrXZAcjHBs6WN4T1P04rcy3MV6MVgnokmMGGPZABmOx44zDiIzkAI7JV1MzkNBMFBJQRppPto1DuY2z2_Nj_R&cid=CAQSTgAvHhf_KX8M4q8RcZSge-n7HuKw9WxtyKduCWxfIN2rOJDW4sW2niQpWTh1XtlX0WI-VPErNvJ3liRZu-ml-QFnWRL6lsaoWLW1crSMbxgB&dv3_ver=m202309260101&rfl=https%3A%2F%2Fwinning-wizard.com%2F&ds=l&xdt=1&iif=1&cor=9208084727775322000&adk=1726166463&idt=229&cac=0&dtd=1
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
0b5339b8471baf6d76ba076636ca547071ea3718ba1aa63fa8acac27f33be5f5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5514539878247004&output=html&h=600&slotname=8337643687&adk=2691795975&adf=592498440&pi=t.ma~as.8337643687&w=285&fwrn=4&fwrnh=100&lmt=1703838992&rafmt=1&format=285x600&url=https%3A%2F%2Fwinning-wizard.com%2F&ea=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=4&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1703948437642&bpp=1&bdt=288&idt=266&shv=r20231207&mjsv=m202312070101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C950x280%2C625x280&nras=1&correlator=131603339930&frm=20&pv=1&ga_vid=8791465.1703948438&ga_sid=1703948438&ga_hid=680330077&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=990&ady=412&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C31079438%2C31080104%2C95320884&oid=2&pvsid=3836462664446130&tmod=1211932927&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&cms=2&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=4&uci=a!4&fsb=1&dtd=268
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 30 Dec 2023 15:00:38 GMT
content-encoding
br
x-content-type-options
nosniff
server
cafe
content-type
text/javascript; charset=UTF-8
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
19509
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
e21910fd923a6283b5d44b2382eabc86.js
www.gstatic.com/mysidia/ Frame 37B1 		9 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/mysidia/e21910fd923a6283b5d44b2382eabc86.js?tag=client_fast_engine_2019
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5514539878247004&output=html&h=280&slotname=8337643687&adk=1212762373&adf=854766408&pi=t.ma~as.8337643687&w=950&fwrn=4&fwrnh=100&lmt=1703838992&rafmt=1&format=950x280&url=https%3A%2F%2Fwinning-wizard.com%2F&ea=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1703948437641&bpp=1&bdt=287&idt=253&shv=r20231207&mjsv=m202312070101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=131603339930&frm=20&pv=1&ga_vid=8791465.1703948438&ga_sid=1703948438&ga_hid=680330077&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=325&ady=107&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C31079438%2C31080104%2C95320884&oid=2&pvsid=3836462664446130&tmod=1211932927&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&fsb=1&dtd=256
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
27d5ba2175dc395614adb2c69fe9f4bff9abddef3a7c6e3e30a68587f428a37b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 26 Dec 2023 01:04:19 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
395779
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
4064
x-xss-protection
0
last-modified
Thu, 07 Dec 2023 22:13:01 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="mysidia"
vary
Accept-Encoding
report-to
{"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type
text/javascript
cache-control
public, max-age=7776000
accept-ranges
bytes
expires
Mon, 25 Mar 2024 01:04:19 GMT
f3d12415f986ed3504122551351bc1d0.js
www.gstatic.com/mysidia/ Frame 37B1 		42 KB
16 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/mysidia/f3d12415f986ed3504122551351bc1d0.js?tag=html5_display_upload/html5_exit_api
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5514539878247004&output=html&h=280&slotname=8337643687&adk=1212762373&adf=854766408&pi=t.ma~as.8337643687&w=950&fwrn=4&fwrnh=100&lmt=1703838992&rafmt=1&format=950x280&url=https%3A%2F%2Fwinning-wizard.com%2F&ea=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1703948437641&bpp=1&bdt=287&idt=253&shv=r20231207&mjsv=m202312070101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=131603339930&frm=20&pv=1&ga_vid=8791465.1703948438&ga_sid=1703948438&ga_hid=680330077&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=325&ady=107&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C31079438%2C31080104%2C95320884&oid=2&pvsid=3836462664446130&tmod=1211932927&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&fsb=1&dtd=256
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
c5bcc597ce8a3ec0c0ef52ee8ece8f284ca9739c1bd1bbac380a3deb672d5446
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 26 Dec 2023 07:10:35 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
373803
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
16637
x-xss-protection
0
last-modified
Thu, 07 Dec 2023 22:13:01 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="mysidia"
vary
Accept-Encoding
report-to
{"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type
text/javascript
cache-control
public, max-age=7776000
accept-ranges
bytes
expires
Mon, 25 Mar 2024 07:10:35 GMT
load_preloaded_resource_fy2021.js
tpc.googlesyndication.com/pagead/js/r20231207/r20110914/client/ Frame 37B1 		2 KB
875 B 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20231207/r20110914/client/load_preloaded_resource_fy2021.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5514539878247004&output=html&h=280&slotname=8337643687&adk=1212762373&adf=854766408&pi=t.ma~as.8337643687&w=950&fwrn=4&fwrnh=100&lmt=1703838992&rafmt=1&format=950x280&url=https%3A%2F%2Fwinning-wizard.com%2F&ea=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1703948437641&bpp=1&bdt=287&idt=253&shv=r20231207&mjsv=m202312070101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=131603339930&frm=20&pv=1&ga_vid=8791465.1703948438&ga_sid=1703948438&ga_hid=680330077&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=325&ady=107&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C31079438%2C31080104%2C95320884&oid=2&pvsid=3836462664446130&tmod=1211932927&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&fsb=1&dtd=256
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
41d2526e9c4595fc1fc747555bda18a041033a863a9b2ed180e7b5836918facd
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 30 Dec 2023 01:54:19 GMT
content-encoding
br
x-content-type-options
nosniff
age
47179
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
795
x-xss-protection
0
server
cafe
etag
4925184154378345226
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Sat, 13 Jan 2024 01:54:19 GMT
50459845d1cbd526a76ea757de42d266.js
www.gstatic.com/mysidia/ Frame 37B1 		23 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/mysidia/50459845d1cbd526a76ea757de42d266.js?tag=exit_2019
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5514539878247004&output=html&h=280&slotname=8337643687&adk=1212762373&adf=854766408&pi=t.ma~as.8337643687&w=950&fwrn=4&fwrnh=100&lmt=1703838992&rafmt=1&format=950x280&url=https%3A%2F%2Fwinning-wizard.com%2F&ea=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1703948437641&bpp=1&bdt=287&idt=253&shv=r20231207&mjsv=m202312070101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=131603339930&frm=20&pv=1&ga_vid=8791465.1703948438&ga_sid=1703948438&ga_hid=680330077&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=325&ady=107&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C31079438%2C31080104%2C95320884&oid=2&pvsid=3836462664446130&tmod=1211932927&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&fsb=1&dtd=256
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
9caffafcdae7b42e3d074103c18a33640d4edf81401c216e99dbb77a15dfa511
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 30 Dec 2023 14:00:20 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
3618
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
9842
x-xss-protection
0
last-modified
Thu, 07 Dec 2023 22:13:01 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="mysidia"
vary
Accept-Encoding
report-to
{"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type
text/javascript
cache-control
public, max-age=7776000
accept-ranges
bytes
expires
Fri, 29 Mar 2024 14:00:20 GMT
abg_lite_fy2021.js
tpc.googlesyndication.com/pagead/js/r20231207/r20110914/ Frame 37B1 		23 KB
9 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20231207/r20110914/abg_lite_fy2021.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5514539878247004&output=html&h=280&slotname=8337643687&adk=1212762373&adf=854766408&pi=t.ma~as.8337643687&w=950&fwrn=4&fwrnh=100&lmt=1703838992&rafmt=1&format=950x280&url=https%3A%2F%2Fwinning-wizard.com%2F&ea=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1703948437641&bpp=1&bdt=287&idt=253&shv=r20231207&mjsv=m202312070101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=131603339930&frm=20&pv=1&ga_vid=8791465.1703948438&ga_sid=1703948438&ga_hid=680330077&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=325&ady=107&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C31079438%2C31080104%2C95320884&oid=2&pvsid=3836462664446130&tmod=1211932927&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&fsb=1&dtd=256
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
9844337d0b1b36b45473c8fc27cba7d1c9f8aab2107e23e684b9e1a48e6066b5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 29 Dec 2023 23:00:17 GMT
content-encoding
br
x-content-type-options
nosniff
age
57621
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
9269
x-xss-protection
0
server
cafe
etag
11706523405290302210
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Fri, 12 Jan 2024 23:00:17 GMT
window_focus_fy2021.js
tpc.googlesyndication.com/pagead/js/r20231207/r20110914/client/ Frame 37B1 		3 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20231207/r20110914/client/window_focus_fy2021.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5514539878247004&output=html&h=280&slotname=8337643687&adk=1212762373&adf=854766408&pi=t.ma~as.8337643687&w=950&fwrn=4&fwrnh=100&lmt=1703838992&rafmt=1&format=950x280&url=https%3A%2F%2Fwinning-wizard.com%2F&ea=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1703948437641&bpp=1&bdt=287&idt=253&shv=r20231207&mjsv=m202312070101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=131603339930&frm=20&pv=1&ga_vid=8791465.1703948438&ga_sid=1703948438&ga_hid=680330077&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=325&ady=107&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C31079438%2C31080104%2C95320884&oid=2&pvsid=3836462664446130&tmod=1211932927&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&fsb=1&dtd=256
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 30 Dec 2023 09:53:11 GMT
content-encoding
br
x-content-type-options
nosniff
age
18447
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1236
x-xss-protection
0
server
cafe
etag
15004572836499977866
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Sat, 13 Jan 2024 09:53:11 GMT
qs_click_protection_fy2021.js
tpc.googlesyndication.com/pagead/js/r20231207/r20110914/client/ Frame 37B1 		20 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20231207/r20110914/client/qs_click_protection_fy2021.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5514539878247004&output=html&h=280&slotname=8337643687&adk=1212762373&adf=854766408&pi=t.ma~as.8337643687&w=950&fwrn=4&fwrnh=100&lmt=1703838992&rafmt=1&format=950x280&url=https%3A%2F%2Fwinning-wizard.com%2F&ea=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1703948437641&bpp=1&bdt=287&idt=253&shv=r20231207&mjsv=m202312070101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=131603339930&frm=20&pv=1&ga_vid=8791465.1703948438&ga_sid=1703948438&ga_hid=680330077&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=325&ady=107&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C31079438%2C31080104%2C95320884&oid=2&pvsid=3836462664446130&tmod=1211932927&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&fsb=1&dtd=256
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
8d6679c1ce1ac8605f5c410f30d1b06713479732043b75e81130cbe21b60e579
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 30 Dec 2023 01:54:19 GMT
content-encoding
br
x-content-type-options
nosniff
age
47179
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
8571
x-xss-protection
0
server
cafe
etag
5853369240893788875
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Sat, 13 Jan 2024 01:54:19 GMT
ufs_web_display.js
www.googletagservices.com/activeview/js/current/ Frame 37B1 		203 KB
64 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5514539878247004&output=html&h=280&slotname=8337643687&adk=1212762373&adf=854766408&pi=t.ma~as.8337643687&w=950&fwrn=4&fwrnh=100&lmt=1703838992&rafmt=1&format=950x280&url=https%3A%2F%2Fwinning-wizard.com%2F&ea=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1703948437641&bpp=1&bdt=287&idt=253&shv=r20231207&mjsv=m202312070101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=131603339930&frm=20&pv=1&ga_vid=8791465.1703948438&ga_sid=1703948438&ga_hid=680330077&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=325&ady=107&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C31079438%2C31080104%2C95320884&oid=2&pvsid=3836462664446130&tmod=1211932927&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&fsb=1&dtd=256
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
566012676f5d43acfea4dc0bc5d9bb2c0805d8775fcdd081b1c895310956829a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 30 Dec 2023 15:00:38 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
65731
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="active-view-scs-read-write-acl"
etag
"1702472459035717"
vary
Accept-Encoding
report-to
{"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
timing-allow-origin
*
expires
Sat, 30 Dec 2023 15:00:38 GMT
f9d9b65dbd646119ce96bad0f484d579.js
www.gstatic.com/mysidia/ Frame 37B1 		37 KB
16 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/mysidia/f9d9b65dbd646119ce96bad0f484d579.js?tag=mysidia_one_click_handler_one_afma_2019
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5514539878247004&output=html&h=280&slotname=8337643687&adk=1212762373&adf=854766408&pi=t.ma~as.8337643687&w=950&fwrn=4&fwrnh=100&lmt=1703838992&rafmt=1&format=950x280&url=https%3A%2F%2Fwinning-wizard.com%2F&ea=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1703948437641&bpp=1&bdt=287&idt=253&shv=r20231207&mjsv=m202312070101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=131603339930&frm=20&pv=1&ga_vid=8791465.1703948438&ga_sid=1703948438&ga_hid=680330077&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=325&ady=107&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C31079438%2C31080104%2C95320884&oid=2&pvsid=3836462664446130&tmod=1211932927&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&fsb=1&dtd=256
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
457852000f1b85c1d570224fe5aaacc709625fc3bff458ad4e8a35420d21843d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 25 Dec 2023 13:56:43 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
435835
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
15460
x-xss-protection
0
last-modified
Thu, 07 Dec 2023 22:13:01 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="mysidia"
vary
Accept-Encoding
report-to
{"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type
text/javascript
cache-control
public, max-age=7776000
accept-ranges
bytes
expires
Sun, 24 Mar 2024 13:56:43 GMT
AGSKWxUywsPMm29XWKi4Zm1E3k_EEPPhoCcaI8P0yi3dq1HyJ6SCtkSkc13zaabk_rlwJVBCq8HWNxhFc96XI3liMvw1QNVAFcYvVkFis-Jf0K8FxEV2H-xcdkj-G9FDdP98DsfDLPEyJA==
fundingchoicesmessages.google.com/f/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://fundingchoicesmessages.google.com/f/AGSKWxUywsPMm29XWKi4Zm1E3k_EEPPhoCcaI8P0yi3dq1HyJ6SCtkSkc13zaabk_rlwJVBCq8HWNxhFc96XI3liMvw1QNVAFcYvVkFis-Jf0K8FxEV2H-xcdkj-G9FDdP98DsfDLPEyJA==?fccs=W251bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLFsxNzAzOTQ4NDM4LDkzNjAwMDAwMF0sbnVsbCxudWxsLG51bGwsW251bGwsWzddXSwiaHR0cHM6Ly93aW5uaW5nLXdpemFyZC5jb20vIixudWxsLFtbOCwiVXZGQlFSMzRTNVUiXSxbOSwiZGUiXSxbMTgsIltbWzBdXV0iXSxbMTksIjIiXSxbMTcsIlswXSJdXV0
Requested by
Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.de.UvFBQR34S5U.es5.O/am=wA/d=1/rs=AJlcJMwHoQ20fbHqWwNC8d65sakOgGWhJg/m=kernel_loader,loader_js_executable
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:830::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
356f55a7d22a10b1298120689f65b14b29900bd1bbfeb65f54da7fba2a75c2d7
Security Headers
Name Value
Content-Security-Policy require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport, script-src 'report-sample' 'nonce-Azj75SfMT9zJ0YdVlBIXdw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://winning-wizard.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 30 Dec 2023 15:00:38 GMT
content-security-policy
require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport, script-src 'report-sample' 'nonce-Azj75SfMT9zJ0YdVlBIXdw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
pragma
no-cache
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy
same-origin
server
ESF
vary
Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-frame-options
SAMEORIGIN
content-type
application/javascript; charset=utf-8
cache-control
no-cache, no-store, max-age=0, must-revalidate
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
timing-allow-origin
*
expires
Mon, 01 Jan 1990 00:00:00 GMT
zrt_lookup_fy2021.html
googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/ Frame E9FA 		9 KB
4 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/zrt_lookup_fy2021.html?fsb=1
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202312070101/show_ads_impl_fy2021.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
1fc8dfdb8f646e934bf93bc6f793604bb12c6b304c04ac509aa86cdc1a2dbbea
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://winning-wizard.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language
de-CH,de;q=0.9

Response headers

age
38611
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, max-age=1209600
content-encoding
br
content-length
4130
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Sat, 30 Dec 2023 04:17:07 GMT
etag
5585625838579639069
expires
Sat, 13 Jan 2024 04:17:07 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
zrt_lookup_fy2021.html
googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/ Frame 70B5 		9 KB
4 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/zrt_lookup_fy2021.html?fsb=1
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202312070101/show_ads_impl_fy2021.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
1fc8dfdb8f646e934bf93bc6f793604bb12c6b304c04ac509aa86cdc1a2dbbea
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://winning-wizard.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language
de-CH,de;q=0.9

Response headers

age
38611
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, max-age=1209600
content-encoding
br
content-length
4130
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Sat, 30 Dec 2023 04:17:07 GMT
etag
5585625838579639069
expires
Sat, 13 Jan 2024 04:17:07 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
css2
fonts.googleapis.com/ Frame E9FA 		4 KB
767 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css2?family=Roboto:wght@400;700&display=swap
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/zrt_lookup_fy2021.html?fsb=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
2d0922bd18f06df3c7413fcd6a3f1c5ec9545b4b07b131e362f30df7275fc058
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Sat, 30 Dec 2023 15:00:38 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Sat, 30 Dec 2023 14:11:22 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Sat, 30 Dec 2023 15:00:38 GMT
fullscreen_api_adapter_fy2021.js
tpc.googlesyndication.com/pagead/js/r20231207/r20110914/elements/html/ Frame E9FA 		16 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20231207/r20110914/elements/html/fullscreen_api_adapter_fy2021.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/zrt_lookup_fy2021.html?fsb=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
41b43f64c3e5d7f9eca80634429adb1b8e0a1c5e1fe67ad71ec651a991ebfe68
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 30 Dec 2023 01:54:43 GMT
content-encoding
br
x-content-type-options
nosniff
age
47155
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
6766
x-xss-protection
0
server
cafe
etag
14924840246271906451
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Sat, 13 Jan 2024 01:54:43 GMT
interstitial_ad_frame_fy2021.js
tpc.googlesyndication.com/pagead/js/r20231207/r20110914/elements/html/ Frame E9FA 		22 KB
9 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20231207/r20110914/elements/html/interstitial_ad_frame_fy2021.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/zrt_lookup_fy2021.html?fsb=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
db2bdaad0dc9232fadb3de900bf039a0f356521698f213df1edf601e02a5870d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 30 Dec 2023 10:17:44 GMT
content-encoding
br
x-content-type-options
nosniff
age
16974
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
9210
x-xss-protection
0
server
cafe
etag
13914886398874665762
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Sat, 13 Jan 2024 10:17:44 GMT
pixel
googleads.g.doubleclick.net/xbbe/ Frame A19C 		478 B
198 B 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/xbbe/pixel?d=CLDpvwEQ1Z7BARjonYLjATAB&v=APEucNXJW3Bqy4q2Znph14o_jqLi2FVOk0j0Z9YD9d5jS8JsG94OsB43IhKb2sZ5QLZWU0JVq-1uM2kq7IENdv7vrl-pZkXyiA
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/zrt_lookup_fy2021.html?fsb=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
0414d0221112224b4c926de91a6e316f9d9aba685aa8b05fd0654848d8fcdf55
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/zrt_lookup_fy2021.html?fsb=1
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language
de-CH,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private
content-encoding
br
content-length
175
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Sat, 30 Dec 2023 15:00:39 GMT
expires
Sat, 30 Dec 2023 15:00:39 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
dv3.js
pagead2.googlesyndication.com/pagead/js/ Frame 70B5 		89 KB
31 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/js/dv3.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/zrt_lookup_fy2021.html?fsb=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
38eb0379c855f10a0e69073af6b54582216fa37b7e2b1563a1246bbf1ef49642
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 30 Dec 2023 15:00:39 GMT
content-encoding
br
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
31485
x-xss-protection
0
server
cafe
etag
7119415641918660631
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=600
timing-allow-origin
*
expires
Sat, 30 Dec 2023 15:00:39 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame 70B5 		42 B
63 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-Aj9UQ9v4U7fo8ZD9rPSYoK-pHt4AJhr9G0L0hPpHhSerFzJerWMjpIPq5IiMbVl-ezVYazldZrnXu5nIv0ptvXmttOE8OQHEtAjL5GNHqxDmDFtqw
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/zrt_lookup_fy2021.html?fsb=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 30 Dec 2023 15:00:39 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
window_focus_fy2021.js
tpc.googlesyndication.com/pagead/js/r20231207/r20110914/client/ Frame 70B5 		3 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20231207/r20110914/client/window_focus_fy2021.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/zrt_lookup_fy2021.html?fsb=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 30 Dec 2023 09:53:11 GMT
content-encoding
br
x-content-type-options
nosniff
age
18447
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1236
x-xss-protection
0
server
cafe
etag
15004572836499977866
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Sat, 13 Jan 2024 09:53:11 GMT
qs_click_protection_fy2021.js
tpc.googlesyndication.com/pagead/js/r20231207/r20110914/client/ Frame 70B5 		20 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20231207/r20110914/client/qs_click_protection_fy2021.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/zrt_lookup_fy2021.html?fsb=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
8d6679c1ce1ac8605f5c410f30d1b06713479732043b75e81130cbe21b60e579
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 30 Dec 2023 01:54:19 GMT
content-encoding
br
x-content-type-options
nosniff
age
47179
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
8571
x-xss-protection
0
server
cafe
etag
5853369240893788875
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Sat, 13 Jan 2024 01:54:19 GMT
ufs_web_display.js
www.googletagservices.com/activeview/js/current/ Frame 70B5 		203 KB
64 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/zrt_lookup_fy2021.html?fsb=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
566012676f5d43acfea4dc0bc5d9bb2c0805d8775fcdd081b1c895310956829a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 30 Dec 2023 15:00:39 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
65731
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="active-view-scs-read-write-acl"
etag
"1702472459035717"
vary
Accept-Encoding
report-to
{"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
timing-allow-origin
*
expires
Sat, 30 Dec 2023 15:00:39 GMT
AGSKWxVk5WhZaPVPp_5jom52PN_zi0yqci0XRZC-X0rNwl_BXjlQUSYAyDUTHGp7DXiV4eG7MnUHKW4UnKAmLf3S7zLQNzZ4TCHhsrkpuXk3Ss3K9ukgBh0qy68EJ6iCfWp8fLyxHUkkxg==
fundingchoicesmessages.google.com/f/ 		14 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://fundingchoicesmessages.google.com/f/AGSKWxVk5WhZaPVPp_5jom52PN_zi0yqci0XRZC-X0rNwl_BXjlQUSYAyDUTHGp7DXiV4eG7MnUHKW4UnKAmLf3S7zLQNzZ4TCHhsrkpuXk3Ss3K9ukgBh0qy68EJ6iCfWp8fLyxHUkkxg==?fccs=W251bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLFsxNzAzOTQ4NDM5LDcwMDAwMDBdLG51bGwsbnVsbCxudWxsLFtudWxsLFs3LDldLG51bGwsMixudWxsLCJlbiJdLCJodHRwczovL3dpbm5pbmctd2l6YXJkLmNvbS8iLG51bGwsW1s4LCJVdkZCUVIzNFM1VSJdLFs5LCJkZSJdLFsxOCwiW1tbMF1dXSJdLFsxOSwiMiJdLFsxNywiWzBdIl1dXQ
Requested by
Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.de.UvFBQR34S5U.es5.O/am=wA/d=1/rs=AJlcJMwHoQ20fbHqWwNC8d65sakOgGWhJg/m=kernel_loader,loader_js_executable
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
18575bd2f8eef871b65a997c1ba8f0624273235c7a0f01d5d2e0fa7e96e171f7
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-iAe-ZonII4w5rXoR9wro3A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://winning-wizard.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 30 Dec 2023 15:00:39 GMT
content-security-policy
script-src 'report-sample' 'nonce-iAe-ZonII4w5rXoR9wro3A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
pragma
no-cache
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy
same-origin
server
ESF
vary
Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-frame-options
SAMEORIGIN
content-type
application/javascript; charset=utf-8
cache-control
no-cache, no-store, max-age=0, must-revalidate
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
timing-allow-origin
*
expires
Mon, 01 Jan 1990 00:00:00 GMT
NORQAIN_Holiday_Season_Google_Ad_970x250_EN.html
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/13402203902053885324/ Frame 5F0D 		5 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/13402203902053885324/NORQAIN_Holiday_Season_Google_Ad_970x250_EN.html
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/mysidia/f3d12415f986ed3504122551351bc1d0.js?tag=html5_display_upload/html5_exit_api
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
e2f2c7cd093ef9243064a183d6b4afeee6f9f2072b293debb5e11380f10e67ea
Security Headers
Name Value
Content-Security-Policy default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language
de-CH,de;q=0.9

Response headers

accept-ranges
bytes
access-control-allow-origin
*
age
412263
allow-fenced-frame-automatic-beacons
true
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, max-age=31536000
content-encoding
gzip
content-length
2156
content-security-policy
default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
content-type
text/html
cross-origin-opener-policy-report-only
same-origin; report-to="content-ads-owners"
cross-origin-resource-policy
cross-origin
date
Mon, 25 Dec 2023 20:29:36 GMT
expires
Tue, 24 Dec 2024 20:29:36 GMT
last-modified
Thu, 16 Nov 2023 13:46:10 GMT
report-to
{"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-dns-prefetch-control
off
x-xss-protection
0
truncated
/ Frame 37B1 		217 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
53d656f7170a1e40ea43f179ff4aba82b4d8df7c9332056e7f9dd661aa404f3b

Request headers

accept-language
de-CH,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type
image/png
widget.js
widgets.outbrain.com/n2d/widget/ Frame 2221 		53 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://widgets.outbrain.com/n2d/widget/widget.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/zrt_lookup_fy2021.html?fsb=1
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
184.30.17.67 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a184-30-17-67.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
86d45e218fa301b4e1f81d6ecad50c1a8f847e669aa2d9c91f0b487ceb56b67f

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

access-control-request-headers
X-OB-STG,X-OB-PRD
date
Sat, 30 Dec 2023 15:00:39 GMT
content-encoding
gzip
content-length
13570
last-modified
Thu, 21 Dec 2023 11:55:58 GMT
server
AkamaiNetStorage
etag
"0870125456b597823ee2a02abcdfe5cb:1703160319.705865"
vary
Accept-Encoding
access-control-allow-methods
GET,POST
content-type
application/x-javascript
access-control-allow-origin
*
cache-control
max-age=14400
access-control-allow-credentials
false
accept-ranges
bytes
timing-allow-origin
*, *
expires
Sat, 30 Dec 2023 19:00:39 GMT
window_focus_fy2021.js
tpc.googlesyndication.com/pagead/js/r20231207/r20110914/client/ Frame 2221 		3 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20231207/r20110914/client/window_focus_fy2021.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/zrt_lookup_fy2021.html?fsb=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 30 Dec 2023 09:53:11 GMT
content-encoding
br
x-content-type-options
nosniff
age
18448
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1236
x-xss-protection
0
server
cafe
etag
15004572836499977866
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Sat, 13 Jan 2024 09:53:11 GMT
qs_click_protection_fy2021.js
tpc.googlesyndication.com/pagead/js/r20231207/r20110914/client/ Frame 2221 		20 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20231207/r20110914/client/qs_click_protection_fy2021.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/zrt_lookup_fy2021.html?fsb=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
8d6679c1ce1ac8605f5c410f30d1b06713479732043b75e81130cbe21b60e579
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 30 Dec 2023 01:54:19 GMT
content-encoding
br
x-content-type-options
nosniff
age
47180
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
8571
x-xss-protection
0
server
cafe
etag
5853369240893788875
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Sat, 13 Jan 2024 01:54:19 GMT
ufs_web_display.js
www.googletagservices.com/activeview/js/current/ Frame 2221 		203 KB
64 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/zrt_lookup_fy2021.html?fsb=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
566012676f5d43acfea4dc0bc5d9bb2c0805d8775fcdd081b1c895310956829a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 30 Dec 2023 15:00:39 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
65731
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="active-view-scs-read-write-acl"
etag
"1702472459035717"
vary
Accept-Encoding
report-to
{"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
timing-allow-origin
*
expires
Sat, 30 Dec 2023 15:00:39 GMT
exitapi-impl.js
tpc.googlesyndication.com/pagead/gadgets/html5/api/ Frame 5F0D 		6 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/gadgets/html5/api/exitapi-impl.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/13402203902053885324/NORQAIN_Holiday_Season_Google_Ad_970x250_EN.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
6f4813e4fe6dd891838e421479bf603f6d3f0d2a55b90517b875a77050471d4b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/13402203902053885324/NORQAIN_Holiday_Season_Google_Ad_970x250_EN.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 29 Dec 2023 19:35:55 GMT
content-encoding
br
x-content-type-options
nosniff
age
69884
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
2551
x-xss-protection
0
server
cafe
etag
4618035238173732404
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=86400
timing-allow-origin
*
expires
Sat, 30 Dec 2023 19:35:55 GMT
addata.js
tpc.googlesyndication.com/pagead/gadgets/html5/ Frame 5F0D 		34 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/gadgets/html5/addata.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/13402203902053885324/NORQAIN_Holiday_Season_Google_Ad_970x250_EN.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
fee86fd46a67912ffd9ae2997c583f59abe6e11c532496c52759e94136837d48
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/13402203902053885324/NORQAIN_Holiday_Season_Google_Ad_970x250_EN.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 29 Dec 2023 19:07:20 GMT
content-encoding
br
x-content-type-options
nosniff
age
71599
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
13035
x-xss-protection
0
server
cafe
etag
2319883687766034370
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=86400
timing-allow-origin
*
expires
Sat, 30 Dec 2023 19:07:20 GMT
createjs.min.js
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/13402203902053885324/libs/1.0.0/ Frame 5F0D 		236 KB
63 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/13402203902053885324/libs/1.0.0/createjs.min.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/13402203902053885324/NORQAIN_Holiday_Season_Google_Ad_970x250_EN.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
33be66f63aca50629829ad77a1b1def4d69887f267ec408420286cd0138dd587
Security Headers
Name Value
Content-Security-Policy default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/13402203902053885324/NORQAIN_Holiday_Season_Google_Ad_970x250_EN.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

expires
Sun, 29 Dec 2024 08:10:59 GMT
content-security-policy
default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
content-encoding
gzip
x-content-type-options
nosniff
date
Sat, 30 Dec 2023 08:10:59 GMT
age
24580
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
64214
x-xss-protection
0
last-modified
Thu, 16 Nov 2023 13:46:10 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type
application/x-javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="content-ads-owners"
allow-fenced-frame-automatic-beacons
true
css
fonts.googleapis.com/ Frame 5F0D 		821 B
413 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Red+Hat+Display:700&subset=latin
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/13402203902053885324/NORQAIN_Holiday_Season_Google_Ad_970x250_EN.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
b4c47808e011137844d742962048ec95bff6bd5be945db9d2af983845b1d2bcf
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Sat, 30 Dec 2023 15:00:39 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Sat, 30 Dec 2023 14:53:06 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Sat, 30 Dec 2023 15:00:39 GMT
NORQAIN_Holiday_Season_Google_Ad_970x250_EN.js
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/13402203902053885324/ Frame 5F0D 		23 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/13402203902053885324/NORQAIN_Holiday_Season_Google_Ad_970x250_EN.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/13402203902053885324/NORQAIN_Holiday_Season_Google_Ad_970x250_EN.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
971212093e3803ddbdbc5d65138217d3c56cae79c0ecf14a73c2cd7f42ed3e35
Security Headers
Name Value
Content-Security-Policy default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/13402203902053885324/NORQAIN_Holiday_Season_Google_Ad_970x250_EN.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

expires
Fri, 27 Dec 2024 19:05:42 GMT
content-security-policy
default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
content-encoding
gzip
x-content-type-options
nosniff
date
Thu, 28 Dec 2023 19:05:42 GMT
age
158097
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
4329
x-xss-protection
0
last-modified
Thu, 16 Nov 2023 13:46:10 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type
application/x-javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="content-ads-owners"
allow-fenced-frame-automatic-beacons
true
pixel
cm.g.doubleclick.net/ Frame A19C 		170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=adscale&google_cm&google_dbm
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CLDpvwEQ1Z7BARjonYLjATAB&v=APEucNXJW3Bqy4q2Znph14o_jqLi2FVOk0j0Z9YD9d5jS8JsG94OsB43IhKb2sZ5QLZWU0JVq-1uM2kq7IENdv7vrl-pZkXyiA
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.184.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s11-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 30 Dec 2023 15:00:39 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
rum
dsum-sec.casalemedia.com/ Frame A19C
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEMkSBXC97USd_ffPdwhAwEk&google_cver=1
43 B
735 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEMkSBXC97USd_ffPdwhAwEk&google_cver=1
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CLDpvwEQ1Z7BARjonYLjATAB&v=APEucNXJW3Bqy4q2Znph14o_jqLi2FVOk0j0Z9YD9d5jS8JsG94OsB43IhKb2sZ5QLZWU0JVq-1uM2kq7IENdv7vrl-pZkXyiA
Protocol
H3
Server
104.18.36.155 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 30 Dec 2023 15:00:39 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LY2TbC%2BVt0G4vr4dQAeTC4QBm3r32HLKda73tRJeT9wvv4FkzYggl%2BZpY%2FRhyevtdF3pMK%2BN8Ul65S13GyXVojUKjk%2FSfxVpneL8D5ThRixxix6NDXz0IfzD2LipWmXP3JnNrlxP4Em0Dg%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type
image/gif
cache-control
no-cache
cf-ray
83db2750598924c6-ZRH
alt-svc
h3=":443"; ma=86400
content-length
43
expires
0

Redirect headers

pragma
no-cache
date
Sat, 30 Dec 2023 15:00:39 GMT
server
HTTP server (unknown)
content-type
text/html; charset=UTF-8
location
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEMkSBXC97USd_ffPdwhAwEk&google_cver=1
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
313
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
rum
dsum-sec.casalemedia.com/ Frame A19C
Redirect Chain
  • https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZZAwllHC-kvLSQ1bpil8dAAA
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEMkSBXC97USd_ffPdwhAwEk&google_cver=1
43 B
730 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEMkSBXC97USd_ffPdwhAwEk&google_cver=1
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CLDpvwEQ1Z7BARjonYLjATAB&v=APEucNXJW3Bqy4q2Znph14o_jqLi2FVOk0j0Z9YD9d5jS8JsG94OsB43IhKb2sZ5QLZWU0JVq-1uM2kq7IENdv7vrl-pZkXyiA
Protocol
H3
Server
104.18.36.155 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 30 Dec 2023 15:00:39 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=817UJCgYYOVOggijpXebVUGliGdNvdbgHsyXb%2Fdax83Qt3TBY2xr5JYy7P93QjXefG5sVNujEHyiG2Cfullhh7XCQM0a44dDi4Qn0AmAR9G4MdadSYNBqWKXkwEt1qv1igSq%2F5vgBAdqMg%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type
image/gif
cache-control
no-cache
cf-ray
83db2750ba3d24c6-ZRH
alt-svc
h3=":443"; ma=86400
content-length
43
expires
0

Redirect headers

pragma
no-cache
date
Sat, 30 Dec 2023 15:00:39 GMT
server
HTTP server (unknown)
content-type
text/html; charset=UTF-8
location
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEMkSBXC97USd_ffPdwhAwEk&google_cver=1
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
313
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
Q12zgMmT.js
tpc.googlesyndication.com/sodar/ Frame B9B3 		41 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/Q12zgMmT.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-BTVSfg_BR6ZzaxAmYaAvcYGONwTqFYMu7Lt7z4XDR4MKGbxn2KQINF6rYwuyIiiJJr0RzOBbDVB0QJF-Ugh9Dc1wdtLTwlMK9Pz-2pFEw1Pbmfrqzrfug_2ceHM3hEnRl3IDopGAqj3lBN9p4ZU_KGTPthASRWqS2OEmWxeceOYOAICkU&cry=1&dbm_d=AKAmf-AnvNoGB1OZIrtGNzFX6c_U7z-_WCyCQ5o2FFHLfJMGNm9zDEcOTdJfHWwIZREYouoatGlC4bPhFQ6fqQHKHmec7ssoHeyDcFnO14pNL6nRt7l1j78D1WX3Tw7GLdyLCf3yuZACLRIW1NCS2DksDstQWob74dGVFeIaEwGWB_4DFiLnoXcBmLbFvA0YGL8qUAaVtMs_q9I4poXyStvjaVocmzZMIrXltK9FmHDBSOWk74VSGHq1is6Uc4dd2bYR8r8-i3tNgA3GRHzWxvEJgwl-F_7u1IG7gKp5buHj7atigeBU0ghPGB2cWzHfQsGyBktftT5BgvSsoVfun9go9lFPWAolhy2RaHkSGSL4l0nzHPAllF_isESUeFtlvwV_QTLe5qixVgAmSptVYcDfVwz84VCi6EiE_9yalD1BjbljbpBA36wQ3KvvW1mSBJ_X9nkq3l1A5qx9rRYuxZzrjfJWxcyag6oYo4_t3i_I3u9iwa33fDudfoaHw7IT9SygyC5C76sIb9-EidHx6-0aimc4sPvuGnGqXXFpB_twGFFAg7liQqmWK9BSHvvSh_jGxZ3rn8NZ0f7rIB0RJ_VlpUdsox8GYVkfLS1RdJLgIiP-C872OO7ejM68nqkMRgSRuq9GXDiwMXRuimkvIEcMksJBUXriJgH-qNONl3QrcDLsujcWuIxB9LFcYoHbtqGKVTHHY8fHd5C3WeVCXVf-j_eMAMt6I1Z_pQ3x-S98W6LxuLbmakV7XFHQI9_hvqxBW3JkiFGW3yVYiYaDvEMYROKEQdPItF4NYXyQb5OTjMTOt5yQU0XfMIkJyf9PMZMkNRXJbfuLOibnVouujPqiTgiBrZfAzjf16X_CPWU2sFwffCr3dNfBMjXlkQxJpbobjW4Q58QPeP9toAY-MsxNEehrOWP0pAho_sprCRMOaoYyZ3QNWeSSw_Gh7OBO9Bcnyk3-Hv1SbvqCmWHTVO8E9ItsQjj5_4-eYzXApuz453tNQ6v1cSlSB8uJvaLLz7QqQjkYtKroCzvInDQ6ZdnCqlpIOO9bToAdMD0iDkljThQAtW7WkvMwKrojKe9qWd0KQmjHFPsP2EqnQUI3sYaqLMwchsu_HGuaoMzlStP5Zt4KmvQW-tjlzWv_CK0beYlHI_iblCvtL-CasiUAEBTdpKbyaF00HbSwI3sABg87hWyrxTw2CaUDrToI0qYaVxTBbhAttKP2Ld0B2oHO-3mBd1zWhWdws0XyYX9MsLQD2tGNBft8y9u0XQHcdE8pHBtsF5LNk4bsgLYE5n_nSod0keA-zKDWQpx5LhBU9jM4-cdXJK7v4XIwbLD3lk5orUQOKa6ZjtgjRsrWxHL2bJU_x7Hl3RgIxTE9MwFS5UjOwx3OWKz0NLDuDtKWsSJxQlHvgOEQw2XwDXJIBM6ndVAYfIiBfIew5XX4jVZXZMMp1-hsaqVuFvrX8A6S3RKLfmD4DWgiYKJFB93889bI9vHXXqBc1keNvEyPLxtQnSAvfkB74Tkk4kLoyHrnKODlPqDTxYNY3eejNeLry2PPEyga0l5hQLMdxnyHAI2J06vVnfs6piXO07wx_cgTeAhvOpYaeUfiqykLLBASBybJXOlwDUmXj-aQniQ45I86TRnDNweWe1TKCGILWzDReJ70hMzSyGqFleWQPiSX71qpQ3O2HpxLml6fQRgnsA1KiYNZxPZGdgqAvpeIIl2ikb46tNTP6xw2HawDoSPDOwi4sz6fgXGrCHrDBrZZRa6PIcJptmlb6a3EfC9cgsVVzWGmzqRaZBm9dl5mtzP8dfKTlEKUcki9ICPKBbtO9CVtVebmx1qqdCMsp6Aq10SCDCB-xJeTa4RVlGjcEKm1BFn8E4Opw_ly2sw8g46tgh-K0gWQqz0IHrmTaaToQQR2um2eV3bd9Pn4HSQfNG4BFoy2iznB7YAmwvgXrfxM4X4AOBBBdh7KRKKGK2g41rVSxbzxfOinBSbMzG1t5T52LXIhMRxUk3mSeil-RYbX6bOwWLMimHGX6Kp8K_q2LZISRlmE8glGJsfMGxDO-Jp_CqQ697Tf03I4-u8Clkk6SjysEgBqKWmaVM1YVLO5wk3r-u35KlMNdBrPDEE5mAnRkvOc9ZFNIYkR1B6Bdw_yzwGfHQ1Zzg3bXTwxhYSDUNASZUn7DSQlC-D4hmGnONxuh1ive4lRJmCwIYG-xLmICdlCcgmSHo71gxS2RxhOhzWIaYP9kFp7Uf86_ZtOdYUX4JMo9_mgT7--zYTRY_sVaY1s4lYAYDuj7fnS45TwN6nVJVTO7tAoD7r_CpoK-JSxLVhfiZUfTtUZJYPdrfbSbR4MJFCAR4iYOG9QceEWrUC4MZ7gsTDb89EfkOKqi-9IuyfiRTinzsi9tFNR9QXrPTx_1aBREJtaW9T5WR3_0b2ciSyRaAYw1xAa4rdKKot-Mmb5bm1InYzLxjtT8EMnc3tC6r0irGeTVoTcpZ23Ud6zWGl5tpRW480wzmH9InMFW0uD77Sw1P2BoAZRaEKu7aHVumfUpSCoyopczSokPTcyDZ0ZT5Xz7sWcXwU2V_HwqpdFlodCQlcJYjqY6QkfJslM2HDb9BVBS7V3ckOjKV1h8AAjtyFNUy9fXWasoqteX6tHnoZkchGhuDvbFltVzT2KACJ21yxqgjzoLlPQ-gfZpuZfy6joog1ExtSvj_WwNbjTZJ_RWyoLsCnqLRe5y8ZtKZ2sqK_Xe8mQkoiaBvMH6L1-4OrxLxdA_oyaUFMmErcC6MO57Glk9IoFDq_cXPe2gmL43Xd1sLQ5AR0amr_uJxHoZer90UMxilezjZlaaJjMY3nSFXNcfPiWkz0H9uB9Sg6y1L87I7M-DbOw8t38gds3NTKBa7PMJLkHGCZ_X4Uitr9CxNyXOY80Ne17NfCgORPDp4r_yc6XAsFDrYcMuWwgAkfnXjfqwyIKEeErcWvsFVyRBn_iMuvIzfGdR2BUzbek1pYO__YXsTBivsygvnXlQRGPvOfjvMvj3fzGtQZjnP-4rk-iWRUpU97rDmcQyRzyQOUGzTpZL_nD9cuf_sHyQejhA-xqXBOc4jdxbW6mRkXjN3r2htfGVl8xLhSHfrQe4grksyTqzx6Zv85hsl0oAp43eA-YzqVS9Ac71MhjQ1CuRe3O-onMZ9VD13D3TfyQNkxrfwoVHc3XTmwhKyFK3iNzvLz59lkTNOZt51ZKgS1ZFA5ds1GLD9HL-y8dKgmOOGX7DhlunyUDnNUkmanjMtZcVfNaHOthJeW-HWlToHTjGQGGk6dAUjs7Fv52Wt-byoZxTE3IU8Y&cid=CAQSTgAvHhf_0es9-dJrVlO28VRPnQoismpqK7OL_9neebLHGCn564ogq5J9pVQ9fAWtlf_jR0sh5xt3riwffpYu-AFCbNfdHHo9hk1-5qsZ7BgB&dv3_ver=m202309260101&rfl=https%3A%2F%2Fwinning-wizard.com%2F&ds=l&xdt=1&iif=1&cor=16226502418888030000&adk=1761367584&idt=153&cac=0&dtd=7
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
435db380c9936c0970dcd3d9941eab6aec2fcf2a38c3e2b4e02d957e8e76bd1f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 29 Dec 2023 18:05:08 GMT
content-encoding
br
x-content-type-options
nosniff
age
75331
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
13937
x-xss-protection
0
last-modified
Fri, 25 Aug 2023 23:48:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
vary
Accept-Encoding
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Sat, 28 Dec 2024 18:05:08 GMT
adj
bid.g.doubleclick.net/xbbe/creative/ Frame B9B3
Redirect Chain
  • https://fw.adsafeprotected.com/rfw/bgd/1293200/68276434/xbbe/creative/adj?p=APEucNWjb7k4z6ksbwr_EymUgrle98HQs0X3QvM75jUQP4EoJvSFYek&d=CokBAKAmf-ACY51Mbu46b5NBeb-3r6LuBjGvbdlXZcUa6K-f_eZZyc3hF8sBDVR...
  • https://bid.g.doubleclick.net/xbbe/creative/adj?p=APEucNWjb7k4z6ksbwr_EymUgrle98HQs0X3QvM75jUQP4EoJvSFYek&d=CokBAKAmf-ACY51Mbu46b5NBeb-3r6LuBjGvbdlXZcUa6K-f_eZZyc3hF8sBDVRlE1s4VQT4-OHaiCOVHIvu5-YuW...
74 KB
26 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://bid.g.doubleclick.net/xbbe/creative/adj?p=APEucNWjb7k4z6ksbwr_EymUgrle98HQs0X3QvM75jUQP4EoJvSFYek&d=CokBAKAmf-ACY51Mbu46b5NBeb-3r6LuBjGvbdlXZcUa6K-f_eZZyc3hF8sBDVRlE1s4VQT4-OHaiCOVHIvu5-YuWKROcrwtDoo0qsMoc_2mGxYNaFd2KCJ8NZyoQC1oH2xuuGixArLh5haL1kcqobiYF6g5niVrVF5Ohzs1KYETo7J7Z1Cd-G_be-wSuRcAoCZ_4OWYsr6vc4NSe1ykZfcriAmSQ_S2vk65uMeLo0CVWol9fyNv3QbZjJKPDP9-BQL5Zgzy4cF3lrjoPn7sR_HGlIrNOFDTyE2gpV1Mck-Llv3ZtYhpmTFT2NiBo8KpXTRdDP_rlV_M5_xtCQpoac7d22XgJv_ZSw6FfB1mIpjUk_wnZbW6AijWZNjyEuisrUHG6C1i9GKeXeD-obm2h5jrubqZI9h6lndhK-eHmOpLs_WUtQAjnTh5nTC0GY_84e37-i1vqQVu6BUxcaLECq4WTdx0CJEYpNZLLcrxaUqkqwsAyWxuCawn_TXit-0UyRx8kabBtiFu--uT8RqyBLi1xytXTef34ImVY4iHiaydFyve_POy5fACeAkHjtLK_elvamzuLKK4f0HG_hkYqKTajRC23nDqueDQELW-D92bdjBCTKqagJVP5QkslcW2DwiHPMCKCsqMqV0saqQcU7D3z7H9EeGatuF41pZ5_Oo2PbYAoVNA0mz6tIxqfhZw2jrkkAfNj2NcKoWWr8pWVfnR8JrQ2fMHqiWpoDmWApf3_W3Z7QaoXT0b_G3S9ieMi8kj_5__S02_3geuvDKwL-etDNiQGZLbVefW_TTw3dOPWhnfadKuU02EuuuABbtkcEmxRHptXfyD5qg1xmj_9SVe65AFLuLFRSnzjHeH1LhfbPSA_mSUNVVuEnR08CckbV-DpTyhPNp0_tn7pNaYJXM8OUZ5p73A2x-0E5C_XRPgaWEx5kbjB4tRMsn2mdqwbp7_Vj8r0t7CvdQDQvRWNRBYGyijNua3ooqF3wE0VHwl2hRCGchClwQZ3BZdMyPjh6UXZtx7kJ5DV5tSwX-6QHNvO7S5j68M3PsqwxD_DYHtcVI64VV1Du9I7F_LwEQoSknY-k9io_pLRedlEF6gvvI5R4VRjHcUdsJb0qXooBiUKpvDF34q7aLzZVUgoyJDgonVW3w_VPgAGr4Mn3Ol6S3_vNUikbrulDCKDV1pA2BRFNoeTmOBDsMgXV_KqN2p7QfU3o9BYXoPrdARZoLAadKHk8PbC11EzjPy8jajabozWLdeh55kSczLjdR73p7tALEf7Sk4-2bRC7KUIl5tD25qDye2kfpBtJe3KEZVwWGftWNnVPzT3RMz7HL-vyWewq0QADu85zumcTIkDwxyh96BvL_iMlKb4wC8PSTrj-L3xpsgSTDDOpHYsx1u1uz5KVOUOm6aVLERRipYUYcRBw80KHOHkNiSoUTwCb5TVfcXu29nvL5W5Z_vSlqaLWktX7S9zY96QancvsRSzeJgWjUpModyXjZObNmCIBE6bteDcisA-6lS3oJLchUBqatzo4VbECYK4cQ1yi1iBHdE5YDle6gl28bgURvfF5ZFqnwdeDaBnXyJW8U91q4YU7jdIgaCkDN8BQL-sz5aEEi6IoBhEa-RpKrf5j3ODF6pYUPvqMeu8MuDEtGNck5CfQbSHQi97x4203TdFh1aS7Hn0wZuVCQ7ptqid5cICXUrWYh5GsixCV2_A3MVR3l93y3UKcCh1jHMNhTw2nTBfUH6Ql4N69bqMhZ8szQuSCs2bztl-IgtPc53kP0wPhvk4kWbPLSpPF3eH7y0PObojAWq7nclCJ3IGhjVktep0cS4pNvvbv591By0I4VVYrLIOnLCxPgh21aBehiZrAKzele63dLU237PC-3jOlNx6XvTjJSXXpG3Wc67kaRd-aSlpOrZhBFzSc4Cy4P3t2FvIOViP4AxnN8q530930IeiJZnVjgrGC3U63XeREerJzu_Tzw3KGxH88z208Wy_h7coXTB-jNqVRxF6_TenrfJdnQxWuTLPbPjx5PqZ9bt-NC9xbo2-ejvCLY62Fbcf78dg_pCuEgu6YNBO0_2URhHbz4F3jaxZhoAjYyJFJER7T_JD2TIPBR4WIlg6bPXe25ttCIiTR0VvWjDcf25xipEGrV8oeIKG1Hts3pgtlxzy8m8GIGPOAgKycCZZybWRh4GUAF6H7gAj09b3hxOuCfN-MhONaztvIpqsqjkFzRbj9MWqDLhoDuCC2hs1R8bjdQSts1ppBdJe98uEOh-Kwipof5abGpkBOdwCH78uvyrda1fKM7GVGTQ3qU34QFZgdDgqtOLrcuTjr8IWZxOOJ6PT0bAazT5yCiqyWyvnIdaLrl38MPe9xIu1rVglAM8uFDRdCNGh_qJpVyOJpl-gde3wIsngK5AwzF-vdjfdm2FUhp_cBfZjZoY8u2sosw2zH3bInLor7cX-j5cMfDH9OWgsfhzanL2tRfzj_rPHaEVIkYMWk8kCtq93No8PDtkT7D9bngJ__RVcXzilgkIMzUgkS3KVQdB6g_G8lNvjpw77ZY9pRe3Nmg31QbGSJ39939bjUhW6B-ncp0Ax5VTWq2h97yidaYunG-dksC5kaYR8e1VTDqaox_lajGAebmZyP5NEWwl41HzLf35wtwAI8hIgJM01qHaHEhWMts_0-RN7Rn476fkMk2xviGkO_Kkwv3ekJ3qQllqoDlxf_2Tm80I_N5fWhmcJWAancZutwMhRXqPgtZDClzdV11eeOTU73PN8pNwMZzNAYzhBlVmnW6qNdqH7qJKMpYM0TqCs6LEtPXSVAY1zL6MmtA3lZkcIgIhI8P2qkp2aq72oW0gcb73Osfta1gIbjg7bf4LZBaSWw4ZNg5rFD4caRFi7uxg0EWjjVWfSiCnLE0ays4AA2EhtHJLkyw8GFL4-wB8QKegHpoZeUZTz6yzfHPeo8ci6YbA14uhyn6_D8x-nG5piAO2X-6Kh8atF3x5Uvo6f-Q2N70go-IZIcVazCItXAhHeVTyDKHvbxAZ-nL-xV4e-OUaXvJleL4KENejq9JhWUpB8rQwDb-GWN8GwiBatAwbnIOT18qhyybJLWH9NM3fqhH8JbB3mwbFyEFeO94zk3Vvhi3df3MHfhOdsa7E5mZHNGTIWf8rkyZMOb97mKcq-M5Z8ZDRbVRc5k-4b37YnuJQmgOxh1ATl3Dk7Zz_oUSTAYayB_x2swYq7edHglEcyNj4Pjus2mer5pk1ruzkRETOr2jRtyXHPcxlr3z7J7FhGAr7G_p4U2ARyK4hJgD5kHgHYfRS-uPheBpaD2A8hK8FKZh9ey4l7XBqxRqiAuDAr8p8kJCQ4u0d6iLQJTb_zpkq4TX7RsDmWBC0_zFgQpEYCSUDdq5DFu1TZDPNSlutH1Mqn8eE0SLi5c0I47m1WAz58srga8YHV9qjQW5rnp-12tsVFpMzRz14DtezDhDQAcV7OS4FfltEe1BhcUd9EdDKgHVHrnId1I7RDI05gG4UNmJfsp-83xOe8e0QQMvwVZBMdQNpHGZw94H28IQre47BZay1RmRBu5bfSrWptuBIE-Mu6XdNha1lb3-1nmUyhxBHL3mDTaq29tipC7r7OYDNkGufeG9opWHCg-6FozHuzIzk6gukjdPZU2VKxE8-lmGa_U5jFRaUcHAXh8o0FUq7ObBuBF-FFSYEfae-DJ4aIpiHjbG0hzIzC41u3520Sx7It15ZZBDWhPVNcu-hNV6MeYScdXkvs82UsOJqV0gtr6yj_GskWitxReJkeT4B128GJZIrGtoXBv3kcGU8xTMGlHTO-PtBS8XnV20mtPsFCwAG0ccLNM0SEZbRkJnh1KOh2LMnYkL1iEomvTOUZP3gyx0ZNbHcLnhkTiKu15sW31po7RS6dLarzv9_RIFPVfb6fh1R9OYeVOUdwy0ksxVek_aLVZUr_JSYoy9Ww2C5BxqE9NvtPRBVP_QLfSReU_dcON7ys6wex6FluE_g-TvVXd328pBd3O8YqlqTDex8zm68vBXkvYTb85_wyLnvfphLj6PSxnHqxsYU-8Fo23M1di4gvZcZDs7QVCONxAS_Hc-vvrXigcEgc1y1Fj92ORCiVGq8lhxYfTdZNiIbgJOZPHCAsrwTKRuSu-D5u9WI3kW6W3CoA4LEKuvjQCn7VMvtS9QQ6NpDuocSX-L8GlQIBBJOAC8eF__R6z350mtWU7bxVE-dCiKyamors4v_2d55sscYKfnriiCrkn2lVD18Ba2V_-NHSyHnG3euLB9-li74AUJs190cej2GTX7mqxnsGAFgAQ&cry=1&bundleId=
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5514539878247004&output=html&h=280&slotname=8337643687&adk=3925734055&adf=1310535254&pi=t.ma~as.8337643687&w=625&fwrn=4&fwrnh=100&lmt=1703838992&rafmt=1&format=625x280&url=https%3A%2F%2Fwinning-wizard.com%2F&ea=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1703948437642&bpp=1&bdt=288&idt=256&shv=r20231207&mjsv=m202312070101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C950x280&nras=1&correlator=131603339930&frm=20&pv=1&ga_vid=8791465.1703948438&ga_sid=1703948438&ga_hid=680330077&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=325&ady=982&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C31079438%2C31080104%2C95320884&oid=2&pvsid=3836462664446130&tmod=1211932927&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&fsb=1&dtd=258
Protocol
H2
Server
142.251.173.156 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
wi-in-f156.1e100.net
Software
cafe /
Resource Hash
8ebb47c070e5160eecd3d35c1616249b84c4341a2de8d2346343679a79dd8507
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5514539878247004&output=html&h=280&slotname=8337643687&adk=3925734055&adf=1310535254&pi=t.ma~as.8337643687&w=625&fwrn=4&fwrnh=100&lmt=1703838992&rafmt=1&format=625x280&url=https%3A%2F%2Fwinning-wizard.com%2F&ea=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1703948437642&bpp=1&bdt=288&idt=256&shv=r20231207&mjsv=m202312070101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C950x280&nras=1&correlator=131603339930&frm=20&pv=1&ga_vid=8791465.1703948438&ga_sid=1703948438&ga_hid=680330077&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=325&ady=982&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C31079438%2C31080104%2C95320884&oid=2&pvsid=3836462664446130&tmod=1211932927&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&fsb=1&dtd=258
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 30 Dec 2023 15:00:39 GMT
content-encoding
br
x-content-type-options
nosniff
server
cafe
content-type
text/javascript; charset=UTF-8
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
25744
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Sat, 30 Dec 2023 15:00:39 GMT
server
nginx
x-server-name
app01.ie.303net.net
p3p
CP="COM NAV INT STA NID OUR IND NOI"
location
https://bid.g.doubleclick.net/xbbe/creative/adj?p=APEucNWjb7k4z6ksbwr_EymUgrle98HQs0X3QvM75jUQP4EoJvSFYek&d=CokBAKAmf-ACY51Mbu46b5NBeb-3r6LuBjGvbdlXZcUa6K-f_eZZyc3hF8sBDVRlE1s4VQT4-OHaiCOVHIvu5-YuWKROcrwtDoo0qsMoc_2mGxYNaFd2KCJ8NZyoQC1oH2xuuGixArLh5haL1kcqobiYF6g5niVrVF5Ohzs1KYETo7J7Z1Cd-G_be-wSuRcAoCZ_4OWYsr6vc4NSe1ykZfcriAmSQ_S2vk65uMeLo0CVWol9fyNv3QbZjJKPDP9-BQL5Zgzy4cF3lrjoPn7sR_HGlIrNOFDTyE2gpV1Mck-Llv3ZtYhpmTFT2NiBo8KpXTRdDP_rlV_M5_xtCQpoac7d22XgJv_ZSw6FfB1mIpjUk_wnZbW6AijWZNjyEuisrUHG6C1i9GKeXeD-obm2h5jrubqZI9h6lndhK-eHmOpLs_WUtQAjnTh5nTC0GY_84e37-i1vqQVu6BUxcaLECq4WTdx0CJEYpNZLLcrxaUqkqwsAyWxuCawn_TXit-0UyRx8kabBtiFu--uT8RqyBLi1xytXTef34ImVY4iHiaydFyve_POy5fACeAkHjtLK_elvamzuLKK4f0HG_hkYqKTajRC23nDqueDQELW-D92bdjBCTKqagJVP5QkslcW2DwiHPMCKCsqMqV0saqQcU7D3z7H9EeGatuF41pZ5_Oo2PbYAoVNA0mz6tIxqfhZw2jrkkAfNj2NcKoWWr8pWVfnR8JrQ2fMHqiWpoDmWApf3_W3Z7QaoXT0b_G3S9ieMi8kj_5__S02_3geuvDKwL-etDNiQGZLbVefW_TTw3dOPWhnfadKuU02EuuuABbtkcEmxRHptXfyD5qg1xmj_9SVe65AFLuLFRSnzjHeH1LhfbPSA_mSUNVVuEnR08CckbV-DpTyhPNp0_tn7pNaYJXM8OUZ5p73A2x-0E5C_XRPgaWEx5kbjB4tRMsn2mdqwbp7_Vj8r0t7CvdQDQvRWNRBYGyijNua3ooqF3wE0VHwl2hRCGchClwQZ3BZdMyPjh6UXZtx7kJ5DV5tSwX-6QHNvO7S5j68M3PsqwxD_DYHtcVI64VV1Du9I7F_LwEQoSknY-k9io_pLRedlEF6gvvI5R4VRjHcUdsJb0qXooBiUKpvDF34q7aLzZVUgoyJDgonVW3w_VPgAGr4Mn3Ol6S3_vNUikbrulDCKDV1pA2BRFNoeTmOBDsMgXV_KqN2p7QfU3o9BYXoPrdARZoLAadKHk8PbC11EzjPy8jajabozWLdeh55kSczLjdR73p7tALEf7Sk4-2bRC7KUIl5tD25qDye2kfpBtJe3KEZVwWGftWNnVPzT3RMz7HL-vyWewq0QADu85zumcTIkDwxyh96BvL_iMlKb4wC8PSTrj-L3xpsgSTDDOpHYsx1u1uz5KVOUOm6aVLERRipYUYcRBw80KHOHkNiSoUTwCb5TVfcXu29nvL5W5Z_vSlqaLWktX7S9zY96QancvsRSzeJgWjUpModyXjZObNmCIBE6bteDcisA-6lS3oJLchUBqatzo4VbECYK4cQ1yi1iBHdE5YDle6gl28bgURvfF5ZFqnwdeDaBnXyJW8U91q4YU7jdIgaCkDN8BQL-sz5aEEi6IoBhEa-RpKrf5j3ODF6pYUPvqMeu8MuDEtGNck5CfQbSHQi97x4203TdFh1aS7Hn0wZuVCQ7ptqid5cICXUrWYh5GsixCV2_A3MVR3l93y3UKcCh1jHMNhTw2nTBfUH6Ql4N69bqMhZ8szQuSCs2bztl-IgtPc53kP0wPhvk4kWbPLSpPF3eH7y0PObojAWq7nclCJ3IGhjVktep0cS4pNvvbv591By0I4VVYrLIOnLCxPgh21aBehiZrAKzele63dLU237PC-3jOlNx6XvTjJSXXpG3Wc67kaRd-aSlpOrZhBFzSc4Cy4P3t2FvIOViP4AxnN8q530930IeiJZnVjgrGC3U63XeREerJzu_Tzw3KGxH88z208Wy_h7coXTB-jNqVRxF6_TenrfJdnQxWuTLPbPjx5PqZ9bt-NC9xbo2-ejvCLY62Fbcf78dg_pCuEgu6YNBO0_2URhHbz4F3jaxZhoAjYyJFJER7T_JD2TIPBR4WIlg6bPXe25ttCIiTR0VvWjDcf25xipEGrV8oeIKG1Hts3pgtlxzy8m8GIGPOAgKycCZZybWRh4GUAF6H7gAj09b3hxOuCfN-MhONaztvIpqsqjkFzRbj9MWqDLhoDuCC2hs1R8bjdQSts1ppBdJe98uEOh-Kwipof5abGpkBOdwCH78uvyrda1fKM7GVGTQ3qU34QFZgdDgqtOLrcuTjr8IWZxOOJ6PT0bAazT5yCiqyWyvnIdaLrl38MPe9xIu1rVglAM8uFDRdCNGh_qJpVyOJpl-gde3wIsngK5AwzF-vdjfdm2FUhp_cBfZjZoY8u2sosw2zH3bInLor7cX-j5cMfDH9OWgsfhzanL2tRfzj_rPHaEVIkYMWk8kCtq93No8PDtkT7D9bngJ__RVcXzilgkIMzUgkS3KVQdB6g_G8lNvjpw77ZY9pRe3Nmg31QbGSJ39939bjUhW6B-ncp0Ax5VTWq2h97yidaYunG-dksC5kaYR8e1VTDqaox_lajGAebmZyP5NEWwl41HzLf35wtwAI8hIgJM01qHaHEhWMts_0-RN7Rn476fkMk2xviGkO_Kkwv3ekJ3qQllqoDlxf_2Tm80I_N5fWhmcJWAancZutwMhRXqPgtZDClzdV11eeOTU73PN8pNwMZzNAYzhBlVmnW6qNdqH7qJKMpYM0TqCs6LEtPXSVAY1zL6MmtA3lZkcIgIhI8P2qkp2aq72oW0gcb73Osfta1gIbjg7bf4LZBaSWw4ZNg5rFD4caRFi7uxg0EWjjVWfSiCnLE0ays4AA2EhtHJLkyw8GFL4-wB8QKegHpoZeUZTz6yzfHPeo8ci6YbA14uhyn6_D8x-nG5piAO2X-6Kh8atF3x5Uvo6f-Q2N70go-IZIcVazCItXAhHeVTyDKHvbxAZ-nL-xV4e-OUaXvJleL4KENejq9JhWUpB8rQwDb-GWN8GwiBatAwbnIOT18qhyybJLWH9NM3fqhH8JbB3mwbFyEFeO94zk3Vvhi3df3MHfhOdsa7E5mZHNGTIWf8rkyZMOb97mKcq-M5Z8ZDRbVRc5k-4b37YnuJQmgOxh1ATl3Dk7Zz_oUSTAYayB_x2swYq7edHglEcyNj4Pjus2mer5pk1ruzkRETOr2jRtyXHPcxlr3z7J7FhGAr7G_p4U2ARyK4hJgD5kHgHYfRS-uPheBpaD2A8hK8FKZh9ey4l7XBqxRqiAuDAr8p8kJCQ4u0d6iLQJTb_zpkq4TX7RsDmWBC0_zFgQpEYCSUDdq5DFu1TZDPNSlutH1Mqn8eE0SLi5c0I47m1WAz58srga8YHV9qjQW5rnp-12tsVFpMzRz14DtezDhDQAcV7OS4FfltEe1BhcUd9EdDKgHVHrnId1I7RDI05gG4UNmJfsp-83xOe8e0QQMvwVZBMdQNpHGZw94H28IQre47BZay1RmRBu5bfSrWptuBIE-Mu6XdNha1lb3-1nmUyhxBHL3mDTaq29tipC7r7OYDNkGufeG9opWHCg-6FozHuzIzk6gukjdPZU2VKxE8-lmGa_U5jFRaUcHAXh8o0FUq7ObBuBF-FFSYEfae-DJ4aIpiHjbG0hzIzC41u3520Sx7It15ZZBDWhPVNcu-hNV6MeYScdXkvs82UsOJqV0gtr6yj_GskWitxReJkeT4B128GJZIrGtoXBv3kcGU8xTMGlHTO-PtBS8XnV20mtPsFCwAG0ccLNM0SEZbRkJnh1KOh2LMnYkL1iEomvTOUZP3gyx0ZNbHcLnhkTiKu15sW31po7RS6dLarzv9_RIFPVfb6fh1R9OYeVOUdwy0ksxVek_aLVZUr_JSYoy9Ww2C5BxqE9NvtPRBVP_QLfSReU_dcON7ys6wex6FluE_g-TvVXd328pBd3O8YqlqTDex8zm68vBXkvYTb85_wyLnvfphLj6PSxnHqxsYU-8Fo23M1di4gvZcZDs7QVCONxAS_Hc-vvrXigcEgc1y1Fj92ORCiVGq8lhxYfTdZNiIbgJOZPHCAsrwTKRuSu-D5u9WI3kW6W3CoA4LEKuvjQCn7VMvtS9QQ6NpDuocSX-L8GlQIBBJOAC8eF__R6z350mtWU7bxVE-dCiKyamors4v_2d55sscYKfnriiCrkn2lVD18Ba2V_-NHSyHnG3euLB9-li74AUJs190cej2GTX7mqxnsGAFgAQ&cry=1&bundleId=
cache-control
no-cache
content-length
0
sca.17.6.2.js
static.adsafeprotected.com/ Frame 7600 		91 KB
23 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.adsafeprotected.com/sca.17.6.2.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5514539878247004&output=html&h=280&slotname=8337643687&adk=3925734055&adf=1310535254&pi=t.ma~as.8337643687&w=625&fwrn=4&fwrnh=100&lmt=1703838992&rafmt=1&format=625x280&url=https%3A%2F%2Fwinning-wizard.com%2F&ea=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1703948437642&bpp=1&bdt=288&idt=256&shv=r20231207&mjsv=m202312070101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C950x280&nras=1&correlator=131603339930&frm=20&pv=1&ga_vid=8791465.1703948438&ga_sid=1703948438&ga_hid=680330077&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=325&ady=982&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C31079438%2C31080104%2C95320884&oid=2&pvsid=3836462664446130&tmod=1211932927&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&fsb=1&dtd=258
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:223f:8a00:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
01cee6a7a3f1444680b188ab84052e2b6c85966f53a718d3926135ebcc832ffd

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Thu, 21 Sep 2023 00:09:11 GMT
x-amz-version-id
go8nfBUviNCPCwnrYX1LpMW5hEx3ASGy
content-encoding
gzip
via
1.1 eb6e5773d654b9aeadbed8169564506c.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-P5
age
8693489
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-amz-replication-status
COMPLETED
last-modified
Tue, 20 Sep 2022 19:21:34 GMT
server
AmazonS3
etag
W/"1f3488247c90bb5de253d3d0cb3b7458"
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=315360000
x-amz-cf-id
ikKt3DTW-AnW7QW4Sun95bNCpcK1ZiYX_K10Ae5sRRRHcPshLk0JnQ==
dt
dt.adsafeprotected.com/ Frame B9B3 		43 B
215 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dt.adsafeprotected.com/dt?advEntityId=1293200&asId=9d336324-3795-3518-8ec5-3c1f383e25f4&tv=%7Bc:yiqDBG,pingTime:-3,time:59,type:v,clog:%5B%7Bpiv:0,vs:o,r:r,w:336,h:280,t:18%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:0,b11:0,cnod:1,gm:0,slTimes:%7Bi:0,o:59,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:17,wc:0.0.1600.1200,ac:NaN.NaN.336.280,am:i,cc:NaN.NaN.336.280,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B55~0%5D,as:%5B55~336.280%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:tZW203D+11%7C12%7C13%7C1411%7C151*.1293200-68276434%7C1511%7C1611%7C17%7C18%7C19%7C1a%7C1b%7C1c1%7C1d1,idMap:151*,rmeas:1,rend:0,renddet:IMG.us,siq:18%7D&br=c
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5514539878247004&output=html&h=280&slotname=8337643687&adk=3925734055&adf=1310535254&pi=t.ma~as.8337643687&w=625&fwrn=4&fwrnh=100&lmt=1703838992&rafmt=1&format=625x280&url=https%3A%2F%2Fwinning-wizard.com%2F&ea=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1703948437642&bpp=1&bdt=288&idt=256&shv=r20231207&mjsv=m202312070101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C950x280&nras=1&correlator=131603339930&frm=20&pv=1&ga_vid=8791465.1703948438&ga_sid=1703948438&ga_hid=680330077&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=325&ady=982&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C31079438%2C31080104%2C95320884&oid=2&pvsid=3836462664446130&tmod=1211932927&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&fsb=1&dtd=258
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:1f18:1aca:4282:3137:249d:649b:b354 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
nginx /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 30 Dec 2023 15:00:39 GMT
server
nginx
x-server-name
dt21.va.303net.net
p3p
CP="COM NAV INT STA NID OUR IND NOI"
content-type
image/gif
cache-control
no-cache
content-length
43
dt
dt.adsafeprotected.com/ Frame B9B3 		43 B
215 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dt.adsafeprotected.com/dt?advEntityId=1293200&asId=9d336324-3795-3518-8ec5-3c1f383e25f4&tv=%7Bc:yiqDBH,pingTime:-6,time:60,type:i,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:0,b11:0,cnod:1,gm:0,slTimes:%7Bi:0,o:60,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:17,wc:0.0.1600.1200,ac:NaN.NaN.336.280,am:i,cc:NaN.NaN.336.280,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B56~0%5D,as:%5B56~336.280%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:tZW203D+11%7C12%7C13%7C1411%7C151*.1293200-68276434%7C1511%7C1611%7C17%7C18%7C19%7C1a%7C1b%7C1c1%7C1d1,idMap:151*,rmeas:1,rend:0,renddet:IMG.us,siq:18%7D&tpiLookup=ao:winning-wizard.com*%2Cgoogleads.g.doubleclick.net*&br=c
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5514539878247004&output=html&h=280&slotname=8337643687&adk=3925734055&adf=1310535254&pi=t.ma~as.8337643687&w=625&fwrn=4&fwrnh=100&lmt=1703838992&rafmt=1&format=625x280&url=https%3A%2F%2Fwinning-wizard.com%2F&ea=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1703948437642&bpp=1&bdt=288&idt=256&shv=r20231207&mjsv=m202312070101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C950x280&nras=1&correlator=131603339930&frm=20&pv=1&ga_vid=8791465.1703948438&ga_sid=1703948438&ga_hid=680330077&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=325&ady=982&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C31079438%2C31080104%2C95320884&oid=2&pvsid=3836462664446130&tmod=1211932927&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&fsb=1&dtd=258
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:1f18:1aca:4282:3137:249d:649b:b354 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
nginx /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 30 Dec 2023 15:00:39 GMT
server
nginx
x-server-name
dt20.va.303net.net
p3p
CP="COM NAV INT STA NID OUR IND NOI"
content-type
image/gif
cache-control
no-cache
content-length
43
dt
dt.adsafeprotected.com/ Frame B9B3 		43 B
215 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dt.adsafeprotected.com/dt?advEntityId=1293200&asId=9d336324-3795-3518-8ec5-3c1f383e25f4&tv=%7Bc:yiqDBP,pingTime:-2,time:68,type:a,im:%7Bsf:0,pom:1,prf:%7BbeA:549,beZ:549,mfA:551,cmA:552,inA:552,inZ:555,prA:555,prZ:564,si:567,poA:568,poZ:582,cmZ:582,mfZ:582,loA:609,loZ:610,ltA:617,ltZ:617%7D%7D,sca:%7Bdfp:%7Bdf:0%7D%7D,env:%7Bgca:false,cca:false,gca2:true%7D,clog:%5B%7Bpiv:0,vs:o,r:r,w:336,h:280,t:18%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:0,b11:0,cnod:1,gm:0,slTimes:%7Bi:0,o:68,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:17,wc:0.0.1600.1200,ac:NaN.NaN.336.280,am:i,cc:NaN.NaN.336.280,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B64~0%5D,as:%5B64~336.280%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:tZW203D+11%7C12%7C13%7C1411%7C151*.1293200-68276434%7C1511%7C1611%7C17%7C18%7C19%7C1a%7C1b%7C1c1%7C1d1,idMap:151*,pd:CV8L.internal-pdf-viewer,rmeas:1,rend:0,renddet:IMG.us,siq:18,sinceFw:49,readyFired:false%7D&br=c
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5514539878247004&output=html&h=280&slotname=8337643687&adk=3925734055&adf=1310535254&pi=t.ma~as.8337643687&w=625&fwrn=4&fwrnh=100&lmt=1703838992&rafmt=1&format=625x280&url=https%3A%2F%2Fwinning-wizard.com%2F&ea=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1703948437642&bpp=1&bdt=288&idt=256&shv=r20231207&mjsv=m202312070101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C950x280&nras=1&correlator=131603339930&frm=20&pv=1&ga_vid=8791465.1703948438&ga_sid=1703948438&ga_hid=680330077&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=325&ady=982&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C31079438%2C31080104%2C95320884&oid=2&pvsid=3836462664446130&tmod=1211932927&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&fsb=1&dtd=258
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:1f18:1aca:4282:3137:249d:649b:b354 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
nginx /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 30 Dec 2023 15:00:39 GMT
server
nginx
x-server-name
dt22.va.303net.net
p3p
CP="COM NAV INT STA NID OUR IND NOI"
content-type
image/gif
cache-control
no-cache
content-length
43
abg_lite.js
pagead2.googlesyndication.com/pagead/js/r20231207/r20110914/ Frame 9DBA 		31 KB
12 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/js/r20231207/r20110914/abg_lite.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-DYGB9JNURF-fPqMIOvByoHZjywC68KqrG-VH0R-6JN6pXcFjKCU2MToboD7nIaPWhK8nUuwALcA4EjVtIS-W7GoliqG3FQAufAyytoE6LpaosCi-lTiOncHJ5IiY9EbHaU7QeakUTza5HDnQaNNJ74VMmKPt8FbRLWkyQ1ia0UzLBnLsk&cry=1&dbm_d=AKAmf-DVC_0mRg0ZCQkqYpgFVHprG2Tg7n2yRKpdatVIAXp8QU3GlGmpbuMUEFi4IHgTOaawgwhtQVSu5Ol0Ix9oyHm3VfZvblRdO41N3kRU0ktg3x1PcNGiAaGAVHF_SFsUzCtLnsEbLfckPNw83Dm-MEpEhrPYjlpMVIzcZI2nFoJ5ZbGjnCMRkieSBNtsIkW9hXFQgkzZ3ykqbIqFvXWir1UbOLMs8cJZWjLcQq9urWj_2coDfnz0F5tvwequ08lWlIp2oesoCUFleVFrYDc-Vvz2iDzCSur9_WL3qPK0FJnD37tUnyaap3bCg4sgEwPP7sqye9ZEbmq2Lq7IAH-YiVr57nePQkpuJMmNKMzPiLz33AVj8tu2Tm30ev9n2thtFwq-I5ErJVsaSj8gKlfZDjPfoQ4xE5mrO03BJpfIa28oAe_8A5Pv26OOf7L4kgffxw27kuy6g-5lpZwEHcGAP3Pk7Qs2UhkB0iu7vf1o0pPExPVSxOzjFkHknTsJRKyTqGOskFWSDFD5Dx0FcM6RqQlBiKk3RAWdJF8fqT8v7QmmeDle_g3jl85h-dc2bZD-wufhyy_PHjaBsCl8_It4TOfL5bt19kaqe0ETur3iED6rja77L1btYy4O8KTcTwKG_vOa7Lu9HIkdT5xuieNx44cygN46fDIfyAAMNJRl-Q4d2MyYhuCguypC-Qv9m0dBnLFllA0hgAANVogSNXFbF7vnvKH1DtZ_GGEzOsa37CiZCKXGBiWhFPljjGWUJqlaj3iTU3V6YbhPYIgpmjWE_AGKqHYf925UIArkv7OUAgnP_Y7qRHGpGPnWpYmcFlqb2r3LTkBtEWeMJHOgxIKgRzbGHjSisHIrXma-szAhrCfZwc2AfymRrsO_7CtckvM8bHDv8uDuiWSqyhl2FQIac45Z3lnih-dxsw8nRuPRNI48dIpef2WvkkLgQXnENdmjQ4o6dP1duY0bFUCOG8fnWVEowjidpZuuRNfqQwYuUwLNJynifNnXEUR4PcCs40nhmVVQaJ2gEqXio8TfycA65RZYRqi-mnI_QppZrgFu-yuomkrp93xTdQf4EqJnA6nXIZdXc0VHISKItTJjBFBoE2_J583UKkj1OZHIkQ9CNOSme8JAtV8w9Xd3qa-t--P6zRe_2Jm3Z2U2vdPDOtIw2if5Jrh1LhLqWPAX492AtzHTrQq3eYRM0LTnWAbzUPhgJceB6B0ZBB-5TBw295RE5Bk37LNW6vl7hCGRThjpxXyj2X6-02MV9nJOp4SifJwJWHxNn7ilLSjxTgFYnqbTZ4Ro74KLdu3jB1xhzqw1dUkUXC4h_HUnd7uQ3qWYvigDSXeHpKFlNasa9nYfTik9bpwe65SV8MaLpjOxtOrAg0dheALkDyD96e8dqJvxF_VZVmIRoBuM9DtFv7DVLp2xmgZ74_wLAk_n6_yXEBlycuNL9hEvVPoaewGUapd8umJOiitBHR0_Urte4Kt7BJQa3eLJWjhcq2J4U6ctX77gQg0ZxQfxqh0-siFT6OT0cwEOcbKW6hi_km0CCoW0i6CRbFtHlW-HWDqKlHGAC33JFisVw7FihVY6cQ0UX6QB9nT-USEFJThb3e39QidFY4cNTI5GRrkBnQFqTnqz0tYYvWGCkhq5rY1dclTCCgsfZqx_M63hEF8N-2lcf4gu2FHsk5UPeCOx2wTg04AeYVnLXscPsI4Kdk6TQv5AcB-e61z-MrNUb4I35tKtjtpp3u63dPLmwTDO5pb1n2nWx2Of_eqMXyJI5EnahFy7z0xUSs--64z6RfUlUCrTKnJwoLEwGm-fmNp7kE1_VDL1d8hGFwK8DQtb8GCoNeAFaDfL7IwobtAT4QEbkkpmv_xBMCuxnc5XBRC8-yVeSUJcmVTglaO60UYmu-kq8YiAU23r6jw_tbmF8pp0zK7rw1XGKg-EfekdtUZvROfSGwWg4ttZNgSKgpuLFg0levsyWEdsQwOzHfQcwTMqzC9ecnYZYNLIj7a78vk0MQHfRabHlrsrEJ3Kr0RaKgjJik1XyRKGr8QyBy64FD2bAZoJ_iSXKb7F_5INcJA7CZkBs6hCqTidOvGxL514AXEn-wiYin9R2Na6CsaQlocs_9Km7FVqEXn-yWaCJ1w7-87_Ms9OTghtRy2815lJeAi9IuqfHDcHW-poO6srN9mALMDRsCPMlf5duKSckzhYUfIGnY59hnFSdv6_nbc4NLu5Uh8wqfq-4f1EuYr77TePmKKWz3yAdIbGRwlkSfwnJjboePR_l7Dt8BWchJybMuYq8ZH6z9-HTrmSyjWfuvn1i9fg5dewLJRNnn-2f3iOMLLkZK0cQjfDBbbnk1oQdNB_3OmBWpf3oaLhvxF2sCXW74pLN81hxuQjDN8-qLUNu-UbjOn7CEJEAXSRGGgkQjTxaTePzeE9hb9OsJWbyyChuhBpMGh-HoCm77einETB7TeTfHiuOKcQOBjoHYT5Bo7sQu5m8vp0UYeXa1zfZ3OXuZ962hAsSV6v6bBwBr_9VJxH3jzziGLvluUH2NkXhSqjuyeoTkcXtqeY5_tz6hLUSv5g6p4-UXZvZFoIY08ARb5vzg-v_hfq8jeMVR8sw5EXpGup1rnP-sHcv00T5jerFbGLi5PhpK2x2v5L66oR_FIP7qRsHseyK03uci0zy61Gm7yKfh7A18T-vTFunDAE8J0S8jzxrYwEcuqHn7XDKTlMPBaDAEb2pAqUIoDwvZJbDcbYgbiwVuYh2HHJxq9ryKvTqXVt1SOPti8FXREZROZNS4J1t0a-ONhHnqU1aCfBWyHvTHswGnGCTOTzdNoukSYs5pPMjRupzPsTjGU4jzMsY3MfmeYt7wUqHjSuhW7g_s-6O6Cd3-mLv90yxLTKLuRQRMrktFFlSWnDjKOJgN-7HnPVMtkLfM8tIOzID03GdRST8sy-suqhckiW_JwgPEzrnDBx7nRZS7yy1o5-XFQVtTrbSyl82FpjRgtKovq4GtolrPx7q1KMGF4rcMJu_he_QXLuLIxeKJAtv1ybltbSTVB9rn9h8AUzAdtQOEs5sAlT6po89U9eDd6hKqlJmS9mvbTx6LzGKXQjE41o6mjpFBB31DT3sb3MmmSVYIBGoAyiYF6tBY5GmTInMYHhKYwFEAgHscGxfIeJvf52W6Flr4KMmLhiahbaGnszl0JZm3kpzD6w16PizBaCHvmPEsaYBoiAAIeZoZIheHiX8-L-n8idK88PHCr6vOPsmZfsgkWeOIkbXDzO3Z3KmpJBYhD8Ggi82ilOqI4MDH7XG67c9hM8zkAz46RvQBbJdIFbaDRfDp88CRzvF2vpPQmpoO22n_ByGb1XhAYT6ync6F7QRS_pPckWhTnqbT-W_wvl-mg5bhvP5ROWhNvG-II9zxxTFXsLv0CgwUO8gYbmnh7KLkff875h_WDTrzYZmlgjyTfE9xlA8lR62TXqOvVh4XoJCfnngXvUgnLJ6kPIzm2kf5y8AjuQIaPxjpMQtyCY6w_v0NJq9SHvoi_ymnW5w1pZt7YI3bKD4wqoY4TKn0nrzUxIHSDsksfqWQGootftbJDOH-VftGHxwnSxX5KJf-vbqa6j8ZvYImBnmMn34X33S49l2S2xgVz_nbSQ76flKzBx7K3lQdHOJt4PG3x6sq9Xmp0z-ATFjKrzzt8NF-NCqR8eV-cqEwPI8NmAI1TUl5LmTVm9-Rm9c9TUhcF6Lrd7E9XjBhXTbOjSNhQR56jSj0PEu0E-gM5QEVP08QS4M5PqjTfWxS474HeJE6VfVA0DYgM9vgxPkYtGpy460TE4tg8v4GubJjIPga98IhjOPrrutq1Q8w0v57U3nWoJOfeQDT2NSfH6XJZNdkefr3-KBfsmjtMNW4kIL87HlR-_6Em60AWFOwz0SCWuBMq4mWEpsG8p5UTmWwx8KucI4ku2ZjFizIsSNScsemo25r3PrXZAcjHBs6WN4T1P04rcy3MV6MVgnokmMGGPZABmOx44zDiIzkAI7JV1MzkNBMFBJQRppPto1DuY2z2_Nj_R&cid=CAQSTgAvHhf_KX8M4q8RcZSge-n7HuKw9WxtyKduCWxfIN2rOJDW4sW2niQpWTh1XtlX0WI-VPErNvJ3liRZu-ml-QFnWRL6lsaoWLW1crSMbxgB&dv3_ver=m202309260101&rfl=https%3A%2F%2Fwinning-wizard.com%2F&ds=l&xdt=1&iif=1&cor=9208084727775322000&adk=1726166463&idt=229&cac=0&dtd=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
565592ede82822decb298ebd1e6f56e9c6a680b1a79cd4208513a834295e4c43
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 30 Dec 2023 01:43:50 GMT
content-encoding
br
x-content-type-options
nosniff
age
47809
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
11872
x-xss-protection
0
server
cafe
etag
16225921609732785849
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Sat, 13 Jan 2024 01:43:50 GMT
Q12zgMmT.js
tpc.googlesyndication.com/sodar/ Frame 9DBA 		41 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/Q12zgMmT.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-DYGB9JNURF-fPqMIOvByoHZjywC68KqrG-VH0R-6JN6pXcFjKCU2MToboD7nIaPWhK8nUuwALcA4EjVtIS-W7GoliqG3FQAufAyytoE6LpaosCi-lTiOncHJ5IiY9EbHaU7QeakUTza5HDnQaNNJ74VMmKPt8FbRLWkyQ1ia0UzLBnLsk&cry=1&dbm_d=AKAmf-DVC_0mRg0ZCQkqYpgFVHprG2Tg7n2yRKpdatVIAXp8QU3GlGmpbuMUEFi4IHgTOaawgwhtQVSu5Ol0Ix9oyHm3VfZvblRdO41N3kRU0ktg3x1PcNGiAaGAVHF_SFsUzCtLnsEbLfckPNw83Dm-MEpEhrPYjlpMVIzcZI2nFoJ5ZbGjnCMRkieSBNtsIkW9hXFQgkzZ3ykqbIqFvXWir1UbOLMs8cJZWjLcQq9urWj_2coDfnz0F5tvwequ08lWlIp2oesoCUFleVFrYDc-Vvz2iDzCSur9_WL3qPK0FJnD37tUnyaap3bCg4sgEwPP7sqye9ZEbmq2Lq7IAH-YiVr57nePQkpuJMmNKMzPiLz33AVj8tu2Tm30ev9n2thtFwq-I5ErJVsaSj8gKlfZDjPfoQ4xE5mrO03BJpfIa28oAe_8A5Pv26OOf7L4kgffxw27kuy6g-5lpZwEHcGAP3Pk7Qs2UhkB0iu7vf1o0pPExPVSxOzjFkHknTsJRKyTqGOskFWSDFD5Dx0FcM6RqQlBiKk3RAWdJF8fqT8v7QmmeDle_g3jl85h-dc2bZD-wufhyy_PHjaBsCl8_It4TOfL5bt19kaqe0ETur3iED6rja77L1btYy4O8KTcTwKG_vOa7Lu9HIkdT5xuieNx44cygN46fDIfyAAMNJRl-Q4d2MyYhuCguypC-Qv9m0dBnLFllA0hgAANVogSNXFbF7vnvKH1DtZ_GGEzOsa37CiZCKXGBiWhFPljjGWUJqlaj3iTU3V6YbhPYIgpmjWE_AGKqHYf925UIArkv7OUAgnP_Y7qRHGpGPnWpYmcFlqb2r3LTkBtEWeMJHOgxIKgRzbGHjSisHIrXma-szAhrCfZwc2AfymRrsO_7CtckvM8bHDv8uDuiWSqyhl2FQIac45Z3lnih-dxsw8nRuPRNI48dIpef2WvkkLgQXnENdmjQ4o6dP1duY0bFUCOG8fnWVEowjidpZuuRNfqQwYuUwLNJynifNnXEUR4PcCs40nhmVVQaJ2gEqXio8TfycA65RZYRqi-mnI_QppZrgFu-yuomkrp93xTdQf4EqJnA6nXIZdXc0VHISKItTJjBFBoE2_J583UKkj1OZHIkQ9CNOSme8JAtV8w9Xd3qa-t--P6zRe_2Jm3Z2U2vdPDOtIw2if5Jrh1LhLqWPAX492AtzHTrQq3eYRM0LTnWAbzUPhgJceB6B0ZBB-5TBw295RE5Bk37LNW6vl7hCGRThjpxXyj2X6-02MV9nJOp4SifJwJWHxNn7ilLSjxTgFYnqbTZ4Ro74KLdu3jB1xhzqw1dUkUXC4h_HUnd7uQ3qWYvigDSXeHpKFlNasa9nYfTik9bpwe65SV8MaLpjOxtOrAg0dheALkDyD96e8dqJvxF_VZVmIRoBuM9DtFv7DVLp2xmgZ74_wLAk_n6_yXEBlycuNL9hEvVPoaewGUapd8umJOiitBHR0_Urte4Kt7BJQa3eLJWjhcq2J4U6ctX77gQg0ZxQfxqh0-siFT6OT0cwEOcbKW6hi_km0CCoW0i6CRbFtHlW-HWDqKlHGAC33JFisVw7FihVY6cQ0UX6QB9nT-USEFJThb3e39QidFY4cNTI5GRrkBnQFqTnqz0tYYvWGCkhq5rY1dclTCCgsfZqx_M63hEF8N-2lcf4gu2FHsk5UPeCOx2wTg04AeYVnLXscPsI4Kdk6TQv5AcB-e61z-MrNUb4I35tKtjtpp3u63dPLmwTDO5pb1n2nWx2Of_eqMXyJI5EnahFy7z0xUSs--64z6RfUlUCrTKnJwoLEwGm-fmNp7kE1_VDL1d8hGFwK8DQtb8GCoNeAFaDfL7IwobtAT4QEbkkpmv_xBMCuxnc5XBRC8-yVeSUJcmVTglaO60UYmu-kq8YiAU23r6jw_tbmF8pp0zK7rw1XGKg-EfekdtUZvROfSGwWg4ttZNgSKgpuLFg0levsyWEdsQwOzHfQcwTMqzC9ecnYZYNLIj7a78vk0MQHfRabHlrsrEJ3Kr0RaKgjJik1XyRKGr8QyBy64FD2bAZoJ_iSXKb7F_5INcJA7CZkBs6hCqTidOvGxL514AXEn-wiYin9R2Na6CsaQlocs_9Km7FVqEXn-yWaCJ1w7-87_Ms9OTghtRy2815lJeAi9IuqfHDcHW-poO6srN9mALMDRsCPMlf5duKSckzhYUfIGnY59hnFSdv6_nbc4NLu5Uh8wqfq-4f1EuYr77TePmKKWz3yAdIbGRwlkSfwnJjboePR_l7Dt8BWchJybMuYq8ZH6z9-HTrmSyjWfuvn1i9fg5dewLJRNnn-2f3iOMLLkZK0cQjfDBbbnk1oQdNB_3OmBWpf3oaLhvxF2sCXW74pLN81hxuQjDN8-qLUNu-UbjOn7CEJEAXSRGGgkQjTxaTePzeE9hb9OsJWbyyChuhBpMGh-HoCm77einETB7TeTfHiuOKcQOBjoHYT5Bo7sQu5m8vp0UYeXa1zfZ3OXuZ962hAsSV6v6bBwBr_9VJxH3jzziGLvluUH2NkXhSqjuyeoTkcXtqeY5_tz6hLUSv5g6p4-UXZvZFoIY08ARb5vzg-v_hfq8jeMVR8sw5EXpGup1rnP-sHcv00T5jerFbGLi5PhpK2x2v5L66oR_FIP7qRsHseyK03uci0zy61Gm7yKfh7A18T-vTFunDAE8J0S8jzxrYwEcuqHn7XDKTlMPBaDAEb2pAqUIoDwvZJbDcbYgbiwVuYh2HHJxq9ryKvTqXVt1SOPti8FXREZROZNS4J1t0a-ONhHnqU1aCfBWyHvTHswGnGCTOTzdNoukSYs5pPMjRupzPsTjGU4jzMsY3MfmeYt7wUqHjSuhW7g_s-6O6Cd3-mLv90yxLTKLuRQRMrktFFlSWnDjKOJgN-7HnPVMtkLfM8tIOzID03GdRST8sy-suqhckiW_JwgPEzrnDBx7nRZS7yy1o5-XFQVtTrbSyl82FpjRgtKovq4GtolrPx7q1KMGF4rcMJu_he_QXLuLIxeKJAtv1ybltbSTVB9rn9h8AUzAdtQOEs5sAlT6po89U9eDd6hKqlJmS9mvbTx6LzGKXQjE41o6mjpFBB31DT3sb3MmmSVYIBGoAyiYF6tBY5GmTInMYHhKYwFEAgHscGxfIeJvf52W6Flr4KMmLhiahbaGnszl0JZm3kpzD6w16PizBaCHvmPEsaYBoiAAIeZoZIheHiX8-L-n8idK88PHCr6vOPsmZfsgkWeOIkbXDzO3Z3KmpJBYhD8Ggi82ilOqI4MDH7XG67c9hM8zkAz46RvQBbJdIFbaDRfDp88CRzvF2vpPQmpoO22n_ByGb1XhAYT6ync6F7QRS_pPckWhTnqbT-W_wvl-mg5bhvP5ROWhNvG-II9zxxTFXsLv0CgwUO8gYbmnh7KLkff875h_WDTrzYZmlgjyTfE9xlA8lR62TXqOvVh4XoJCfnngXvUgnLJ6kPIzm2kf5y8AjuQIaPxjpMQtyCY6w_v0NJq9SHvoi_ymnW5w1pZt7YI3bKD4wqoY4TKn0nrzUxIHSDsksfqWQGootftbJDOH-VftGHxwnSxX5KJf-vbqa6j8ZvYImBnmMn34X33S49l2S2xgVz_nbSQ76flKzBx7K3lQdHOJt4PG3x6sq9Xmp0z-ATFjKrzzt8NF-NCqR8eV-cqEwPI8NmAI1TUl5LmTVm9-Rm9c9TUhcF6Lrd7E9XjBhXTbOjSNhQR56jSj0PEu0E-gM5QEVP08QS4M5PqjTfWxS474HeJE6VfVA0DYgM9vgxPkYtGpy460TE4tg8v4GubJjIPga98IhjOPrrutq1Q8w0v57U3nWoJOfeQDT2NSfH6XJZNdkefr3-KBfsmjtMNW4kIL87HlR-_6Em60AWFOwz0SCWuBMq4mWEpsG8p5UTmWwx8KucI4ku2ZjFizIsSNScsemo25r3PrXZAcjHBs6WN4T1P04rcy3MV6MVgnokmMGGPZABmOx44zDiIzkAI7JV1MzkNBMFBJQRppPto1DuY2z2_Nj_R&cid=CAQSTgAvHhf_KX8M4q8RcZSge-n7HuKw9WxtyKduCWxfIN2rOJDW4sW2niQpWTh1XtlX0WI-VPErNvJ3liRZu-ml-QFnWRL6lsaoWLW1crSMbxgB&dv3_ver=m202309260101&rfl=https%3A%2F%2Fwinning-wizard.com%2F&ds=l&xdt=1&iif=1&cor=9208084727775322000&adk=1726166463&idt=229&cac=0&dtd=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
435db380c9936c0970dcd3d9941eab6aec2fcf2a38c3e2b4e02d957e8e76bd1f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 29 Dec 2023 18:05:08 GMT
content-encoding
br
x-content-type-options
nosniff
age
75331
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
13937
x-xss-protection
0
last-modified
Fri, 25 Aug 2023 23:48:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
vary
Accept-Encoding
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Sat, 28 Dec 2024 18:05:08 GMT
attribution_src_register;crd=cXVlcnlfZXZlbnRfaWQgewogIHRpbWVfdXNlYzogMTcwMzk0ODQzODgxMDU3NgogIHNlcnZlcl9pcDogMTI2MDU4ODUxCiAgcHJvY2Vzc19pZDogMzgwOTQyOTA3NQp9CmZsb29kbGlnaHRfY29uZmlnX2lkOiAzNjcyNzIx...
ad.doubleclick.net/ddm/activity/ Frame 9DBA 		0
859 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ad.doubleclick.net/ddm/activity/attribution_src_register;crd=cXVlcnlfZXZlbnRfaWQgewogIHRpbWVfdXNlYzogMTcwMzk0ODQzODgxMDU3NgogIHNlcnZlcl9pcDogMTI2MDU4ODUxCiAgcHJvY2Vzc19pZDogMzgwOTQyOTA3NQp9CmZsb29kbGlnaHRfY29uZmlnX2lkOiAzNjcyNzIxCmFkdmVydGlzZXJfZG9tYWluOiAiaHR0cHM6Ly91YnMuY29tIgp4ZmFfYXR0cmlidXRpb25faW50ZXJhY3Rpb25fdHlwZTogVklFVwppbXByZXNzaW9uX3ByaW9yaXR5OiAwCmltcHJlc3Npb25fZXhwaXJ5X2luX2RheXM6IDMwCmV2ZW50X2ltcHJlc3Npb25faWQ6IDEzMzg5NTkzMjIxNzY4MTU0MTYzCmRlYnVnX2tleTogMTQ3Nzk1ODU1MTg1OTk3NjQ1NzcKaW1wcmVzc2lvbl9tZWFzdXJlbWVudF9kaW1lbnNpb25zX2RhdGEgewogIG1lYXN1cmVtZW50X2RpbWVuc2lvbjogSU1QUkVTU0lPTl9ESU1FTlNJT05fUFJPRFVDVF9UWVBFCiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uX3ZhbHVlIHsKICAgIGludDY0X3ZhbHVlOiAyCiAgfQp9CmltcHJlc3Npb25fbWVhc3VyZW1lbnRfZGltZW5zaW9uc19kYXRhIHsKICBtZWFzdXJlbWVudF9kaW1lbnNpb246IElNUFJFU1NJT05fRElNRU5TSU9OX0lOVEVSQUNUSU9OX1RZUEUKICBtZWFzdXJlbWVudF9kaW1lbnNpb25fdmFsdWUgewogICAgaW50NjRfdmFsdWU6IDMKICB9Cn0KaW1wcmVzc2lvbl9tZWFzdXJlbWVudF9kaW1lbnNpb25zX2RhdGEgewogIG1lYXN1cmVtZW50X2RpbWVuc2lvbjogSU1QUkVTU0lPTl9ESU1FTlNJT05fSU5URVJBQ1RJT05fREFURQogIG1lYXN1cmVtZW50X2RpbWVuc2lvbl92YWx1ZSB7CiAgICBzdHJpbmdfdmFsdWU6ICIyMDIzLTEyLTMwIgogIH0KfQppbXByZXNzaW9uX21lYXN1cmVtZW50X2RpbWVuc2lvbnNfZGF0YSB7CiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uOiBJTVBSRVNTSU9OX0RJTUVOU0lPTl9GTE9PRExJR0hUX0NPTkZJR19JRAogIG1lYXN1cmVtZW50X2RpbWVuc2lvbl92YWx1ZSB7CiAgICBpbnQ2NF92YWx1ZTogMzY3MjcyMQogIH0KfQppbXByZXNzaW9uX21lYXN1cmVtZW50X2RpbWVuc2lvbnNfZGF0YSB7CiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uOiBJTVBSRVNTSU9OX0RJTUVOU0lPTl9DT1JFX1BMQVRGT1JNX1NFUlZJQ0UKICBtZWFzdXJlbWVudF9kaW1lbnNpb25fdmFsdWUgewogICAgaW50NjRfdmFsdWU6IDAKICB9Cn0KaW1wcmVzc2lvbl9tZWFzdXJlbWVudF9kaW1lbnNpb25zX2RhdGEgewogIG1lYXN1cmVtZW50X2RpbWVuc2lvbjogSU1QUkVTU0lPTl9ESU1FTlNJT05fUExBVEZPUk1fVFlQRQogIG1lYXN1cmVtZW50X2RpbWVuc2lvbl92YWx1ZSB7CiAgICBpbnQ2NF92YWx1ZTogMAogIH0KfQppbXByZXNzaW9uX21lYXN1cmVtZW50X2RpbWVuc2lvbnNfZGF0YSB7CiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uOiBJTVBSRVNTSU9OX0RJTUVOU0lPTl9RVUVSWV9DT1VOVFJZCiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uX3ZhbHVlIHsKICAgIHN0cmluZ192YWx1ZTogIlVTIgogIH0KfQppbXByZXNzaW9uX21lYXN1cmVtZW50X2RpbWVuc2lvbnNfZGF0YSB7CiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uOiBJTVBSRVNTSU9OX0RJTUVOU0lPTl9QTEFDRU1FTlRfSUQKICBtZWFzdXJlbWVudF9kaW1lbnNpb25fdmFsdWUgewogICAgaW50NjRfdmFsdWU6IDM4NDA3ODU4OAogIH0KfQppbXByZXNzaW9uX21lYXN1cmVtZW50X2RpbWVuc2lvbnNfZGF0YSB7CiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uOiBJTVBSRVNTSU9OX0RJTUVOU0lPTl9EVjNfQURWRVJUSVNFUl9JRAogIG1lYXN1cmVtZW50X2RpbWVuc2lvbl92YWx1ZSB7CiAgICBpbnQ2NF92YWx1ZTogOTI5NjQ5CiAgfQp9CmltcHJlc3Npb25fbWVhc3VyZW1lbnRfZGltZW5zaW9uc19kYXRhIHsKICBtZWFzdXJlbWVudF9kaW1lbnNpb246IElNUFJFU1NJT05fRElNRU5TSU9OX0RWM19MSU5FX0lURU1fSUQKICBtZWFzdXJlbWVudF9kaW1lbnNpb25fdmFsdWUgewogICAgaW50NjRfdmFsdWU6IDIwNzg4ODEyNjMzCiAgfQp9CmltcHJlc3Npb25fbWVhc3VyZW1lbnRfZGltZW5zaW9uc19kYXRhIHsKICBtZWFzdXJlbWVudF9kaW1lbnNpb246IElNUFJFU1NJT05fRElNRU5TSU9OX0RWM19DUkVBVElWRV9JRAogIG1lYXN1cmVtZW50X2RpbWVuc2lvbl92YWx1ZSB7CiAgICBpbnQ2NF92YWx1ZTogNTQwMTM0MjM4CiAgfQp9CmFyY2hldHlwZV9pZDogMTIKYXJjaGV0eXBlX2lkOiAxMwphcmNoZXR5cGVfaWQ6IDE0CmFyY2hldHlwZV9pZDogMTUKYWR2ZXJ0aXNlcl9jb252ZXJzaW9uX2RvbWFpbnM6ICJodHRwczovL3Vicy5jb20iCmltcHJlc3Npb25fZXZlbnRfcmVwb3J0aW5nX3dpbmRvd19kYXlzOiA0CmJyb3dzZXJfYXR0cmlidXRpb25fYXBpX3JlcXVlc3RfcHJvY2Vzc2luZ19iaXRzOiA3NTQ5NzQ3MjAK
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5514539878247004&output=html&h=600&slotname=8337643687&adk=2691795975&adf=592498440&pi=t.ma~as.8337643687&w=285&fwrn=4&fwrnh=100&lmt=1703838992&rafmt=1&format=285x600&url=https%3A%2F%2Fwinning-wizard.com%2F&ea=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=4&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1703948437642&bpp=1&bdt=288&idt=266&shv=r20231207&mjsv=m202312070101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C950x280%2C625x280&nras=1&correlator=131603339930&frm=20&pv=1&ga_vid=8791465.1703948438&ga_sid=1703948438&ga_hid=680330077&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=990&ady=412&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C31079438%2C31080104%2C95320884&oid=2&pvsid=3836462664446130&tmod=1211932927&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&cms=2&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=4&uci=a!4&fsb=1&dtd=268
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.16.134 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra15s46-in-f6.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 30 Dec 2023 15:00:39 GMT
x-content-type-options
nosniff
attribution-reporting-register-source
{"aggregation_keys":{"12":"0x63543153d59e3ea00000000000000000","13":"0x2d7b05a182447dc80000000000000000","14":"0x7b2c195c03a55e8f0000000000000000","15":"0xce2993d4c2f256000000000000000000"},"debug_key":"14779585518599764577","debug_reporting":true,"destination":"https://ubs.com","event_report_window":"345600","expiry":"2592000","filter_data":{"14":[],"21":[],"8":["3672721"]},"priority":"0","source_event_id":"13389593221768154163"}
server
cafe
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type
image/png
access-control-allow-origin
*
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
bootstrap.js
s1.adform.net/stoat/630/s1.adform.net/ Frame 9DBA 		37 KB
17 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s1.adform.net/stoat/630/s1.adform.net/bootstrap.js
Requested by
Host: track.adform.net
URL: https://track.adform.net/adfscript/?bn=70207642;gdpr=;gdpr_consent=;click=https://googleads.g.doubleclick.net/dbm/clk?sa=L&ai=C2hbkljCQZeH9BJrM7OsP-7em-Aa21oi7dPnW3e2_EvfSor3AARABIIjL9WVg9YWAgPwDyAEJqQIMniV5jPCzPqgDAcgDmwSqBKMCT9AjWEMNZVDFJirdhvE512aQo83TFNtqJxPdDlo4n7sBoa_CELdd1Z1aw6ksRFiuPoe_3VaLV4IClyLukOCdWc0HiCJNY1wuVflmfR6tDLLtfYLXzpCB-xyuMp0PePPkvYdM9m5MpqrNSAiCm0qxvMgsBOQuXmvoAZ-sYVCWS5bUc5RpQ1kr7lP_bNHQS9rYFitUdNojqqGKDHtUF5Xr7Q7dmWkqvqnz6SEhtkkrezeM3_clLIZT9fwXx9O4NsJNo0KA5eXpYycGrB3vDkDucUln2qKW8BoJ4OxPoGsWQgrMf4SV9BiDpoUtDqPMIDyP-Dh-reOc1ueT6xGStNA3JPlEVk-OKXW0zny8ZycI2xFOpVPowGKq9_72BFd4-djiuf02wASZ-eK4wgTgBAOIBdm28LhNkAYBoAZNgAeNgO9BqAfZtrECqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIHwiAYRABGB8yAooCOgSAQIBASL39wTpY767vyra3gwOACgGYCwHICwGADAGiDBAqDgoM5LSxAu61sQK1uLECqg0CQ0iwE5ntjRbIE4zJ-OMD2BMK2BQB0BUB-BYBgBcB6BcF&ae=1&num=1&cid=CAQSTgAvHhf_KX8M4q8RcZSge-n7HuKw9WxtyKduCWxfIN2rOJDW4sW2niQpWTh1XtlX0WI-VPErNvJ3liRZu-ml-QFnWRL6lsaoWLW1crSMbxgB&sig=AOD64_1Ah4Aq_brEldjf6Dcu8MiOz2KVvw&client=ca-pub-5514539878247004&dbm_c=AKAmf-C744wQ6TfEbM97bBiOo9OjLVn0H40IGKAAPEnRr0fw2cihFP4tR08LinsGJfgLyOX8cMjWKLdUTW5Gb4PqozxujcxWgs0aVaaAoa2T3KAcMriQwN0OLqmb8Z4-2hhb1iG9VituM4UaefSy--iVqf9E0gt7edaujgy6x-dnyxUeVz2kHDw&cry=1&dbm_d=AKAmf-Ct7dRR0nJDL1ucBICXUN30yNPQL4Ngo8TihdPj34LuZTZNxEmtWB0ltm03ZsSBezq0lAlKB7zJivYoTuFFWBwiHuPvtc0yDYbCVXAJlYWi83SMYteLt-ULDHo9POJ8UvjBOM5qoIjwi33omemTKjqmzv8ZjufYL6jamC6Ep7Ck-ZCwXt9XFRYBna5qfaHS1fXkL6ZmjOrqpTPztocDHKKyzZ60WAqjcfZd-DHE9UA7k4vCSqeUZdAIfuKZj62g9RU-DHnjTAvISMm4EeHtAZeczOTjlVmqNYkFhVG4B0EzogObRRqgkylwO-sdAUVE6z4VxhbK5jq1ugl3Ozd41RXF9NJeh698UQIScmGu2PcoNBKc834hjk2EthMrE5M1G3eCgn_9pjEKM97DwPWMdDGgiWtRpUtgSXCyCM7k9SUZYTU76qJpjLW3-5bEDorZjBp7GMHdB_NFLw4Pr4Ee8g3NFov9Tan5OQuKb5Rx4ocER5lgTGtmXh4-vK3TWnoLkJywEkL2dCW2DVHNP1Jlglg6RdFcsFTH8yW1I0LUd0oIhHSG_hc&adurl=
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.157.2.249 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software
nginx /
Resource Hash
70fa7d6af1775ea7cbb76511f73b02a74a55c965b1956e7cc5ef3798871badca

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 30 Dec 2023 15:00:39 GMT
content-encoding
gzip
last-modified
Mon, 04 Dec 2023 10:45:40 GMT
server
nginx
x-cache-status
STALE
vary
Accept-Encoding
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=100000
expires
Tue, 05 Dec 2023 15:49:30 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame 70B5 		0
20 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=2476813354712&version=m202309260101
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 30 Dec 2023 15:00:39 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame 70B5 		0
20 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=2476813354712&version=m202309260101&ct=132&x=1&cor=18248576333173610000
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 30 Dec 2023 15:00:39 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ad
googleads.g.doubleclick.net/dbm/ Frame 70B5 		93 KB
38 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-AhLiRX6q2cdjZuUR9zRGFyU4Go5f3X_73Rgu7oyqGAXz1y-PuYWUehqz4JIL43ilX7BRwpkFrLE9GMKCduVh7_bJLAiKettLcjnWU3t9RgPqVRf_7Yhzp5Tl8ffYqqpFJka4x22-b6Vx7GCTp-95uq3nCFbgrwG3ULs0hD3Xv1flp3S0UEYYZ8i3GSXemygAq_qTqi&cry=1&dbm_d=AKAmf-A7eiH9DJs5r-6590v-N9ul7E-F0QCe6_C7qLIe0QZWBR6tCoyl5wJtufupO3iPxoVNXkolignqqSDHbqTk1ryEiQI0xErtYJNj03Lf3qvyPVtbbxf7yP1kyNr-IbkIdNSXPLAjy3q6xZ5Pmhdx46XT0XqBLFxP6gFiC-LiJS9BDnp0TvseNn7ZDcitYrTxwZj7ihRfGDUnLCljQJWFkmHKpW56EXi3s0zL4xdCTMC2mLTlUjcbfgKsbyEVoTF7l_6kbyKq6l2F5V_53aa0dwH4whTL_yqRKDweyLUr4Li-G0sgtQVzvTB01fNIlx9OFWxkCDdelPKQy2P6AsJTySvhc2eTHH9shoJpk9hOilIDkIo87y_Nee05oPtzoQArSu5slZoFwHYLHHW42yJwrHM1p9axZE_oW9768kRECnMsqJD2VvxvmM-oBcxSSYlMcHulzzPrfp-ruoWP7yNoR1U04mqp0zhWIuKDSUGvAZ-N-5gN3ZpIaVGVROeftVwrv9HbGk3YKU_6hJSwwLOA-Hgyc80cvLX7Zi8CNuh8NUWJRgOOirN08CURXJ6z9Q7S9nZL7tfs51Ko5H28fG5_HLA3lYB5_JaDT3uxXqL-5d_7ts0cZDDzNgZej0CXQEK6owsA8HALbKRKPgw5BFxm6sllKYh3Qgiwgu4uqe5g3qCx8lyhR9HBfpbtTk6U8Sgi-R5jWkl6CwTWPyxZjg4Xw-8ByWj3qb3HP2Pe_UixSV0R_pY5dUcM4WJM0W-FztMsLKDk2vCrCAcDbrVHbPqXyQSttUL7LHBHOUguLsOufa5o9eOM4G2Dk0bSnOX0RhMhf032zxXIFOWioIpfIEkJalnGo2lURr8xw-fcMjC8k8yibkSX3ooQrHrj7nQVWWBrfozV7HTml5JVyLkeZflUo1MqeeKxVehpihd39jG6x7cXSt2897O_BaAML2XI44lLW71kBZbjSqHkrqcPr91Hu8slZjRYuxNHol6N4u8sZWFPVuU7m_JUWWbMzz4GrNFxAwbPnyM1h772To-FOPpZTFeSSDnWucGHtaNN9H2hFR-yjz7Ozt-BBf_t7Ias-37jeTTqOPjypyaBwMhy1itq_rf7bpig9CYzuprtEvlTZbcNTyT8YuAudIeid7yR3NYIICqRr1ZRbwKLKl_ysrvD6Yn9ImtSqbHVT2RWUlz4fv1gpDMIhSIykH1vDYE9fotbIohsRDOpes3-7Po2zE7lUniK4tUtSr3D26if-ipIR3dL48tarhmrqDFrBs9zS7RASI_W25QQACKYXOXaX252axBtluTce_HaNYQ9MwxD4v2aRZU4ZcqKdIrEgfJnlRHLQZ43TyIt9hpV3nkEwxFcIUMvbkSebw3EBuZEm6dpNanrLXn5tE2HHk9rqwYOOe3pCpSU3YOvW98pu8qq8Pni__wu9nlh-WYfgzrA36TPkgelHIbqz_TUD3PTzegjPiY_Ebs9B2IHSDdYRJkFOHlXxouooa_Mt5FsC89X_Ng8WC7sgNBeyYvbUtw98mZAJnN5i9r94rnWDujptCo2t8e4lIF4ZkCL4naeEZpiT7kVgEVthpZfM12ireZGAlF9ul504ZCpEHkcQVVEDhxXBzExut94eQEsYhqdtoBy2ZGmQ9rpyRTWdkbc4vMSvmW7iWKqSbmyPKOipY_azP9jICYmbDjRrv8PRHhxCHwbHO9xV6v_ieFqiqpp2llGqqWQRSghmEAIYh7Cbv-lcw12hI5vuCA_jweJAsDbjqKHfvedoRd_mT2x-hmdEGYEpEnsmEVICN_Ycpr6DvH1ebAZRjwCEFqPdU6t3vqD3nLkBNjbcXidWry9y7hJRMfRBIgaPD2GwZfwsak_bzn_CWtDg2x2Q4RGgs9mGmdDywAQqeDRGP9rW1BcduggbwN-IV3o59OewiZTQdKrZ2SidXV1tuemsjHCYRzNRhbiORFoD7ZEf3IylWOIhxTSwZXUVj0T9EvgiOZ4ZYgv_CpUeKyVyw92zBFghq2lUohhLWw_1kr3DfFD5I4L7MPBQT7opJoCKIymLAaDFsFxS52XF4uZTBqJPhWfdZx0Y4kXwa6_EeFNHBdo2AD1pWynKGjM6QXHZ1_SxjisjuVEeynymUQt7BNT7b4ddkM1-uV3fLmNiewTKxyhZSl0No92aQbysHM1tWKM2CAmkrazvQBQPdZV3GK2BqLROJPONsWoYlB9CzX4cACIr5ahDSmorJfnRfdJ5Q8F9bIFpyPZzUmzUBn1bzQ9iPJrZIvleRF2vPTjJadw-yRHuWhoIBeaB53shQhEcDIqDh-Wsey7BIhowDqmj-thwbqy5G2AIthslHfsZz24zprKiG-Swz3SkA9-uMPZccq1jk0YAhV6dyhGlHYvkAzfiypIVRmy2LrxBgXmFu1RcGZ_UfjQxW5nEuNBiS7LYFMOsTQ-vJmOI1Yf0xVxkVdtJqAqePBbxNyHJziw5RwwMuRfODI3fYzTsBpXUtBdCJYAAEvSDS4pJ_7vaysKnjwoCqhZQHemKmKmZUB1WeustUupkWlYJr5Wer3VOSSOi5K8X87FSfMhrJ3-SbfkNBGtiCxwiGDojIsivkPwHXZgP-gZCVMdKf6dE8nUN-dHP4nbJLU4rBCD5Br_D8bRIRlWAQpJtMuJolXz3MIciKOTdJJsPesWGnHwVJ1aLT1pqnDaDQGYtEpNtnH5TJg24mWWEcZAUw0s-PlHZTdHpvFDbDDyMMu4q1Qwt4RnxbU3HxsCL6xLe6hvDbfX9dfVM00-ZCFEt04YY68_S3UpGASxAGRV495rUu8mgvUh4cyfUFWaRQX92hH05Odq8_gvlaMkpPmU3tJUCaGI9AUQODJYZUONupVcfPaP9CPZUNf81g7x2wHnX5Ft-372ogYcBujfWMcldLWJxXSqTOZVBXtYWSI4kPapNvWUMe32PdzF4GlxoEYNdP3Jp59cwwZnlPvfwmGNwCF4-9rzCUbtZQRH3JK_b4n54qI_zZmDXDOJjOV1eoGmsTwJ6qOD6eBikG5vJWEsIp6EH4HXKGGnO48XVEkbdhElrndjwi7dzuxkwGwdx_vtvaWxWfgOcuhnvAbm_aN3FrPnusigx6v3DecTzH21LDmm9RxMtKDDm5auhb1vm3u7QP_K-olaxmYsviykYVPxrknWlA0CC1odabdtvlMW_t_D_uFV74LomOB_40s_8QjR3o0LK4qovifULCvaXZq4SBsvBAsi8dRrbBOMC1Piwd6Q8Nquu2ZDFJx15aJo9fvPzqEY6snPj6McsLCCIjNqa-q8PiAjmnjdHlzHV7TPkxQirj-JuJkJ3snqdxYahrBtFnak7gF5LDOJ1gWMq-MGuTuCIlTwCH6KMhJURD_oOPCRg-33_2XjSoAY43qFGGnESLAJAxPwgMNblyxF-r1LMOEgle6I898LBlTnsFjKdFEfnjfOTy5QpiA6Q9wuYEppxAkJzWewJjEqAobUt0cdJbSR_wjHUxkq2OB1wRHzz0qgsQgAv0y96H-UNqNf9iNJmbOKgJqpOok4-ejJkl3lsSiAqx0hxHtdGHHN4DgpBdN3U_1URJ3KO3Ou0_vtqV3Pe_SNvWoj1_mMXLT3TDex8vbI2pRMUM-4sXf_zmzDHEA-5thzR8STb5X4rAvwipgtf7tfOLDfRehjRvnWJ2ChaD4nMVI8DUxNOkp0XX3ToBzFojdJIp9gv5BybGyuZL3OIcG7RuDS76afENMXonoXGp06Y6O292uAXNIAXIkO5yIljH8B2x1nkguNIipKmjAp9JugpgNWvJbMRUUGowpZcjVaCpBJmPZHO0fEXvVvuH2KugjdgwwCS2yyFwQQcppP7AzkcqsENUgKSMxfmg1EfOVIxF4hTXd7W47iTMLunKUaPGSoOVu4ysCAa1Rm4FBVYWGhaCx9jWSW-MyAnlgqlntHo0g8BXnEyLy_lIRBRe13Emnn18F1TJXiN1BX9lFNsUfLzQbmd-eSWExjzE14eyIwFg&cid=CAQSTgAvHhf_KWby_hJve5SFexQS_up9XNzs4ps0eRGvpU93gM3ZQLcrM8wtxV0IHcm2j1uvt6YiAtlwYxcNq8hag2bZfuvFEEalsKjdeen_DxgB&dv3_ver=m202309260101&rfl=https%3A%2F%2Fwinning-wizard.com%2F&ds=l&xdt=1&iif=1&cor=18248576333173610000&adk=1992445683&idt=125&cac=0&dtd=2
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
fe926748a4e96460b79b1cd15ca79d5ed37813de800af9657651ba9d63890e04
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/zrt_lookup_fy2021.html?fsb=1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 30 Dec 2023 15:00:39 GMT
content-encoding
br
x-content-type-options
nosniff
server
cafe
content-type
text/javascript; charset=UTF-8
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
39288
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
62bHydCX.html
tpc.googlesyndication.com/sodar/ Frame 7BB4 		38 KB
13 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/62bHydCX.html
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Q12zgMmT.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
eb66c7c9d097d5ba414230f422484c17fa6f37157d30e1ded2cc5f65a9667987
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language
de-CH,de;q=0.9

Response headers

accept-ranges
bytes
age
364521
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, max-age=31536000
content-encoding
br
content-length
13045
content-type
text/html
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy
cross-origin
date
Tue, 26 Dec 2023 09:45:18 GMT
expires
Wed, 25 Dec 2024 09:45:18 GMT
last-modified
Fri, 25 Aug 2023 23:48:00 GMT
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
8vIf7wUr0m80wwYf0QCXZzYzUoTK8RZQvRd-D1NYbouRQk8z-A.woff2
fonts.gstatic.com/s/redhatdisplay/v19/ Frame 5F0D 		13 KB
13 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/redhatdisplay/v19/8vIf7wUr0m80wwYf0QCXZzYzUoTK8RZQvRd-D1NYbouRQk8z-A.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Red+Hat+Display:700&subset=latin
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
a21826201b72c4b868dd8099cb47bfc9684627ae234bc1cc46da444e5faa9551
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://tpc.googlesyndication.com
accept-language
de-CH,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 25 Dec 2023 22:48:27 GMT
x-content-type-options
nosniff
age
403932
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
13428
x-xss-protection
0
last-modified
Thu, 24 Aug 2023 20:39:50 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Tue, 24 Dec 2024 22:48:27 GMT
NORQAIN_Holiday_Season_Google_Ad_970x250_EN_atlas_1.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/13402203902053885324/images/ Frame 5F0D 		287 KB
287 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/13402203902053885324/images/NORQAIN_Holiday_Season_Google_Ad_970x250_EN_atlas_1.png
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5514539878247004&output=html&h=280&slotname=8337643687&adk=1212762373&adf=854766408&pi=t.ma~as.8337643687&w=950&fwrn=4&fwrnh=100&lmt=1703838992&rafmt=1&format=950x280&url=https%3A%2F%2Fwinning-wizard.com%2F&ea=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1703948437641&bpp=1&bdt=287&idt=253&shv=r20231207&mjsv=m202312070101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=131603339930&frm=20&pv=1&ga_vid=8791465.1703948438&ga_sid=1703948438&ga_hid=680330077&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=325&ady=107&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C31079438%2C31080104%2C95320884&oid=2&pvsid=3836462664446130&tmod=1211932927&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&fsb=1&dtd=256
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
88d8f6792a750ea8e85a104094b8b1acc977a4e8df5af822c1a6fa2cff141a47
Security Headers
Name Value
Content-Security-Policy default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/13402203902053885324/NORQAIN_Holiday_Season_Google_Ad_970x250_EN.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

expires
Tue, 24 Dec 2024 20:18:56 GMT
content-security-policy
default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
date
Mon, 25 Dec 2023 20:18:56 GMT
x-content-type-options
nosniff
age
412903
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
293785
x-xss-protection
0
last-modified
Thu, 16 Nov 2023 13:46:10 GMT
server
sffe
report-to
{"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="content-ads-owners"
allow-fenced-frame-automatic-beacons
true
/
www.googleadservices.com/pagead/ar-adview/ Frame 37B1
Redirect Chain
  • https://googleads.g.doubleclick.net/pagead/adview?ai=CdDQCljCQZZ3TA-r77OsPu4WnyA3M99f6dPDw4cy6EmQQASCIy_VlYPWFgID8A6AB67K59wLIAQmpAgyeJXmM8LM-qAMByANIqgT_AU_QQ-s77NG_93JKvbw5Y7OmJYTxlqa8lvaeUX0aRxq...
  • https://www.googleadservices.com/pagead/ar-adview/?nrh={%22aggregation_keys%22:{%221%22:%220x591100e9f7deea740000000000000000%22,%222%22:%220xec8e16fd24c755f20000000000000000%22,%223%22:%220xa3a0fe...
0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://www.googleadservices.com/pagead/ar-adview/?nrh={%22aggregation_keys%22:{%221%22:%220x591100e9f7deea740000000000000000%22,%222%22:%220xec8e16fd24c755f20000000000000000%22,%223%22:%220xa3a0fe80d3b5a3da0000000000000000%22,%224%22:%220xaf3b848ac44b29880000000000000000%22,%225%22:%220x16f19b50079d74be0000000000000000%22},%22debug_key%22:%2210720482444494169843%22,%22debug_reporting%22:true,%22destination%22:%22https://norqain.com%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%22787372395%22],%2222%22:[%22true%22],%224%22:[%2212-30%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%2217467222973253563953%22}&andc=true
Requested by
Host: winning-wizard.com
URL: https://winning-wizard.com/
Protocol
H3
Server
216.58.212.162 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
ams15s22-in-f162.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 30 Dec 2023 15:00:39 GMT
x-content-type-options
nosniff
attribution-reporting-register-source
{"aggregation_keys":{"1":"0x591100e9f7deea740000000000000000","2":"0xec8e16fd24c755f20000000000000000","3":"0xa3a0fe80d3b5a3da0000000000000000","4":"0xaf3b848ac44b29880000000000000000","5":"0x16f19b50079d74be0000000000000000"},"debug_key":"10720482444494169843","debug_reporting":true,"destination":"https://norqain.com","event_report_window":"259200","expiry":"2592000","filter_data":{"2":["787372395"],"22":["true"],"4":["12-30"],"6":["true"]},"priority":"500","source_event_id":"17467222973253563953"}
server
cafe
content-type
text/css; charset=UTF-8
access-control-allow-origin
https://googleads.g.doubleclick.net
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
private
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Sat, 30 Dec 2023 15:00:39 GMT

Redirect headers

content-security-policy
script-src 'none'; object-src 'none'
date
Sat, 30 Dec 2023 15:00:39 GMT
x-content-type-options
nosniff
server
cafe
content-type
text/html; charset=UTF-8
location
https://www.googleadservices.com/pagead/ar-adview/?nrh={"aggregation_keys":{"1":"0x591100e9f7deea740000000000000000","2":"0xec8e16fd24c755f20000000000000000","3":"0xa3a0fe80d3b5a3da0000000000000000","4":"0xaf3b848ac44b29880000000000000000","5":"0x16f19b50079d74be0000000000000000"},"debug_key":"10720482444494169843","debug_reporting":true,"destination":"https://norqain.com","event_report_window":"259200","expiry":"2592000","filter_data":{"2":["787372395"],"22":["true"],"4":["12-30"],"6":["true"]},"priority":"500","source_event_id":"17467222973253563953"}&andc=true
access-control-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
1_7gewjyGlqcOFIguOJ5AHUn6L-zJDTVPaBHJ2ADYro.js
pagead2.googlesyndication.com/bg/ Frame 690F 		51 KB
19 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/bg/1_7gewjyGlqcOFIguOJ5AHUn6L-zJDTVPaBHJ2ADYro.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5514539878247004&output=html&h=280&slotname=8337643687&adk=1212762373&adf=854766408&pi=t.ma~as.8337643687&w=950&fwrn=4&fwrnh=100&lmt=1703838992&rafmt=1&format=950x280&url=https%3A%2F%2Fwinning-wizard.com%2F&ea=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1703948437641&bpp=1&bdt=287&idt=253&shv=r20231207&mjsv=m202312070101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=131603339930&frm=20&pv=1&ga_vid=8791465.1703948438&ga_sid=1703948438&ga_hid=680330077&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=325&ady=107&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C31079438%2C31080104%2C95320884&oid=2&pvsid=3836462664446130&tmod=1211932927&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&fsb=1&dtd=256
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
d7fee07b08f21a5a9c385220b8e279007527e8bfb32434d53da04727600362ba
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sun, 24 Dec 2023 21:29:51 GMT
content-encoding
br
x-content-type-options
nosniff
age
495048
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
19719
x-xss-protection
0
last-modified
Tue, 28 Nov 2023 18:18:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Mon, 23 Dec 2024 21:29:51 GMT
1_7gewjyGlqcOFIguOJ5AHUn6L-zJDTVPaBHJ2ADYro.js
pagead2.googlesyndication.com/bg/ Frame 5F0D 		51 KB
19 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/bg/1_7gewjyGlqcOFIguOJ5AHUn6L-zJDTVPaBHJ2ADYro.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/pagead/gadgets/html5/addata.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
d7fee07b08f21a5a9c385220b8e279007527e8bfb32434d53da04727600362ba
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sun, 24 Dec 2023 21:29:51 GMT
content-encoding
br
x-content-type-options
nosniff
age
495048
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
19719
x-xss-protection
0
last-modified
Tue, 28 Nov 2023 18:18:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Mon, 23 Dec 2024 21:29:51 GMT
62bHydCX.html
tpc.googlesyndication.com/sodar/ Frame C373 		38 KB
13 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/62bHydCX.html
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Q12zgMmT.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
eb66c7c9d097d5ba414230f422484c17fa6f37157d30e1ded2cc5f65a9667987
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language
de-CH,de;q=0.9

Response headers

accept-ranges
bytes
age
364521
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, max-age=31536000
content-encoding
br
content-length
13045
content-type
text/html
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy
cross-origin
date
Tue, 26 Dec 2023 09:45:18 GMT
expires
Wed, 25 Dec 2024 09:45:18 GMT
last-modified
Fri, 25 Aug 2023 23:48:00 GMT
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
achoice.svg
widgets.outbrain.com/images/widgetIcons/ Frame 2221 		990 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://widgets.outbrain.com/images/widgetIcons/achoice.svg
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/zrt_lookup_fy2021.html?fsb=1
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
184.30.17.67 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a184-30-17-67.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
9ba56f5ffa579747efde1d2a429b325a9fb7220d30f4268e4a44ecbe4a9bf034

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

expires
Mon, 29 Jan 2024 15:00:39 GMT
date
Sat, 30 Dec 2023 15:00:39 GMT
last-modified
Tue, 05 Dec 2023 07:28:21 GMT
server
AkamaiNetStorage
etag
"5ab8e16b5f46213840bcd403e349419c:1701762077.100249"
access-control-allow-methods
GET,POST
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
max-age=2592000
access-control-allow-credentials
false
accept-ranges
bytes
timing-allow-origin
*, *
content-length
990
access-control-request-headers
X-OB-STG,X-OB-PRD
/
b1t-sindc1.zemanta.com/t/imp/impression/WKP5SOUJXKTVNISBB4GRYEOSYHHBJAJ7MCDU2FFX762VVDTCBCOZCAVHDZT3M72SURTXBZWBLBW3JH6CUE6IVO3TBDYUWW2C6L7EN3PECTMV3ZP2RPWIOLJBIHDW3KPE4CWI3DMOHBAN6BAIX56NNXVTSZ6HO... Frame 2221 		26 B
151 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://b1t-sindc1.zemanta.com/t/imp/impression/WKP5SOUJXKTVNISBB4GRYEOSYHHBJAJ7MCDU2FFX762VVDTCBCOZCAVHDZT3M72SURTXBZWBLBW3JH6CUE6IVO3TBDYUWW2C6L7EN3PECTMV3ZP2RPWIOLJBIHDW3KPE4CWI3DMOHBAN6BAIX56NNXVTSZ6HOVWAHYFITV5I5U3JAXEES3NFUPJ6YEQTGKNZORA3G6LOCVFFFQFTKEFH4QVMXT2G5MXC6DMHUO2H5OTGUBJQCOKVZHP7AWAAJ5MDGXRUHVET6LSZ3IKYCJ76C6C5DRCWOCUN2NWN4NC5GBUTP2Z6LJERFBIO2ADTR2IKR4EGDSYYUGPP7YP763CO2C36O6C2WNBWDSAXVMABDOC4SGDQTLVQ/?
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231207/r20110914/zrt_lookup_fy2021.html?fsb=1
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.108.101.160 Jurong Town, Singapore, ASN59253 (LEASEWEB-APAC-SIN-11 Leaseweb Asia Pacific pte. ltd., SG),
Reverse DNS
Software
/
Resource Hash
3b7b8a4b411ddf8db9bacc2f3aabf406f8e4c0c087829b336ca331c40adfdff1

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Sat, 30 Dec 2023 15:00:39 GMT
Connection
keep-alive
Content-Length
26
Content-Type
image/gif
Dtt_-LR3WxpzwV0Gscftq1A_D1owstvxoTnWWhwY4Ow.js
pagead2.googlesyndication.com/bg/ Frame 7BB4 		39 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/bg/Dtt_-LR3WxpzwV0Gscftq1A_D1owstvxoTnWWhwY4Ow.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/62bHydCX.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
0edb7ff8b4775b1a73c15d06b1c7edab503f0f5a30b2dbf1a139d65a1c18e0ec
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 29 Dec 2023 19:27:42 GMT
content-encoding
br
x-content-type-options
nosniff
age
70377
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
15165
x-xss-protection
0
last-modified
Tue, 28 Nov 2023 18:18:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Sat, 28 Dec 2024 19:27:42 GMT
/
www.googleadservices.com/pagead/ar-adview/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://www.googleadservices.com/pagead/ar-adview/?nrh={%22aggregation_keys%22:{%221%22:%220x591100e9f7deea740000000000000000%22,%222%22:%220xec8e16fd24c755f20000000000000000%22,%223%22:%220xa3a0fe80d3b5a3da0000000000000000%22,%224%22:%220xaf3b848ac44b29880000000000000000%22,%225%22:%220x16f19b50079d74be0000000000000000%22},%22debug_key%22:%2210720482444494169843%22,%22debug_reporting%22:true,%22destination%22:%22https://norqain.com%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%22787372395%22],%2222%22:[%22true%22],%224%22:[%2212-30%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%2217467222973253563953%22}&andc=true
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
216.58.212.162 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
ams15s22-in-f162.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept
*/*
Access-Control-Request-Headers
attribution-reporting-eligible
Access-Control-Request-Method
GET
Origin
https://googleads.g.doubleclick.net
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
attribution-reporting-eligible
access-control-allow-methods
POST, GET, OPTIONS
access-control-allow-origin
https://googleads.g.doubleclick.net
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
content-type
text/html; charset=UTF-8
date
Sat, 30 Dec 2023 15:00:39 GMT
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
Dtt_-LR3WxpzwV0Gscftq1A_D1owstvxoTnWWhwY4Ow.js
pagead2.googlesyndication.com/bg/ Frame C373 		39 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/bg/Dtt_-LR3WxpzwV0Gscftq1A_D1owstvxoTnWWhwY4Ow.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/62bHydCX.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
0edb7ff8b4775b1a73c15d06b1c7edab503f0f5a30b2dbf1a139d65a1c18e0ec
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 29 Dec 2023 19:27:42 GMT
content-encoding
br
x-content-type-options
nosniff
age
70377
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
15165
x-xss-protection
0
last-modified
Tue, 28 Nov 2023 18:18:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Sat, 28 Dec 2024 19:27:42 GMT
dt
dt.adsafeprotected.com/ Frame B9B3 		43 B
216 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dt.adsafeprotected.com/dt?advEntityId=1293200&asId=9d336324-3795-3518-8ec5-3c1f383e25f4&tv=%7Bc:yiqDEk,time:223,type:e,env:%7Bgcd2:%7Bappl:0,cnst:na%7D%7D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:0,b11:0,cnod:1,gm:0,slTimes:%7Bi:0,o:223,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:17,wc:0.0.1600.1200,ac:NaN.NaN.336.280,am:i,cc:NaN.NaN.336.280,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B219~0%5D,as:%5B219~336.280%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:tZW203D+11%7C12%7C13%7C1411%7C151*.1293200-68276434%7C1511%7C1611%7C17%7C18%7C19%7C1a%7C1b%7C1c1%7C1d1,idMap:151*,rmeas:1,rend:0,renddet:IMG.us,siq:18%7D&br=c
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5514539878247004&output=html&h=280&slotname=8337643687&adk=3925734055&adf=1310535254&pi=t.ma~as.8337643687&w=625&fwrn=4&fwrnh=100&lmt=1703838992&rafmt=1&format=625x280&url=https%3A%2F%2Fwinning-wizard.com%2F&ea=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1703948437642&bpp=1&bdt=288&idt=256&shv=r20231207&mjsv=m202312070101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C950x280&nras=1&correlator=131603339930&frm=20&pv=1&ga_vid=8791465.1703948438&ga_sid=1703948438&ga_hid=680330077&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=325&ady=982&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C31079438%2C31080104%2C95320884&oid=2&pvsid=3836462664446130&tmod=1211932927&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&fsb=1&dtd=258
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:1f18:1aca:4282:3137:249d:649b:b354 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
nginx /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 30 Dec 2023 15:00:39 GMT
server
nginx
x-server-name
dt23.va.303net.net
p3p
CP="COM NAV INT STA NID OUR IND NOI"
content-type
image/gif
cache-control
no-cache
content-length
43
express_html_inpage_rendering_lib_200_278.js
s0.2mdn.net/879366/ Frame B9B3 		111 KB
39 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_278.js
Requested by
Host: winning-wizard.com
URL: https://winning-wizard.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:830::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
1642dd5dc126df4feff2255cba0988528507973d842d0a73331a5873f6b9d4e5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://googleads.g.doubleclick.net/
Origin
https://googleads.g.doubleclick.net
accept-language
de-CH,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 30 Dec 2023 07:16:09 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
27870
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
39806
x-xss-protection
0
last-modified
Tue, 14 Mar 2023 18:44:05 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=86400
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Sun, 31 Dec 2023 07:16:09 GMT
omrhp.js
pagead2.googlesyndication.com/pagead/js/r20231207/r20110914/elements/html/ Frame B9B3 		11 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/js/r20231207/r20110914/elements/html/omrhp.js
Requested by
Host: fw.adsafeprotected.com
URL: https://fw.adsafeprotected.com/rfw/bgd/1293200/68276434/xbbe/creative/adj?p=APEucNWjb7k4z6ksbwr_EymUgrle98HQs0X3QvM75jUQP4EoJvSFYek&d=CokBAKAmf-ACY51Mbu46b5NBeb-3r6LuBjGvbdlXZcUa6K-f_eZZyc3hF8sBDVRlE1s4VQT4-OHaiCOVHIvu5-YuWKROcrwtDoo0qsMoc_2mGxYNaFd2KCJ8NZyoQC1oH2xuuGixArLh5haL1kcqobiYF6g5niVrVF5Ohzs1KYETo7J7Z1Cd-G_be-wSuRcAoCZ_4OWYsr6vc4NSe1ykZfcriAmSQ_S2vk65uMeLo0CVWol9fyNv3QbZjJKPDP9-BQL5Zgzy4cF3lrjoPn7sR_HGlIrNOFDTyE2gpV1Mck-Llv3ZtYhpmTFT2NiBo8KpXTRdDP_rlV_M5_xtCQpoac7d22XgJv_ZSw6FfB1mIpjUk_wnZbW6AijWZNjyEuisrUHG6C1i9GKeXeD-obm2h5jrubqZI9h6lndhK-eHmOpLs_WUtQAjnTh5nTC0GY_84e37-i1vqQVu6BUxcaLECq4WTdx0CJEYpNZLLcrxaUqkqwsAyWxuCawn_TXit-0UyRx8kabBtiFu--uT8RqyBLi1xytXTef34ImVY4iHiaydFyve_POy5fACeAkHjtLK_elvamzuLKK4f0HG_hkYqKTajRC23nDqueDQELW-D92bdjBCTKqagJVP5QkslcW2DwiHPMCKCsqMqV0saqQcU7D3z7H9EeGatuF41pZ5_Oo2PbYAoVNA0mz6tIxqfhZw2jrkkAfNj2NcKoWWr8pWVfnR8JrQ2fMHqiWpoDmWApf3_W3Z7QaoXT0b_G3S9ieMi8kj_5__S02_3geuvDKwL-etDNiQGZLbVefW_TTw3dOPWhnfadKuU02EuuuABbtkcEmxRHptXfyD5qg1xmj_9SVe65AFLuLFRSnzjHeH1LhfbPSA_mSUNVVuEnR08CckbV-DpTyhPNp0_tn7pNaYJXM8OUZ5p73A2x-0E5C_XRPgaWEx5kbjB4tRMsn2mdqwbp7_Vj8r0t7CvdQDQvRWNRBYGyijNua3ooqF3wE0VHwl2hRCGchClwQZ3BZdMyPjh6UXZtx7kJ5DV5tSwX-6QHNvO7S5j68M3PsqwxD_DYHtcVI64VV1Du9I7F_LwEQoSknY-k9io_pLRedlEF6gvvI5R4VRjHcUdsJb0qXooBiUKpvDF34q7aLzZVUgoyJDgonVW3w_VPgAGr4Mn3Ol6S3_vNUikbrulDCKDV1pA2BRFNoeTmOBDsMgXV_KqN2p7QfU3o9BYXoPrdARZoLAadKHk8PbC11EzjPy8jajabozWLdeh55kSczLjdR73p7tALEf7Sk4-2bRC7KUIl5tD25qDye2kfpBtJe3KEZVwWGftWNnVPzT3RMz7HL-vyWewq0QADu85zumcTIkDwxyh96BvL_iMlKb4wC8PSTrj-L3xpsgSTDDOpHYsx1u1uz5KVOUOm6aVLERRipYUYcRBw80KHOHkNiSoUTwCb5TVfcXu29nvL5W5Z_vSlqaLWktX7S9zY96QancvsRSzeJgWjUpModyXjZObNmCIBE6bteDcisA-6lS3oJLchUBqatzo4VbECYK4cQ1yi1iBHdE5YDle6gl28bgURvfF5ZFqnwdeDaBnXyJW8U91q4YU7jdIgaCkDN8BQL-sz5aEEi6IoBhEa-RpKrf5j3ODF6pYUPvqMeu8MuDEtGNck5CfQbSHQi97x4203TdFh1aS7Hn0wZuVCQ7ptqid5cICXUrWYh5GsixCV2_A3MVR3l93y3UKcCh1jHMNhTw2nTBfUH6Ql4N69bqMhZ8szQuSCs2bztl-IgtPc53kP0wPhvk4kWbPLSpPF3eH7y0PObojAWq7nclCJ3IGhjVktep0cS4pNvvbv591By0I4VVYrLIOnLCxPgh21aBehiZrAKzele63dLU237PC-3jOlNx6XvTjJSXXpG3Wc67kaRd-aSlpOrZhBFzSc4Cy4P3t2FvIOViP4AxnN8q530930IeiJZnVjgrGC3U63XeREerJzu_Tzw3KGxH88z208Wy_h7coXTB-jNqVRxF6_TenrfJdnQxWuTLPbPjx5PqZ9bt-NC9xbo2-ejvCLY62Fbcf78dg_pCuEgu6YNBO0_2URhHbz4F3jaxZhoAjYyJFJER7T_JD2TIPBR4WIlg6bPXe25ttCIiTR0VvWjDcf25xipEGrV8oeIKG1Hts3pgtlxzy8m8GIGPOAgKycCZZybWRh4GUAF6H7gAj09b3hxOuCfN-MhONaztvIpqsqjkFzRbj9MWqDLhoDuCC2hs1R8bjdQSts1ppBdJe98uEOh-Kwipof5abGpkBOdwCH78uvyrda1fKM7GVGTQ3qU34QFZgdDgqtOLrcuTjr8IWZxOOJ6PT0bAazT5yCiqyWyvnIdaLrl38MPe9xIu1rVglAM8uFDRdCNGh_qJpVyOJpl-gde3wIsngK5AwzF-vdjfdm2FUhp_cBfZjZoY8u2sosw2zH3bInLor7cX-j5cMfDH9OWgsfhzanL2tRfzj_rPHaEVIkYMWk8kCtq93No8PDtkT7D9bngJ__RVcXzilgkIMzUgkS3KVQdB6g_G8lNvjpw77ZY9pRe3Nmg31QbGSJ39939bjUhW6B-ncp0Ax5VTWq2h97yidaYunG-dksC5kaYR8e1VTDqaox_lajGAebmZyP5NEWwl41HzLf35wtwAI8hIgJM01qHaHEhWMts_0-RN7Rn476fkMk2xviGkO_Kkwv3ekJ3qQllqoDlxf_2Tm80I_N5fWhmcJWAancZutwMhRXqPgtZDClzdV11eeOTU73PN8pNwMZzNAYzhBlVmnW6qNdqH7qJKMpYM0TqCs6LEtPXSVAY1zL6MmtA3lZkcIgIhI8P2qkp2aq72oW0gcb73Osfta1gIbjg7bf4LZBaSWw4ZNg5rFD4caRFi7uxg0EWjjVWfSiCnLE0ays4AA2EhtHJLkyw8GFL4-wB8QKegHpoZeUZTz6yzfHPeo8ci6YbA14uhyn6_D8x-nG5piAO2X-6Kh8atF3x5Uvo6f-Q2N70go-IZIcVazCItXAhHeVTyDKHvbxAZ-nL-xV4e-OUaXvJleL4KENejq9JhWUpB8rQwDb-GWN8GwiBatAwbnIOT18qhyybJLWH9NM3fqhH8JbB3mwbFyEFeO94zk3Vvhi3df3MHfhOdsa7E5mZHNGTIWf8rkyZMOb97mKcq-M5Z8ZDRbVRc5k-4b37YnuJQmgOxh1ATl3Dk7Zz_oUSTAYayB_x2swYq7edHglEcyNj4Pjus2mer5pk1ruzkRETOr2jRtyXHPcxlr3z7J7FhGAr7G_p4U2ARyK4hJgD5kHgHYfRS-uPheBpaD2A8hK8FKZh9ey4l7XBqxRqiAuDAr8p8kJCQ4u0d6iLQJTb_zpkq4TX7RsDmWBC0_zFgQpEYCSUDdq5DFu1TZDPNSlutH1Mqn8eE0SLi5c0I47m1WAz58srga8YHV9qjQW5rnp-12tsVFpMzRz14DtezDhDQAcV7OS4FfltEe1BhcUd9EdDKgHVHrnId1I7RDI05gG4UNmJfsp-83xOe8e0QQMvwVZBMdQNpHGZw94H28IQre47BZay1RmRBu5bfSrWptuBIE-Mu6XdNha1lb3-1nmUyhxBHL3mDTaq29tipC7r7OYDNkGufeG9opWHCg-6FozHuzIzk6gukjdPZU2VKxE8-lmGa_U5jFRaUcHAXh8o0FUq7ObBuBF-FFSYEfae-DJ4aIpiHjbG0hzIzC41u3520Sx7It15ZZBDWhPVNcu-hNV6MeYScdXkvs82UsOJqV0gtr6yj_GskWitxReJkeT4B128GJZIrGtoXBv3kcGU8xTMGlHTO-PtBS8XnV20mtPsFCwAG0ccLNM0SEZbRkJnh1KOh2LMnYkL1iEomvTOUZP3gyx0ZNbHcLnhkTiKu15sW31po7RS6dLarzv9_RIFPVfb6fh1R9OYeVOUdwy0ksxVek_aLVZUr_JSYoy9Ww2C5BxqE9NvtPRBVP_QLfSReU_dcON7ys6wex6FluE_g-TvVXd328pBd3O8YqlqTDex8zm68vBXkvYTb85_wyLnvfphLj6PSxnHqxsYU-8Fo23M1di4gvZcZDs7QVCONxAS_Hc-vvrXigcEgc1y1Fj92ORCiVGq8lhxYfTdZNiIbgJOZPHCAsrwTKRuSu-D5u9WI3kW6W3CoA4LEKuvjQCn7VMvtS9QQ6NpDuocSX-L8GlQIBBJOAC8eF__R6z350mtWU7bxVE-dCiKyamors4v_2d55sscYKfnriiCrkn2lVD18Ba2V_-NHSyHnG3euLB9-li74AUJs190cej2GTX7mqxnsGAFgAQ&cry=1&bundleId=&ias_dspID=3&ias_campId=1010057126&ias_pubId=pub-5514539878247004&ias_chanId=1&ias_placementId=19343253581&bidurl=https://winning-wizard.com/&ias_dealId=&adsafe_par&ias_impId=v4~~ABAjH0iZ-WHXd5qJyEoiVKlOQcbQ&adsafe_url=https%3A%2F%2Fwinning-wizard.com&adsafe_type=g&adsafe_url=https%3A%2F%2Fwinning-wizard.com%2F&adsafe_type=c&adsafe_url=https%3A%2F%2Fgoogleads.g.doubleclick.net%2F&adsafe_type=f&adsafe_url=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fads%3Fclient%3Dca-pub-5514539878247004%26output%3Dhtml%26h%3D280%26slotname%3D8337643687%26adk%3D3925734055%26adf%3D1310535254%26pi%3Dt.ma~as.8337643687%26w%3D625%26fwrn%3D4%26fwrnh%3D100%26lmt%3D1703838992%26rafmt%3D1%26format%3D625x280%26url%3Dhttps%253A%252F%252Fwinning-wizard.com%252F%26ea%3D0%26fwr%3D0%26fwrattr%3Dtrue%26rpe%3D1%26resp_fmts%3D3%26wgl%3D1%26uach%3DWyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.%26dt%3D1703948437642%26bpp%3D1%26bdt%3D288%26idt%3D256%26shv%3Dr20231207%26mjsv%3Dm202312070101%26ptt%3D9%26saldr%3Daa%26abxe%3D1%26prev_fmts%3D0x0%252C950x280%26nras%3D1%26correlator%3D131603339930%26frm%3D20%26pv%3D1%26ga_vid%3D8791465.1703948438%26ga_sid%3D1703948438%26ga_hid%3D680330077%26ga_fc%3D0%26u_tz%3D60%26u_his%3D2%26u_h%3D1200%26u_w%3D1600%26u_ah%3D1200%26u_aw%3D1600%26u_cd%3D24%26u_sd%3D1%26dmc%3D8%26adx%3D325%26ady%3D982%26biw%3D1600%26bih%3D1200%26scr_x%3D0%26scr_y%3D0%26eid%3D44759876%252C44759927%252C31079438%252C31080104%252C95320884%26oid%3D2%26pvsid%3D3836462664446130%26tmod%3D1211932927%26uas%3D0%26nvt%3D1%26fc%3D1920%26brdim%3D0%252C0%252C0%252C0%252C1600%252C0%252C1600%252C1200%252C1600%252C1200%26vis%3D1%26rsz%3D%257C%257CeE%257C%26abl%3DCS%26pfx%3D0%26fu%3D128%26bc%3D31%26psd%3DW251bGwsbnVsbCxudWxsLDNd%26ifi%3D3%26uci%3Da!3%26fsb%3D1%26dtd%3D258&adsafe_type=bed&adsafe_jsinfo=,id:9d336324-3795-3518-8ec5-3c1f383e25f4,c:yiqDB1,sl:outOfView,em:true,fr:false,thd:1,mn:jsserver-primary-765c58974b-5bxg4,rg:ie,pt:1-5-15,wc:0.0.1600.1200,ac:NaN.NaN.336.280,am:i,cc:NaN.NaN.336.280,piv:0,obst:0,th:0,reas:r,mu:10000,br:c,bru:c,an:n,oam:0,scm:carre1,mtim:2,mot:0,app:0,maw:0,fm:tZW203D+11%7C12%7C13%7C1411%7C151*.1293200-68276434%7C1511%7C1611%7C17%7C18%7C19%7C1a%7C1b%7C1c1%7C1d1,idMap:151*,ex:e2,pl:CV8L.VEBo.0YtC,rmeas:1,rend:0,renddet:IMG.us,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:0,b11:0,cnod:1,gm:0,tt:rjss,et:18,oid:3185fdeb-a724-11ee-9100-32a296c953ca,v:19.8.466,sp:0,st:0,fwm:0,wr:1600.1200,sr:1600.1200,ov:0
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
712bf11a3755c81fa1ce57249e7a61f6845b843b84aea09889a11478515234ca
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 29 Dec 2023 21:44:08 GMT
content-encoding
br
x-content-type-options
nosniff
age
62191
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
4206
x-xss-protection
0
server
cafe
etag
14415875674906819925
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Fri, 12 Jan 2024 21:44:08 GMT
abg_lite.js
pagead2.googlesyndication.com/pagead/js/r20231207/r20110914/ Frame B9B3 		31 KB
12 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/js/r20231207/r20110914/abg_lite.js
Requested by
Host: fw.adsafeprotected.com
URL: https://fw.adsafeprotected.com/rfw/bgd/1293200/68276434/xbbe/creative/adj?p=APEucNWjb7k4z6ksbwr_EymUgrle98HQs0X3QvM75jUQP4EoJvSFYek&d=CokBAKAmf-ACY51Mbu46b5NBeb-3r6LuBjGvbdlXZcUa6K-f_eZZyc3hF8sBDVRlE1s4VQT4-OHaiCOVHIvu5-YuWKROcrwtDoo0qsMoc_2mGxYNaFd2KCJ8NZyoQC1oH2xuuGixArLh5haL1kcqobiYF6g5niVrVF5Ohzs1KYETo7J7Z1Cd-G_be-wSuRcAoCZ_4OWYsr6vc4NSe1ykZfcriAmSQ_S2vk65uMeLo0CVWol9fyNv3QbZjJKPDP9-BQL5Zgzy4cF3lrjoPn7sR_HGlIrNOFDTyE2gpV1Mck-Llv3ZtYhpmTFT2NiBo8KpXTRdDP_rlV_M5_xtCQpoac7d22XgJv_ZSw6FfB1mIpjUk_wnZbW6AijWZNjyEuisrUHG6C1i9GKeXeD-obm2h5jrubqZI9h6lndhK-eHmOpLs_WUtQAjnTh5nTC0GY_84e37-i1vqQVu6BUxcaLECq4WTdx0CJEYpNZLLcrxaUqkqwsAyWxuCawn_TXit-0UyRx8kabBtiFu--uT8RqyBLi1xytXTef34ImVY4iHiaydFyve_POy5fACeAkHjtLK_elvamzuLKK4f0HG_hkYqKTajRC23nDqueDQELW-D92bdjBCTKqagJVP5QkslcW2DwiHPMCKCsqMqV0saqQcU7D3z7H9EeGatuF41pZ5_Oo2PbYAoVNA0mz6tIxqfhZw2jrkkAfNj2NcKoWWr8pWVfnR8JrQ2fMHqiWpoDmWApf3_W3Z7QaoXT0b_G3S9ieMi8kj_5__S02_3geuvDKwL-etDNiQGZLbVefW_TTw3dOPWhnfadKuU02EuuuABbtkcEmxRHptXfyD5qg1xmj_9SVe65AFLuLFRSnzjHeH1LhfbPSA_mSUNVVuEnR08CckbV-DpTyhPNp0_tn7pNaYJXM8OUZ5p73A2x-0E5C_XRPgaWEx5kbjB4tRMsn2mdqwbp7_Vj8r0t7CvdQDQvRWNRBYGyijNua3ooqF3wE0VHwl2hRCGchClwQZ3BZdMyPjh6UXZtx7kJ5DV5tSwX-6QHNvO7S5j68M3PsqwxD_DYHtcVI64VV1Du9I7F_LwEQoSknY-k9io_pLRedlEF6gvvI5R4VRjHcUdsJb0qXooBiUKpvDF34q7aLzZVUgoyJDgonVW3w_VPgAGr4Mn3Ol6S3_vNUikbrulDCKDV1pA2BRFNoeTmOBDsMgXV_KqN2p7QfU3o9BYXoPrdARZoLAadKHk8PbC11EzjPy8jajabozWLdeh55kSczLjdR73p7tALEf7Sk4-2bRC7KUIl5tD25qDye2kfpBtJe3KEZVwWGftWNnVPzT3RMz7HL-vyWewq0QADu85zumcTIkDwxyh96BvL_iMlKb4wC8PSTrj-L3xpsgSTDDOpHYsx1u1uz5KVOUOm6aVLERRipYUYcRBw80KHOHkNiSoUTwCb5TVfcXu29nvL5W5Z_vSlqaLWktX7S9zY96QancvsRSzeJgWjUpModyXjZObNmCIBE6bteDcisA-6lS3oJLchUBqatzo4VbECYK4cQ1yi1iBHdE5YDle6gl28bgURvfF5ZFqnwdeDaBnXyJW8U91q4YU7jdIgaCkDN8BQL-sz5aEEi6IoBhEa-RpKrf5j3ODF6pYUPvqMeu8MuDEtGNck5CfQbSHQi97x4203TdFh1aS7Hn0wZuVCQ7ptqid5cICXUrWYh5GsixCV2_A3MVR3l93y3UKcCh1jHMNhTw2nTBfUH6Ql4N69bqMhZ8szQuSCs2bztl-IgtPc53kP0wPhvk4kWbPLSpPF3eH7y0PObojAWq7nclCJ3IGhjVktep0cS4pNvvbv591By0I4VVYrLIOnLCxPgh21aBehiZrAKzele63dLU237PC-3jOlNx6XvTjJSXXpG3Wc67kaRd-aSlpOrZhBFzSc4Cy4P3t2FvIOViP4AxnN8q530930IeiJZnVjgrGC3U63XeREerJzu_Tzw3KGxH88z208Wy_h7coXTB-jNqVRxF6_TenrfJdnQxWuTLPbPjx5PqZ9bt-NC9xbo2-ejvCLY62Fbcf78dg_pCuEgu6YNBO0_2URhHbz4F3jaxZhoAjYyJFJER7T_JD2TIPBR4WIlg6bPXe25ttCIiTR0VvWjDcf25xipEGrV8oeIKG1Hts3pgtlxzy8m8GIGPOAgKycCZZybWRh4GUAF6H7gAj09b3hxOuCfN-MhONaztvIpqsqjkFzRbj9MWqDLhoDuCC2hs1R8bjdQSts1ppBdJe98uEOh-Kwipof5abGpkBOdwCH78uvyrda1fKM7GVGTQ3qU34QFZgdDgqtOLrcuTjr8IWZxOOJ6PT0bAazT5yCiqyWyvnIdaLrl38MPe9xIu1rVglAM8uFDRdCNGh_qJpVyOJpl-gde3wIsngK5AwzF-vdjfdm2FUhp_cBfZjZoY8u2sosw2zH3bInLor7cX-j5cMfDH9OWgsfhzanL2tRfzj_rPHaEVIkYMWk8kCtq93No8PDtkT7D9bngJ__RVcXzilgkIMzUgkS3KVQdB6g_G8lNvjpw77ZY9pRe3Nmg31QbGSJ39939bjUhW6B-ncp0Ax5VTWq2h97yidaYunG-dksC5kaYR8e1VTDqaox_lajGAebmZyP5NEWwl41HzLf35wtwAI8hIgJM01qHaHEhWMts_0-RN7Rn476fkMk2xviGkO_Kkwv3ekJ3qQllqoDlxf_2Tm80I_N5fWhmcJWAancZutwMhRXqPgtZDClzdV11eeOTU73PN8pNwMZzNAYzhBlVmnW6qNdqH7qJKMpYM0TqCs6LEtPXSVAY1zL6MmtA3lZkcIgIhI8P2qkp2aq72oW0gcb73Osfta1gIbjg7bf4LZBaSWw4ZNg5rFD4caRFi7uxg0EWjjVWfSiCnLE0ays4AA2EhtHJLkyw8GFL4-wB8QKegHpoZeUZTz6yzfHPeo8ci6YbA14uhyn6_D8x-nG5piAO2X-6Kh8atF3x5Uvo6f-Q2N70go-IZIcVazCItXAhHeVTyDKHvbxAZ-nL-xV4e-OUaXvJleL4KENejq9JhWUpB8rQwDb-GWN8GwiBatAwbnIOT18qhyybJLWH9NM3fqhH8JbB3mwbFyEFeO94zk3Vvhi3df3MHfhOdsa7E5mZHNGTIWf8rkyZMOb97mKcq-M5Z8ZDRbVRc5k-4b37YnuJQmgOxh1ATl3Dk7Zz_oUSTAYayB_x2swYq7edHglEcyNj4Pjus2mer5pk1ruzkRETOr2jRtyXHPcxlr3z7J7FhGAr7G_p4U2ARyK4hJgD5kHgHYfRS-uPheBpaD2A8hK8FKZh9ey4l7XBqxRqiAuDAr8p8kJCQ4u0d6iLQJTb_zpkq4TX7RsDmWBC0_zFgQpEYCSUDdq5DFu1TZDPNSlutH1Mqn8eE0SLi5c0I47m1WAz58srga8YHV9qjQW5rnp-12tsVFpMzRz14DtezDhDQAcV7OS4FfltEe1BhcUd9EdDKgHVHrnId1I7RDI05gG4UNmJfsp-83xOe8e0QQMvwVZBMdQNpHGZw94H28IQre47BZay1RmRBu5bfSrWptuBIE-Mu6XdNha1lb3-1nmUyhxBHL3mDTaq29tipC7r7OYDNkGufeG9opWHCg-6FozHuzIzk6gukjdPZU2VKxE8-lmGa_U5jFRaUcHAXh8o0FUq7ObBuBF-FFSYEfae-DJ4aIpiHjbG0hzIzC41u3520Sx7It15ZZBDWhPVNcu-hNV6MeYScdXkvs82UsOJqV0gtr6yj_GskWitxReJkeT4B128GJZIrGtoXBv3kcGU8xTMGlHTO-PtBS8XnV20mtPsFCwAG0ccLNM0SEZbRkJnh1KOh2LMnYkL1iEomvTOUZP3gyx0ZNbHcLnhkTiKu15sW31po7RS6dLarzv9_RIFPVfb6fh1R9OYeVOUdwy0ksxVek_aLVZUr_JSYoy9Ww2C5BxqE9NvtPRBVP_QLfSReU_dcON7ys6wex6FluE_g-TvVXd328pBd3O8YqlqTDex8zm68vBXkvYTb85_wyLnvfphLj6PSxnHqxsYU-8Fo23M1di4gvZcZDs7QVCONxAS_Hc-vvrXigcEgc1y1Fj92ORCiVGq8lhxYfTdZNiIbgJOZPHCAsrwTKRuSu-D5u9WI3kW6W3CoA4LEKuvjQCn7VMvtS9QQ6NpDuocSX-L8GlQIBBJOAC8eF__R6z350mtWU7bxVE-dCiKyamors4v_2d55sscYKfnriiCrkn2lVD18Ba2V_-NHSyHnG3euLB9-li74AUJs190cej2GTX7mqxnsGAFgAQ&cry=1&bundleId=&ias_dspID=3&ias_campId=1010057126&ias_pubId=pub-5514539878247004&ias_chanId=1&ias_placementId=19343253581&bidurl=https://winning-wizard.com/&ias_dealId=&adsafe_par&ias_impId=v4~~ABAjH0iZ-WHXd5qJyEoiVKlOQcbQ&adsafe_url=https%3A%2F%2Fwinning-wizard.com&adsafe_type=g&adsafe_url=https%3A%2F%2Fwinning-wizard.com%2F&adsafe_type=c&adsafe_url=https%3A%2F%2Fgoogleads.g.doubleclick.net%2F&adsafe_type=f&adsafe_url=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fads%3Fclient%3Dca-pub-5514539878247004%26output%3Dhtml%26h%3D280%26slotname%3D8337643687%26adk%3D3925734055%26adf%3D1310535254%26pi%3Dt.ma~as.8337643687%26w%3D625%26fwrn%3D4%26fwrnh%3D100%26lmt%3D1703838992%26rafmt%3D1%26format%3D625x280%26url%3Dhttps%253A%252F%252Fwinning-wizard.com%252F%26ea%3D0%26fwr%3D0%26fwrattr%3Dtrue%26rpe%3D1%26resp_fmts%3D3%26wgl%3D1%26uach%3DWyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.%26dt%3D1703948437642%26bpp%3D1%26bdt%3D288%26idt%3D256%26shv%3Dr20231207%26mjsv%3Dm202312070101%26ptt%3D9%26saldr%3Daa%26abxe%3D1%26prev_fmts%3D0x0%252C950x280%26nras%3D1%26correlator%3D131603339930%26frm%3D20%26pv%3D1%26ga_vid%3D8791465.1703948438%26ga_sid%3D1703948438%26ga_hid%3D680330077%26ga_fc%3D0%26u_tz%3D60%26u_his%3D2%26u_h%3D1200%26u_w%3D1600%26u_ah%3D1200%26u_aw%3D1600%26u_cd%3D24%26u_sd%3D1%26dmc%3D8%26adx%3D325%26ady%3D982%26biw%3D1600%26bih%3D1200%26scr_x%3D0%26scr_y%3D0%26eid%3D44759876%252C44759927%252C31079438%252C31080104%252C95320884%26oid%3D2%26pvsid%3D3836462664446130%26tmod%3D1211932927%26uas%3D0%26nvt%3D1%26fc%3D1920%26brdim%3D0%252C0%252C0%252C0%252C1600%252C0%252C1600%252C1200%252C1600%252C1200%26vis%3D1%26rsz%3D%257C%257CeE%257C%26abl%3DCS%26pfx%3D0%26fu%3D128%26bc%3D31%26psd%3DW251bGwsbnVsbCxudWxsLDNd%26ifi%3D3%26uci%3Da!3%26fsb%3D1%26dtd%3D258&adsafe_type=bed&adsafe_jsinfo=,id:9d336324-3795-3518-8ec5-3c1f383e25f4,c:yiqDB1,sl:outOfView,em:true,fr:false,thd:1,mn:jsserver-primary-765c58974b-5bxg4,rg:ie,pt:1-5-15,wc:0.0.1600.1200,ac:NaN.NaN.336.280,am:i,cc:NaN.NaN.336.280,piv:0,obst:0,th:0,reas:r,mu:10000,br:c,bru:c,an:n,oam:0,scm:carre1,mtim:2,mot:0,app:0,maw:0,fm:tZW203D+11%7C12%7C13%7C1411%7C151*.1293200-68276434%7C1511%7C1611%7C17%7C18%7C19%7C1a%7C1b%7C1c1%7C1d1,idMap:151*,ex:e2,pl:CV8L.VEBo.0YtC,rmeas:1,rend:0,renddet:IMG.us,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:0,b11:0,cnod:1,gm:0,tt:rjss,et:18,oid:3185fdeb-a724-11ee-9100-32a296c953ca,v:19.8.466,sp:0,st:0,fwm:0,wr:1600.1200,sr:1600.1200,ov:0
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
565592ede82822decb298ebd1e6f56e9c6a680b1a79cd4208513a834295e4c43
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 30 Dec 2023 01:43:50 GMT
content-encoding
br
x-content-type-options
nosniff
age
47809
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
11872
x-xss-protection
0
server
cafe
etag
16225921609732785849
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Sat, 13 Jan 2024 01:43:50 GMT
truncated
/ Frame B9B3 		213 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
14dfa6d6aa94460826b695c54c1c1683110beee606b061278172e2d4c7574af1

Request headers

accept-language
de-CH,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type
image/png
/
track.adform.net/adfserve/ Frame 9DBA 		9 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://track.adform.net/adfserve/?CC=1&bn=70207642;gdpr=;gdpr_consent=;click=https://googleads.g.doubleclick.net/dbm/clk?sa=L&ai=C2hbkljCQZeH9BJrM7OsP-7em-Aa21oi7dPnW3e2_EvfSor3AARABIIjL9WVg9YWAgPwDyAEJqQIMniV5jPCzPqgDAcgDmwSqBKMCT9AjWEMNZVDFJirdhvE512aQo83TFNtqJxPdDlo4n7sBoa_CELdd1Z1aw6ksRFiuPoe_3VaLV4IClyLukOCdWc0HiCJNY1wuVflmfR6tDLLtfYLXzpCB-xyuMp0PePPkvYdM9m5MpqrNSAiCm0qxvMgsBOQuXmvoAZ-sYVCWS5bUc5RpQ1kr7lP_bNHQS9rYFitUdNojqqGKDHtUF5Xr7Q7dmWkqvqnz6SEhtkkrezeM3_clLIZT9fwXx9O4NsJNo0KA5eXpYycGrB3vDkDucUln2qKW8BoJ4OxPoGsWQgrMf4SV9BiDpoUtDqPMIDyP-Dh-reOc1ueT6xGStNA3JPlEVk-OKXW0zny8ZycI2xFOpVPowGKq9_72BFd4-djiuf02wASZ-eK4wgTgBAOIBdm28LhNkAYBoAZNgAeNgO9BqAfZtrECqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIHwiAYRABGB8yAooCOgSAQIBASL39wTpY767vyra3gwOACgGYCwHICwGADAGiDBAqDgoM5LSxAu61sQK1uLECqg0CQ0iwE5ntjRbIE4zJ-OMD2BMK2BQB0BUB-BYBgBcB6BcF&ae=1&num=1&cid=CAQSTgAvHhf_KX8M4q8RcZSge-n7HuKw9WxtyKduCWxfIN2rOJDW4sW2niQpWTh1XtlX0WI-VPErNvJ3liRZu-ml-QFnWRL6lsaoWLW1crSMbxgB&sig=AOD64_1Ah4Aq_brEldjf6Dcu8MiOz2KVvw&client=ca-pub-5514539878247004&dbm_c=AKAmf-C744wQ6TfEbM97bBiOo9OjLVn0H40IGKAAPEnRr0fw2cihFP4tR08LinsGJfgLyOX8cMjWKLdUTW5Gb4PqozxujcxWgs0aVaaAoa2T3KAcMriQwN0OLqmb8Z4-2hhb1iG9VituM4UaefSy--iVqf9E0gt7edaujgy6x-dnyxUeVz2kHDw&cry=1&dbm_d=AKAmf-Ct7dRR0nJDL1ucBICXUN30yNPQL4Ngo8TihdPj34LuZTZNxEmtWB0ltm03ZsSBezq0lAlKB7zJivYoTuFFWBwiHuPvtc0yDYbCVXAJlYWi83SMYteLt-ULDHo9POJ8UvjBOM5qoIjwi33omemTKjqmzv8ZjufYL6jamC6Ep7Ck-ZCwXt9XFRYBna5qfaHS1fXkL6ZmjOrqpTPztocDHKKyzZ60WAqjcfZd-DHE9UA7k4vCSqeUZdAIfuKZj62g9RU-DHnjTAvISMm4EeHtAZeczOTjlVmqNYkFhVG4B0EzogObRRqgkylwO-sdAUVE6z4VxhbK5jq1ugl3Ozd41RXF9NJeh698UQIScmGu2PcoNBKc834hjk2EthMrE5M1G3eCgn_9pjEKM97DwPWMdDGgiWtRpUtgSXCyCM7k9SUZYTU76qJpjLW3-5bEDorZjBp7GMHdB_NFLw4Pr4Ee8g3NFov9Tan5OQuKb5Rx4ocER5lgTGtmXh4-vK3TWnoLkJywEkL2dCW2DVHNP1Jlglg6RdFcsFTH8yW1I0LUd0oIhHSG_hc&adurl=;js=1;adfxid=1x;2857;set=en-US|en-US|1600X1200|0|150|600|24|8|3|7|1|;cmpgdpr=;cmpgdprconsent=;cmpgpp=;cmpgpp_sid=;fd=0|0&CREFURL=https%3A%2F%2Fwinning-wizard.com
Requested by
Host: s1.adform.net
URL: https://s1.adform.net/stoat/630/s1.adform.net/bootstrap.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.157.6.237 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software
nginx /
Resource Hash
cfd40dfc94b05e09a77284fd05c9b4f45ffae3966bed1235e76a2abc926d25cd
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 30 Dec 2023 15:00:39 GMT
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubDomains
server
nginx
accept-ch
Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
vary
Accept-Encoding
content-type
text/javascript; charset=utf-8
access-control-allow-origin
*
p3p
CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
cache-control
no-cache, no-store, must-revalidate, no-transform
content-length
3913
expires
-1
gen_204
pagead2.googlesyndication.com/pagead/ Frame 7BB4 		0
20 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=44&t=2&bgai=BI6WkljCQZbqAL8mV7_UPrMWJ-AYAAAAAOAHgBAI&bg=!UVKlUh3NAAY3kmNgF5I7ADQBe5WfOLkUNocmWantEKhM9c07HexkBne8TDRW-TZQHa_1TTJKFTvzXVs2pU90ZAMPmzb3AgAAAF5SAAAAAWgBB5kDDGqWUi6M-nmQ1rBYsHdED9L9RBt9Uv0LvfRR4z1V4dACDWmNh96DfSZFnpPU0xEAtWcAHwoYZHgmpr9Qb-kd3-BYIdtp3qdqy6glaPG3GHGBIz_sex86dHlytFST_oM1UrVZ_XpteNFLI6dmDG3ssOOw6rP_0sYAYnJ9wY4cwyP8cBy_vKJfKAdh9Us7Okp8FqatfLRPB1-Kyrio1bTgpFNzxQTxuP7p-jY4JRRl0jeug6cl1TG2EK-FkUIe281rfxWaotksq4OKDJcHT8w5W0-xLUEbx6S5liVuTgolEkJ9XOU7CuElD3Az47Ynq0a5tBOViMZDTHdtCf0dj3PnOW4MUtI5tthyTR0MxS0P16YM-9qw50niz3XWX4ReUIB1iis3H1-4ZtHQoLPH1HSd5xu_bkFxuNZZT2RucCrI7HQud0oV8WO3rZPyll-JieNu4rOvrLx3ZeTKIBOgn1K3tyrRGZVKi12gk_LEOw3ej5mCut80N4GxQV-YuCXyE0EF7k3fzwTToYcupoT1hTYazzQRy-dWgmV7rM1noJusmu6xaI9xPqSlgZIgKVnCTa_gyNN48pIWVjCIk-MjgoIJypNthOBEmhFsyFD2kCMnVAiCJ6tkR0ufHkMIvh8Wi5KemEyVxfElLXrL3DIiaIkZo5dFgSPLqjRvDA53st7HW3N4dD0ema-mj3HucirH38RTDRiPCJQlk0bUQrq-td3JLWK3IQu8e4Loz_o0T5SbR_HrW0CIdAXYeEY8m17x-uhon-KbAlavtkNNOadZtw7YnXGrDqU0SVgsEPlhJv1_gSwwAokzhk72DhLNlauivbV2SR7bXz0qcpo91YhVCMFvmQIaqH8Tf-fQpqzFvY4Zq4J5x2Gqs72Bpv9QYcZWXtwVN2zo4HDQcUcuMkHahJU5XGzCgknuRue--fZHWGNYpI6E1WVCj_d-saWgKM6oWasXrEp4u-Ww7PT0h05oQH8EQkoUCjWYIIQKOdufXv6MV1ptpvsoAssIpwOHnUGbM_jeo_wzDJjbVtrZH11sgg
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5514539878247004&output=html&h=280&slotname=8337643687&adk=3925734055&adf=1310535254&pi=t.ma~as.8337643687&w=625&fwrn=4&fwrnh=100&lmt=1703838992&rafmt=1&format=625x280&url=https%3A%2F%2Fwinning-wizard.com%2F&ea=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1703948437642&bpp=1&bdt=288&idt=256&shv=r20231207&mjsv=m202312070101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C950x280&nras=1&correlator=131603339930&frm=20&pv=1&ga_vid=8791465.1703948438&ga_sid=1703948438&ga_hid=680330077&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=325&ady=982&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C31079438%2C31080104%2C95320884&oid=2&pvsid=3836462664446130&tmod=1211932927&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&fsb=1&dtd=258
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 30 Dec 2023 15:00:39 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
truncated
/ Frame 9DBA 		211 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
334af650b09d8b4f1295481579e6630234686ae8ee0394220218e5d32c1ce2bb

Request headers

accept-language
de-CH,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type
image/png
gen_204
pagead2.googlesyndication.com/pagead/ Frame C373 		0
20 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=44&t=2&bgai=BMhOPljCQZdC8MeOCjuwP04y9mA4AAAAAOAHgBAI&bg=!kJOlk9zNAAY3kmNgF5I7ADQBe5WfOCcaH9AfTta1UuOeKKZzBGRZ52mQLWkgypUDlcsOz6EDpPUEOQG1rpRzqxLTKbdyAgAAAENSAAAAAWgBB5kDCNOuZl930ZVYZuw6jh7olA8z-ZuG1_kpe09jxwfYdMnlVFgajzskiYCUQfybTxt9JgsmU4dn31Wbr98Vlnz8OoCDRiTKDlCKdEBYSCd4lWnwAg2i2egIk-GRBRDfHDu8QqeaoeVntWUi-Zy2tL8Vqbvf4gyGfzMSYp3hbHnmVdBj_txbQ28zfBIORxNzvd7eFGuNodBdx9SmKXPYzqCvg7HPetdiXTLh23caiLW7xxARyoUm125WsFuQyTWjYiAb8hRHNCXfwCZWjVXsg5tEGEL0NcvoW4_aTfCe-qPNCbZS-vmLsyTvZfso2-1uBZCo83NoW4ssB_aYIWZGVpygsLBAbmoLRcfQ09sOsM7LnvcvrLhBV8v4sPMw6j0DRvey2zt9H-DcwUF2WhDKGfXgUxUk0G-AZEWMw0VXK9zSG4xudntpmGHC3pQlJLe9ltsaJFV0_5vQNPtf7gZoTWISvX0hUzUHeVP3hA7EL95eyHc1u0XOUqRZBiyn_D8GzP1VF8dZNY-ymuowAjz2pjGqBFKsQWBG3w-4bAki5r87UiOYVlFK421WS77y2ogucsQ1w-vOKw9SYjkiOVWMlxaJvftP81IL-2_eOOtxJFgZwZ5azTRhEvDFOwol4SshIuenpVcIB9fqdplT5XNeqDc0c0pwX0D8z4iryjIeWVI5QW5h3XgbZErUywXpx211Xdi20LLmcyVCvU5c2_NtNPI0pbyh-aEHqohR-AuXvMLpdAB4fgxWiTQLpWlmQ-cRmnsGFIMzu2qX5CRASEd4vQVWY_z9bkDO81YIuY0IvCmW1Ep1q4JPzUXgBUZ4gX3KmXQtdUAyWlesEJtEYWntMZYOktueHFfcJhUuBwbciAUBwONBCfWcrsyfV3_XxVUw7UG0r1UsMqPON5knz3vCAXP-7LlH1n5kGWSUaHKRFq0c5jYWsQXsnjJ7BuxhX4yohyeadIpD0AdSai8dFum9ada8K6qIRUkVjdZqQLEY0Px_wdvBDkKqgnnWqk1g7-YLsfaeKU6yygBgjMTF
Requested by
Host: winning-wizard.com
URL: https://winning-wizard.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 30 Dec 2023 15:00:39 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
index.html
s0.2mdn.net/sadbundle/6581696497198049359/ Frame 8956 		27 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://s0.2mdn.net/sadbundle/6581696497198049359/index.html?ev=01_250
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_278.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
9cc46d40f2dae5956a6b6fb0bf33162c5c65680515beae438de306bbf7509736
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language
de-CH,de;q=0.9

Response headers

accept-ranges
bytes
access-control-allow-origin
*
age
378078
allow-fenced-frame-automatic-beacons
true
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, max-age=31536000
content-encoding
gzip
content-length
4617
content-type
text/html
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy
cross-origin
date
Tue, 26 Dec 2023 05:59:21 GMT
expires
Wed, 25 Dec 2024 05:59:21 GMT
last-modified
Thu, 27 Oct 2022 07:28:33 GMT
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-dns-prefetch-control
off
x-xss-protection
0
view
googleads4.g.doubleclick.net/pcs/ Frame B9B3 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjss6C3YABJQOEhEB0OLYViq02f8RMUYtE2pZMT-GH-hInlL-CioRZypwRaQbWc1rL0WN1XmzYqCQNbFk3Z8Y1oQvQOowWDdp0wUOX77zHzj8XSyLdgDzoi7NCQVUaEfahlGpFk3YICnnmGiiALywud_5YEy-z5cTKGsJtWg0DRd6yFbN&sai=AMfl-YRN-2qCvhQDDCsVxURRWIOr-UA_o-1K0v7I9bTNBbMtYk4oOL8WZ5w6ZudCFATUvuifnhAvwWEdFrsGV6wP-SkughfgUzGz4oczooNuAdlPEuHNlSAg6xUcnpHtSA&sig=Cg0ArKJSzLMZu2bdg2vfEAE&uach_m=%5BUACH%5D&fbs_aeid=%5Bgw_fbsaeid%5D&urlfix=1&omid=0&rm=1&ctpt=121&cbvp=1&cstd=119&cisv=r20231207.46831&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&arae=0&ftch=1&adurl=
Requested by
Host: winning-wizard.com
URL: https://winning-wizard.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.185.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s52-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 30 Dec 2023 15:00:39 GMT
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server
cafe
content-type
image/gif
access-control-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
private
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
Standard
s1.adform.net/stoat/630/s1.adform.net/load/v/0.0.237/e/2gSBggDQ/i/vCAv.IAAAAAUAA/r:AdConstructor:contents/HTML:types/ Frame 9DBA 		91 KB
39 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s1.adform.net/stoat/630/s1.adform.net/load/v/0.0.237/e/2gSBggDQ/i/vCAv.IAAAAAUAA/r:AdConstructor:contents/HTML:types/Standard
Requested by
Host: s1.adform.net
URL: https://s1.adform.net/stoat/630/s1.adform.net/bootstrap.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.157.2.249 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software
nginx /
Resource Hash
ed8343699e054a0900f23319e31cba32ad43bf77136313508ea25d86073366bb

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 30 Dec 2023 15:00:39 GMT
content-encoding
gzip
last-modified
Mon, 04 Dec 2023 10:45:40 GMT
server
nginx
x-cache-status
STALE
vary
Accept-Encoding
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=100000
expires
Tue, 05 Dec 2023 15:49:31 GMT
studio-style.css
s0.2mdn.net/sadbundle/6581696497198049359/ Frame 8956 		3 KB
680 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://s0.2mdn.net/sadbundle/6581696497198049359/studio-style.css
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/6581696497198049359/index.html?ev=01_250
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
f24059ce692538a538ad3b9ef4e7e9361c7d49858f52a72430ba8a25c46bea32
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://s0.2mdn.net/sadbundle/6581696497198049359/index.html?ev=01_250
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

expires
Tue, 24 Dec 2024 19:43:36 GMT
date
Mon, 25 Dec 2023 19:43:36 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
415023
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
650
x-xss-protection
0
last-modified
Thu, 27 Oct 2022 07:28:33 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
text/css
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
allow-fenced-frame-automatic-beacons
true
style.css
s0.2mdn.net/sadbundle/6581696497198049359/ Frame 8956 		2 KB
821 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://s0.2mdn.net/sadbundle/6581696497198049359/style.css
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/6581696497198049359/index.html?ev=01_250
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
9c109bcd7145a95e1a1745df508b35a167585137a1bb5bf7426cfaf3e3186893
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://s0.2mdn.net/sadbundle/6581696497198049359/index.html?ev=01_250
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

expires
Wed, 25 Dec 2024 23:43:00 GMT
date
Tue, 26 Dec 2023 23:43:00 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
314259
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
791
x-xss-protection
0
last-modified
Thu, 27 Oct 2022 07:28:33 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
text/css
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
allow-fenced-frame-automatic-beacons
true
lemonpi.js
creative-libraries.lemonpi.io/v1/ Frame 8956 		164 KB
165 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://creative-libraries.lemonpi.io/v1/lemonpi.js
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/6581696497198049359/index.html?ev=01_250
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2260:4600:5:98ca:e7c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
107c597edaea192338c169c19b8a2ae99f4b483280609f45f254a2ee4137522f

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://s0.2mdn.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-version-id
KBCpwZGYr_KlClExCEl8WrxkcmRf9R5J
date
Sat, 30 Dec 2023 14:58:49 GMT
via
1.1 5327478b6f979a4905f57306ac90bdda.cloudfront.net (CloudFront)
last-modified
Fri, 15 Dec 2023 15:28:53 GMT
server
AmazonS3
x-amz-cf-pop
TXL50-P3
age
111
x-amz-server-side-encryption
AES256
etag
"7dd9ed0ff4a1aa829cd7e821ce461bae"
x-cache
Hit from cloudfront
content-type
application/javascript
accept-ranges
bytes
content-length
168176
x-amz-cf-id
Vr0EtRRWgyoPZZau8IjjXipyA5EdZp8Binrnb2rD6g2UPIjRVemyuQ==
TweenMax.min.js
cdnjs.cloudflare.com/ajax/libs/gsap/2.1.2/ Frame 8956 		113 KB
35 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdnjs.cloudflare.com/ajax/libs/gsap/2.1.2/TweenMax.min.js
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/6581696497198049359/index.html?ev=01_250
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:190e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a863a77e9ee263a0ec9c1e792bb33ed0f663582b7369f472261df7b6040990c4
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://s0.2mdn.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 30 Dec 2023 15:00:39 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=15780000
age
2712193
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
34771
last-modified
Mon, 04 May 2020 16:10:25 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"5eb03e71-1c4b9"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=B2oYIOauzv4KeBIXF0p69QUIZRF%2BcMJ1B7Ux2L32RNTRPnKvtLHjXPf5M7kQjQnMEyG2okl%2BveKuRGwUuVmLoY49DDSeHf7Ydku2cPpHyKjEY%2Fl5QkNcYecSEoiYyHwRXeFbvkj1cQsTs0ki2oZwa8qL"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=30672000
accept-ranges
bytes
timing-allow-origin
*
cf-ray
83db2753081824c2-ZRH
expires
Thu, 19 Dec 2024 15:00:39 GMT
jquery.min.js
cdnjs.cloudflare.com/ajax/libs/jquery/3.4.1/ Frame 8956 		86 KB
27 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdnjs.cloudflare.com/ajax/libs/jquery/3.4.1/jquery.min.js
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/6581696497198049359/index.html?ev=01_250
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:190e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://s0.2mdn.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 30 Dec 2023 15:00:39 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=15780000
age
2812065
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
27748
last-modified
Mon, 04 May 2020 16:11:48 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"5eb03ec4-15851"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tVBwGZf3UnHUlA%2F9Cx%2BigO6b2wRiLIj3WmZ21yNhbGJINewxv9eHVEPzYN6LsoCMqbhCwFzbz%2BnFexGAz8c55ijtS1sOcO8lo9Qz0XcsvZn%2FF%2BjTZfeNlLgTyszwjFK9yF6O5Nih7Cedhpsl06bFwEPJ"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=30672000
accept-ranges
bytes
timing-allow-origin
*
cf-ray
83db2753081a24c2-ZRH
expires
Thu, 19 Dec 2024 15:00:39 GMT
script.js
s0.2mdn.net/sadbundle/6581696497198049359/ Frame 8956 		34 KB
11 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s0.2mdn.net/sadbundle/6581696497198049359/script.js
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/6581696497198049359/index.html?ev=01_250
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
033684882b2557bfc3ad94a277205d5d902e5318803d9b24708f01ab10ddcbf4
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://s0.2mdn.net/sadbundle/6581696497198049359/index.html?ev=01_250
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

expires
Wed, 25 Dec 2024 01:32:01 GMT
date
Tue, 26 Dec 2023 01:32:01 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
394118
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
11581
x-xss-protection
0
last-modified
Thu, 27 Oct 2022 07:28:33 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
application/x-javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
allow-fenced-frame-automatic-beacons
true
html_inpage_rendering_lib_200_278.js
s0.2mdn.net/879366/ Frame 70B5 		172 KB
60 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_278.js
Requested by
Host: winning-wizard.com
URL: https://winning-wizard.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:830::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
a6d36aa3d742ccd6f1ca3c76dcf885af72f7bebe2fcc001ea011a7aea2f55678
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://googleads.g.doubleclick.net/
Origin
https://googleads.g.doubleclick.net
accept-language
de-CH,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 29 Dec 2023 23:49:04 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
54695
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
61485
x-xss-protection
0
last-modified
Tue, 14 Mar 2023 18:43:57 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=86400
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Sat, 30 Dec 2023 23:49:04 GMT
omrhp.js
pagead2.googlesyndication.com/pagead/js/r20231207/r20110914/elements/html/ Frame 70B5 		11 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/js/r20231207/r20110914/elements/html/omrhp.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-AhLiRX6q2cdjZuUR9zRGFyU4Go5f3X_73Rgu7oyqGAXz1y-PuYWUehqz4JIL43ilX7BRwpkFrLE9GMKCduVh7_bJLAiKettLcjnWU3t9RgPqVRf_7Yhzp5Tl8ffYqqpFJka4x22-b6Vx7GCTp-95uq3nCFbgrwG3ULs0hD3Xv1flp3S0UEYYZ8i3GSXemygAq_qTqi&cry=1&dbm_d=AKAmf-A7eiH9DJs5r-6590v-N9ul7E-F0QCe6_C7qLIe0QZWBR6tCoyl5wJtufupO3iPxoVNXkolignqqSDHbqTk1ryEiQI0xErtYJNj03Lf3qvyPVtbbxf7yP1kyNr-IbkIdNSXPLAjy3q6xZ5Pmhdx46XT0XqBLFxP6gFiC-LiJS9BDnp0TvseNn7ZDcitYrTxwZj7ihRfGDUnLCljQJWFkmHKpW56EXi3s0zL4xdCTMC2mLTlUjcbfgKsbyEVoTF7l_6kbyKq6l2F5V_53aa0dwH4whTL_yqRKDweyLUr4Li-G0sgtQVzvTB01fNIlx9OFWxkCDdelPKQy2P6AsJTySvhc2eTHH9shoJpk9hOilIDkIo87y_Nee05oPtzoQArSu5slZoFwHYLHHW42yJwrHM1p9axZE_oW9768kRECnMsqJD2VvxvmM-oBcxSSYlMcHulzzPrfp-ruoWP7yNoR1U04mqp0zhWIuKDSUGvAZ-N-5gN3ZpIaVGVROeftVwrv9HbGk3YKU_6hJSwwLOA-Hgyc80cvLX7Zi8CNuh8NUWJRgOOirN08CURXJ6z9Q7S9nZL7tfs51Ko5H28fG5_HLA3lYB5_JaDT3uxXqL-5d_7ts0cZDDzNgZej0CXQEK6owsA8HALbKRKPgw5BFxm6sllKYh3Qgiwgu4uqe5g3qCx8lyhR9HBfpbtTk6U8Sgi-R5jWkl6CwTWPyxZjg4Xw-8ByWj3qb3HP2Pe_UixSV0R_pY5dUcM4WJM0W-FztMsLKDk2vCrCAcDbrVHbPqXyQSttUL7LHBHOUguLsOufa5o9eOM4G2Dk0bSnOX0RhMhf032zxXIFOWioIpfIEkJalnGo2lURr8xw-fcMjC8k8yibkSX3ooQrHrj7nQVWWBrfozV7HTml5JVyLkeZflUo1MqeeKxVehpihd39jG6x7cXSt2897O_BaAML2XI44lLW71kBZbjSqHkrqcPr91Hu8slZjRYuxNHol6N4u8sZWFPVuU7m_JUWWbMzz4GrNFxAwbPnyM1h772To-FOPpZTFeSSDnWucGHtaNN9H2hFR-yjz7Ozt-BBf_t7Ias-37jeTTqOPjypyaBwMhy1itq_rf7bpig9CYzuprtEvlTZbcNTyT8YuAudIeid7yR3NYIICqRr1ZRbwKLKl_ysrvD6Yn9ImtSqbHVT2RWUlz4fv1gpDMIhSIykH1vDYE9fotbIohsRDOpes3-7Po2zE7lUniK4tUtSr3D26if-ipIR3dL48tarhmrqDFrBs9zS7RASI_W25QQACKYXOXaX252axBtluTce_HaNYQ9MwxD4v2aRZU4ZcqKdIrEgfJnlRHLQZ43TyIt9hpV3nkEwxFcIUMvbkSebw3EBuZEm6dpNanrLXn5tE2HHk9rqwYOOe3pCpSU3YOvW98pu8qq8Pni__wu9nlh-WYfgzrA36TPkgelHIbqz_TUD3PTzegjPiY_Ebs9B2IHSDdYRJkFOHlXxouooa_Mt5FsC89X_Ng8WC7sgNBeyYvbUtw98mZAJnN5i9r94rnWDujptCo2t8e4lIF4ZkCL4naeEZpiT7kVgEVthpZfM12ireZGAlF9ul504ZCpEHkcQVVEDhxXBzExut94eQEsYhqdtoBy2ZGmQ9rpyRTWdkbc4vMSvmW7iWKqSbmyPKOipY_azP9jICYmbDjRrv8PRHhxCHwbHO9xV6v_ieFqiqpp2llGqqWQRSghmEAIYh7Cbv-lcw12hI5vuCA_jweJAsDbjqKHfvedoRd_mT2x-hmdEGYEpEnsmEVICN_Ycpr6DvH1ebAZRjwCEFqPdU6t3vqD3nLkBNjbcXidWry9y7hJRMfRBIgaPD2GwZfwsak_bzn_CWtDg2x2Q4RGgs9mGmdDywAQqeDRGP9rW1BcduggbwN-IV3o59OewiZTQdKrZ2SidXV1tuemsjHCYRzNRhbiORFoD7ZEf3IylWOIhxTSwZXUVj0T9EvgiOZ4ZYgv_CpUeKyVyw92zBFghq2lUohhLWw_1kr3DfFD5I4L7MPBQT7opJoCKIymLAaDFsFxS52XF4uZTBqJPhWfdZx0Y4kXwa6_EeFNHBdo2AD1pWynKGjM6QXHZ1_SxjisjuVEeynymUQt7BNT7b4ddkM1-uV3fLmNiewTKxyhZSl0No92aQbysHM1tWKM2CAmkrazvQBQPdZV3GK2BqLROJPONsWoYlB9CzX4cACIr5ahDSmorJfnRfdJ5Q8F9bIFpyPZzUmzUBn1bzQ9iPJrZIvleRF2vPTjJadw-yRHuWhoIBeaB53shQhEcDIqDh-Wsey7BIhowDqmj-thwbqy5G2AIthslHfsZz24zprKiG-Swz3SkA9-uMPZccq1jk0YAhV6dyhGlHYvkAzfiypIVRmy2LrxBgXmFu1RcGZ_UfjQxW5nEuNBiS7LYFMOsTQ-vJmOI1Yf0xVxkVdtJqAqePBbxNyHJziw5RwwMuRfODI3fYzTsBpXUtBdCJYAAEvSDS4pJ_7vaysKnjwoCqhZQHemKmKmZUB1WeustUupkWlYJr5Wer3VOSSOi5K8X87FSfMhrJ3-SbfkNBGtiCxwiGDojIsivkPwHXZgP-gZCVMdKf6dE8nUN-dHP4nbJLU4rBCD5Br_D8bRIRlWAQpJtMuJolXz3MIciKOTdJJsPesWGnHwVJ1aLT1pqnDaDQGYtEpNtnH5TJg24mWWEcZAUw0s-PlHZTdHpvFDbDDyMMu4q1Qwt4RnxbU3HxsCL6xLe6hvDbfX9dfVM00-ZCFEt04YY68_S3UpGASxAGRV495rUu8mgvUh4cyfUFWaRQX92hH05Odq8_gvlaMkpPmU3tJUCaGI9AUQODJYZUONupVcfPaP9CPZUNf81g7x2wHnX5Ft-372ogYcBujfWMcldLWJxXSqTOZVBXtYWSI4kPapNvWUMe32PdzF4GlxoEYNdP3Jp59cwwZnlPvfwmGNwCF4-9rzCUbtZQRH3JK_b4n54qI_zZmDXDOJjOV1eoGmsTwJ6qOD6eBikG5vJWEsIp6EH4HXKGGnO48XVEkbdhElrndjwi7dzuxkwGwdx_vtvaWxWfgOcuhnvAbm_aN3FrPnusigx6v3DecTzH21LDmm9RxMtKDDm5auhb1vm3u7QP_K-olaxmYsviykYVPxrknWlA0CC1odabdtvlMW_t_D_uFV74LomOB_40s_8QjR3o0LK4qovifULCvaXZq4SBsvBAsi8dRrbBOMC1Piwd6Q8Nquu2ZDFJx15aJo9fvPzqEY6snPj6McsLCCIjNqa-q8PiAjmnjdHlzHV7TPkxQirj-JuJkJ3snqdxYahrBtFnak7gF5LDOJ1gWMq-MGuTuCIlTwCH6KMhJURD_oOPCRg-33_2XjSoAY43qFGGnESLAJAxPwgMNblyxF-r1LMOEgle6I898LBlTnsFjKdFEfnjfOTy5QpiA6Q9wuYEppxAkJzWewJjEqAobUt0cdJbSR_wjHUxkq2OB1wRHzz0qgsQgAv0y96H-UNqNf9iNJmbOKgJqpOok4-ejJkl3lsSiAqx0hxHtdGHHN4DgpBdN3U_1URJ3KO3Ou0_vtqV3Pe_SNvWoj1_mMXLT3TDex8vbI2pRMUM-4sXf_zmzDHEA-5thzR8STb5X4rAvwipgtf7tfOLDfRehjRvnWJ2ChaD4nMVI8DUxNOkp0XX3ToBzFojdJIp9gv5BybGyuZL3OIcG7RuDS76afENMXonoXGp06Y6O292uAXNIAXIkO5yIljH8B2x1nkguNIipKmjAp9JugpgNWvJbMRUUGowpZcjVaCpBJmPZHO0fEXvVvuH2KugjdgwwCS2yyFwQQcppP7AzkcqsENUgKSMxfmg1EfOVIxF4hTXd7W47iTMLunKUaPGSoOVu4ysCAa1Rm4FBVYWGhaCx9jWSW-MyAnlgqlntHo0g8BXnEyLy_lIRBRe13Emnn18F1TJXiN1BX9lFNsUfLzQbmd-eSWExjzE14eyIwFg&cid=CAQSTgAvHhf_KWby_hJve5SFexQS_up9XNzs4ps0eRGvpU93gM3ZQLcrM8wtxV0IHcm2j1uvt6YiAtlwYxcNq8hag2bZfuvFEEalsKjdeen_DxgB&dv3_ver=m202309260101&rfl=https%3A%2F%2Fwinning-wizard.com%2F&ds=l&xdt=1&iif=1&cor=18248576333173610000&adk=1992445683&idt=125&cac=0&dtd=2
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
712bf11a3755c81fa1ce57249e7a61f6845b843b84aea09889a11478515234ca
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 29 Dec 2023 21:44:08 GMT
content-encoding
br
x-content-type-options
nosniff
age
62191
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
4206
x-xss-protection
0
server
cafe
etag
14415875674906819925
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Fri, 12 Jan 2024 21:44:08 GMT
abg_lite.js
pagead2.googlesyndication.com/pagead/js/r20231207/r20110914/ Frame 70B5 		31 KB
12 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/js/r20231207/r20110914/abg_lite.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-AhLiRX6q2cdjZuUR9zRGFyU4Go5f3X_73Rgu7oyqGAXz1y-PuYWUehqz4JIL43ilX7BRwpkFrLE9GMKCduVh7_bJLAiKettLcjnWU3t9RgPqVRf_7Yhzp5Tl8ffYqqpFJka4x22-b6Vx7GCTp-95uq3nCFbgrwG3ULs0hD3Xv1flp3S0UEYYZ8i3GSXemygAq_qTqi&cry=1&dbm_d=AKAmf-A7eiH9DJs5r-6590v-N9ul7E-F0QCe6_C7qLIe0QZWBR6tCoyl5wJtufupO3iPxoVNXkolignqqSDHbqTk1ryEiQI0xErtYJNj03Lf3qvyPVtbbxf7yP1kyNr-IbkIdNSXPLAjy3q6xZ5Pmhdx46XT0XqBLFxP6gFiC-LiJS9BDnp0TvseNn7ZDcitYrTxwZj7ihRfGDUnLCljQJWFkmHKpW56EXi3s0zL4xdCTMC2mLTlUjcbfgKsbyEVoTF7l_6kbyKq6l2F5V_53aa0dwH4whTL_yqRKDweyLUr4Li-G0sgtQVzvTB01fNIlx9OFWxkCDdelPKQy2P6AsJTySvhc2eTHH9shoJpk9hOilIDkIo87y_Nee05oPtzoQArSu5slZoFwHYLHHW42yJwrHM1p9axZE_oW9768kRECnMsqJD2VvxvmM-oBcxSSYlMcHulzzPrfp-ruoWP7yNoR1U04mqp0zhWIuKDSUGvAZ-N-5gN3ZpIaVGVROeftVwrv9HbGk3YKU_6hJSwwLOA-Hgyc80cvLX7Zi8CNuh8NUWJRgOOirN08CURXJ6z9Q7S9nZL7tfs51Ko5H28fG5_HLA3lYB5_JaDT3uxXqL-5d_7ts0cZDDzNgZej0CXQEK6owsA8HALbKRKPgw5BFxm6sllKYh3Qgiwgu4uqe5g3qCx8lyhR9HBfpbtTk6U8Sgi-R5jWkl6CwTWPyxZjg4Xw-8ByWj3qb3HP2Pe_UixSV0R_pY5dUcM4WJM0W-FztMsLKDk2vCrCAcDbrVHbPqXyQSttUL7LHBHOUguLsOufa5o9eOM4G2Dk0bSnOX0RhMhf032zxXIFOWioIpfIEkJalnGo2lURr8xw-fcMjC8k8yibkSX3ooQrHrj7nQVWWBrfozV7HTml5JVyLkeZflUo1MqeeKxVehpihd39jG6x7cXSt2897O_BaAML2XI44lLW71kBZbjSqHkrqcPr91Hu8slZjRYuxNHol6N4u8sZWFPVuU7m_JUWWbMzz4GrNFxAwbPnyM1h772To-FOPpZTFeSSDnWucGHtaNN9H2hFR-yjz7Ozt-BBf_t7Ias-37jeTTqOPjypyaBwMhy1itq_rf7bpig9CYzuprtEvlTZbcNTyT8YuAudIeid7yR3NYIICqRr1ZRbwKLKl_ysrvD6Yn9ImtSqbHVT2RWUlz4fv1gpDMIhSIykH1vDYE9fotbIohsRDOpes3-7Po2zE7lUniK4tUtSr3D26if-ipIR3dL48tarhmrqDFrBs9zS7RASI_W25QQACKYXOXaX252axBtluTce_HaNYQ9MwxD4v2aRZU4ZcqKdIrEgfJnlRHLQZ43TyIt9hpV3nkEwxFcIUMvbkSebw3EBuZEm6dpNanrLXn5tE2HHk9rqwYOOe3pCpSU3YOvW98pu8qq8Pni__wu9nlh-WYfgzrA36TPkgelHIbqz_TUD3PTzegjPiY_Ebs9B2IHSDdYRJkFOHlXxouooa_Mt5FsC89X_Ng8WC7sgNBeyYvbUtw98mZAJnN5i9r94rnWDujptCo2t8e4lIF4ZkCL4naeEZpiT7kVgEVthpZfM12ireZGAlF9ul504ZCpEHkcQVVEDhxXBzExut94eQEsYhqdtoBy2ZGmQ9rpyRTWdkbc4vMSvmW7iWKqSbmyPKOipY_azP9jICYmbDjRrv8PRHhxCHwbHO9xV6v_ieFqiqpp2llGqqWQRSghmEAIYh7Cbv-lcw12hI5vuCA_jweJAsDbjqKHfvedoRd_mT2x-hmdEGYEpEnsmEVICN_Ycpr6DvH1ebAZRjwCEFqPdU6t3vqD3nLkBNjbcXidWry9y7hJRMfRBIgaPD2GwZfwsak_bzn_CWtDg2x2Q4RGgs9mGmdDywAQqeDRGP9rW1BcduggbwN-IV3o59OewiZTQdKrZ2SidXV1tuemsjHCYRzNRhbiORFoD7ZEf3IylWOIhxTSwZXUVj0T9EvgiOZ4ZYgv_CpUeKyVyw92zBFghq2lUohhLWw_1kr3DfFD5I4L7MPBQT7opJoCKIymLAaDFsFxS52XF4uZTBqJPhWfdZx0Y4kXwa6_EeFNHBdo2AD1pWynKGjM6QXHZ1_SxjisjuVEeynymUQt7BNT7b4ddkM1-uV3fLmNiewTKxyhZSl0No92aQbysHM1tWKM2CAmkrazvQBQPdZV3GK2BqLROJPONsWoYlB9CzX4cACIr5ahDSmorJfnRfdJ5Q8F9bIFpyPZzUmzUBn1bzQ9iPJrZIvleRF2vPTjJadw-yRHuWhoIBeaB53shQhEcDIqDh-Wsey7BIhowDqmj-thwbqy5G2AIthslHfsZz24zprKiG-Swz3SkA9-uMPZccq1jk0YAhV6dyhGlHYvkAzfiypIVRmy2LrxBgXmFu1RcGZ_UfjQxW5nEuNBiS7LYFMOsTQ-vJmOI1Yf0xVxkVdtJqAqePBbxNyHJziw5RwwMuRfODI3fYzTsBpXUtBdCJYAAEvSDS4pJ_7vaysKnjwoCqhZQHemKmKmZUB1WeustUupkWlYJr5Wer3VOSSOi5K8X87FSfMhrJ3-SbfkNBGtiCxwiGDojIsivkPwHXZgP-gZCVMdKf6dE8nUN-dHP4nbJLU4rBCD5Br_D8bRIRlWAQpJtMuJolXz3MIciKOTdJJsPesWGnHwVJ1aLT1pqnDaDQGYtEpNtnH5TJg24mWWEcZAUw0s-PlHZTdHpvFDbDDyMMu4q1Qwt4RnxbU3HxsCL6xLe6hvDbfX9dfVM00-ZCFEt04YY68_S3UpGASxAGRV495rUu8mgvUh4cyfUFWaRQX92hH05Odq8_gvlaMkpPmU3tJUCaGI9AUQODJYZUONupVcfPaP9CPZUNf81g7x2wHnX5Ft-372ogYcBujfWMcldLWJxXSqTOZVBXtYWSI4kPapNvWUMe32PdzF4GlxoEYNdP3Jp59cwwZnlPvfwmGNwCF4-9rzCUbtZQRH3JK_b4n54qI_zZmDXDOJjOV1eoGmsTwJ6qOD6eBikG5vJWEsIp6EH4HXKGGnO48XVEkbdhElrndjwi7dzuxkwGwdx_vtvaWxWfgOcuhnvAbm_aN3FrPnusigx6v3DecTzH21LDmm9RxMtKDDm5auhb1vm3u7QP_K-olaxmYsviykYVPxrknWlA0CC1odabdtvlMW_t_D_uFV74LomOB_40s_8QjR3o0LK4qovifULCvaXZq4SBsvBAsi8dRrbBOMC1Piwd6Q8Nquu2ZDFJx15aJo9fvPzqEY6snPj6McsLCCIjNqa-q8PiAjmnjdHlzHV7TPkxQirj-JuJkJ3snqdxYahrBtFnak7gF5LDOJ1gWMq-MGuTuCIlTwCH6KMhJURD_oOPCRg-33_2XjSoAY43qFGGnESLAJAxPwgMNblyxF-r1LMOEgle6I898LBlTnsFjKdFEfnjfOTy5QpiA6Q9wuYEppxAkJzWewJjEqAobUt0cdJbSR_wjHUxkq2OB1wRHzz0qgsQgAv0y96H-UNqNf9iNJmbOKgJqpOok4-ejJkl3lsSiAqx0hxHtdGHHN4DgpBdN3U_1URJ3KO3Ou0_vtqV3Pe_SNvWoj1_mMXLT3TDex8vbI2pRMUM-4sXf_zmzDHEA-5thzR8STb5X4rAvwipgtf7tfOLDfRehjRvnWJ2ChaD4nMVI8DUxNOkp0XX3ToBzFojdJIp9gv5BybGyuZL3OIcG7RuDS76afENMXonoXGp06Y6O292uAXNIAXIkO5yIljH8B2x1nkguNIipKmjAp9JugpgNWvJbMRUUGowpZcjVaCpBJmPZHO0fEXvVvuH2KugjdgwwCS2yyFwQQcppP7AzkcqsENUgKSMxfmg1EfOVIxF4hTXd7W47iTMLunKUaPGSoOVu4ysCAa1Rm4FBVYWGhaCx9jWSW-MyAnlgqlntHo0g8BXnEyLy_lIRBRe13Emnn18F1TJXiN1BX9lFNsUfLzQbmd-eSWExjzE14eyIwFg&cid=CAQSTgAvHhf_KWby_hJve5SFexQS_up9XNzs4ps0eRGvpU93gM3ZQLcrM8wtxV0IHcm2j1uvt6YiAtlwYxcNq8hag2bZfuvFEEalsKjdeen_DxgB&dv3_ver=m202309260101&rfl=https%3A%2F%2Fwinning-wizard.com%2F&ds=l&xdt=1&iif=1&cor=18248576333173610000&adk=1992445683&idt=125&cac=0&dtd=2
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
565592ede82822decb298ebd1e6f56e9c6a680b1a79cd4208513a834295e4c43
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 30 Dec 2023 01:43:50 GMT
content-encoding
br
x-content-type-options
nosniff
age
47809
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
11872
x-xss-protection
0
server
cafe
etag
16225921609732785849
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Sat, 13 Jan 2024 01:43:50 GMT
Q12zgMmT.js
tpc.googlesyndication.com/sodar/ Frame 70B5 		41 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/Q12zgMmT.js
Requested by
Host: winning-wizard.com
URL: https://winning-wizard.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
435db380c9936c0970dcd3d9941eab6aec2fcf2a38c3e2b4e02d957e8e76bd1f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 29 Dec 2023 18:05:08 GMT
content-encoding
br
x-content-type-options
nosniff
age
75331
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
13937
x-xss-protection
0
last-modified
Fri, 25 Aug 2023 23:48:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
vary
Accept-Encoding
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Sat, 28 Dec 2024 18:05:08 GMT
truncated
/ Frame 70B5 		218 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
c814c09e80cc8b3c71725252832a777cdd8e36a4ae60eca0df1590cb6499641a

Request headers

accept-language
de-CH,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type
image/png
dt
dt.adsafeprotected.com/ Frame B9B3 		43 B
215 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dt.adsafeprotected.com/dt?advEntityId=1293200&asId=9d336324-3795-3518-8ec5-3c1f383e25f4&tv=%7Bc:yiqDIt,pingTime:-10,time:480,type:s,mvn:ZnNjPTEzLHNkPTMsbm89OCxhc3A9MQ--,sd:MTcuNi4ydjEyMDB8fDE2MDB8fDF8fDF8fDI0fHwxMjAwfHwwfHwwfHwxfHxsYW5kc2NhcGUtcHJpbWFyeXx8MjR8fDQvM3x8NC8zfHwwfHwxNjAw,no:MTcuNi4ydk1vemlsbGF8fE5ldHNjYXBlfHxufHxufHwwfHxufHxXaW4zMnx8R2Vja298fDIwMDMwMTA3fHwtNjB8fE1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyB4NjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS84OS4wLjQzODkuNzIgU2FmYXJpLzUzNy4zNnx8MXx8MXx8R29vZ2xlIEluYy58fG4-,ch:n,fsc:17.6.2v222222220002222202222222220222222222202222222220222202000022000220222222220000222202002222202222222220222222220000020022222200022222220200000222200022220002022022022222202002220222022222022220000220200000022220222220222222222222202222222222222222222222222222222222222200000022022020020000002022202022022022222222000000000020222202022022222000000020000000000000000000020220202220000022200222202220022200200222022202220022220222200202222020002200002222022222202222000002002002222222202220022202200022002220222202,asp:1703948439537%7C%7C9c4aeee2d2cb271849c57e7313498c15%7C%7Cf34e96995ddf3ff5eb1bfde138cfe29c%7C%7C05db341b0d6e26cd8a9b54b93324bcca%7C%7Cd74e15fe6a03f0d31137d40e9efc87b6%7C%7C82e77b8aa0439a61de83a2d732198608%7C%7Cf0400979a516c010b5694d74139fca7b%7C%7Cc76998e37453197691e7385ffbefbfe4%7C%7C1663701684%7D
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5514539878247004&output=html&h=280&slotname=8337643687&adk=3925734055&adf=1310535254&pi=t.ma~as.8337643687&w=625&fwrn=4&fwrnh=100&lmt=1703838992&rafmt=1&format=625x280&url=https%3A%2F%2Fwinning-wizard.com%2F&ea=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1703948437642&bpp=1&bdt=288&idt=256&shv=r20231207&mjsv=m202312070101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C950x280&nras=1&correlator=131603339930&frm=20&pv=1&ga_vid=8791465.1703948438&ga_sid=1703948438&ga_hid=680330077&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=325&ady=982&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C31079438%2C31080104%2C95320884&oid=2&pvsid=3836462664446130&tmod=1211932927&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&fsb=1&dtd=258
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:1f18:1aca:4282:3137:249d:649b:b354 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
nginx /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 30 Dec 2023 15:00:39 GMT
server
nginx
x-server-name
dt18.va.303net.net
p3p
CP="COM NAV INT STA NID OUR IND NOI"
content-type
image/gif
cache-control
no-cache
content-length
43
/
track.adform.net/csimpr/ Frame 9DBA 		35 B
600 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://track.adform.net/csimpr/?bn=70207642&csi=IfyHOY-FzuX2wUiHYGH_ylCAKuj457-ADSEExjBE6O3rygPkIxxfkxr7Ce6pXPFWTTmghQkjCqbBJQJxPA1LWN6vWmW1dlSa0
Requested by
Host: s1.adform.net
URL: https://s1.adform.net/stoat/630/s1.adform.net/bootstrap.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.157.6.237 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software
nginx /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://googleads.g.doubleclick.net/
accept-language
de-CH,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

pragma
no-cache
date
Sat, 30 Dec 2023 15:00:39 GMT
strict-transport-security
max-age=31536000; includeSubDomains
server
nginx
accept-ch
Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
access-control-max-age
86400
access-control-allow-methods
GET, POST
content-type
image/gif
access-control-allow-origin
https://googleads.g.doubleclick.net
p3p
CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
cache-control
no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials
true
access-control-allow-headers
Content-Type, Cache-Control, Accept-Encoding, X-Requested-With
expires
-1
62bHydCX.html
tpc.googlesyndication.com/sodar/ Frame 89EF 		38 KB
13 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/62bHydCX.html
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Q12zgMmT.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
eb66c7c9d097d5ba414230f422484c17fa6f37157d30e1ded2cc5f65a9667987
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language
de-CH,de;q=0.9

Response headers

accept-ranges
bytes
age
364521
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, max-age=31536000
content-encoding
br
content-length
13045
content-type
text/html
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy
cross-origin
date
Tue, 26 Dec 2023 09:45:18 GMT
expires
Wed, 25 Dec 2024 09:45:18 GMT
last-modified
Fri, 25 Aug 2023 23:48:00 GMT
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
index.html
s0.2mdn.net/sadbundle/9373232566376595456/ Frame 4380 		304 KB
41 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://s0.2mdn.net/sadbundle/9373232566376595456/index.html?e=69&leftOffset=0&topOffset=0&c=j4kNvNO9b6&t=1&renderingType=2&ev=01_250
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_278.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
a32034f1a6a78a94a792021a838bdc2a75dbb07e4c699984d4a89ff96480482b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language
de-CH,de;q=0.9

Response headers

accept-ranges
bytes
access-control-allow-origin
*
allow-fenced-frame-automatic-beacons
true
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, max-age=31536000
content-encoding
gzip
content-type
text/html
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy
cross-origin
date
Sat, 30 Dec 2023 15:00:39 GMT
expires
Sun, 29 Dec 2024 15:00:39 GMT
last-modified
Wed, 29 Jun 2022 08:54:38 GMT
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-dns-prefetch-control
off
x-xss-protection
0
view
googleads4.g.doubleclick.net/pcs/ Frame 70B5 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsvF6O4dro0iPjD3yZ3QUiMnCAbMd-DAqZuRnKXTsYp1WAO8C8Kr8c8ru7pZEzBKPcxm9s2z-YCjZ7Gpx2mYLRSEQ4Ppnj8Am-y5mpZ1TMeBLzrN6M99e8H_s30pctERvaVFy1_lgQs18ixsUMS-b9caYBOSbgCQO40kiz57VPSc8IlRlg5ivIUqbrKMfHpGbPzpFqlrZ6-4ldeP9D0pj932sqsceou1lANPClZtdoLD7fo7DgRM_yvD1SuZa3JfdQ8OXj75fyoV9XJoentgDQ1qNWC4F2K7D-i1c-F1Y4gn_IDkNdOrcS5YrZh-Dq_eIboBniYepmegaiElrYUevkOGpIqVABAlzi5qXtOHOSYYD-ReAYNAuxv73pY_CDVrPKVTmRqPVT2PPVOL2n8ZgkEflImOIA7mb0i3KHB6reavKLJarXdWvZ1ETIEBh3gS2QLZwZAhhVoDwHFcAdsE7-6QWZGJuPpofx0wZtYC_rSmfFL1ZL_T20ni3oMapZMfSNrW5yEiYR9pgos7mtOLSI9XIHZZRuXWaCok43MYhtu7EpiR_2k2LkFo1Tk7AJE9zBu7RMooT4w1vcZqzdaem3J9gOliIHCbsnvVMySQ11sksCC-3TjSG-OYt67K0YMGvwwEkYUeovAqra13pIGSYjOBQzn9bqOdr9lOHsOUBugursoYEnqRJnMARgKIuKpzMnJ_XKDIlS-ghwAIVbMqcRdQhiXUL2SN6Ig4B5ycfBjWsEWvxlz-DlvdaBZ757lul_xJ3xQLabDJ-ir0280FHdM_F3ySdE7ibapD_Tq3T8kQujB9JJvMql3OzSlbH5-nlIrhuDIx8Eqb0XvV0Y_R0fwuCm4waDKgeeNccJDeTXWT3826PS8qcmkaawcK000fAzxka2_NXvwDlmpCoEY4PV1LaGtLQcQ8UIaneOWkgfMvbP9m_vKSgKJtKPb_0Hg37gRQdOOODPvc2xtTREWTWLzlgmfOOhHPPcLjLD9g31_FXp8LjsMAvPAVH_79ijer5K6hoNLlc_N0sJ2Y3OwOAhUwouNvbTbwqCpxk4kXIXtr6llL1tyeWcCw9M4cU1ZNRb5gwNFlYq37vM3Yul7c6P-iazmtij0It7In5gweZaoC5FATjJiWsfQIcZM0kmLWNxdgA36foFmKiZup3YzXUyKbdXxQvwnm4unR_aVNwPRUOmzwmzIOoSYr0LKWFFc0pUqaoajGtFTciLl70jGW5_4tUU7woT8ubXNCeGclankQ2R4HlRwQG5HhMZ-Rji_OV71AWxxASU0xwgtN3ZxMEz2cQ7ZDhQ0oQp0kLP0vGwh62lQSb6y0XgeTaVU6oG--3c6-2KqxGxkTWkEagMmZeT3hWuB1joAuofO8ew9WiCAB2E9FMY5fR2rwaif0CqxUpuo5wCshTsiIxbMku_43HNcKNQUJJFQTk-vVcOzmbGqnpuLx_bOm0LRBw0_HqOYA31OyGavPSECZdxEob3sFmm4na43kGkUeUg&sai=AMfl-YRqb7QLz7CQp2Y8zVmwvxasKdrjp-jdHjNdmHAx-Ifov7rPWn2fLT4bN5gWyvtSSjSNMx7qOPuMA3Hm3cKRT6iY86HO_lu-QknfvOIexGihGyJgvXE91ZPtcQk52TBDEaI7L7EgWPFmb508V41kuT9ncDE7gkzoz7xNIHWSLK9bVrnNACJHEFpa7YgsGJ7UDV9HawoyVFe0J9HLZaytWgHSbX_BeHFU0ZQsBefQ1Yr8aUifPqtbHpa2xCyIuZQZABRHwFxUuJnzQEpSkouYX-9HF1ZgYMwOKsNvFj-iEZsGV7wWCf9E9ttZewqubg&sig=Cg0ArKJSzJAvxmMhPSyNEAE&uach_m=%5BUACH%5D&fbs_aeid=%5Bgw_fbsaeid%5D&urlfix=1&omid=0&rm=1&ctpt=83&cbvp=1&cstd=78&cisv=r20231207.84058&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&arae=0&ftch=1&adurl=
Requested by
Host: winning-wizard.com
URL: https://winning-wizard.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.185.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s52-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy
script-src 'none'; object-src 'none'
date
Sat, 30 Dec 2023 15:00:39 GMT
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server
cafe
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
content-type
image/gif
cache-control
private
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
14061508.js
s1.adform.net/Banners/Elements/Files/2043002/14061508/ Frame 48C7 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s1.adform.net/Banners/Elements/Files/2043002/14061508/14061508.js?ADFassetID=14061508&bv=258
Requested by
Host: winning-wizard.com
URL: https://winning-wizard.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.157.2.249 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software
nginx /
Resource Hash
60b27da98e45e4e97ce7186285774a8bd678c5d71ef789434b5a66ec257a4ac1

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 30 Dec 2023 15:00:39 GMT
content-encoding
gzip
last-modified
Mon, 11 Dec 2023 10:09:21 GMT
server
nginx
x-amz-request-id
tx0000013df43b37e2ec26b-00658cd552-32959e94-default
etag
W/"861b691308074a69c25af491d46f0e35"
x-cache-status
STALE
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
*
access-control-expose-headers
Content-Range,Content-Length
x-rgw-object-type
Normal
cache-control
public, max-age=604800
Dtt_-LR3WxpzwV0Gscftq1A_D1owstvxoTnWWhwY4Ow.js
pagead2.googlesyndication.com/bg/ Frame 89EF 		39 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/bg/Dtt_-LR3WxpzwV0Gscftq1A_D1owstvxoTnWWhwY4Ow.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/62bHydCX.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
0edb7ff8b4775b1a73c15d06b1c7edab503f0f5a30b2dbf1a139d65a1c18e0ec
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 29 Dec 2023 19:27:42 GMT
content-encoding
br
x-content-type-options
nosniff
age
70377
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
15165
x-xss-protection
0
last-modified
Tue, 28 Nov 2023 18:18:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Sat, 28 Dec 2024 19:27:42 GMT
css
fonts.googleapis.com/ Frame 4380 		2 KB
489 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Lato:regular|Poppins:regular
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/9373232566376595456/index.html?e=69&leftOffset=0&topOffset=0&c=j4kNvNO9b6&t=1&renderingType=2&ev=01_250
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
40ad67d06519a22417ff121bb7176695e975cb9357a3a61c1e8822e9ed193d47
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://s0.2mdn.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Sat, 30 Dec 2023 15:00:39 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Sat, 30 Dec 2023 15:00:39 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Sat, 30 Dec 2023 15:00:39 GMT
Enabler_01_247.js
s0.2mdn.net/879366/ Frame 4380 		118 KB
40 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s0.2mdn.net/879366/Enabler_01_247.js
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/9373232566376595456/index.html?e=69&leftOffset=0&topOffset=0&c=j4kNvNO9b6&t=1&renderingType=2&ev=01_250
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
e2ec81b19233fd4cd6ef5adcb45c0cbec6bd5673716ba0454ce56b67486ece46
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://s0.2mdn.net/sadbundle/9373232566376595456/index.html?e=69&leftOffset=0&topOffset=0&c=j4kNvNO9b6&t=1&renderingType=2&ev=01_250
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 30 Dec 2023 04:12:33 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
38886
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
41099
x-xss-protection
0
last-modified
Mon, 27 Sep 2021 18:45:07 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=86400
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Sun, 31 Dec 2023 04:12:33 GMT
Adform.DHTML.js
s1.adform.net/banners/scripts/rmb/ Frame 48C7 		30 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s1.adform.net/banners/scripts/rmb/Adform.DHTML.js?bv=630
Requested by
Host: s1.adform.net
URL: https://s1.adform.net/stoat/630/s1.adform.net/load/v/0.0.237/e/2gSBggDQ/i/vCAv.IAAAAAUAA/r:AdConstructor:contents/HTML:types/Standard
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.157.2.249 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software
nginx /
Resource Hash
7a785e8b2ad30e6279397d656a61f70ad6341ee944c310df19593d8fabd79d9f

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 30 Dec 2023 15:00:39 GMT
content-encoding
gzip
last-modified
Tue, 21 Nov 2023 08:14:37 GMT
server
nginx
x-amz-request-id
tx00000eca7d5874acb92e7-00655c671a-3295f919-default
etag
W/"d66b8df08256b7e89279e9f83d1d7c5e"
x-cache-status
HIT
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
x-rgw-object-type
Normal
cache-control
public, max-age=604800
createjs_2019.11.15_min.js
s0.2mdn.net/ads/studio/cached_libs/ Frame 48C7 		236 KB
63 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s0.2mdn.net/ads/studio/cached_libs/createjs_2019.11.15_min.js
Requested by
Host: s1.adform.net
URL: https://s1.adform.net/stoat/630/s1.adform.net/load/v/0.0.237/e/2gSBggDQ/i/vCAv.IAAAAAUAA/r:AdConstructor:contents/HTML:types/Standard
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
bc12347103da4da2ac30f8b4defd567679284e0bad691a54fad78ad804fc9c27
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 30 Dec 2023 15:00:39 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
0
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
64275
x-xss-protection
0
last-modified
Fri, 15 Nov 2019 19:16:20 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=0
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Sat, 30 Dec 2023 15:00:39 GMT
index.js
s1.adform.net/Banners/Elements/Files/2043002/14061508/bvpath_258/ Frame 48C7 		130 KB
29 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s1.adform.net/Banners/Elements/Files/2043002/14061508/bvpath_258/index.js
Requested by
Host: s1.adform.net
URL: https://s1.adform.net/stoat/630/s1.adform.net/load/v/0.0.237/e/2gSBggDQ/i/vCAv.IAAAAAUAA/r:AdConstructor:contents/HTML:types/Standard
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.157.2.249 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software
nginx /
Resource Hash
d7eef9b0ab3136d8787664a3779820a9a1ccd54fd290307928dc76b14b1b15b5

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 30 Dec 2023 15:00:39 GMT
content-encoding
gzip
last-modified
Mon, 11 Dec 2023 10:09:21 GMT
server
nginx
x-amz-request-id
tx0000019fe8d3345d687b3-00658cd552-3295cc06-default
etag
W/"8cd6ef3400eafc46a59883c5c18911c1"
x-cache-status
STALE
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
*
access-control-expose-headers
Content-Range,Content-Length
x-rgw-object-type
Normal
cache-control
public, max-age=604800
decimaround-webfont.woff2
s0.2mdn.net/sadbundle/9373232566376595456/ Frame 4380 		23 KB
23 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://s0.2mdn.net/sadbundle/9373232566376595456/decimaround-webfont.woff2
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/9373232566376595456/index.html?e=69&leftOffset=0&topOffset=0&c=j4kNvNO9b6&t=1&renderingType=2&ev=01_250
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
ef5dafe5eaed774ece1224014fc854b80526ea8d9b2a4dbf49790cb37948b921
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://s0.2mdn.net/sadbundle/9373232566376595456/index.html?e=69&leftOffset=0&topOffset=0&c=j4kNvNO9b6&t=1&renderingType=2&ev=01_250
Origin
https://s0.2mdn.net
accept-language
de-CH,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

expires
Wed, 25 Dec 2024 06:48:24 GMT
date
Tue, 26 Dec 2023 06:48:24 GMT
x-content-type-options
nosniff
age
375135
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
23284
x-xss-protection
0
last-modified
Wed, 29 Jun 2022 08:54:38 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
allow-fenced-frame-automatic-beacons
true
S6uyw4BMUTPHjx4wXg.woff2
fonts.gstatic.com/s/lato/v24/ Frame 4380 		23 KB
23 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/lato/v24/S6uyw4BMUTPHjx4wXg.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Lato:regular|Poppins:regular
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
918b7dc3e2e2d015c16ce08b57bcb64d2253bafc1707658f361e72865498e537
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://s0.2mdn.net
accept-language
de-CH,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 25 Dec 2023 22:07:30 GMT
x-content-type-options
nosniff
age
406389
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
23580
x-xss-protection
0
last-modified
Tue, 02 May 2023 15:17:22 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Tue, 24 Dec 2024 22:07:30 GMT
sodar
pagead2.googlesyndication.com/getconfig/ Frame 4380 		8 KB
6 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=xfad&tv=01_247&st=int
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_247.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
53ff762a6ebff55ea6f42e59054a9bb022ca364987cd8788fa040008efdadf29
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://s0.2mdn.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 30 Dec 2023 15:00:39 GMT
content-encoding
br
x-content-type-options
nosniff
server
cafe
content-type
application/json; charset=UTF-8
access-control-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
5954
x-xss-protection
0
prod_studio_01_247_configurablemodule.js
s0.2mdn.net/879366/ Frame 4380 		31 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s0.2mdn.net/879366/prod_studio_01_247_configurablemodule.js
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_247.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
8460aaf36b73e229c6b0fcaf7bac791e23c3145e87de6a04d0d91541e39289b6
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://s0.2mdn.net/sadbundle/9373232566376595456/index.html?e=69&leftOffset=0&topOffset=0&c=j4kNvNO9b6&t=1&renderingType=2&ev=01_250
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 29 Dec 2023 23:52:23 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
54496
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
10616
x-xss-protection
0
last-modified
Mon, 27 Sep 2021 18:45:04 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=86400
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Sat, 30 Dec 2023 23:52:23 GMT
image.jpg
s1.adform.net/Banners/Elements/Files/2043002/14061508/bvpath_258/images/ Frame 48C7 		124 KB
124 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s1.adform.net/Banners/Elements/Files/2043002/14061508/bvpath_258/images/image.jpg
Requested by
Host: winning-wizard.com
URL: https://winning-wizard.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.157.2.249 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software
nginx /
Resource Hash
b7114bd948d7c267e87a5efecf5e36da76bf1dab4d6d82866756a57f46228a10

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 30 Dec 2023 15:00:39 GMT
last-modified
Mon, 11 Dec 2023 10:09:21 GMT
server
nginx
x-amz-request-id
tx000001597204e13379857-00658cd552-32959ea8-default
etag
"71f88844c198652aa7cda69003af0db0"
x-cache-status
STALE
content-type
image/jpeg
access-control-allow-origin
*
access-control-expose-headers
Content-Range,Content-Length
x-rgw-object-type
Normal
cache-control
public, max-age=604800
accept-ranges
bytes
content-length
127063
view
googleads4.g.doubleclick.net/pcs/ Frame 70B5 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsvF6O4dro0iPjD3yZ3QUiMnCAbMd-DAqZuRnKXTsYp1WAO8C8Kr8c8ru7pZEzBKPcxm9s2z-YCjZ7Gpx2mYLRSEQ4Ppnj8Am-y5mpZ1TMeBLzrN6M99e8H_s30pctERvaVFy1_lgQs18ixsUMS-b9caYBOSbgCQO40kiz57VPSc8IlRlg5ivIUqbrKMfHpGbPzpFqlrZ6-4ldeP9D0pj932sqsceou1lANPClZtdoLD7fo7DgRM_yvD1SuZa3JfdQ8OXj75fyoV9XJoentgDQ1qNWC4F2K7D-i1c-F1Y4gn_IDkNdOrcS5YrZh-Dq_eIboBniYepmegaiElrYUevkOGpIqVABAlzi5qXtOHOSYYD-ReAYNAuxv73pY_CDVrPKVTmRqPVT2PPVOL2n8ZgkEflImOIA7mb0i3KHB6reavKLJarXdWvZ1ETIEBh3gS2QLZwZAhhVoDwHFcAdsE7-6QWZGJuPpofx0wZtYC_rSmfFL1ZL_T20ni3oMapZMfSNrW5yEiYR9pgos7mtOLSI9XIHZZRuXWaCok43MYhtu7EpiR_2k2LkFo1Tk7AJE9zBu7RMooT4w1vcZqzdaem3J9gOliIHCbsnvVMySQ11sksCC-3TjSG-OYt67K0YMGvwwEkYUeovAqra13pIGSYjOBQzn9bqOdr9lOHsOUBugursoYEnqRJnMARgKIuKpzMnJ_XKDIlS-ghwAIVbMqcRdQhiXUL2SN6Ig4B5ycfBjWsEWvxlz-DlvdaBZ757lul_xJ3xQLabDJ-ir0280FHdM_F3ySdE7ibapD_Tq3T8kQujB9JJvMql3OzSlbH5-nlIrhuDIx8Eqb0XvV0Y_R0fwuCm4waDKgeeNccJDeTXWT3826PS8qcmkaawcK000fAzxka2_NXvwDlmpCoEY4PV1LaGtLQcQ8UIaneOWkgfMvbP9m_vKSgKJtKPb_0Hg37gRQdOOODPvc2xtTREWTWLzlgmfOOhHPPcLjLD9g31_FXp8LjsMAvPAVH_79ijer5K6hoNLlc_N0sJ2Y3OwOAhUwouNvbTbwqCpxk4kXIXtr6llL1tyeWcCw9M4cU1ZNRb5gwNFlYq37vM3Yul7c6P-iazmtij0It7In5gweZaoC5FATjJiWsfQIcZM0kmLWNxdgA36foFmKiZup3YzXUyKbdXxQvwnm4unR_aVNwPRUOmzwmzIOoSYr0LKWFFc0pUqaoajGtFTciLl70jGW5_4tUU7woT8ubXNCeGclankQ2R4HlRwQG5HhMZ-Rji_OV71AWxxASU0xwgtN3ZxMEz2cQ7ZDhQ0oQp0kLP0vGwh62lQSb6y0XgeTaVU6oG--3c6-2KqxGxkTWkEagMmZeT3hWuB1joAuofO8ew9WiCAB2E9FMY5fR2rwaif0CqxUpuo5wCshTsiIxbMku_43HNcKNQUJJFQTk-vVcOzmbGqnpuLx_bOm0LRBw0_HqOYA31OyGavPSECZdxEob3sFmm4na43kGkUeUg&sai=AMfl-YRqb7QLz7CQp2Y8zVmwvxasKdrjp-jdHjNdmHAx-Ifov7rPWn2fLT4bN5gWyvtSSjSNMx7qOPuMA3Hm3cKRT6iY86HO_lu-QknfvOIexGihGyJgvXE91ZPtcQk52TBDEaI7L7EgWPFmb508V41kuT9ncDE7gkzoz7xNIHWSLK9bVrnNACJHEFpa7YgsGJ7UDV9HawoyVFe0J9HLZaytWgHSbX_BeHFU0ZQsBefQ1Yr8aUifPqtbHpa2xCyIuZQZABRHwFxUuJnzQEpSkouYX-9HF1ZgYMwOKsNvFj-iEZsGV7wWCf9E9ttZewqubg&sig=Cg0ArKJSzJAvxmMhPSyNEAE&uach_m=%5BUACH%5D&fbs_aeid=%5Bgw_fbsaeid%5D&urlfix=1&omid=0&rm=1&ctpt=223&vt=11&dtpt=140&dett=3&cstd=78&cisv=r20231207.84058&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&arae=0&ftch=1&adurl=
Requested by
Host: winning-wizard.com
URL: https://winning-wizard.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.185.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s52-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 30 Dec 2023 15:00:39 GMT
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server
cafe
content-type
image/gif
access-control-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
private
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
gen_204
pagead2.googlesyndication.com/pagead/ Frame 89EF 		0
20 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=44&t=2&bgai=BVt7FlzCQZdrzCZ6i1PIPw-CdgAQAAAAAOAHgBAI&bg=!XV6lXhHNAAY3kmNgF5I7ADQBe5WfOMPrsttlzkImubGBi34PCERxQVq1jKUOH6-HANLp0eUIPDJ1o89m1fOim-4LLPm8AgAAAEdSAAAAAWgBB5kC6akqL5MOdKI7clDMMWz9XaSLHtFu36DwjdTLFCudMbCoxOCmKdol1o3MsMlv85ga7t4VqqGymE8u4ER381Cn4l-r2lwvgdOxi6riXhWGf149ZRkILLc16hd3NrbZxavBR_xz5ukYmhxjYuYICMrllgRtS3uyb6PZZYAFFHPpUwLRZQhppR_B-PfOM70mT2uGo8jSApO0z8y9Kb8miG5A_2uZ0BnjLEPBxmydPNfFX2Fg3jXpslcLGI2LLmKXXyU5FIAltStrrvf8XiIrNrjQcvY6qDLYwJnUxzrE8Hop-7d641F9q-msq9TXbbz6ZloQTFsTeQMnZABSrBesXIKpq-SWZ-x6KVxy2TKiC5VqKnEhenTA16YhZzgv__-LJ_vL6x4dGF59CcdLnu7nzCZnbuh6hvdvPZP9gPaNXEy6lqd3OgpUO3_4OxsRxlN6xgd8_J5Vy7KCsC-Law5cjTDOvleuTbS5uoQMZS6zgWDA3FUqNmr9pWCeNpYAUvG7401SO84eVbJzCm5GFpLxTxoLFvWHJFTaHYHI1kMS7lgPuFfbEYA2hsaSbnVpyX6mcV5SHTofOEisqULIbuyvEsiklBNtZ7HBILf6H-KkcZbR0WD5shBylImPMWltqVtng98paj079k1VIfaW-HcsQSETxWOPT3Zehj1Lm6OYtosM3Kmd0yu5ESMnKJuJDHBOjlyRmnvnYVLENs9NdbXPMHNv7UNw0PscHW7b0AtJTGRdIhDvSW9hNAHexr9BrLcqHmd-LXPEn50z04Bx0GvMa6aq3f46_BQiqBUEjbCT7m4Wwdo7lFAANIJ6Yb40IZN52jSPL5NWQo9WWxTHisbXz4lmDk-_J7XQyRVGVeLoqXmlp_MGvsUOuDUUsm35BsKCjkheny3Wfwh16Xgx7kALw0L4oKOuj927VHUxUwOZyMZ-h0Enl84Our2MR6RfEXAxeIdkgm54hwoKug6D1D1dhHpIK-M-YpCS707AxV0
Requested by
Host: winning-wizard.com
URL: https://winning-wizard.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 30 Dec 2023 15:00:39 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
11742792276008313793
s0.2mdn.net/simgad/ Frame 4380 		918 KB
918 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/simgad/11742792276008313793
Requested by
Host: winning-wizard.com
URL: https://winning-wizard.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
db018ec8c1f0ad83591ef2a6f90809fbae8fd0c8ab807d904fd2a5c195487a42
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://s0.2mdn.net/sadbundle/9373232566376595456/index.html?e=69&leftOffset=0&topOffset=0&c=j4kNvNO9b6&t=1&renderingType=2&ev=01_250
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

expires
Tue, 24 Dec 2024 21:44:54 GMT
date
Mon, 25 Dec 2023 21:44:54 GMT
x-content-type-options
nosniff
age
407745
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
940186
x-xss-protection
0
last-modified
Wed, 08 Mar 2023 13:52:07 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
allow-fenced-frame-automatic-beacons
true
logo.svg
s0.2mdn.net/sadbundle/9373232566376595456/ Frame 4380 		3 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/sadbundle/9373232566376595456/logo.svg
Requested by
Host: winning-wizard.com
URL: https://winning-wizard.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
1c229e59da3e7db8ea3ac10fda40d79d399da450275ad25d009f41641986c57b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://s0.2mdn.net/sadbundle/9373232566376595456/index.html?e=69&leftOffset=0&topOffset=0&c=j4kNvNO9b6&t=1&renderingType=2&ev=01_250
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

expires
Thu, 26 Dec 2024 19:32:28 GMT
date
Wed, 27 Dec 2023 19:32:28 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
242891
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1277
x-xss-protection
0
last-modified
Wed, 29 Jun 2022 08:54:38 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
allow-fenced-frame-automatic-beacons
true
request-cookies
content.lemonpi.io/a/150/ Frame 8956 		90 B
587 B 		Script
General
Check archive.org
Download Go to
Full URL
https://content.lemonpi.io/a/150/request-cookies?callback=_lemonpiCookiesLoaded
Requested by
Host: creative-libraries.lemonpi.io
URL: https://creative-libraries.lemonpi.io/v1/lemonpi.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
52.209.50.140 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-209-50-140.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
d5053d3e4aa240467d964a4dcc239b7405a69c3e716df1288fafb3a5c1edd2ff
Security Headers
Name Value
Strict-Transport-Security max-age=300; includeSubdomains; preload

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://s0.2mdn.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Sat, 30 Dec 2023 15:00:39 GMT
Strict-Transport-Security
max-age=300; includeSubdomains; preload
Access-Control-Max-Age
1728000
Access-Control-Allow-Methods
GET, POST
Access-Control-Allow-Origin
*
Access-Control-Allow-Credentials
true
Connection
keep-alive
trace-id
2bd251c503a149a1bc6d828220a9eaf1
Access-Control-Allow-Headers
DNT,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization
Content-Length
90
event
content.lemonpi.io/track/ Frame 8956 		47 B
569 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://content.lemonpi.io/track/event?e=%7B%22type%22%3A%22debug%22%2C%22name%22%3A%22lemonpi.config%2Fready%22%2C%22data%22%3A%7B%22lemonpiUuid%22%3A%229703b826-f7e1-4dce-9cab-061fdf9b1127%22%2C%22lifecycleCount%22%3A0%7D%2C%22adsetId%22%3A12050%2C%22creativeId%22%3A10337%2C%22impressionId%22%3A%22dbec0006-d365-4ce6-a0f4-42a2cc87ffac%22%2C%22advertiserId%22%3A150%7D
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/6581696497198049359/index.html?ev=01_250
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
52.209.50.140 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-209-50-140.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
7813226abb8a96b43c775baa0c109186ec8b6e723789ada7aaa43346596b6450
Security Headers
Name Value
Strict-Transport-Security max-age=300; includeSubdomains; preload

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://s0.2mdn.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Sat, 30 Dec 2023 15:00:39 GMT
Strict-Transport-Security
max-age=300; includeSubdomains; preload
Access-Control-Max-Age
1728000
Access-Control-Allow-Methods
GET, POST
Content-Type
image/gif
access-control-allow-origin
*
Access-Control-Allow-Credentials
true
Connection
keep-alive
trace-id
ec39e37bebd345ca92cb4c3d9f7d997e
Access-Control-Allow-Headers
DNT,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization
Content-Length
47
sodar2.js
tpc.googlesyndication.com/sodar/ Frame 4380 		17 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/sodar2.js
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_247.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://s0.2mdn.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 30 Dec 2023 15:00:39 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
6386
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
etag
"1637097310169751"
vary
Accept-Encoding
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Sat, 30 Dec 2023 15:00:39 GMT
74.svg
s0.2mdn.net/sadbundle/6581696497198049359/ Frame 8956 		141 B
159 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/sadbundle/6581696497198049359/74.svg
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/6581696497198049359/studio-style.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
335bf3a1377ac3518b9ff03e11a1982af8d3e841d16efdb7b05ae6ecc3ea0782
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://s0.2mdn.net/sadbundle/6581696497198049359/studio-style.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

expires
Tue, 24 Dec 2024 15:51:13 GMT
date
Mon, 25 Dec 2023 15:51:13 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
428966
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
126
x-xss-protection
0
last-modified
Thu, 27 Oct 2022 07:28:33 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
allow-fenced-frame-automatic-beacons
true
137.svg
s0.2mdn.net/sadbundle/6581696497198049359/ Frame 8956 		444 B
323 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/sadbundle/6581696497198049359/137.svg
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/6581696497198049359/studio-style.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
4938582385703f00475274d4a9b6de609a446e89ea52040a172d91fe57d5531f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://s0.2mdn.net/sadbundle/6581696497198049359/studio-style.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

expires
Sat, 28 Dec 2024 08:55:58 GMT
date
Fri, 29 Dec 2023 08:55:58 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
108281
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
287
x-xss-protection
0
last-modified
Thu, 27 Oct 2022 07:28:33 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
allow-fenced-frame-automatic-beacons
true
100.svg
s0.2mdn.net/sadbundle/6581696497198049359/ Frame 8956 		244 B
219 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/sadbundle/6581696497198049359/100.svg
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/6581696497198049359/studio-style.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
856246a73e306909f430cc16ecc1457dda770b3abd732854df3cf9054b35b31a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://s0.2mdn.net/sadbundle/6581696497198049359/studio-style.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

expires
Sun, 29 Dec 2024 15:00:39 GMT
date
Sat, 30 Dec 2023 15:00:39 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
0
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
179
x-xss-protection
0
last-modified
Thu, 27 Oct 2022 07:28:33 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
allow-fenced-frame-automatic-beacons
true
45.svg
s0.2mdn.net/sadbundle/6581696497198049359/ Frame 8956 		262 B
222 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/sadbundle/6581696497198049359/45.svg
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/6581696497198049359/index.html?ev=01_250
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
0e1956f949ecfd0657de76d32f1000ec49f21f6c70c9f8902de667d73459b0ce
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://s0.2mdn.net/sadbundle/6581696497198049359/index.html?ev=01_250
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

expires
Tue, 24 Dec 2024 22:26:51 GMT
date
Mon, 25 Dec 2023 22:26:51 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
405228
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
182
x-xss-protection
0
last-modified
Thu, 27 Oct 2022 07:28:33 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
allow-fenced-frame-automatic-beacons
true
133.svg
s0.2mdn.net/sadbundle/6581696497198049359/ Frame 8956 		241 B
212 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/sadbundle/6581696497198049359/133.svg
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/6581696497198049359/index.html?ev=01_250
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
ea8e7319ff8bca1c71887b69ae3e749a9a5e8683b5146a2a2696484caa02d80d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://s0.2mdn.net/sadbundle/6581696497198049359/index.html?ev=01_250
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

expires
Wed, 25 Dec 2024 09:00:19 GMT
date
Tue, 26 Dec 2023 09:00:19 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
367220
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
175
x-xss-protection
0
last-modified
Thu, 27 Oct 2022 07:28:33 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
allow-fenced-frame-automatic-beacons
true
14.svg
s0.2mdn.net/sadbundle/6581696497198049359/ Frame 8956 		247 B
222 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/sadbundle/6581696497198049359/14.svg
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/6581696497198049359/index.html?ev=01_250
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
8f0796d6190b92496cb2e06366e4fd7577323a9f926241ff985421badcf5732e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://s0.2mdn.net/sadbundle/6581696497198049359/index.html?ev=01_250
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

expires
Sat, 28 Dec 2024 02:26:09 GMT
date
Fri, 29 Dec 2023 02:26:09 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
131670
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
182
x-xss-protection
0
last-modified
Thu, 27 Oct 2022 07:28:33 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
allow-fenced-frame-automatic-beacons
true
Dtt_-LR3WxpzwV0Gscftq1A_D1owstvxoTnWWhwY4Ow.js
pagead2.googlesyndication.com/bg/ Frame C3AE 		39 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/bg/Dtt_-LR3WxpzwV0Gscftq1A_D1owstvxoTnWWhwY4Ow.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
0edb7ff8b4775b1a73c15d06b1c7edab503f0f5a30b2dbf1a139d65a1c18e0ec
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 29 Dec 2023 19:27:42 GMT
content-encoding
br
x-content-type-options
nosniff
age
70377
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
15165
x-xss-protection
0
last-modified
Tue, 28 Nov 2023 18:18:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Sat, 28 Dec 2024 19:27:42 GMT
truncated
/ Frame 4380 		43 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

accept-language
de-CH,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type
image/gif
11742792276008313793
s0.2mdn.net/simgad/ Frame 4380 		918 KB
918 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/simgad/11742792276008313793
Requested by
Host: winning-wizard.com
URL: https://winning-wizard.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
db018ec8c1f0ad83591ef2a6f90809fbae8fd0c8ab807d904fd2a5c195487a42
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://s0.2mdn.net/sadbundle/9373232566376595456/index.html?e=69&leftOffset=0&topOffset=0&c=j4kNvNO9b6&t=1&renderingType=2&ev=01_250
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

expires
Tue, 24 Dec 2024 21:44:54 GMT
date
Mon, 25 Dec 2023 21:44:54 GMT
x-content-type-options
nosniff
age
407745
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
940186
x-xss-protection
0
last-modified
Wed, 08 Mar 2023 13:52:07 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
allow-fenced-frame-automatic-beacons
true
view
googleads4.g.doubleclick.net/pcs/ Frame B9B3 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjss6C3YABJQOEhEB0OLYViq02f8RMUYtE2pZMT-GH-hInlL-CioRZypwRaQbWc1rL0WN1XmzYqCQNbFk3Z8Y1oQvQOowWDdp0wUOX77zHzj8XSyLdgDzoi7NCQVUaEfahlGpFk3YICnnmGiiALywud_5YEy-z5cTKGsJtWg0DRd6yFbN&sai=AMfl-YRN-2qCvhQDDCsVxURRWIOr-UA_o-1K0v7I9bTNBbMtYk4oOL8WZ5w6ZudCFATUvuifnhAvwWEdFrsGV6wP-SkughfgUzGz4oczooNuAdlPEuHNlSAg6xUcnpHtSA&sig=Cg0ArKJSzLMZu2bdg2vfEAE&uach_m=%5BUACH%5D&fbs_aeid=%5Bgw_fbsaeid%5D&urlfix=1&omid=0&rm=1&ctpt=635&vt=11&dtpt=514&dett=3&cstd=119&cisv=r20231207.46831&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&arae=0&ftch=1&adurl=
Requested by
Host: winning-wizard.com
URL: https://winning-wizard.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s52-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 30 Dec 2023 15:00:39 GMT
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server
cafe
content-type
image/gif
access-control-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
private
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
sodar
pagead2.googlesyndication.com/getconfig/ 		16 KB
12 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20231207&st=env
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202312070101/show_ads_impl_fy2021.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
fda79681589dce147628df83be43d9dee60d7e07a0592427c790dc44b3208c37
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://winning-wizard.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 30 Dec 2023 15:00:39 GMT
content-encoding
br
x-content-type-options
nosniff
server
cafe
content-type
application/json; charset=UTF-8
access-control-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
12245
x-xss-protection
0
log
log.lemonpi.io/ Frame 8956 		2 B
251 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://log.lemonpi.io/log
Requested by
Host: creative-libraries.lemonpi.io
URL: https://creative-libraries.lemonpi.io/v1/lemonpi.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
108.128.186.239 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-108-128-186-239.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df

Request headers

Referer
https://s0.2mdn.net/
accept-language
de-CH,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

access-control-allow-origin
*
Date
Sat, 30 Dec 2023 15:00:40 GMT
Connection
keep-alive
access-control-allow-headers
Content-Type
Content-Length
2
access-control-allow-methods
POST,GET,OPTIONS
Content-Type
text/plain
12050-48303
content.lemonpi.io/a/150/c/8350/content/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://content.lemonpi.io/a/150/c/8350/content/12050-48303?dsp-publisherid=&dsp-lineid=&dsp-creativeid=&dsp-ioid=&dsp-site-url=&impression-id=dbec0006-d365-4ce6-a0f4-42a2cc87ffac
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
52.209.50.140 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-209-50-140.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=300; includeSubdomains; preload

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://s0.2mdn.net
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Access-Control-Allow-Credentials
true
Access-Control-Allow-Headers
DNT,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization
Access-Control-Allow-Methods
GET, POST
Access-Control-Allow-Origin
*
Access-Control-Max-Age
1728000
Connection
keep-alive
Content-Length
0
Date
Sat, 30 Dec 2023 15:00:40 GMT
Strict-Transport-Security
max-age=300; includeSubdomains; preload
12050-48303
content.lemonpi.io/a/150/c/8350/content/ Frame 8956 		20 KB
20 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://content.lemonpi.io/a/150/c/8350/content/12050-48303?dsp-publisherid=&dsp-lineid=&dsp-creativeid=&dsp-ioid=&dsp-site-url=&impression-id=dbec0006-d365-4ce6-a0f4-42a2cc87ffac
Requested by
Host: creative-libraries.lemonpi.io
URL: https://creative-libraries.lemonpi.io/v1/lemonpi.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
52.209.50.140 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-209-50-140.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
a3848b26f59269eecb46a80fce264f9a793b9a87fa805ab77cba4fbde680d7e2
Security Headers
Name Value
Strict-Transport-Security max-age=300; includeSubdomains; preload

Request headers

Referer
https://s0.2mdn.net/
accept-language
de-CH,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type
application/json

Response headers

Date
Sat, 30 Dec 2023 15:00:40 GMT
Strict-Transport-Security
max-age=300; includeSubdomains; preload
Access-Control-Max-Age
1728000
Access-Control-Allow-Methods
GET, POST
Content-Type
application/json; charset=utf-8
Access-Control-Allow-Origin
*
Access-Control-Allow-Credentials
true
Connection
keep-alive
trace-id
c0b598415a6d4983ae0a38c2c42175cc
Access-Control-Allow-Headers
DNT,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization
Content-Length
20301
event
content.lemonpi.io/track/ Frame 8956 		47 B
569 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://content.lemonpi.io/track/event?e=%7B%22type%22%3A%22debug%22%2C%22name%22%3A%22lemonpi.context%2Fready%22%2C%22data%22%3A%7B%22lemonpiUuid%22%3A%229703b826-f7e1-4dce-9cab-061fdf9b1127%22%2C%22lifecycleCount%22%3A1%7D%2C%22adsetId%22%3A12050%2C%22creativeId%22%3A10337%2C%22impressionId%22%3A%22dbec0006-d365-4ce6-a0f4-42a2cc87ffac%22%2C%22advertiserId%22%3A150%7D
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
52.209.50.140 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-209-50-140.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
7813226abb8a96b43c775baa0c109186ec8b6e723789ada7aaa43346596b6450
Security Headers
Name Value
Strict-Transport-Security max-age=300; includeSubdomains; preload

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://s0.2mdn.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Sat, 30 Dec 2023 15:00:39 GMT
Strict-Transport-Security
max-age=300; includeSubdomains; preload
Access-Control-Max-Age
1728000
Access-Control-Allow-Methods
GET, POST
Content-Type
image/gif
access-control-allow-origin
*
Access-Control-Allow-Credentials
true
Connection
keep-alive
trace-id
ecc2155fa59142efada8771282582957
Access-Control-Allow-Headers
DNT,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization
Content-Length
47
dt
dt.adsafeprotected.com/ Frame B9B3 		43 B
215 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dt.adsafeprotected.com/dt?advEntityId=1293200&asId=9d336324-3795-3518-8ec5-3c1f383e25f4&tv=%7Bc:yiqDPd,time:898,type:e,im:%7Bpci:%7Btdr:858%7D%7D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:0,b11:0,cnod:1,gm:0,slTimes:%7Bi:0,o:898,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:17,wc:0.0.1600.1200,ac:NaN.NaN.336.280,am:i,cc:NaN.NaN.336.280,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B894~0%5D,as:%5B894~336.280%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:106,fm:tZW203D+11%7C12%7C13%7C1411%7C151*.1293200-68276434%7C1511%7C1611%7C17%7C18%7C19%7C1a%7C1b%7C1c1%7C1d1,idMap:151*,rmeas:1,rend:1,renddet:XIFRAME.qs.lf,siq:18,sis:237%7D&br=c
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:1f18:1aca:4282:3137:249d:649b:b354 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
nginx /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 30 Dec 2023 15:00:40 GMT
server
nginx
x-server-name
dt23.va.303net.net
p3p
CP="COM NAV INT STA NID OUR IND NOI"
content-type
image/gif
cache-control
no-cache
content-length
43
sodar2.js
tpc.googlesyndication.com/sodar/ 		17 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/sodar2.js
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202312070101/show_ads_impl_fy2021.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://winning-wizard.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 30 Dec 2023 15:00:40 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
6386
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
etag
"1637097310169751"
vary
Accept-Encoding
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Sat, 30 Dec 2023 15:00:40 GMT
runner.html
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 8038 		13 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://winning-wizard.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language
de-CH,de;q=0.9

Response headers

accept-ranges
bytes
age
104802
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, max-age=31536000
content-encoding
gzip
content-length
5046
content-type
text/html
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy
cross-origin
date
Fri, 29 Dec 2023 09:53:58 GMT
expires
Sat, 28 Dec 2024 09:53:58 GMT
last-modified
Mon, 21 Jun 2021 20:47:05 GMT
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server
sffe
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
aframe
www.google.com/recaptcha/api2/ Frame ACA4 		829 B
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.google.com/recaptcha/api2/aframe
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81c::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
24ae285de70e97454df4b4be46427f770e257a91896db13dc8706e7d3f7dae89
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-wmTYzpYkw4VAloMACKuL7A' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://winning-wizard.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language
de-CH,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private, max-age=300
content-encoding
gzip
content-security-policy
script-src 'report-sample' 'nonce-wmTYzpYkw4VAloMACKuL7A' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type
text/html; charset=utf-8
cross-origin-embedder-policy
require-corp
cross-origin-resource-policy
cross-origin
date
Sat, 30 Dec 2023 15:00:40 GMT
expires
Sat, 30 Dec 2023 15:00:40 GMT
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server
GSE
x-content-type-options
nosniff
x-xss-protection
1; mode=block
Dtt_-LR3WxpzwV0Gscftq1A_D1owstvxoTnWWhwY4Ow.js
pagead2.googlesyndication.com/bg/ Frame 8038 		39 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/bg/Dtt_-LR3WxpzwV0Gscftq1A_D1owstvxoTnWWhwY4Ow.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
0edb7ff8b4775b1a73c15d06b1c7edab503f0f5a30b2dbf1a139d65a1c18e0ec
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 29 Dec 2023 19:27:42 GMT
content-encoding
br
x-content-type-options
nosniff
age
70378
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
15165
x-xss-protection
0
last-modified
Tue, 28 Nov 2023 18:18:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Sat, 28 Dec 2024 19:27:42 GMT
activeview
pagead2.googlesyndication.com/pcs/ Frame 37B1 		42 B
64 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjssrXps1K2TkyYJ9SD6nAAh2vRjJLswfHA40Q-1--GOarz5eNDK2eHJ66hVqEndcNKRbmF68TnlsXpYXI4GZDoMbKfQ4EDQMvvrQiwPkpeVqB42MaHn6INtUlsXzIgMWnLuh9mOAxtPpJleFpQs5MiPAfJ4P&sai=AMfl-YSoc2oCZLW5QkXhvUElh2jj-2Vh571aZXX2n1S7v7IC5H7LF3-FXF3KKnfVdDzYdIYPoziX2WAhCwDn8tBDi8ajJmRJ78hqvk6sIlg1flhPoRC93ujkZXNI453zArgeJlJkPRgOQoLHVKQ21-JVmg&sig=Cg0ArKJSzG8qUnNeIU5rEAE&cid=CAQSTwAvHhf_O3G3P9FAnzuLjiZfBoVdwu4K54NfCeYaHSvSiNh6KLWHLka68BzOprD2CK9kyup_tspsGU2XdAHnu17G6ORJc0eqoJYamDO1TBcYAQ&id=lidar2&mcvt=1000&p=0,0,245,950&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20231213&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=22&adk=1212762373&rs=2&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&vs=4&r=v&rst=1703948438894&rpt=216&met=mue&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 30 Dec 2023 15:00:40 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
access-control-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
sodar
pagead2.googlesyndication.com/pagead/ Frame ACA4 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20231207&jk=3836462664446130&rc=
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://www.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers
px.gif
fundingchoicesmessages.google.com/img/ 		43 B
68 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://fundingchoicesmessages.google.com/img/px.gif?ch=1&rn=2.1651119582949367
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
Security Headers
Name Value
Content-Security-Policy require-trusted-types-for 'script';report-uri /_/ContributorServingDetectionHttp/cspreport, script-src 'report-sample' 'nonce--fPhXeFx1iZWshM71C2KuQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingDetectionHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingDetectionHttp/cspreport/allowlist
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://winning-wizard.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 30 Dec 2023 15:00:40 GMT
content-security-policy
require-trusted-types-for 'script';report-uri /_/ContributorServingDetectionHttp/cspreport, script-src 'report-sample' 'nonce--fPhXeFx1iZWshM71C2KuQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingDetectionHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingDetectionHttp/cspreport/allowlist
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
pragma
no-cache
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy
same-origin
server
ESF
vary
Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-frame-options
SAMEORIGIN
content-type
image/gif
cache-control
no-cache, no-store, max-age=0, must-revalidate
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
expires
Mon, 01 Jan 1990 00:00:00 GMT
px.gif
fundingchoicesmessages.google.com/img/ 		43 B
68 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://fundingchoicesmessages.google.com/img/px.gif?ch=2&rn=8.532541980388306
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-ekicWUPAg0Fi1aG4aven_w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingDetectionHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingDetectionHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorServingDetectionHttp/cspreport
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://winning-wizard.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 30 Dec 2023 15:00:40 GMT
content-security-policy
script-src 'report-sample' 'nonce-ekicWUPAg0Fi1aG4aven_w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingDetectionHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingDetectionHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorServingDetectionHttp/cspreport
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
pragma
no-cache
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy
same-origin
server
ESF
vary
Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-frame-options
SAMEORIGIN
content-type
image/gif
cache-control
no-cache, no-store, max-age=0, must-revalidate
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
expires
Mon, 01 Jan 1990 00:00:00 GMT
generate_204
tpc.googlesyndication.com/ Frame 8038 		0
12 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/generate_204?aLWeBw
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:81c::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 30 Dec 2023 15:00:40 GMT
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
log
log.lemonpi.io/ Frame 8956 		2 B
251 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://log.lemonpi.io/log
Requested by
Host: creative-libraries.lemonpi.io
URL: https://creative-libraries.lemonpi.io/v1/lemonpi.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
108.128.186.239 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-108-128-186-239.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df

Request headers

Referer
https://s0.2mdn.net/
accept-language
de-CH,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

access-control-allow-origin
*
Date
Sat, 30 Dec 2023 15:00:40 GMT
Connection
keep-alive
access-control-allow-headers
Content-Type
Content-Length
2
access-control-allow-methods
POST,GET,OPTIONS
Content-Type
text/plain
event
content.lemonpi.io/track/ Frame 8956 		47 B
569 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://content.lemonpi.io/track/event?e=%7B%22type%22%3A%22debug%22%2C%22name%22%3A%22lemonpi.content%2Ffetched%22%2C%22data%22%3A%7B%22lemonpiUuid%22%3A%229703b826-f7e1-4dce-9cab-061fdf9b1127%22%2C%22lifecycleCount%22%3A1%7D%2C%22adsetId%22%3A12050%2C%22creativeId%22%3A10337%2C%22impressionId%22%3A%22dbec0006-d365-4ce6-a0f4-42a2cc87ffac%22%2C%22advertiserId%22%3A150%7D
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
52.209.50.140 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-209-50-140.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
7813226abb8a96b43c775baa0c109186ec8b6e723789ada7aaa43346596b6450
Security Headers
Name Value
Strict-Transport-Security max-age=300; includeSubdomains; preload

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://s0.2mdn.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Sat, 30 Dec 2023 15:00:40 GMT
Strict-Transport-Security
max-age=300; includeSubdomains; preload
Access-Control-Max-Age
1728000
Access-Control-Allow-Methods
GET, POST
Content-Type
image/gif
access-control-allow-origin
*
Access-Control-Allow-Credentials
true
Connection
keep-alive
trace-id
618c195021ea4c1b8f0382f74570bfbf
Access-Control-Allow-Headers
DNT,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization
Content-Length
47
event
content.lemonpi.io/track/ Frame 8956 		47 B
569 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://content.lemonpi.io/track/event?e=%7B%22content%22%3A%7B%22source%22%3A%22lemonpi%22%7D%2C%22version%22%3A2%2C%22type%22%3A%22impression%22%2C%22schema%22%3A%22adset-creative%22%2C%22impression-id%22%3A%22dbec0006-d365-4ce6-a0f4-42a2cc87ffac%22%2C%22adset-id%22%3A12050%2C%22creative-id%22%3A10337%2C%22advertiser-id%22%3A150%2C%22creative-revision-id%22%3A48303%7D
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
52.209.50.140 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-209-50-140.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
7813226abb8a96b43c775baa0c109186ec8b6e723789ada7aaa43346596b6450
Security Headers
Name Value
Strict-Transport-Security max-age=300; includeSubdomains; preload

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://s0.2mdn.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Sat, 30 Dec 2023 15:00:40 GMT
Strict-Transport-Security
max-age=300; includeSubdomains; preload
Access-Control-Max-Age
1728000
Access-Control-Allow-Methods
GET, POST
Content-Type
image/gif
access-control-allow-origin
*
Access-Control-Allow-Credentials
true
Connection
keep-alive
trace-id
8b755cde147c44cca2f06acd159de1a8
Access-Control-Allow-Headers
DNT,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization
Content-Length
47
event
content.lemonpi.io/track/ Frame 8956 		47 B
569 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://content.lemonpi.io/track/event?e=%7B%22type%22%3A%22debug%22%2C%22name%22%3A%22lemonpi.content%2Fready%22%2C%22data%22%3A%7B%22lemonpiUuid%22%3A%229703b826-f7e1-4dce-9cab-061fdf9b1127%22%2C%22lifecycleCount%22%3A1%2C%22contentFetchTime%22%3A0%7D%2C%22adsetId%22%3A12050%2C%22creativeId%22%3A10337%2C%22impressionId%22%3A%22dbec0006-d365-4ce6-a0f4-42a2cc87ffac%22%2C%22advertiserId%22%3A150%7D
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
52.209.50.140 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-209-50-140.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
7813226abb8a96b43c775baa0c109186ec8b6e723789ada7aaa43346596b6450
Security Headers
Name Value
Strict-Transport-Security max-age=300; includeSubdomains; preload

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://s0.2mdn.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Sat, 30 Dec 2023 15:00:40 GMT
Strict-Transport-Security
max-age=300; includeSubdomains; preload
Access-Control-Max-Age
1728000
Access-Control-Allow-Methods
GET, POST
Content-Type
image/gif
access-control-allow-origin
*
Access-Control-Allow-Credentials
true
Connection
keep-alive
trace-id
8e0ac5dc557f4d5eb5235aedbe40380c
Access-Control-Allow-Headers
DNT,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization
Content-Length
47
event
content.lemonpi.io/track/ Frame 8956 		47 B
569 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://content.lemonpi.io/track/event?e=%7B%22type%22%3A%22debug%22%2C%22name%22%3A%22lemonpi.content%2Fready%22%2C%22data%22%3A%7B%22lemonpiUuid%22%3A%229703b826-f7e1-4dce-9cab-061fdf9b1127%22%2C%22lifecycleCount%22%3A1%7D%2C%22adsetId%22%3A12050%2C%22creativeId%22%3A10337%2C%22impressionId%22%3A%22dbec0006-d365-4ce6-a0f4-42a2cc87ffac%22%2C%22advertiserId%22%3A150%7D
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
52.209.50.140 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-209-50-140.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
7813226abb8a96b43c775baa0c109186ec8b6e723789ada7aaa43346596b6450
Security Headers
Name Value
Strict-Transport-Security max-age=300; includeSubdomains; preload

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://s0.2mdn.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Sat, 30 Dec 2023 15:00:40 GMT
Strict-Transport-Security
max-age=300; includeSubdomains; preload
Access-Control-Max-Age
1728000
Access-Control-Allow-Methods
GET, POST
Content-Type
image/gif
access-control-allow-origin
*
Access-Control-Allow-Credentials
true
Connection
keep-alive
trace-id
c57d0ce14149441480f0f49d1d4e91af
Access-Control-Allow-Headers
DNT,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization
Content-Length
47
AGSKWxW4roUTfGzf00dY8Uu-wCZeG-hROozh_CNwcc0uaKBm6InsiwAxi9bRjH7yhqPlnsa6AXj49t4Cxh7bE0J-JcbQovUfKYFphIf5sGxQITL0iS6flbBRqChmZO12yOj8Y4T7qUeEkw==
fundingchoicesmessages.google.com/el/ 		0
28 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://fundingchoicesmessages.google.com/el/AGSKWxW4roUTfGzf00dY8Uu-wCZeG-hROozh_CNwcc0uaKBm6InsiwAxi9bRjH7yhqPlnsa6AXj49t4Cxh7bE0J-JcbQovUfKYFphIf5sGxQITL0iS6flbBRqChmZO12yOj8Y4T7qUeEkw==
Requested by
Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.de.UvFBQR34S5U.es5.O/am=wA/d=1/rs=AJlcJMwHoQ20fbHqWwNC8d65sakOgGWhJg/m=kernel_loader,loader_js_executable
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-Zm2arAFOxV8Z-7VeVBLOWA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://winning-wizard.com/
accept-language
de-CH,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type
text/plain

Response headers

date
Sat, 30 Dec 2023 15:00:40 GMT
content-security-policy
require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-Zm2arAFOxV8Z-7VeVBLOWA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
pragma
no-cache
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy
same-origin
server
ESF
vary
Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
access-control-max-age
86400
access-control-allow-methods
POST, GET, OPTIONS
access-control-allow-origin
https://winning-wizard.com
content-type
text/html; charset=utf-8
cache-control
no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials
true
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
x-frame-options
SAMEORIGIN
expires
Mon, 01 Jan 1990 00:00:00 GMT
event
content.lemonpi.io/track/ Frame 8956 		47 B
569 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://content.lemonpi.io/track/event?e=%7B%22type%22%3A%22debug%22%2C%22name%22%3A%22lemonpi.content%2Frendered%22%2C%22data%22%3A%7B%22lemonpiUuid%22%3A%229703b826-f7e1-4dce-9cab-061fdf9b1127%22%2C%22lifecycleCount%22%3A1%7D%2C%22adsetId%22%3A12050%2C%22creativeId%22%3A10337%2C%22impressionId%22%3A%22dbec0006-d365-4ce6-a0f4-42a2cc87ffac%22%2C%22advertiserId%22%3A150%7D
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
52.209.50.140 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-209-50-140.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
7813226abb8a96b43c775baa0c109186ec8b6e723789ada7aaa43346596b6450
Security Headers
Name Value
Strict-Transport-Security max-age=300; includeSubdomains; preload

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://s0.2mdn.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Sat, 30 Dec 2023 15:00:40 GMT
Strict-Transport-Security
max-age=300; includeSubdomains; preload
Access-Control-Max-Age
1728000
Access-Control-Allow-Methods
GET, POST
Content-Type
image/gif
access-control-allow-origin
*
Access-Control-Allow-Credentials
true
Connection
keep-alive
trace-id
132110e3e6a44d6c97120c0ac74cc3d7
Access-Control-Allow-Headers
DNT,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization
Content-Length
47
kosi
track.ghgjarvis.com/ Frame 8956 		68 B
151 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://track.ghgjarvis.com/kosi?uid=0&gdpr_consent=false&clientid=6&bannerid=AUDI-CH-ODC-47%20IAB5%20-%20Interest%20-%20Always%20On%20-%20Sept21&bannersize=336x280&interactiontype=impression&interactionlabel=&interactionarea=the%20creative&mousecoordinatesx=0&mousecoordinatesy=0&timepassed=0&phase=start&numberofeventstriggered=0&variant=&lemonpiadsetid=12050&appnexusauctionid=0&appnexuscampaignid=0&appnexuscreativeid=0&templatetype=&appnexusadvertiserid=0&kosiversion=4.0.7&environment=live&impressionid=60ec6dd1e-0822-e49a-0b54-f1f53c890663&custom1=&custom2=&custom3=&custom4=&custom5=not_viewable&screenresolution=1600x1200&devicepixelratio=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
54.73.206.118 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-73-206-118.eu-west-1.compute.amazonaws.com
Software
Kestrel /
Resource Hash
63ef318d96b5d0d0ceba6e04a4e622b1158335cdc67c49e27839132c6f655058

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://s0.2mdn.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 30 Dec 2023 15:00:40 GMT
server
Kestrel
content-length
68
content-type
image/png
957050df9b7a44032eba07a45c539f3b.jpg
assets.lemonpi.io/a/150/ Frame 8956 		19 KB
19 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://assets.lemonpi.io/a/150/957050df9b7a44032eba07a45c539f3b.jpg
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:243d:ba00:f:7bbd:36c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
b7ebb32d384268f0bc36c64b903c5635cf98adb003f141c56336b98ec0555bde

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://s0.2mdn.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 30 Dec 2023 14:56:15 GMT
via
1.1 ea3d06e94081b5e61e2cf220951142d0.cloudfront.net (CloudFront)
last-modified
Wed, 01 Dec 2021 12:47:13 GMT
server
AmazonS3
x-amz-cf-pop
DUS51-P4
age
266
etag
"7dc6bcdd529b87c7f5cb51d84fe616b7-1"
x-cache
Hit from cloudfront
content-type
image/jpeg
accept-ranges
bytes
content-length
19180
x-amz-cf-id
JZw3eEis6zMR5mIPxn5kjPBV8PPyGgVca_9uq6ONb5G3L13a1SIT6w==
e142c6ddaaf74ba58deb96c231d6fdbd.svg
assets.lemonpi.io/a/150/ Frame 8956 		883 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://assets.lemonpi.io/a/150/e142c6ddaaf74ba58deb96c231d6fdbd.svg
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:243d:ba00:f:7bbd:36c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
dbaa426769789bd75a8a55682484208d36207cc12f9e01c487f97f49fc4c3d78

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://s0.2mdn.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 30 Dec 2023 14:50:04 GMT
via
1.1 ea3d06e94081b5e61e2cf220951142d0.cloudfront.net (CloudFront)
last-modified
Wed, 26 Jan 2022 08:24:45 GMT
server
AmazonS3
x-amz-cf-pop
DUS51-P4
age
2147
etag
"b49d484b00afba0cded1fd06938452e4-1"
x-cache
Hit from cloudfront
content-type
image/svg+xml
accept-ranges
bytes
content-length
883
x-amz-cf-id
OJlL-PH1m5NxNcn68HMH7HT25r4ka-TidEg33F8WAChNUhmjL_sNoQ==
AudiType-ExtendedNormal.woff2
s0.2mdn.net/sadbundle/6581696497198049359/ Frame 8956 		43 KB
43 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://s0.2mdn.net/sadbundle/6581696497198049359/AudiType-ExtendedNormal.woff2
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
1da122614781b2512f2a11cecaa9192272f9f52065f570e64cd885a48b6b36d8
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://s0.2mdn.net/sadbundle/6581696497198049359/index.html?ev=01_250
Origin
https://s0.2mdn.net
accept-language
de-CH,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

expires
Fri, 27 Dec 2024 11:54:01 GMT
date
Thu, 28 Dec 2023 11:54:01 GMT
x-content-type-options
nosniff
age
183999
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
44272
x-xss-protection
0
last-modified
Thu, 27 Oct 2022 07:28:33 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
allow-fenced-frame-automatic-beacons
true
AudiType-Normal_08.woff
s0.2mdn.net/sadbundle/6581696497198049359/ Frame 8956 		143 KB
143 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://s0.2mdn.net/sadbundle/6581696497198049359/AudiType-Normal_08.woff
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
ae64d757b28500e5f59e3a801286a29a844be14078da53a327582bb0c3506e42
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://s0.2mdn.net/sadbundle/6581696497198049359/index.html?ev=01_250
Origin
https://s0.2mdn.net
accept-language
de-CH,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

expires
Tue, 24 Dec 2024 22:26:52 GMT
date
Mon, 25 Dec 2023 22:26:52 GMT
x-content-type-options
nosniff
age
405228
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
146605
x-xss-protection
0
last-modified
Thu, 27 Oct 2022 07:28:33 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
font/woff
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
allow-fenced-frame-automatic-beacons
true
2954b82747019a41ed02dc8ad805c805.json
image.lemonpi.io/img/https://assets.lemonpi.io/a/150/ Frame 8956 		94 KB
95 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://image.lemonpi.io/img/https://assets.lemonpi.io/a/150/2954b82747019a41ed02dc8ad805c805.json
Requested by
Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/jquery/3.4.1/jquery.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2156:fe00:1:5992:c8c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
69844f047838ecf5204c54453c4781c46270b4d6ddd93687ba5c0435062ce815
Security Headers
Name Value
Strict-Transport-Security max-age=300; includeSubdomains; preload

Request headers

Accept
*/*
Referer
https://s0.2mdn.net/
accept-language
de-CH,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 30 Dec 2023 05:03:59 GMT
strict-transport-security
max-age=300; includeSubdomains; preload
via
1.1 45de888accabe1a1cb5a389e8c9c1e06.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA50-C1
age
35801
access-control-max-age
1728000
access-control-allow-methods
GET, POST
content-type
application/json
access-control-allow-origin
*
x-cache
Hit from cloudfront
access-control-allow-credentials
true
trace-id
7d0b4e4410674ab2aa56481547df2f71
access-control-allow-headers
DNT,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization
content-length
96390
x-amz-cf-id
LmGrxPj6BIc7UCU3joBMeMrBtE_lBjW1DhNM8HcekMeB8HC3jDQgxg==
3a800d015d5bab28e8f228f33821d748.jpg
assets.lemonpi.io/a/150/ Frame 8956 		18 KB
18 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://assets.lemonpi.io/a/150/3a800d015d5bab28e8f228f33821d748.jpg
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:243d:ba00:f:7bbd:36c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
f4188f3023032fe9b1a9249ecf10dfd40abf1cff8bbe26fc7fb8f68c2216eb5e

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://s0.2mdn.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 30 Dec 2023 14:31:59 GMT
via
1.1 ea3d06e94081b5e61e2cf220951142d0.cloudfront.net (CloudFront)
last-modified
Mon, 20 Dec 2021 14:33:47 GMT
server
AmazonS3
x-amz-cf-pop
DUS51-P4
age
1722
etag
"78e87eb5cbe765c829ed88d6055cef16-1"
x-cache
Hit from cloudfront
content-type
image/jpeg
accept-ranges
bytes
content-length
17934
x-amz-cf-id
F9aieiyHHlZmW0NjxkCA4rWkruvzneWGcY1w0_TEuqk7qedmXi8-TA==
bd96cc46-7ca5-403d-a183-65694c7d6e29.jpg
mediaservice.audi.com/media/cdb/data/ Frame 8956 		21 KB
21 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://mediaservice.audi.com/media/cdb/data/bd96cc46-7ca5-403d-a183-65694c7d6e29.jpg?alt=//www.audi.ch/bin/nemo.static/cms4i-nemo/assets/img/fallback/fb-pattern.png
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.229.202.7 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (muc/3355) /
Resource Hash
b803459801c9b53216edeffb784c98542309d0862e424fc33a820342ecbf51a1
Security Headers
Name Value
Strict-Transport-Security max-age=7884000 ; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://s0.2mdn.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 30 Dec 2023 15:00:40 GMT
strict-transport-security
max-age=7884000 ; includeSubDomains
x-content-type-options
nosniff
age
329093
x-cache
HIT
content-length
21196
x-xss-protection
1; mode=block
last-modified
Mon, 27 Feb 2023 14:23:51 GMT
server
ECAcc (muc/3355)
etag
"bd96cc46-7ca5-403d-a183-65694c7d6e29"
content-type
image/png
x-ruleset-version
2.2
cache-control
max-age=604800
accept-ranges
bytes
x-edgio-rewrite
/801C0BF8/origin-mediaservice/media/cdb/data/bd96cc46-7ca5-403d-a183-65694c7d6e29.jpg
x-mediastatus
OK
expires
Sat, 06 Jan 2024 15:00:40 GMT
968917c5-bdab-4b39-ad70-879447d3455c.jpg
mediaservice.audi.com/media/cdb/data/ Frame 8956 		78 KB
78 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://mediaservice.audi.com/media/cdb/data/968917c5-bdab-4b39-ad70-879447d3455c.jpg?alt=//www.audi.ch/bin/nemo.static/cms4i-nemo/assets/img/fallback/fb-pattern.png
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.229.202.7 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (muc/3355) /
Resource Hash
7c142c1b9411bcd7ff900ec74b91dd43ffc850a5c07b77fba4667ba144ab736e
Security Headers
Name Value
Strict-Transport-Security max-age=7884000 ; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://s0.2mdn.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 30 Dec 2023 15:00:40 GMT
strict-transport-security
max-age=7884000 ; includeSubDomains
x-content-type-options
nosniff
age
342453
x-cache
HIT
content-length
80078
x-xss-protection
1; mode=block
last-modified
Thu, 09 Mar 2023 11:07:16 GMT
server
ECAcc (muc/3355)
etag
"968917c5-bdab-4b39-ad70-879447d3455c"
content-type
image/png
x-ruleset-version
2.2
cache-control
max-age=604800
accept-ranges
bytes
x-edgio-rewrite
/801C0BF8/origin-mediaservice/media/cdb/data/968917c5-bdab-4b39-ad70-879447d3455c.jpg
x-mediastatus
OK
expires
Sat, 06 Jan 2024 15:00:40 GMT
064d7567-3915-4306-b978-6a5d6d485fe7.jpg
mediaservice.audi.com/media/cdb/data/ Frame 8956 		94 KB
94 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://mediaservice.audi.com/media/cdb/data/064d7567-3915-4306-b978-6a5d6d485fe7.jpg?alt=//www.audi.ch/bin/nemo.static/cms4i-nemo/assets/img/fallback/fb-pattern.png
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.229.202.7 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (muc/330A) /
Resource Hash
1ea35fb46e9a5c09a7920472fb385c0e9a84f4b42d73f8756d72871b3dc45fea
Security Headers
Name Value
Strict-Transport-Security max-age=7884000 ; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://s0.2mdn.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 30 Dec 2023 15:00:40 GMT
strict-transport-security
max-age=7884000 ; includeSubDomains
x-content-type-options
nosniff
age
262739
x-cache
HIT
content-length
96240
x-xss-protection
1; mode=block
last-modified
Thu, 09 Mar 2023 13:53:04 GMT
server
ECAcc (muc/330A)
etag
"064d7567-3915-4306-b978-6a5d6d485fe7"
content-type
image/png
x-ruleset-version
2.2
cache-control
max-age=604800
accept-ranges
bytes
x-edgio-rewrite
/801C0BF8/origin-mediaservice/media/cdb/data/064d7567-3915-4306-b978-6a5d6d485fe7.jpg
x-mediastatus
OK
expires
Sat, 06 Jan 2024 15:00:40 GMT
a399a6ee-5206-4906-a0b5-a088561233d3.jpg
mediaservice.audi.com/media/cdb/data/ Frame 8956 		30 KB
30 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://mediaservice.audi.com/media/cdb/data/a399a6ee-5206-4906-a0b5-a088561233d3.jpg?alt=//www.audi.ch/bin/nemo.static/cms4i-nemo/assets/img/fallback/fb-pattern.png
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.229.202.7 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (muc/331C) /
Resource Hash
e99dff49c7c99247de6542b0388d26bdf3bb1291e50f85872b1734bd17a72582
Security Headers
Name Value
Strict-Transport-Security max-age=7884000 ; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://s0.2mdn.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 30 Dec 2023 15:00:40 GMT
strict-transport-security
max-age=7884000 ; includeSubDomains
x-content-type-options
nosniff
age
343238
x-cache
HIT
content-length
30428
x-xss-protection
1; mode=block
last-modified
Thu, 09 Mar 2023 13:41:55 GMT
server
ECAcc (muc/331C)
etag
"a399a6ee-5206-4906-a0b5-a088561233d3"
content-type
image/png
x-ruleset-version
2.2
cache-control
max-age=604800
accept-ranges
bytes
x-edgio-rewrite
/801C0BF8/origin-mediaservice/media/cdb/data/a399a6ee-5206-4906-a0b5-a088561233d3.jpg
x-mediastatus
OK
expires
Sat, 06 Jan 2024 15:00:40 GMT
be0b6822-f1f6-461c-b034-9adb58c3c699.jpg
mediaservice.audi.com/media/cdb/data/ Frame 8956 		73 KB
73 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://mediaservice.audi.com/media/cdb/data/be0b6822-f1f6-461c-b034-9adb58c3c699.jpg?alt=//www.audi.ch/bin/nemo.static/cms4i-nemo/assets/img/fallback/fb-pattern.png
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.229.202.7 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (muc/3354) /
Resource Hash
4bc1375fe1e79ab6a71efa3f8db42a98f69c5ed92574ffe9cd54d807cfe2611b
Security Headers
Name Value
Strict-Transport-Security max-age=7884000 ; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://s0.2mdn.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 30 Dec 2023 15:00:40 GMT
strict-transport-security
max-age=7884000 ; includeSubDomains
x-content-type-options
nosniff
age
335646
x-cache
HIT
content-length
74458
x-xss-protection
1; mode=block
last-modified
Wed, 15 Mar 2023 07:54:03 GMT
server
ECAcc (muc/3354)
etag
"be0b6822-f1f6-461c-b034-9adb58c3c699"
content-type
image/png
x-ruleset-version
2.2
cache-control
max-age=604800
accept-ranges
bytes
x-edgio-rewrite
/801C0BF8/origin-mediaservice/media/cdb/data/be0b6822-f1f6-461c-b034-9adb58c3c699.jpg
x-mediastatus
OK
expires
Sat, 06 Jan 2024 15:00:40 GMT
activeview
pagead2.googlesyndication.com/pcs/ Frame 9DBA 		42 B
64 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjssYF49QNXiuNRhNzRfERtMTZY6eZlmuRnncfBSMwhluHDo32Glkc9AmpLkfTzZ-ycjD109SQpSsU7QWSi4wGz9xpX0NzGsHikCqqUmy1-EvdmCVnIgFmKkCiniI9Dnbk0M25ra1RIGfl6Q&sai=AMfl-YQ0gsURtni7QdjWayrZnZCYXFOHe36JBXOp5H3ZVAm0nECV4fgVPBcUmFysySRD_CGFkgWe5TQ0bOXRp9EH5QmyhQUm8AGe28jxixrEcIQdARJWE-BJken0YjeGIPJoDF3qb5geovPTkxXK8oe3&sig=Cg0ArKJSzIsVRQhNPFt7EAE&cid=CAQSTgAvHhf_KX8M4q8RcZSge-n7HuKw9WxtyKduCWxfIN2rOJDW4sW2niQpWTh1XtlX0WI-VPErNvJ3liRZu-ml-QFnWRL6lsaoWLW1crSMbxgB&id=lidar2&mcvt=1000&p=0,0,604,160&mtos=155,1000,1000,1000,1000&tos=155,845,0,0,0&v=20231213&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=20&adk=2691795975&rs=2&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&vs=4&r=v&rst=1703948438530&rpt=866&met=ie&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 30 Dec 2023 15:00:40 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
access-control-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame 9DBA 		0
20 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=5282216912859&version=m202309260101&ct=77&x=1&cor=9208084727775322000
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 30 Dec 2023 15:00:40 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
activeview
pagead2.googlesyndication.com/pcs/ Frame B9B3 		42 B
64 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsuD8nS-vl1PTPU1UR2C4p-JQkQi4eSWltJPeg_Y3AZfdpnP5oI3wjVU9CpHoGb4Bpq09sQZNzfRtjmzwJ1zseA_O5wtfT8S43Xtb-beQ5Vsp33-m0maTxKs2qzFVcGTNbahcwvfLGdcxBQX7uN1v5zUksnG&sai=AMfl-YTL64Kr3vKu6nDr0CBgQIBaryqhMlI8eGhP53FaVEE1AZdx3vZCc4a6-2IysCa61hliRYzdfzNlKcmOLb-NoRRJY0bhooLJm4kh9MH9b04nCcoLCQ3jWDca76bUCc1DPhOF8ej9AJrntxmTvEne&sig=Cg0ArKJSzJ7UsPq1hjKPEAE&cid=CAQSTgAvHhf_0es9-dJrVlO28VRPnQoismpqK7OL_9neebLHGCn564ogq5J9pVQ9fAWtlf_jR0sh5xt3riwffpYu-AFCbNfdHHo9hk1-5qsZ7BgB&id=lidar2&mcvt=1000&p=0,295,30,336&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20231213&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=3925734055&rs=2&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&vs=4&r=v&rst=1703948438508&rpt=796&met=ie&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 30 Dec 2023 15:00:40 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
access-control-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
activeview
pagead2.googlesyndication.com/pcs/ Frame 70B5 		42 B
64 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsu1xYXqMPwJ6iLHU2uL2jX1Svw7LRFYDa4rcGrGBMjP7Sgtww-wWnlfgvwRkUWC7qwKOeASAHSCam_lF5W65B-OUoE2tATmYhyE2RXzopLr9qBq1eWq2TLpgElMvNnjDKw7najiqooQ1_LuETGLxs3TirhZxw&sai=AMfl-YRv8TdQk4dx0p7DGgeicR8syJxviSqvUDiSGayxVuvMv0dQbLq5hURxI8kbsUSTfIE5C_RWEjAwYkiygEeu7rl-aiDbLWH2rt8Z8ItZglSxtTpemVL-xyuvgthDUhfRnOPmWS0EkVUDn2gL_LBF&sig=Cg0ArKJSzPbceGvTk6PwEAE&cid=CAQSTgAvHhf_KWby_hJve5SFexQS_up9XNzs4ps0eRGvpU93gM3ZQLcrM8wtxV0IHcm2j1uvt6YiAtlwYxcNq8hag2bZfuvFEEalsKjdeen_DxgB&id=lidar2&mcvt=1000&p=0,0,90,728&mtos=546,1000,1000,1000,1000&tos=546,454,0,0,0&v=20231213&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=1812271801&rs=2&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&vs=4&r=v&rst=1703948438956&rpt=544&met=ce&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 30 Dec 2023 15:00:40 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
access-control-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
3a800d015d5bab28e8f228f33821d748.jpg
assets.lemonpi.io/a/150/ Frame 8956 		18 KB
18 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://assets.lemonpi.io/a/150/3a800d015d5bab28e8f228f33821d748.jpg
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:243d:ba00:f:7bbd:36c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
f4188f3023032fe9b1a9249ecf10dfd40abf1cff8bbe26fc7fb8f68c2216eb5e

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://s0.2mdn.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 30 Dec 2023 14:31:59 GMT
via
1.1 ea3d06e94081b5e61e2cf220951142d0.cloudfront.net (CloudFront)
last-modified
Mon, 20 Dec 2021 14:33:47 GMT
server
AmazonS3
x-amz-cf-pop
DUS51-P4
age
1722
etag
"78e87eb5cbe765c829ed88d6055cef16-1"
x-cache
Hit from cloudfront
content-type
image/jpeg
accept-ranges
bytes
content-length
17934
x-amz-cf-id
r_-NxY7BCv_jIVcL8mihMpSyKovchTMbNQX16h-UIxUqhO9Uef3iKg==
H4sIAAAAAAAAAC2Ty4otNRSGq7ttj4geURFx4nAjHHAlqftgI-fYiODkgBeQHjQrlaRSu1KXnaRq765X8FWOM8e-iBNfwEk7cSK4Njj5P9bKv37CCnnzV3K7-OTm_v7Vd_9-9knb_lFeJ8l5TpLkivrX96_e_P3pP2-_88Of_7dvfk9u4-LldEWW19fvdgO2Gg6zb...
mediaservice.audi.com/media/fast/ Frame 8956 		95 KB
96 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://mediaservice.audi.com/media/fast/H4sIAAAAAAAAAC2Ty4otNRSGq7ttj4geURFx4nAjHHAlqftgI-fYiODkgBeQHjQrlaRSu1KXnaRq765X8FWOM8e-iBNfwEk7cSK4Njj5P9bKv37CCnnzV3K7-OTm_v7Vd_9-9knb_lFeJ8l5TpLkivrX96_e_P3pP2-_88Of_7dvfk9u4-LldEWW19fvdgO2Gg6zbt9_enr6IHlG7eT2cvgzydU9ybP3SN76LbnoL5eTby7y46W-_vWG3GeK_fYylzx_vng3o8fhy8ZP8_jhF1WhKsOV0FkhsClFXeuaS6mYNMww2TCJpkqz4iPK-DycNhgz04DJJGYpB8FEBjx70YhGQF68wA4QF80QUCuhVkC7csUAO5ktBtC1R01V0MWZnCHkB3JG5GdOkIdagUTLe0lYuWtAyqkwLUgnJWU2FoVlBH88EOK5PTFQ6NPAQekuNUjo20hNYzlFK0PjDHSjx64G3dl8QIIrhxz0bMuzAB26klIMKkbjRi8FUmVPK821HquYgu2GYjwQQjpuYHvsbQk2nKruEeyi-pBC50PmCujR91ULvQqZzaGf1nwz0AfMG0ZYehTQbzHlPTjsjWTgmvl4JKhJhxKcRsccOLthV4HrsGozwuCiADf5cubgPAoTCCstCFzQ9arALUNpEQYMhU5hUMEMDAY9YEeYoipnGHEtlxbmFg2tZ-5dTff0iHx0BJWxQFhq2plvJu05-LCmRwt-MeOWQUBZ0AsH6at1htDEo-MQlM10AaHt65ksnRzzlqBTlxJshhdszBkI81I-MgjeFl0OIdisbyDQxWRNMOIgIZx8da4g9mvW5xD9KW0Q4qqPawrxcRNbBavsOT3HaiQ_CFincOQIa1zrTcMphKw1sEkvTggbLSAq2DqdbRK2fk1RfKXHtfPTOOgx7r-Pi-qm3alT0e55LdjO6q61cc-zjO3QzRb30S961-CgPe5f_vRa3D28fBAPjImHr6e7HY70M2M3jWF_h4_uMvzxDdn-A8SD2UXxAwAA
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.229.202.7 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (muc/3344) /
Resource Hash
d92226a6e32cb457f003683c2b8f63ffe364b2a32d0930c23b16fcd1d3309706
Security Headers
Name Value
Strict-Transport-Security max-age=7884000 ; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://s0.2mdn.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 30 Dec 2023 15:00:40 GMT
strict-transport-security
max-age=7884000 ; includeSubDomains
x-content-type-options
nosniff
x-con-timestamp
Sat, 30 Dec 2023 13:46:26 GMT
age
4454
x-cache
HIT
x-con-clone
1003156
content-length
97383
last-modified
Sat, 30 Dec 2023 13:46:26 GMT
server
ECAcc (muc/3344)
etag
"cbc81ec068df7e0247c97fe45dae2fffac58a78e"
x-con-mediastate
VALID
x-frame-options
DENY
access-control-allow-methods
GET, POST, OPTIONS
content-type
image/jpeg
access-control-allow-origin
*
x-ruleset-version
2.2
accept-ranges
bytes
x-edgio-rewrite
/801C0BF8/eu-prod-render/media/fast/H4sIAAAAAAAAAC2Ty4otNRSGq7ttj4geURFx4nAjHHAlqftgI-fYiODkgBeQHjQrlaRSu1KXnaRq765X8FWOM8e-iBNfwEk7cSK4Njj5P9bKv37CCnnzV3K7-OTm_v7Vd_9-9knb_lFeJ8l5TpLkivrX96_e_P3pP2-_88Of_7dvfk9u4-LldEWW19fvdgO2Gg6zbt9_enr6IHlG7eT2cvgzydU9ybP3SN76LbnoL5eTby7y46W-_vWG3GeK_fYylzx_vng3o8fhy8ZP8_jhF1WhKsOV0FkhsClFXeuaS6mYNMww2TCJpkqz4iPK-DycNhgz04DJJGYpB8FEBjx70YhGQF68wA4QF80QUCuhVkC7csUAO5ktBtC1R01V0MWZnCHkB3JG5GdOkIdagUTLe0lYuWtAyqkwLUgnJWU2FoVlBH88EOK5PTFQ6NPAQekuNUjo20hNYzlFK0PjDHSjx64G3dl8QIIrhxz0bMuzAB26klIMKkbjRi8FUmVPK821HquYgu2GYjwQQjpuYHvsbQk2nKruEeyi-pBC50PmCujR91ULvQqZzaGf1nwz0AfMG0ZYehTQbzHlPTjsjWTgmvl4JKhJhxKcRsccOLthV4HrsGozwuCiADf5cubgPAoTCCstCFzQ9arALUNpEQYMhU5hUMEMDAY9YEeYoipnGHEtlxbmFg2tZ-5dTff0iHx0BJWxQFhq2plvJu05-LCmRwt-MeOWQUBZ0AsH6at1htDEo-MQlM10AaHt65ksnRzzlqBTlxJshhdszBkI81I-MgjeFl0OIdisbyDQxWRNMOIgIZx8da4g9mvW5xD9KW0Q4qqPawrxcRNbBavsOT3HaiQ_CFincOQIa1zrTcMphKw1sEkvTggbLSAq2DqdbRK2fk1RfKXHtfPTOOgx7r-Pi-qm3alT0e55LdjO6q61cc-zjO3QzRb30S961-CgPe5f_vRa3D28fBAPjImHr6e7HY70M2M3jWF_h4_uMvzxDdn-A8SD2UXxAwAA
access-control-allow-headers
*
expires
Sat, 27 Jan 2024 15:00:40 GMT
H4sIAAAAAAAAAC2TTYssNRSGa2Ycr4heURFx47IRLnhSX13Vi0budRDBzQU_QGYxnFSSSjqpj05S6Z76C_6V6861f8SNf8DNuHEjeBrcnIdzzvu-hIS8-Su7XXx2c3__6rt_P_uk7_9orrPsPGdZdkXz6_tXb_7-9J-33_nhz__HN79nt3HxfLoiyevrd82AvYTDL...
mediaservice.audi.com/media/fast/ Frame 8956 		103 KB
104 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://mediaservice.audi.com/media/fast/H4sIAAAAAAAAAC2TTYssNRSGa2Ycr4heURFx47IRLnhSX13Vi0budRDBzQU_QGYxnFSSSjqpj05S6Z76C_6V6861f8SNf8DNuHEjeBrcnIdzzvu-hIS8-Su7XXx2c3__6rt_P_uk7_9orrPsPGdZdkXz6_tXb_7-9J-33_nhz__HN79nt3HxfLoiyevrd82AvYTDLPv3n56ePsie0Ti7vSx_pnJ1T-XZe1Te-i271F8um28u5cdLf_3rDanPFPvtxZc9f754N6PH4cvOT_P44RdbzrFTqHDHWi5aseO8arBkdVVhg12JW161TZN_RBmfh9MKY6U6UBXHusyhYEUFefXC1a6GevsCDSAukiGgFIVIgDrlggEaXi0K0PVHSV2Q2_NICPWBlBHzc0Hgh50Ajjq3nJBy1wHn01b1wB3nlNlpLDQj-OOBEM_9iYFAX4YchDSlQoLtIw2Vzg8dgewMZCdHswNpdD0gwTVDDXLWzTkHGUxDKQoFI7uSyxap06dEvt5jmSrQZtiOB0IoxxW0Rdsx0OHUmgh6ETYwMD5UrgCL3rY9WBEqXYOdUr0qsAFrMtiwWIq2ayxzCw6t4jW4bj4eGTgxydCAk-iYA6dXNC04g21POzO4WICbfDNT57FQgZDogsAFuUsC3DI0GmHAsJUlDCKooYFBDmgYDFMUzQwjpmbpYe5R0fXM1u1aBR4xHx1B1LUlLDt6Dt9N0ufgQyqPGvyixrWCgHzbFRC4b1MPoYtHl0MQupINhN7uZpIYPta0M7J0JUFXeMHKnIIwL80jg-D11tQQgq5sB4EOxkkSVXEQEE6-PTcQbaoMwZ_KDiEmeUwlxMe1WFtI3OaxhKR4Ts-fpnDMEVJMu_UMpxCqXsHKfXFCWNXAooDVyGrlsNpUYvGVHJPx0zjIMe6_j4sw0-ZkRNT7fFewjZam13GfVxXboJs17qNf5KbDQXrcv_zpdXH38PKheGCsePh6utvgSD8zmmkM-zt8dBfzxzck-w-zvDCV8QMAAA
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.229.202.7 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (muc/3340) /
Resource Hash
34682341a6a6bc2c5f9a1a14d653a2c445f9a7ddf973e5dea261eb5ec057ba35
Security Headers
Name Value
Strict-Transport-Security max-age=7884000 ; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://s0.2mdn.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 30 Dec 2023 15:00:40 GMT
strict-transport-security
max-age=7884000 ; includeSubDomains
x-content-type-options
nosniff
x-con-timestamp
Thu, 28 Dec 2023 07:14:03 GMT
age
200797
x-cache
HIT
x-con-clone
100135
content-length
105060
last-modified
Thu, 28 Dec 2023 07:14:03 GMT
server
ECAcc (muc/3340)
etag
"135a377ffd86b880152bf3220886d09210e90bb8"
x-con-mediastate
VALID
x-frame-options
DENY
access-control-allow-methods
GET, POST, OPTIONS
content-type
image/jpeg
access-control-allow-origin
*
x-ruleset-version
2.2
accept-ranges
bytes
x-edgio-rewrite
/801C0BF8/eu-prod-render/media/fast/H4sIAAAAAAAAAC2TTYssNRSGa2Ycr4heURFx47IRLnhSX13Vi0budRDBzQU_QGYxnFSSSjqpj05S6Z76C_6V6861f8SNf8DNuHEjeBrcnIdzzvu-hIS8-Su7XXx2c3__6rt_P_uk7_9orrPsPGdZdkXz6_tXb_7-9J-33_nhz__HN79nt3HxfLoiyevrd82AvYTDLPv3n56ePsie0Ti7vSx_pnJ1T-XZe1Te-i271F8um28u5cdLf_3rDanPFPvtxZc9f754N6PH4cvOT_P44RdbzrFTqHDHWi5aseO8arBkdVVhg12JW161TZN_RBmfh9MKY6U6UBXHusyhYEUFefXC1a6GevsCDSAukiGgFIVIgDrlggEaXi0K0PVHSV2Q2_NICPWBlBHzc0Hgh50Ajjq3nJBy1wHn01b1wB3nlNlpLDQj-OOBEM_9iYFAX4YchDSlQoLtIw2Vzg8dgewMZCdHswNpdD0gwTVDDXLWzTkHGUxDKQoFI7uSyxap06dEvt5jmSrQZtiOB0IoxxW0Rdsx0OHUmgh6ETYwMD5UrgCL3rY9WBEqXYOdUr0qsAFrMtiwWIq2ayxzCw6t4jW4bj4eGTgxydCAk-iYA6dXNC04g21POzO4WICbfDNT57FQgZDogsAFuUsC3DI0GmHAsJUlDCKooYFBDmgYDFMUzQwjpmbpYe5R0fXM1u1aBR4xHx1B1LUlLDt6Dt9N0ufgQyqPGvyixrWCgHzbFRC4b1MPoYtHl0MQupINhN7uZpIYPta0M7J0JUFXeMHKnIIwL80jg-D11tQQgq5sB4EOxkkSVXEQEE6-PTcQbaoMwZ_KDiEmeUwlxMe1WFtI3OaxhKR4Ts-fpnDMEVJMu_UMpxCqXsHKfXFCWNXAooDVyGrlsNpUYvGVHJPx0zjIMe6_j4sw0-ZkRNT7fFewjZam13GfVxXboJs17qNf5KbDQXrcv_zpdXH38PKheGCsePh6utvgSD8zmmkM-zt8dBfzxzck-w-zvDCV8QMAAA
access-control-allow-headers
*
expires
Sat, 27 Jan 2024 15:00:40 GMT
H4sIAAAAAAAAAC2Ty4otNRSGq7ttj4geURFx4rARDrgqVanbYCPn2Ijg5IAXkB40K5WkUjupy05StfeuV_BVjjPHvogTX8BJO3EiuDY4-T_Wyv8vwgp581dyu_jk5uHh1Xf_fvZJ1_1RXSfJaU6S5Ir61w-v3vz96T9vv_PDn_-3b35PbuPixXRFltfX7_YDdgr2s...
mediaservice.audi.com/media/fast/ Frame 8956 		100 KB
102 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://mediaservice.audi.com/media/fast/H4sIAAAAAAAAAC2Ty4otNRSGq7ttj4geURFx4rARDrgqVanbYCPn2Ijg5IAXkB40K5WkUjupy05StfeuV_BVjjPHvogTX8BJO3EiuDY4-T_Wyv8vwgp581dyu_jk5uHh1Xf_fvZJ1_1RXSfJaU6S5Ir61w-v3vz96T9vv_PDn_-3b35PbuPixXRFltfX7_YDdgr2s-ref3p6-iB5Ru3k9nL4M8nVA8mz90je-i256C-Xk28u8uOlvv71htwnGvvtJZc8f754N6PH4cvWT_P44Rd5rgtW5Fwzydsqw6yVkhfUq9OmwYphXTZ5w6uPaMbn4bjByHULmgvkOYMszTgw_qI4F2coyhfYA-KiUgRUMpMroFmZTAF7wRcN6LqDoiqo8kTOEIo9OSOyEyOIfSNBoGFWEFbmWhBiKnUHwglBM1uDmUkJ_rAnxFN3TEGizwMDqfpcI8F2kZraMBotNcVTUK0a-wZUb4oBCa4aClCzqU4ZqNBXNEWjTCmu1VIiVea4Uq7zWMccTD-U454Q8nEDY9GaCkw41v0ZzCJtyKH3gbsSLHpbd2Bl4KYAO63FpsEGLNqUsFjMwG4xZxYcWi1ScO18OBDkpEIFTqFLHTizYV-D67HuOGFwMQM3-Wpm4DxmOhBWWhC4oJpVgluGyiAMGEqVwyCDHlIY1IA9YYqymmHEtVo6mDvUtJ7Zuobu6RHZ6AiyKCxhaWhnvp2UZ-DDmh8M-EWPG4eAomwzCMLX6wyhjQfHIEjDVQmhs81Mll6MRUdQucsJhuMFW-o0hHmpzikEb8q-gBAMty0EuphoCDrbCwhHX59qiHbltoDoj3mLEFd1WHOI5y3baliFZfQcqxZsn8E6hQNDWOPabAqOIfBOwyZ8dkTYaAFRwtYrvgnY7Jpj9pUa195P46DGuPs-LrKf7o69jGbHmiy9M6rvTNwxztM7dLPBXfSLumtxUB53L396nd0_vnzMHtM0e_x6ur_DkX5m7Kcx7O7x7C7hj2_I9h9E_WLb8QMAAA
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.229.202.7 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (muc/3349) /
Resource Hash
123827e2cca60e6317c29edb99af2d65b67d869d4d2bdce1a640efbf1771e844
Security Headers
Name Value
Strict-Transport-Security max-age=7884000 ; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://s0.2mdn.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 30 Dec 2023 15:00:40 GMT
strict-transport-security
max-age=7884000 ; includeSubDomains
x-content-type-options
nosniff
x-con-timestamp
Sat, 23 Dec 2023 15:54:15 GMT
age
601585
x-cache
HIT
x-con-clone
1003100
content-length
102807
last-modified
Sat, 23 Dec 2023 15:54:15 GMT
server
ECAcc (muc/3349)
etag
"363ec164604498fb0cb80e1cd82e89d3bd48a381"
x-con-mediastate
VALID
x-frame-options
DENY
access-control-allow-methods
GET, POST, OPTIONS
content-type
image/jpeg
access-control-allow-origin
*
x-ruleset-version
2.2
accept-ranges
bytes
x-edgio-rewrite
/801C0BF8/eu-prod-render/media/fast/H4sIAAAAAAAAAC2Ty4otNRSGq7ttj4geURFx4rARDrgqVanbYCPn2Ijg5IAXkB40K5WkUjupy05StfeuV_BVjjPHvogTX8BJO3EiuDY4-T_Wyv8vwgp581dyu_jk5uHh1Xf_fvZJ1_1RXSfJaU6S5Ir61w-v3vz96T9vv_PDn_-3b35PbuPixXRFltfX7_YDdgr2s-ref3p6-iB5Ru3k9nL4M8nVA8mz90je-i256C-Xk28u8uOlvv71htwnGvvtJZc8f754N6PH4cvWT_P44Rd5rgtW5Fwzydsqw6yVkhfUq9OmwYphXTZ5w6uPaMbn4bjByHULmgvkOYMszTgw_qI4F2coyhfYA-KiUgRUMpMroFmZTAF7wRcN6LqDoiqo8kTOEIo9OSOyEyOIfSNBoGFWEFbmWhBiKnUHwglBM1uDmUkJ_rAnxFN3TEGizwMDqfpcI8F2kZraMBotNcVTUK0a-wZUb4oBCa4aClCzqU4ZqNBXNEWjTCmu1VIiVea4Uq7zWMccTD-U454Q8nEDY9GaCkw41v0ZzCJtyKH3gbsSLHpbd2Bl4KYAO63FpsEGLNqUsFjMwG4xZxYcWi1ScO18OBDkpEIFTqFLHTizYV-D67HuOGFwMQM3-Wpm4DxmOhBWWhC4oJpVgluGyiAMGEqVwyCDHlIY1IA9YYqymmHEtVo6mDvUtJ7Zuobu6RHZ6AiyKCxhaWhnvp2UZ-DDmh8M-EWPG4eAomwzCMLX6wyhjQfHIEjDVQmhs81Mll6MRUdQucsJhuMFW-o0hHmpzikEb8q-gBAMty0EuphoCDrbCwhHX59qiHbltoDoj3mLEFd1WHOI5y3baliFZfQcqxZsn8E6hQNDWOPabAqOIfBOwyZ8dkTYaAFRwtYrvgnY7Jpj9pUa195P46DGuPs-LrKf7o69jGbHmiy9M6rvTNwxztM7dLPBXfSLumtxUB53L396nd0_vnzMHtM0e_x6ur_DkX5m7Kcx7O7x7C7hj2_I9h9E_WLb8QMAAA
access-control-allow-headers
*
expires
Sat, 27 Jan 2024 15:00:40 GMT
H4sIAAAAAAAAAC2Ty4okRRSGs7ttRwYdURFxM8tCGPBE3rMWhczYDIKbAS8gvWhOZERkREXkpSIis6ryFXyVcefaF5mNL-Cm3bgRPAVuzsc58f8_GScz3_6V3M4-ubm_f_X9v19-3nXv6uskOU1JklzR_Pr-1du_v_jn_Q9-_PP_8c0fyW2cPR-vSPLm-qnpsZOwn...
mediaservice.audi.com/media/fast/ Frame 8956 		102 KB
103 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://mediaservice.audi.com/media/fast/H4sIAAAAAAAAAC2Ty4okRRSGs7ttRwYdURFxM8tCGPBE3rMWhczYDIKbAS8gvWhOZERkREXkpSIis6ryFXyVcefaF5mNL-Cm3bgRPAVuzsc58f8_GScz3_6V3M4-ubm_f_X9v19-3nXv6uskOU1JklzR_Pr-1du_v_jn_Q9-_PP_8c0fyW2cPR-vSPLm-qnpsZOwn2T30ePj48fJExont5fDX6hc3VN58iGV935PLvXXy8nrS_np0l__dkPqE8V-d_Elz57N3k3osf-69eM0fPJVVZSiSUXFcsyqpm5Yzqu8FrzIWc3qImsFUyiq5lPKeB6OKwyFakEVHMs8hYxlBaTFi-ycnaGsXqABxFkyBJQiEwugXlLBAA0vZgXouoOkLsjqNBBCuSdlxPSUEfh-K4CjTi0nLKlrgfOxUh1wxzllthozzQj-sCfEU3dkINDnIQUhTa6QYLtIQ6VTihaK7AxkKwezBWl02SPB1X0JctL1KQUZTE0pdEe6Jyg5V0idPi7k6zzmSwHa9NWwJ4R8WEFbtC0DHY6NOYOehQ0MjA-Fy8Cit00HVoRCl2DHpVwV2IAlGWyYLUXbNeapBYdW8QJcOx0ODJwYZajBSXTMgdMrmgacwaYjieldzMCNvp5I6TFTgbDQgsAFuV0EuLmvNUKPoZI59CKovoFe9mgY9GMU9QQDLvXcwdShovVM1m0bBR4xHRxBlKUlzFvamW9H6VPwYckPGvyshrWAgLxqMwjcN8sEoY0Hl0IQupA1hM5uJ5IYPpQdQeYuJ-gCL1iZUxCmuT4zCF5XpoQQdGFbCPRgnCRRZXvyHX1zaiDapTA1RH_MW4S4yMOSQzyv2drAwm0ac1gUT-n1L2M4pAhLXLbrCY4hFJ2ClfvsiLCqnkUBq5HFymG1C33c38hhMX4cejnE3Q9xFmbcHI2IepduM7bR0nQ67tKiYBt0k8Zd9LPctNhLj7uXP7_J7h5ePmQPjGUP3453Gxzoz4xmHMLuDs_uYv7shmT_AeR5nKTxAwAA
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.229.202.7 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (muc/332D) /
Resource Hash
afb2724d257caf90beb067d689cb5cd2b7b6c06b7b346e18a6a8a89560e3ad17
Security Headers
Name Value
Strict-Transport-Security max-age=7884000 ; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://s0.2mdn.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 30 Dec 2023 15:00:40 GMT
strict-transport-security
max-age=7884000 ; includeSubDomains
x-content-type-options
nosniff
x-con-timestamp
Sat, 30 Dec 2023 14:41:11 GMT
age
1169
x-cache
HIT
x-con-clone
100283
content-length
104410
last-modified
Sat, 30 Dec 2023 14:41:11 GMT
server
ECAcc (muc/332D)
etag
"0fadffa1cd06d999ef98b772d27725d0e3f9e7f7"
x-con-mediastate
VALID
x-frame-options
DENY
access-control-allow-methods
GET, POST, OPTIONS
content-type
image/jpeg
access-control-allow-origin
*
x-ruleset-version
2.2
accept-ranges
bytes
x-edgio-rewrite
/801C0BF8/eu-prod-render/media/fast/H4sIAAAAAAAAAC2Ty4okRRSGs7ttRwYdURFxM8tCGPBE3rMWhczYDIKbAS8gvWhOZERkREXkpSIis6ryFXyVcefaF5mNL-Cm3bgRPAVuzsc58f8_GScz3_6V3M4-ubm_f_X9v19-3nXv6uskOU1JklzR_Pr-1du_v_jn_Q9-_PP_8c0fyW2cPR-vSPLm-qnpsZOwn2T30ePj48fJExont5fDX6hc3VN58iGV935PLvXXy8nrS_np0l__dkPqE8V-d_Elz57N3k3osf-69eM0fPJVVZSiSUXFcsyqpm5Yzqu8FrzIWc3qImsFUyiq5lPKeB6OKwyFakEVHMs8hYxlBaTFi-ycnaGsXqABxFkyBJQiEwugXlLBAA0vZgXouoOkLsjqNBBCuSdlxPSUEfh-K4CjTi0nLKlrgfOxUh1wxzllthozzQj-sCfEU3dkINDnIQUhTa6QYLtIQ6VTihaK7AxkKwezBWl02SPB1X0JctL1KQUZTE0pdEe6Jyg5V0idPi7k6zzmSwHa9NWwJ4R8WEFbtC0DHY6NOYOehQ0MjA-Fy8Cit00HVoRCl2DHpVwV2IAlGWyYLUXbNeapBYdW8QJcOx0ODJwYZajBSXTMgdMrmgacwaYjieldzMCNvp5I6TFTgbDQgsAFuV0EuLmvNUKPoZI59CKovoFe9mgY9GMU9QQDLvXcwdShovVM1m0bBR4xHRxBlKUlzFvamW9H6VPwYckPGvyshrWAgLxqMwjcN8sEoY0Hl0IQupA1hM5uJ5IYPpQdQeYuJ-gCL1iZUxCmuT4zCF5XpoQQdGFbCPRgnCRRZXvyHX1zaiDapTA1RH_MW4S4yMOSQzyv2drAwm0ac1gUT-n1L2M4pAhLXLbrCY4hFJ2ClfvsiLCqnkUBq5HFymG1C33c38hhMX4cejnE3Q9xFmbcHI2IepduM7bR0nQ67tKiYBt0k8Zd9LPctNhLj7uXP7_J7h5ePmQPjGUP3453Gxzoz4xmHMLuDs_uYv7shmT_AeR5nKTxAwAA
access-control-allow-headers
*
expires
Sat, 27 Jan 2024 15:00:40 GMT
H4sIAAAAAAAAAC2Ty4plNRSGd1VZtoi2qIg4cXgQGlw7-34GB-m2EMFJgxeQGhQrt52cZN-S7JxT-xV8lXbm2Bdx4gs4KSdOBHPAyf-x1vrXT0jIm7-y29VlN_f3r77797NP-v6P9jrLznOWZVepf33_6s3fn_7z9js__Pl_--b37Dasjk5XyfL6-l09YC_gOIv-_...
mediaservice.audi.com/media/fast/ Frame 8956 		100 KB
101 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://mediaservice.audi.com/media/fast/H4sIAAAAAAAAAC2Ty4plNRSGd1VZtoi2qIg4cXgQGlw7-34GB-m2EMFJgxeQGhQrt52cZN-S7JxT-xV8lXbm2Bdx4gs4KSdOBHPAyf-x1vrXT0jIm7-y29VlN_f3r77797NP-v6P9jrLznOWZVepf33_6s3fn_7z9js__Pl_--b37Dasjk5XyfL6-l09YC_gOIv-_aenpw-yZ6md3V6GPye5uk_y7L0kb_2WXfSXy-Sbi_x4qa9_vUnuc4r99rKXPX--Ojujw-FL5qZ5_PALUbUoGtZVnWhlU_MGOUPRlVxyWpC6Y5yJlhD6Ucr43J82GCvJQFYU15JAkRcVkOpFLnIBdfMCHSCuIkdAwQseAVUkPAfUtFoloO0XkSovmrNO8PUxOQOSM0mgxz0HiooYmhCJZUDp1MgeqKU0ZTKFhcoT3HIkwMK5P-XA0ZWeABe6lJhg-tAAl4ocWUJab0EwMeo9CK3qgSXYGGoQs2rPBQiv25QikedpXYq1wVSpU5QEeoddKEHpoRmXBF-OAZRBo1pQ_tTpR1ArN74E7XxlGzDoTNeD4b5SNZgp1psE47FmecJqsACzhZIYsGgkrcCyeVk6sHwSvgUr0OYWrNpQp6bGrk8WPdhQgJ1cOxOwDgvpE2K6ILBe7CMHuw6tYjCgb0QJA_dy6GAQA-ochilYomHE2K49zD3KkMNs7D6d0yGS0SbwujYJ6z49h2OTcAScj-WiwK1y3CrwSBtWgKeuizN4FhZLwHNViQZ8b_Zzsmg61scEUdoyQVV4wZZbCX5e28ccvFONrsF7VRkGPvCW7hNkcezBn1x37iCYWJkagjuVDCFEscQSwuNWbB1Eakh6jigpORYQJ78QDjHE_Sbg5H3VS9ioK04ImxzywGHTotoobCaWWHwlxqjdNA5iDIfvw8r1tDtpHtSB7It8p4TuVTiQqsp3aGeFh-BWsWM4CIeHlz-9Lu4eXj4UD3lePHw93e1wTD8z6Gn0hzt8tJflj2-S7T9Caet08QMAAA
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.229.202.7 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (muc/337D) /
Resource Hash
8c10d16781d6fa271cc1234c3cef2431c2a955efd41775f39d794d347ba623bb
Security Headers
Name Value
Strict-Transport-Security max-age=7884000 ; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://s0.2mdn.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 30 Dec 2023 15:00:40 GMT
strict-transport-security
max-age=7884000 ; includeSubDomains
x-content-type-options
nosniff
x-con-timestamp
Fri, 29 Dec 2023 22:23:37 GMT
age
59823
x-cache
HIT
x-con-clone
100226
content-length
102075
last-modified
Fri, 29 Dec 2023 22:23:37 GMT
server
ECAcc (muc/337D)
etag
"99da7744ff0521fb5880efc5ef152b08ca73baac"
x-con-mediastate
VALID
x-frame-options
DENY
access-control-allow-methods
GET, POST, OPTIONS
content-type
image/jpeg
access-control-allow-origin
*
x-ruleset-version
2.2
accept-ranges
bytes
x-edgio-rewrite
/801C0BF8/eu-prod-render/media/fast/H4sIAAAAAAAAAC2Ty4plNRSGd1VZtoi2qIg4cXgQGlw7-34GB-m2EMFJgxeQGhQrt52cZN-S7JxT-xV8lXbm2Bdx4gs4KSdOBHPAyf-x1vrXT0jIm7-y29VlN_f3r77797NP-v6P9jrLznOWZVepf33_6s3fn_7z9js__Pl_--b37Dasjk5XyfL6-l09YC_gOIv-_aenpw-yZ6md3V6GPye5uk_y7L0kb_2WXfSXy-Sbi_x4qa9_vUnuc4r99rKXPX--Ojujw-FL5qZ5_PALUbUoGtZVnWhlU_MGOUPRlVxyWpC6Y5yJlhD6Ucr43J82GCvJQFYU15JAkRcVkOpFLnIBdfMCHSCuIkdAwQseAVUkPAfUtFoloO0XkSovmrNO8PUxOQOSM0mgxz0HiooYmhCJZUDp1MgeqKU0ZTKFhcoT3HIkwMK5P-XA0ZWeABe6lJhg-tAAl4ocWUJab0EwMeo9CK3qgSXYGGoQs2rPBQiv25QikedpXYq1wVSpU5QEeoddKEHpoRmXBF-OAZRBo1pQ_tTpR1ArN74E7XxlGzDoTNeD4b5SNZgp1psE47FmecJqsACzhZIYsGgkrcCyeVk6sHwSvgUr0OYWrNpQp6bGrk8WPdhQgJ1cOxOwDgvpE2K6ILBe7CMHuw6tYjCgb0QJA_dy6GAQA-ochilYomHE2K49zD3KkMNs7D6d0yGS0SbwujYJ6z49h2OTcAScj-WiwK1y3CrwSBtWgKeuizN4FhZLwHNViQZ8b_Zzsmg61scEUdoyQVV4wZZbCX5e28ccvFONrsF7VRkGPvCW7hNkcezBn1x37iCYWJkagjuVDCFEscQSwuNWbB1Eakh6jigpORYQJ78QDjHE_Sbg5H3VS9ioK04ImxzywGHTotoobCaWWHwlxqjdNA5iDIfvw8r1tDtpHtSB7It8p4TuVTiQqsp3aGeFh-BWsWM4CIeHlz-9Lu4eXj4UD3lePHw93e1wTD8z6Gn0hzt8tJflj2-S7T9Caet08QMAAA
access-control-allow-headers
*
expires
Sat, 27 Jan 2024 15:00:40 GMT
H4sIAAAAAAAAAC2TTaskNRSG6972jjLgiIqIm1k2woAn9V29aGTGyyC4GVDc3MXlpJJU0kl9dJKq7lu_afwDLvwN7kUYmLWb68aN4Glwcx7Om_c9hBPy9q_kZvbJ5u7u1Q__fvVF1_1RXyfJeUqS5Ir067tXb__-8p8nH_307n9581tyE2fPxyuyvLl-anrsJBwm2...
mediaservice.audi.com/media/fast/ Frame 8956 		79 KB
80 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://mediaservice.audi.com/media/fast/H4sIAAAAAAAAAC2TTaskNRSG6972jjLgiIqIm1k2woAn9V29aGTGyyC4GVDc3MXlpJJU0kl9dJKq7lu_afwDLvwN7kUYmLWb68aN4Glwcx7Om_c9hBPy9q_kZvbJ5u7u1Q__fvVF1_1RXyfJeUqS5Ir067tXb__-8p8nH_307n9581tyE2fPxyuyvLl-anrsJBwm2X38-Pj4SfIhycnN5fB3Kld_UnnyK5UPniaXurmcvL6U95f--pcNuc809vtLLnn2bPZuQo_9N60fp-HTr6uqUjVvVFVXWDLVpC1jWNdcpSikyKqqaIucxM9oxvNwWmEoQguq4EgyZCwrIC1etFmbQVm9QAOIs2QISGGxAOolFQzQ8GJWgK47SuqCrM7kDKE8kDNiek4J_LATwFGnlhOW1LXA-VipDrjjnGa2GjPNCP54IMRzd2Ig0OchBSFNrpBgu0ii0imNForiDGQrB7MDaXTZI8HVfQly0vU5AxlMTVMUCkZxJecKqdOnhXKdxybmoE1fDQdCyIcVtEWra9Dh1JgH0LOwIQfjQ-EqsOht04EVodAl2HEpVwU2YNkywmwxA7vGPLXg0CrOwLXT8UgQoww1OImOOXB6RdOAM9h0BaF3MQM3-npKwXnMVCAstCBwQe4WAW7ua43QY6hkDr0IqmfQyx4NYYyinmDApZ47mDpUtJ7Juh3d0yOmgyOIggXCvKOd-XaUPgUflvyowc9qWAsIyCt64cB9s0wQ2nh0KQShC1lB6OxuIovhQ9kRZO5ygi7wgpU5BWGa6wcGwevKlBCCLmwLgS7GdwSVHTiEk2_ODUS7FLaE6E95ixAXeVxyiA9rtjawcJvScyyKp4cMljEcU4QlLrtVwimEolOwcp-dEFZaQBSwGlmsHFa75Jh9K4fF-HHo5RD3P8ZZmHF7MiLqfbrL2FZL0-m4T4uCbdFNGvfRz3LbYi897l_-_Ca7vX95n98zxu6_G2-3ONDPjGYcwv4WH9wl_PmGbP8Bj7XosvEDAAA
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.229.202.7 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (muc/336C) /
Resource Hash
41da0e8f859290e1e40f65957b6ef6cb33abbec931271fbc5735fa43dac93cf3
Security Headers
Name Value
Strict-Transport-Security max-age=7884000 ; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://s0.2mdn.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 30 Dec 2023 15:00:40 GMT
strict-transport-security
max-age=7884000 ; includeSubDomains
x-content-type-options
nosniff
x-con-timestamp
Sat, 30 Dec 2023 13:46:26 GMT
age
4454
x-cache
HIT
x-con-clone
100283
content-length
81351
last-modified
Sat, 30 Dec 2023 13:46:26 GMT
server
ECAcc (muc/336C)
etag
"44bfdb23a79e1d37f5f31f11f0689a29e3c17a3a"
x-con-mediastate
VALID
x-frame-options
DENY
access-control-allow-methods
GET, POST, OPTIONS
content-type
image/jpeg
access-control-allow-origin
*
x-ruleset-version
2.2
accept-ranges
bytes
x-edgio-rewrite
/801C0BF8/eu-prod-render/media/fast/H4sIAAAAAAAAAC2TTaskNRSG6972jjLgiIqIm1k2woAn9V29aGTGyyC4GVDc3MXlpJJU0kl9dJKq7lu_afwDLvwN7kUYmLWb68aN4Glwcx7Om_c9hBPy9q_kZvbJ5u7u1Q__fvVF1_1RXyfJeUqS5Ir067tXb__-8p8nH_307n9581tyE2fPxyuyvLl-anrsJBwm2X38-Pj4SfIhycnN5fB3Kld_UnnyK5UPniaXurmcvL6U95f--pcNuc809vtLLnn2bPZuQo_9N60fp-HTr6uqUjVvVFVXWDLVpC1jWNdcpSikyKqqaIucxM9oxvNwWmEoQguq4EgyZCwrIC1etFmbQVm9QAOIs2QISGGxAOolFQzQ8GJWgK47SuqCrM7kDKE8kDNiek4J_LATwFGnlhOW1LXA-VipDrjjnGa2GjPNCP54IMRzd2Ig0OchBSFNrpBgu0ii0imNForiDGQrB7MDaXTZI8HVfQly0vU5AxlMTVMUCkZxJecKqdOnhXKdxybmoE1fDQdCyIcVtEWra9Dh1JgH0LOwIQfjQ-EqsOht04EVodAl2HEpVwU2YNkywmwxA7vGPLXg0CrOwLXT8UgQoww1OImOOXB6RdOAM9h0BaF3MQM3-npKwXnMVCAstCBwQe4WAW7ua43QY6hkDr0IqmfQyx4NYYyinmDApZ47mDpUtJ7Juh3d0yOmgyOIggXCvKOd-XaUPgUflvyowc9qWAsIyCt64cB9s0wQ2nh0KQShC1lB6OxuIovhQ9kRZO5ygi7wgpU5BWGa6wcGwevKlBCCLmwLgS7GdwSVHTiEk2_ODUS7FLaE6E95ixAXeVxyiA9rtjawcJvScyyKp4cMljEcU4QlLrtVwimEolOwcp-dEFZaQBSwGlmsHFa75Jh9K4fF-HHo5RD3P8ZZmHF7MiLqfbrL2FZL0-m4T4uCbdFNGvfRz3LbYi897l_-_Ca7vX95n98zxu6_G2-3ONDPjGYcwv4WH9wl_PmGbP8Bj7XosvEDAAA
access-control-allow-headers
*
expires
Sat, 27 Jan 2024 15:00:40 GMT
H4sIAAAAAAAAAC2Tz4osNRTGa6adq1zwioqIG5eDcMGTVKWquheN3OsggpsLiptZDCeVVCWd1J9OUtU99UzXF3DhM7gXQXDtZty4ETwNbs6Pc873fYSEvP0ru5lDtrm_f_3dv5990nW_1ddZdp6yLLui-fX967d_f_rPs_d--OP_8eaX7CbNQY5XJHlz_dz22Gk4T...
mediaservice.audi.com/media/fast/ Frame 8956 		83 KB
84 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://mediaservice.audi.com/media/fast/H4sIAAAAAAAAAC2Tz4osNRTGa6adq1zwioqIG5eDcMGTVKWquheN3OsggpsLiptZDCeVVCWd1J9OUtU99UzXF3DhM7gXQXDtZty4ETwNbs6Pc873fYSEvP0ru5lDtrm_f_3dv5990nW_1ddZdp6yLLui-fX967d_f_rPs_d--OP_8eaX7CbNQY5XJHlz_dz22Gk4TLp7_-np6YPsXRpnN5flr1Sufqfy7Gcq7zzPLnVz2XxzKX9e-uufNqQ-U-y3F1_24sUc_IQB-y-bME7Dh19ovau5VLkQ26IVvEKhd1ypWnNZtKyqihxFQ8OPKOPzeFphELGBVkgsCw45ywVw8dKXvoSyeokWEGfNEFCrXC2AZuGKAVop5hbQd0dNXdTVeSDE8kDKhPycE-Rhp0Ci4U4SFu4bkHKs2g6kl5IyG4O5YYRwPBDSuTsxUBiKyEFpW7RIcF2iYWv4oSGQnYFu9GB3oK0peyT4ui9BT6Y-c9DR1pTSomJkb_VcIXXmtJCvC1gsAoztq-FAiMWwgnHoGgYmnrY2gZmViwxsiMLn4DC4bQdORWFKcONSri24iCUZXJwdRbs1FdyBR9fKEnwzHY8MvBp1rMFr9MyDNyvaLXiL2452tvcpBz-GeqIuYN5GwkIXBD7q3aLAz31tEHqMlS6gV7Hta-h1j5ZBPyZVTzDgUs8dTB22dD2T87ttCwGRD56gytIR5h09R2hGHTiEuBRHA2Fuh1VARFk1OUQZtksHsUlHzyEqI3QNsXO7iSRWDiXtrC58QTACL1iZbyFOc_3IIAZT2RJiNMI1EOlgkiSpzQ8K4ilszzUktwhLCKeiQUiLPi4FpMc1X7ewSMdTAUsrOT3_MsYjR1jSslvPcIpRdC2sMuQnhLXtWVKwWi1WCatbCsy_0sNiwzj0ekj779Os7Hh7siqZPd_l7NZo25m050KwW_STwX0Ks75tsNcB969-fJPfPbx6KB4YYw9fj3e3ONDPTHYc4v4OH_3F_PGGZP8BpQYML_EDAAA
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.229.202.7 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (muc/3334) /
Resource Hash
44551ce3db548e59e1ab096d62869dc093e9a87940256ecb56eb31a19f2ed4b9
Security Headers
Name Value
Strict-Transport-Security max-age=7884000 ; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://s0.2mdn.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 30 Dec 2023 15:00:40 GMT
strict-transport-security
max-age=7884000 ; includeSubDomains
x-content-type-options
nosniff
x-con-timestamp
Thu, 28 Dec 2023 07:14:03 GMT
age
200797
x-cache
HIT
x-con-clone
100135
content-length
84877
last-modified
Thu, 28 Dec 2023 07:14:03 GMT
server
ECAcc (muc/3334)
etag
"12e32eb91443e492f8a5ee5910f2bfe6fe9485a1"
x-con-mediastate
VALID
x-frame-options
DENY
access-control-allow-methods
GET, POST, OPTIONS
content-type
image/jpeg
access-control-allow-origin
*
x-ruleset-version
2.2
accept-ranges
bytes
x-edgio-rewrite
/801C0BF8/eu-prod-render/media/fast/H4sIAAAAAAAAAC2Tz4osNRTGa6adq1zwioqIG5eDcMGTVKWquheN3OsggpsLiptZDCeVVCWd1J9OUtU99UzXF3DhM7gXQXDtZty4ETwNbs6Pc873fYSEvP0ru5lDtrm_f_3dv5990nW_1ddZdp6yLLui-fX967d_f_rPs_d--OP_8eaX7CbNQY5XJHlz_dz22Gk4TLp7_-np6YPsXRpnN5flr1Sufqfy7Gcq7zzPLnVz2XxzKX9e-uufNqQ-U-y3F1_24sUc_IQB-y-bME7Dh19ovau5VLkQ26IVvEKhd1ypWnNZtKyqihxFQ8OPKOPzeFphELGBVkgsCw45ywVw8dKXvoSyeokWEGfNEFCrXC2AZuGKAVop5hbQd0dNXdTVeSDE8kDKhPycE-Rhp0Ci4U4SFu4bkHKs2g6kl5IyG4O5YYRwPBDSuTsxUBiKyEFpW7RIcF2iYWv4oSGQnYFu9GB3oK0peyT4ui9BT6Y-c9DR1pTSomJkb_VcIXXmtJCvC1gsAoztq-FAiMWwgnHoGgYmnrY2gZmViwxsiMLn4DC4bQdORWFKcONSri24iCUZXJwdRbs1FdyBR9fKEnwzHY8MvBp1rMFr9MyDNyvaLXiL2452tvcpBz-GeqIuYN5GwkIXBD7q3aLAz31tEHqMlS6gV7Hta-h1j5ZBPyZVTzDgUs8dTB22dD2T87ttCwGRD56gytIR5h09R2hGHTiEuBRHA2Fuh1VARFk1OUQZtksHsUlHzyEqI3QNsXO7iSRWDiXtrC58QTACL1iZbyFOc_3IIAZT2RJiNMI1EOlgkiSpzQ8K4ilszzUktwhLCKeiQUiLPi4FpMc1X7ewSMdTAUsrOT3_MsYjR1jSslvPcIpRdC2sMuQnhLXtWVKwWi1WCatbCsy_0sNiwzj0ekj779Os7Hh7siqZPd_l7NZo25m050KwW_STwX0Ks75tsNcB969-fJPfPbx6KB4YYw9fj3e3ONDPTHYc4v4OH_3F_PGGZP8BpQYML_EDAAA
access-control-allow-headers
*
expires
Sat, 27 Jan 2024 15:00:40 GMT
H4sIAAAAAAAAAC2TTaskNRSG6972jjLgiIqIG5eNMOBJfXctGpnxIoKbAcXNXVxOKqlKOqmPTlLp7vpN4x9w4W9wL4Lg2s1140bwNLh5H87Je17CCXn7V3K3uGTz8PD6u38_-6Tvf6tvk-Q8J0lyQ_3bh9dv__70n2fv_fDH_-3NL8ldWByfbsjy5va5HrCXcJhl_...
mediaservice.audi.com/media/fast/ Frame 8956 		82 KB
83 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://mediaservice.audi.com/media/fast/H4sIAAAAAAAAAC2TTaskNRSG6972jjLgiIqIG5eNMOBJfXctGpnxIoKbAcXNXVxOKqlKOqmPTlLp7vpN4x9w4W9wL4Lg2s1140bwNLh5H87Je17CCXn7V3K3uGTz8PD6u38_-6Tvf6tvk-Q8J0lyQ_3bh9dv__70n2fv_fDH_-3NL8ldWByfbsjy5va5HrCXcJhl__7T09MHybvUTu6uh7-S3PxO8uxnkneeJ1fdXE--ucqf1_r2pw25zxT77XUuefFicXZGh8OXrZvm8cMv8q4WQtYMq5aLtmKt5GXbtkXNsgIb0SBmohJ58RFlfO5PK4yFb6ErOBZ5Chm5IC1elpfyAmX1EjUgLpIhoBSZiIAqpoIBal4sHaDtj5IqL6szOb0vD-QMmJ5TAj80Ajiq1HBCTG0LnE9V1wO3nFNmqzBTjOCOB0I49ycGAl3uUxBS5x0STB-o2amUokVH4wxkK0fdgNSqHJBg66EEOav6nIH0uqaUDgWj8U4uFVKlTpHmeoe7kIPSQzUeCD4fV1AGjapB-dNOX0AtwvgctPOFrcCgM7sejPCFKsFMsVw7MB7LlhEWgxmYNeSpAYum4wxsOx-PBDFJX4OVaJkFq1bUO7Aad31BGGzIwE6unlOwDrPOEyItCKyXTRRgl6FWCAP6SuYwCN8NDAY5oCZMQdQzjBjrpYe5x47WMxvb0D0dYjpagihLQ1ga2plrJ-lScD7mRwVu6ca1AI-8ajPw3O3iDL4NR5uCF6qQFfjeNDNZNB_LniBzmxNUgVeszHbg56W-MPBOVboE71VhWvB0Md4QuuzAwZ_c7ryDYGJhSgjulLcIIcpjzCFc1mzdQeQmpeeIHU8PGcTJH1OEGGKzSjh5X_QdrNxlJ4SVFhAErFoWK4fVxByzr-QYtZvGQY5h_31YhJ62Jy2C2qdNxrZK6l6FfVoUbIt2VrgPbpHbFgfpcP_qxzfZ_eOrx_yRMfb49XS_xZF-ZtDT6Pf3eLHX4Y83ZPsPZ8Xu7_EDAAA
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.229.202.7 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (muc/333D) /
Resource Hash
1caec3a0ec8b3477df4b44f3fc3ff543f7d1de22e4107fd2a6ba62848df13fe9
Security Headers
Name Value
Strict-Transport-Security max-age=7884000 ; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://s0.2mdn.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 30 Dec 2023 15:00:40 GMT
strict-transport-security
max-age=7884000 ; includeSubDomains
x-content-type-options
nosniff
x-con-timestamp
Sat, 23 Dec 2023 15:54:15 GMT
age
601585
x-cache
HIT
x-con-clone
100135
content-length
84011
last-modified
Sat, 23 Dec 2023 15:54:15 GMT
server
ECAcc (muc/333D)
etag
"12e58282fb1fd9fd4d20e8d2ad25dcfc5c1768a7"
x-con-mediastate
VALID
x-frame-options
DENY
access-control-allow-methods
GET, POST, OPTIONS
content-type
image/jpeg
access-control-allow-origin
*
x-ruleset-version
2.2
accept-ranges
bytes
x-edgio-rewrite
/801C0BF8/eu-prod-render/media/fast/H4sIAAAAAAAAAC2TTaskNRSG6972jjLgiIqIG5eNMOBJfXctGpnxIoKbAcXNXVxOKqlKOqmPTlLp7vpN4x9w4W9wL4Lg2s1140bwNLh5H87Je17CCXn7V3K3uGTz8PD6u38_-6Tvf6tvk-Q8J0lyQ_3bh9dv__70n2fv_fDH_-3NL8ldWByfbsjy5va5HrCXcJhl__7T09MHybvUTu6uh7-S3PxO8uxnkneeJ1fdXE--ucqf1_r2pw25zxT77XUuefFicXZGh8OXrZvm8cMv8q4WQtYMq5aLtmKt5GXbtkXNsgIb0SBmohJ58RFlfO5PK4yFb6ErOBZ5Chm5IC1elpfyAmX1EjUgLpIhoBSZiIAqpoIBal4sHaDtj5IqL6szOb0vD-QMmJ5TAj80Ajiq1HBCTG0LnE9V1wO3nFNmqzBTjOCOB0I49ycGAl3uUxBS5x0STB-o2amUokVH4wxkK0fdgNSqHJBg66EEOav6nIH0uqaUDgWj8U4uFVKlTpHmeoe7kIPSQzUeCD4fV1AGjapB-dNOX0AtwvgctPOFrcCgM7sejPCFKsFMsVw7MB7LlhEWgxmYNeSpAYum4wxsOx-PBDFJX4OVaJkFq1bUO7Aad31BGGzIwE6unlOwDrPOEyItCKyXTRRgl6FWCAP6SuYwCN8NDAY5oCZMQdQzjBjrpYe5x47WMxvb0D0dYjpagihLQ1ga2plrJ-lScD7mRwVu6ca1AI-8ajPw3O3iDL4NR5uCF6qQFfjeNDNZNB_LniBzmxNUgVeszHbg56W-MPBOVboE71VhWvB0Md4QuuzAwZ_c7ryDYGJhSgjulLcIIcpjzCFc1mzdQeQmpeeIHU8PGcTJH1OEGGKzSjh5X_QdrNxlJ4SVFhAErFoWK4fVxByzr-QYtZvGQY5h_31YhJ62Jy2C2qdNxrZK6l6FfVoUbIt2VrgPbpHbFgfpcP_qxzfZ_eOrx_yRMfb49XS_xZF-ZtDT6Pf3eLHX4Y83ZPsPZ8Xu7_EDAAA
access-control-allow-headers
*
expires
Sat, 27 Jan 2024 15:00:40 GMT
H4sIAAAAAAAAAC2TTaskNRSG6972jjLgiIqIG5eNMOBJfVcvGpnxIoKbAcXNXVxOKkklndRHJ6nq7vpN4x9w4W9wL4Lg2s1140bwNLg5D-fkfV_CCXn7V3I3-2Tz8PD6u38_-6Trfqtvk-Q8JUlyQ_Pbh9dv__70n2fv_fDH_-PNL8ldnD0fb0jy5va56bGTcJhk9...
mediaservice.audi.com/media/fast/ Frame 8956 		83 KB
84 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://mediaservice.audi.com/media/fast/H4sIAAAAAAAAAC2TTaskNRSG6972jjLgiIqIG5eNMOBJfVcvGpnxIoKbAcXNXVxOKkklndRHJ6nq7vpN4x9w4W9wL4Lg2s1140bwNLg5D-fkfV_CCXn7V3I3-2Tz8PD6u38_-6Trfqtvk-Q8JUlyQ_Pbh9dv__70n2fv_fDH_-PNL8ldnD0fb0jy5va56bGTcJhk9_7T09MHybs0Tu6uh79SufmdyrOfqbzzPLnWzfXkm2v589rf_rQh9Zliv736khcvZu8m9Nh_2fpxGj78oqxYqmpseFbWJee5qkWViYrLJmtTtWtyVhWITfMRZXweTisMRWhBFRzLPIWMZQWkxcvskl2grF6iAcRZMgSUIhMLoF5SwQANL2YF6LqjpC7I6jwQQnkgZcT0nBH4YSeAo04tJyypa4HzsVIdcMc5ZbYaM80I_nggxHN3YiDQ5yEFIU2ukGC7SEOlU4oWiuwMZCsHswNpdNkjwdV9CXLS9TkFGUxNKQoFI7uSc4XU6dNCvs5jvhSgTV8NB0LIhxW0Rdsy0OHUmAvoWdjAwPhQuAwsett0YEUodAl2XMpVgQ1YksGG2VK0XWOeWnBoFS_AtdPxyMCJUYYanETHHDi9omnAGWw6kpjexQzc6OuJlB4zFQgLLQhckLtFgJv7WiP0GCqZQy-C6hvoZY-GQT9GUU8w4FLPHUwdKlrPZN2uUeAR08ERRFlawryjnfl2lD4FH5b8qMHPalgLCMirNoPAfbNMENp4dCkEoQtZQ-jsbiKJ4UPZEWTucoIu8IqVOQVhmusLg-B1ZUoIQRe2hUAX4ySJKjuQ7-SbcwPRLoWpIfpT3iLERR6XHOJlzdYGFm7TmMOieErPv4zhmCIscdmtZziFUHQKVu6zE8KqehYFrEYWK4fVLjlmX8lhMX4cejnE_fdxFmbcnoyIep_uMrbV0nQ67tOiYFt0k8Z99LPctthLj_tXP77J7h9fPeaPjLHHr8f7LQ70M6MZh7C_x4u7mj_ekOw_7BlzYfEDAAA
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.229.202.7 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (muc/331A) /
Resource Hash
50f45618bc140ba6770a2a0ffdd8ba7a703b22e74ef216a053395ea5cf0d27fd
Security Headers
Name Value
Strict-Transport-Security max-age=7884000 ; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://s0.2mdn.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 30 Dec 2023 15:00:40 GMT
strict-transport-security
max-age=7884000 ; includeSubDomains
x-content-type-options
nosniff
x-con-timestamp
Sat, 30 Dec 2023 14:41:11 GMT
age
1169
x-cache
HIT
x-con-clone
1003156
content-length
85282
last-modified
Sat, 30 Dec 2023 14:41:11 GMT
server
ECAcc (muc/331A)
etag
"968f60ac59a4f7e293f2b0e8440d0a3464cdaeb1"
x-con-mediastate
VALID
x-frame-options
DENY
access-control-allow-methods
GET, POST, OPTIONS
content-type
image/jpeg
access-control-allow-origin
*
x-ruleset-version
2.2
accept-ranges
bytes
x-edgio-rewrite
/801C0BF8/eu-prod-render/media/fast/H4sIAAAAAAAAAC2TTaskNRSG6972jjLgiIqIG5eNMOBJfVcvGpnxIoKbAcXNXVxOKkklndRHJ6nq7vpN4x9w4W9wL4Lg2s1140bwNLg5D-fkfV_CCXn7V3I3-2Tz8PD6u38_-6Trfqtvk-Q8JUlyQ_Pbh9dv__70n2fv_fDH_-PNL8ldnD0fb0jy5va56bGTcJhk9_7T09MHybs0Tu6uh79SufmdyrOfqbzzPLnWzfXkm2v589rf_rQh9Zliv736khcvZu8m9Nh_2fpxGj78oqxYqmpseFbWJee5qkWViYrLJmtTtWtyVhWITfMRZXweTisMRWhBFRzLPIWMZQWkxcvskl2grF6iAcRZMgSUIhMLoF5SwQANL2YF6LqjpC7I6jwQQnkgZcT0nBH4YSeAo04tJyypa4HzsVIdcMc5ZbYaM80I_nggxHN3YiDQ5yEFIU2ukGC7SEOlU4oWiuwMZCsHswNpdNkjwdV9CXLS9TkFGUxNKQoFI7uSc4XU6dNCvs5jvhSgTV8NB0LIhxW0Rdsy0OHUmAvoWdjAwPhQuAwsett0YEUodAl2XMpVgQ1YksGG2VK0XWOeWnBoFS_AtdPxyMCJUYYanETHHDi9omnAGWw6kpjexQzc6OuJlB4zFQgLLQhckLtFgJv7WiP0GCqZQy-C6hvoZY-GQT9GUU8w4FLPHUwdKlrPZN2uUeAR08ERRFlawryjnfl2lD4FH5b8qMHPalgLCMirNoPAfbNMENp4dCkEoQtZQ-jsbiKJ4UPZEWTucoIu8IqVOQVhmusLg-B1ZUoIQRe2hUAX4ySJKjuQ7-SbcwPRLoWpIfpT3iLERR6XHOJlzdYGFm7TmMOieErPv4zhmCIscdmtZziFUHQKVu6zE8KqehYFrEYWK4fVLjlmX8lhMX4cejnE_fdxFmbcnoyIep_uMrbV0nQ67tOiYFt0k8Z99LPctthLj_tXP77J7h9fPeaPjLHHr8f7LQ70M6MZh7C_x4u7mj_ekOw_7BlzYfEDAAA
access-control-allow-headers
*
expires
Sat, 27 Jan 2024 15:00:40 GMT
H4sIAAAAAAAAAC2TTYskRRCGa6adVRZcURHx4nEQFozM-uw-NLLrIIKXBcXLHIbIr8rszProzKzsnvpN6x_w4G_wLoLg2ct48SKYDV7eh4h44yWpoN7-Vdwsvtjc37_-7t_PPun737rrojjPRVFc5f71_eu3f3_6z7P3fvjj__bml-ImLp5NV9ny5vq5GbCXcJhl_...
mediaservice.audi.com/media/fast/ Frame 8956 		79 KB
80 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://mediaservice.audi.com/media/fast/H4sIAAAAAAAAAC2TTYskRRCGa6adVRZcURHx4nEQFozM-uw-NLLrIIKXBcXLHIbIr8rszProzKzsnvpN6x_w4G_wLoLg2ct48SKYDV7eh4h44yWpoN7-Vdwsvtjc37_-7t_PPun737rrojjPRVFc5f71_eu3f3_6z7P3fvjj__bml-ImLp5NV9ny5vq5GbCXcJhl__7T09MHxbu5Xdxchr9mufo9y7Ofs7zzvLjo5jL55iJ_XurrnzbZfc6x3172ihcvFu9m9Dh8yf00jx9-wTgjpFKKECWwVjXnokNFqGjamnetoFjmYbX7KGd8Hk4rjHXgoGqGS0WhJGUNtH5JJJHQtC_RA-IiCQJKUYoEqBMVBNCwelGArj_KXAXZnk1GaA7ZGZGeaQY77AQw1NSyjEQdB8amVvXAHGM5k2ssNcnwxwMFHs_9iYBAXwUKQppKYYbtYwtCaXrgGXm9A8nlaHYgjW4GnuFSbEDOujuXIIPpcopCQfK6kkuLudKnpCj0HrexAm2GdjxmhGqMoC1a3YEOp615BL0IGyowPtSuBYvebnuwItS6ATulZlVgAzacZCwWS7BrrKgFh1axGhyfj8ctODHJ0IGT6IgDp1c0uWlw22eLGVwswU2-myk4n-8RMlL-QOCC3CUBbhk6zWHA0MoKBhHUsIVBDmgIDFN01MCIqVt6mHtUkcBs3S6_0yPS0WWIprEZyy6fw_NJego-pOqowS9qXGsIyFpeQmB-m2YIPB4dhSB0LVsIvd3N2WLY2BwyZOWqDF3jBStxCsK8dI8EgtetaSAEXVsOIYqO7TJUeeghnPz2vIVoU20biP5UcYSY5DFVEB_Xct1CYpbmcyTF6KGENIUjFZBi2q0STiHUvYKV-fKEsKqBRAGrkfXKYLWpwvIrOSbjp3GQY9x_HxdhptuTEVHv6a4kt1qaXsc9rWtyi27WuI9-kbccB-lx_-rHN-Xdw6uH6oEQ8vD1dHeLY_4zo5nGsL_DR3dZ_niTbf8Bi9YqGPEDAAA
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.229.202.7 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (muc/3343) /
Resource Hash
4f5a717980490890f6779f467c77657dbb702a2c05241bd0dcb1044ed895e347
Security Headers
Name Value
Strict-Transport-Security max-age=7884000 ; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://s0.2mdn.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 30 Dec 2023 15:00:40 GMT
strict-transport-security
max-age=7884000 ; includeSubDomains
x-content-type-options
nosniff
x-con-timestamp
Fri, 29 Dec 2023 22:23:37 GMT
age
59823
x-cache
HIT
x-con-clone
100135
content-length
80675
last-modified
Fri, 29 Dec 2023 22:23:37 GMT
server
ECAcc (muc/3343)
etag
"0e246b4f5a9e551b1ebb8d96a4066ad27b8c2548"
x-con-mediastate
VALID
x-frame-options
DENY
access-control-allow-methods
GET, POST, OPTIONS
content-type
image/jpeg
access-control-allow-origin
*
x-ruleset-version
2.2
accept-ranges
bytes
x-edgio-rewrite
/801C0BF8/eu-prod-render/media/fast/H4sIAAAAAAAAAC2TTYskRRCGa6adVRZcURHx4nEQFozM-uw-NLLrIIKXBcXLHIbIr8rszProzKzsnvpN6x_w4G_wLoLg2ct48SKYDV7eh4h44yWpoN7-Vdwsvtjc37_-7t_PPun737rrojjPRVFc5f71_eu3f3_6z7P3fvjj__bml-ImLp5NV9ny5vq5GbCXcJhl__7T09MHxbu5Xdxchr9mufo9y7Ofs7zzvLjo5jL55iJ_XurrnzbZfc6x3172ihcvFu9m9Dh8yf00jx9-wTgjpFKKECWwVjXnokNFqGjamnetoFjmYbX7KGd8Hk4rjHXgoGqGS0WhJGUNtH5JJJHQtC_RA-IiCQJKUYoEqBMVBNCwelGArj_KXAXZnk1GaA7ZGZGeaQY77AQw1NSyjEQdB8amVvXAHGM5k2ssNcnwxwMFHs_9iYBAXwUKQppKYYbtYwtCaXrgGXm9A8nlaHYgjW4GnuFSbEDOujuXIIPpcopCQfK6kkuLudKnpCj0HrexAm2GdjxmhGqMoC1a3YEOp615BL0IGyowPtSuBYvebnuwItS6ATulZlVgAzacZCwWS7BrrKgFh1axGhyfj8ctODHJ0IGT6IgDp1c0uWlw22eLGVwswU2-myk4n-8RMlL-QOCC3CUBbhk6zWHA0MoKBhHUsIVBDmgIDFN01MCIqVt6mHtUkcBs3S6_0yPS0WWIprEZyy6fw_NJego-pOqowS9qXGsIyFpeQmB-m2YIPB4dhSB0LVsIvd3N2WLY2BwyZOWqDF3jBStxCsK8dI8EgtetaSAEXVsOIYqO7TJUeeghnPz2vIVoU20biP5UcYSY5DFVEB_Xct1CYpbmcyTF6KGENIUjFZBi2q0STiHUvYKV-fKEsKqBRAGrkfXKYLWpwvIrOSbjp3GQY9x_HxdhptuTEVHv6a4kt1qaXsc9rWtyi27WuI9-kbccB-lx_-rHN-Xdw6uH6oEQ8vD1dHeLY_4zo5nGsL_DR3dZ_niTbf8Bi9YqGPEDAAA
access-control-allow-headers
*
expires
Sat, 27 Jan 2024 15:00:40 GMT
H4sIAAAAAAAAAC2TS44kNRCGs7tpBiEYxIwQ4gItxEgT-XA-alFCMwwSEptGPBb0ohRO22mXnY-ynVlVeRIOMYibcAE2XIBNs2GDRJTE5v8U4T9-WWH57V_J7eyTm4eH19_--9knXfdHfZ0kpylJkivqXz-8fvv3p_-8-94Pf_7fvvk9uY2z5-MVWe6v3zc9dhL2k...
mediaservice.audi.com/media/fast/ Frame 8956 		94 KB
95 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://mediaservice.audi.com/media/fast/H4sIAAAAAAAAAC2TS44kNRCGs7tpBiEYxIwQ4gItxEgT-XA-alFCMwwSEptGPBb0ohRO22mXnY-ynVlVeRIOMYibcAE2XIBNs2GDRJTE5v8U4T9-WWH57V_J7eyTm4eH19_--9knXfdHfZ0kpylJkivqXz-8fvv3p_-8-94Pf_7fvvk9uY2z5-MVWe6v3zc9dhL2k-w-fHx8_Ch5Qu3k9nL4M8nVByRPnpO881ty0V8uJw8X-eJSX_96Q-4TxX5zmUuePp29m9Bj_7L14zR8_LkUWVvzst4oVlSskjwtWtkIzuqaiXrDikbVqmDsGWW8DMcVBuZbUIwjKzLI05xBxl60eZtDWb1AA4izTBFQilwsgHrJRApoOJsVoOsOkqogqxM5Qyj35IyYnTIC328EcNSZ5YQlcy1wPlaqA-44p8xWY65Tgj_sCfHUHVMQ6IuQgZCmUEiwXaSm0hlFC0XjKchWDmYD0uiyR4Kr-xLkpOtTDjKYmlIUipTGlZwrpEofF5rrPDaxAG36atgTQjGsoC1aXYMOx8acQc_ChgKMD8xVYNHbpgMrAtMl2HEpVwU2YNmmhNliDnaNRWbBoVU8BddOhwNBjDLU4CS61IHTK5oGnMGmY4TexRzc6OspA-cxV4Gw0ILABblZBLi5rzVCj6GSBfQiqD6FXvZoCGMU9QQDLvXcwdShovVM1m3onh4xGxxBsDQQ5g3tzLej9Bn4sBQHDX5Ww8ogIK_ohQP3zTJBaOPBZRCEZrKC0NnNRBbDh7IjyMIVBM3wgjV1CsI01-cUgteVKSEEzWwLgS7GNwSV7zmEo29ODUS7MFtC9MeiRYiLPCwFxPOarw0s3Gb0HIvi2T6HZQyHDGGJy2aVcAyBdQpW7vMjwkoLiAJWI9nKYbVLgfmXcliMH4deDnH7fZyFGe-ORkS9zTZ5eqel6XTcZoyld-gmjdvoZ3nXYi89bu_P9GWM2L36schOu-_Y7utIUbs0rXZpvvtqfHOHA_3UaMYhbN_g2V3Cnt-8-un-Pytaqw4BBAAA
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.229.202.7 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (muc/3340) /
Resource Hash
d7c57fc5a24a61d5610b1059415c0a82d50bc95e24e4f946ef9e9d72fb71a3aa
Security Headers
Name Value
Strict-Transport-Security max-age=7884000 ; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://s0.2mdn.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 30 Dec 2023 15:00:40 GMT
strict-transport-security
max-age=7884000 ; includeSubDomains
x-content-type-options
nosniff
x-con-timestamp
Sat, 30 Dec 2023 13:46:26 GMT
age
4454
x-cache
HIT
x-con-clone
1003151
content-length
96065
last-modified
Sat, 30 Dec 2023 13:46:26 GMT
server
ECAcc (muc/3340)
etag
"45d291ad90cb18be3b5eafefcef29aabb3da6581"
x-con-mediastate
VALID
x-frame-options
DENY
access-control-allow-methods
GET, POST, OPTIONS
content-type
image/jpeg
access-control-allow-origin
*
x-ruleset-version
2.2
accept-ranges
bytes
x-edgio-rewrite
/801C0BF8/eu-prod-render/media/fast/H4sIAAAAAAAAAC2TS44kNRCGs7tpBiEYxIwQ4gItxEgT-XA-alFCMwwSEptGPBb0ohRO22mXnY-ynVlVeRIOMYibcAE2XIBNs2GDRJTE5v8U4T9-WWH57V_J7eyTm4eH19_--9knXfdHfZ0kpylJkivqXz-8fvv3p_-8-94Pf_7fvvk9uY2z5-MVWe6v3zc9dhL2k-w-fHx8_Ch5Qu3k9nL4M8nVByRPnpO881ty0V8uJw8X-eJSX_96Q-4TxX5zmUuePp29m9Bj_7L14zR8_LkUWVvzst4oVlSskjwtWtkIzuqaiXrDikbVqmDsGWW8DMcVBuZbUIwjKzLI05xBxl60eZtDWb1AA4izTBFQilwsgHrJRApoOJsVoOsOkqogqxM5Qyj35IyYnTIC328EcNSZ5YQlcy1wPlaqA-44p8xWY65Tgj_sCfHUHVMQ6IuQgZCmUEiwXaSm0hlFC0XjKchWDmYD0uiyR4Kr-xLkpOtTDjKYmlIUipTGlZwrpEofF5rrPDaxAG36atgTQjGsoC1aXYMOx8acQc_ChgKMD8xVYNHbpgMrAtMl2HEpVwU2YNmmhNliDnaNRWbBoVU8BddOhwNBjDLU4CS61IHTK5oGnMGmY4TexRzc6OspA-cxV4Gw0ILABblZBLi5rzVCj6GSBfQiqD6FXvZoCGMU9QQDLvXcwdShovVM1m3onh4xGxxBsDQQ5g3tzLej9Bn4sBQHDX5Ww8ogIK_ohQP3zTJBaOPBZRCEZrKC0NnNRBbDh7IjyMIVBM3wgjV1CsI01-cUgteVKSEEzWwLgS7GNwSV7zmEo29ODUS7MFtC9MeiRYiLPCwFxPOarw0s3Gb0HIvi2T6HZQyHDGGJy2aVcAyBdQpW7vMjwkoLiAJWI9nKYbVLgfmXcliMH4deDnH7fZyFGe-ORkS9zTZ5eqel6XTcZoyld-gmjdvoZ3nXYi89bu_P9GWM2L36schOu-_Y7utIUbs0rXZpvvtqfHOHA_3UaMYhbN_g2V3Cnt-8-un-Pytaqw4BBAAA
access-control-allow-headers
*
expires
Sat, 27 Jan 2024 15:00:40 GMT
H4sIAAAAAAAAAC2TS44kNRCGs7tpBiEYxIwQ4gIlxEgTznflooRmGCQkNo14LOhFKZy20y47H2U7s6rzJBxiEDfhAmy4AJtmwwaJKIlNfIqI__9l2fLbv5Lb2Sc39_evv_33s0-67o_6OknOU5IkVzS_vn_99u9P_3n3vR_-_H9883tyG2fPxyuS3F2_b3rsJBwm2...
mediaservice.audi.com/media/fast/ Frame 8956 		100 KB
101 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://mediaservice.audi.com/media/fast/H4sIAAAAAAAAAC2TS44kNRCGs7tpBiEYxIwQ4gIlxEgTznflooRmGCQkNo14LOhFKZy20y47H2U7s6rzJBxiEDfhAmy4AJtmwwaJKIlNfIqI__9l2fLbv5Lb2Sc39_evv_33s0-67o_6OknOU5IkVzS_vn_99u9P_3n3vR_-_H9883tyG2fPxyuS3F2_b3rsJBwm2X34-Pj4UfKExsntZfkzlasPqDx5TuWd35JL_eWyub-ULy799a83pD5T7DcXX_L06ezdhB77l60fp-HjzxvFsM1ypRQrasGbqqBG1kK1DRd5VVV1WuaNSJ9RxstwWmEofAuq4FjmKWQsKyAtXrjSlVBWL9AA4iwZAkqRiQVQL6lggIYXswJ03VFSF2R1HgihPJAyYnrOCPzQCOCoU8sJS-pa4HysVAfccU6ZrcZMM4I_Hgjx3J0YCPR5SEFIkysk2C7SUOn00BLIzkC2cjANSKPLHgmu7kuQk67PKchgakpRKBjZlZwrpE6fFvJ1HvOlAG36ajgQQj6soC3aloEOp62JoGdhAwPjQ-EysOjttgMrQqFLsONSrgpswJIMNsyWou0a89SCQ6t4Ca6djkcGTowy1OAkOubA6RXNFpzBbUc707uYgRt9PVHnMVOBsNAFgQuyWQS4ua81Qo-hkjn0Iqi-hl72aBj0YxT1BAMu9dzB1KGi65msa7YKPGI6OIIoS0uYG3oO347Sp-DDkh81-FkNawEBedVmELjfLh2ENh5dCkHoQtYQOttMJDF8KGlnZO5ygi7wgpU5BWGa6wcGwevKlBCCLmwLgQ7GSRJVdhAQTn57riHapTAEf8pbhLjI45JDfFizdQsLt2nMYVE8pedfxnBMEZa4NOsZTiEUnYKV--yEsKqeRQGrkcXKYbVLjtmXcliMH4deDnH3fZyFGTcnI6LepU3GNlqaTsddWhRsg27SuIt-lpsWe-lxd_dAX8aI_asf8_S8_67Yfx0pas9YtWfZ_qvxzQYH-qnRjEPYvcEHdwl7fvPqp7v_AEkN2tQBBAAA
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.229.202.7 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (muc/3362) /
Resource Hash
8ab4ece4b4ea7dcf4659844e1f60aa2b9922a861db3b15f206120a692054c082
Security Headers
Name Value
Strict-Transport-Security max-age=7884000 ; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://s0.2mdn.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 30 Dec 2023 15:00:40 GMT
strict-transport-security
max-age=7884000 ; includeSubDomains
x-content-type-options
nosniff
x-con-timestamp
Thu, 28 Dec 2023 07:14:03 GMT
age
200797
x-cache
HIT
x-con-clone
1003249
content-length
102242
last-modified
Thu, 28 Dec 2023 07:14:03 GMT
server
ECAcc (muc/3362)
etag
"fa3b5107f907f2d8234c5a6434a1d62ec1d9bbc1"
x-con-mediastate
VALID
x-frame-options
DENY
access-control-allow-methods
GET, POST, OPTIONS
content-type
image/jpeg
access-control-allow-origin
*
x-ruleset-version
2.2
accept-ranges
bytes
x-edgio-rewrite
/801C0BF8/eu-prod-render/media/fast/H4sIAAAAAAAAAC2TS44kNRCGs7tpBiEYxIwQ4gIlxEgTznflooRmGCQkNo14LOhFKZy20y47H2U7s6rzJBxiEDfhAmy4AJtmwwaJKIlNfIqI__9l2fLbv5Lb2Sc39_evv_33s0-67o_6OknOU5IkVzS_vn_99u9P_3n3vR_-_H9883tyG2fPxyuS3F2_b3rsJBwm2X34-Pj4UfKExsntZfkzlasPqDx5TuWd35JL_eWyub-ULy799a83pD5T7DcXX_L06ezdhB77l60fp-HjzxvFsM1ypRQrasGbqqBG1kK1DRd5VVV1WuaNSJ9RxstwWmEofAuq4FjmKWQsKyAtXrjSlVBWL9AA4iwZAkqRiQVQL6lggIYXswJ03VFSF2R1HgihPJAyYnrOCPzQCOCoU8sJS-pa4HysVAfccU6ZrcZMM4I_Hgjx3J0YCPR5SEFIkysk2C7SUOn00BLIzkC2cjANSKPLHgmu7kuQk67PKchgakpRKBjZlZwrpE6fFvJ1HvOlAG36ajgQQj6soC3aloEOp62JoGdhAwPjQ-EysOjttgMrQqFLsONSrgpswJIMNsyWou0a89SCQ6t4Ca6djkcGTowy1OAkOubA6RXNFpzBbUc707uYgRt9PVHnMVOBsNAFgQuyWQS4ua81Qo-hkjn0Iqi-hl72aBj0YxT1BAMu9dzB1KGi65msa7YKPGI6OIIoS0uYG3oO347Sp-DDkh81-FkNawEBedVmELjfLh2ENh5dCkHoQtYQOttMJDF8KGlnZO5ygi7wgpU5BWGa6wcGwevKlBCCLmwLgQ7GSRJVdhAQTn57riHapTAEf8pbhLjI45JDfFizdQsLt2nMYVE8pedfxnBMEZa4NOsZTiEUnYKV--yEsKqeRQGrkcXKYbVLjtmXcliMH4deDnH3fZyFGTcnI6LepU3GNlqaTsddWhRsg27SuIt-lpsWe-lxd_dAX8aI_asf8_S8_67Yfx0pas9YtWfZ_qvxzQYH-qnRjEPYvcEHdwl7fvPqp7v_AEkN2tQBBAAA
access-control-allow-headers
*
expires
Sat, 27 Jan 2024 15:00:40 GMT
H4sIAAAAAAAAAC2Ty4okRRSGs7ttR0RHnEHEF2jEgTkZea9FITOOILhp8bKwF8WJjIiMqIi8VERkVlU-iQ8x4pv4Am58ATftxo3gKRCS_-Oc-M9PcJJ4-1dyO_vk5uHh9bf_fvZJ1_1RXyfJaUqS5Ir61w-v3_796T_vvvfDn_-3b35PbuPs-XhFlvvr902PnYT9J...
mediaservice.audi.com/media/fast/ Frame 8956 		99 KB
100 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://mediaservice.audi.com/media/fast/H4sIAAAAAAAAAC2Ty4okRRSGs7ttR0RHnEHEF2jEgTkZea9FITOOILhp8bKwF8WJjIiMqIi8VERkVlU-iQ8x4pv4Am58ATftxo3gKRCS_-Oc-M9PcJJ4-1dyO_vk5uHh9bf_fvZJ1_1RXyfJaUqS5Ir61w-v3_796T_vvvfDn_-3b35PbuPs-XhFlvvr902PnYT9JLsPHx8fP0qeUDu5vRz-THL1AcmT5yTv_JZc9JfLycNFvrjU17_ekPtEsd9c5pKnT2fvJvTYv2z9OA0ffy5YlZWZyljVthWrG5Hmqsrqoqwq0WT0bZq6UC1_Rhkvw3GFofAtqIJjkTPI0qwAVrwoz-UZyuoFGkCcZYqAUmRiAdQLEymg4cWsAF13kFQFWZ3IGUK5J2dEdmIEvt8I4KiZ5YSFuRY4HyvVAXecU2arMdMpwR_2hHjqjikI9HlgIKTJFRJsF6mpNKNooWg8BdnKwWxAGl32SHB1X4KcdH3KQAZTU4pCkdK4knOFVOnjQnOdxybmoE1fDXtCyIcVtEWra9Dh2Jgz6FnYkIPxoXAVWPS26cCKUOgS7LiUqwIbsGxTwmwxA7vGnFlwaBVPwbXT4UAQoww1OIkudeD0iqYBZ7DpCkLvYgZu9PXEwHnMVCAstCBwQW4WAW7ua43QY6hkDr0Iqk-hlz0awhhFPcGASz13MHWoaD2TdRu6p0dkgyOIsrSEeUM78-0oPQMflvygwc9qWAsIyKs2g8B9s0wQ2nhwDILQhawgdHYzkcXwoewIMnc5QRd4wZo6BWGa63MKwevKlBCCLmwLgS7GNwSV7TmEo29ODUS7FLaE6I95ixAXeVhyiOc1WxtYuGX0OxbF2T6DZQwHhrDEZbNKOIZQdApW7rMjwkoLiAJWI4uVw2qXHLMv5bAYPw69HOL2-zgLM94djYh6yzZZeqel6XTcsqJI79BNGrfRz_KuxV563N6f6ckYsXv1Y85Ou--K3deRonZpWu3SbPfV-OYOB3qp0YxD2L7Bs7uEPb959dP9f5D3I2sBBAAA
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.229.202.7 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (muc/3373) /
Resource Hash
ca09f279223052e61e11119613238d24bae7c54acf5a6fe6dac874d3065df6f2
Security Headers
Name Value
Strict-Transport-Security max-age=7884000 ; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://s0.2mdn.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 30 Dec 2023 15:00:40 GMT
strict-transport-security
max-age=7884000 ; includeSubDomains
x-content-type-options
nosniff
x-con-timestamp
Sat, 23 Dec 2023 15:54:15 GMT
age
601585
x-cache
HIT
x-con-clone
1003100
content-length
101513
last-modified
Sat, 23 Dec 2023 15:54:15 GMT
server
ECAcc (muc/3373)
etag
"51af1a431564dfc1a03a523acdc1ddaddd5daebd"
x-con-mediastate
VALID
x-frame-options
DENY
access-control-allow-methods
GET, POST, OPTIONS
content-type
image/jpeg
access-control-allow-origin
*
x-ruleset-version
2.2
accept-ranges
bytes
x-edgio-rewrite
/801C0BF8/eu-prod-render/media/fast/H4sIAAAAAAAAAC2Ty4okRRSGs7ttR0RHnEHEF2jEgTkZea9FITOOILhp8bKwF8WJjIiMqIi8VERkVlU-iQ8x4pv4Am58ATftxo3gKRCS_-Oc-M9PcJJ4-1dyO_vk5uHh9bf_fvZJ1_1RXyfJaUqS5Ir61w-v3_796T_vvvfDn_-3b35PbuPs-XhFlvvr902PnYT9JLsPHx8fP0qeUDu5vRz-THL1AcmT5yTv_JZc9JfLycNFvrjU17_ekPtEsd9c5pKnT2fvJvTYv2z9OA0ffy5YlZWZyljVthWrG5Hmqsrqoqwq0WT0bZq6UC1_Rhkvw3GFofAtqIJjkTPI0qwAVrwoz-UZyuoFGkCcZYqAUmRiAdQLEymg4cWsAF13kFQFWZ3IGUK5J2dEdmIEvt8I4KiZ5YSFuRY4HyvVAXecU2arMdMpwR_2hHjqjikI9HlgIKTJFRJsF6mpNKNooWg8BdnKwWxAGl32SHB1X4KcdH3KQAZTU4pCkdK4knOFVOnjQnOdxybmoE1fDXtCyIcVtEWra9Dh2Jgz6FnYkIPxoXAVWPS26cCKUOgS7LiUqwIbsGxTwmwxA7vGnFlwaBVPwbXT4UAQoww1OIkudeD0iqYBZ7DpCkLvYgZu9PXEwHnMVCAstCBwQW4WAW7ua43QY6hkDr0Iqk-hlz0awhhFPcGASz13MHWoaD2TdRu6p0dkgyOIsrSEeUM78-0oPQMflvygwc9qWAsIyKs2g8B9s0wQ2nhwDILQhawgdHYzkcXwoewIMnc5QRd4wZo6BWGa63MKwevKlBCCLmwLgS7GNwSV7TmEo29ODUS7FLaE6I95ixAXeVhyiOc1WxtYuGX0OxbF2T6DZQwHhrDEZbNKOIZQdApW7rMjwkoLiAJWI4uVw2qXHLMv5bAYPw69HOL2-zgLM94djYh6yzZZeqel6XTcsqJI79BNGrfRz_KuxV563N6f6ckYsXv1Y85Ou--K3deRonZpWu3SbPfV-OYOB3qp0YxD2L7Bs7uEPb959dP9f5D3I2sBBAAA
access-control-allow-headers
*
expires
Sat, 27 Jan 2024 15:00:40 GMT
H4sIAAAAAAAAAC2TS44kNRCGs7tpBiEYxIwQmguUECNNODOdr0UJzQNpJDaNeCzoRSky00677HyU7cyqypNwiEHchAuw4QKzaTZskIiS2MSnCP__Lyssv3sf3c4uurm_f_Xdv8--6Lo_i-soOk1RFF3R_Pr-1bu_v_znw49-_Ov_8c0f0W2YXT1ekeTu-mPdYydgP...
mediaservice.audi.com/media/fast/ Frame 8956 		99 KB
100 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://mediaservice.audi.com/media/fast/H4sIAAAAAAAAAC2TS44kNRCGs7tpBiEYxIwQmguUECNNODOdr0UJzQNpJDaNeCzoRSky00677HyU7cyqypNwiEHchAuw4QKzaTZskIiS2MSnCP__Lyssv3sf3c4uurm_f_Xdv8--6Lo_i-soOk1RFF3R_Pr-1bu_v_znw49-_Ov_8c0f0W2YXT1ekeTu-mPdYydgP4nu04eHh8-iRzSObi-Hv1C5-oTKo6dUPvg9utRfLyf3l_L1pb_-7YbUJ4p9e_FFjx_Pzk7osH_RuHEaPv-qEblgiWwrLnkl4pzJqqxSUeRl3cRcIKJIWZOzJ5Txwh9XGLhrQPIaszSGhCUcYv48OSdnyPLnqAFxFgwBRZu0C6Ba4pYB6prPEtB2B0GdF_lpIPhsT8qA8Skh1PuqhRpVbGrCEtsG6nrMZQe1rWvKbBQmihHcYU8Ip-7IoEWX-hhaoVOJBNMFGkoVU3Qryc5ANGLQFQitsh4JtugzEJMqTjEIrwtKkdgysksx50idOi7k6xymCwel-3zYE3w6rKAMmoaB8sdSn0HNrfEMtPPcJmDQmbID03quMjDjkq0SjMeMDMbPhqLNGtLYgEUjaw62mQ4HBrYdhS_ACrTMglUr6hKsxrIjie5tSMCOrphI6TCRnrDQgsB6US0t2LkvFEKPPhcp9K2XfQm96FEz6MfQFhMMuBRzB1OHktYzGVuVEhxiPFhCm2WGMFe0M9eMwsXg_JIeFLhZDisHj3XeJOBrVy4T-CYcbAy-VVwU4DtTTSTR9ZB1BJHalKA4XrAyK8FPc3Fm4J3KdQbeK24a8HSxmiRBJnvyHV15KiGYhesCgjumDUJYxGFJIZzXZC1hqU0cUlhkHdPzL6M_xAhLWKr1BEfveSdhrV1yRFhlz0ILqxZ8rWE1S4rJN2JYtBuHXgxh-0OYWz1ujroNahtXCdsooTsVtjHnbIN2UrgNbhabBnvhcHt3pi-j293Ln9L4tPue774NFLVjLN-xZPd6fLPBgX5q0OPgt2_wbC9hT29e_nz3H2ddA3cBBAAA
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.229.202.7 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (muc/3372) /
Resource Hash
c98bcc33cd47cfef6487dca1e3a4f0e2ae2f7eb08f23478d3fe52263376f21d3
Security Headers
Name Value
Strict-Transport-Security max-age=7884000 ; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://s0.2mdn.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 30 Dec 2023 15:00:40 GMT
strict-transport-security
max-age=7884000 ; includeSubDomains
x-content-type-options
nosniff
x-con-timestamp
Sat, 30 Dec 2023 14:41:11 GMT
age
1169
x-cache
HIT
x-con-clone
1003156
content-length
101605
last-modified
Sat, 30 Dec 2023 14:41:11 GMT
server
ECAcc (muc/3372)
etag
"9e34b70572c00034d198dfd4b163b4873dc3c5f0"
x-con-mediastate
VALID
x-frame-options
DENY
access-control-allow-methods
GET, POST, OPTIONS
content-type
image/jpeg
access-control-allow-origin
*
x-ruleset-version
2.2
accept-ranges
bytes
x-edgio-rewrite
/801C0BF8/eu-prod-render/media/fast/H4sIAAAAAAAAAC2TS44kNRCGs7tpBiEYxIwQmguUECNNODOdr0UJzQNpJDaNeCzoRSky00677HyU7cyqypNwiEHchAuw4QKzaTZskIiS2MSnCP__Lyssv3sf3c4uurm_f_Xdv8--6Lo_i-soOk1RFF3R_Pr-1bu_v_znw49-_Ov_8c0f0W2YXT1ekeTu-mPdYydgP4nu04eHh8-iRzSObi-Hv1C5-oTKo6dUPvg9utRfLyf3l_L1pb_-7YbUJ4p9e_FFjx_Pzk7osH_RuHEaPv-qEblgiWwrLnkl4pzJqqxSUeRl3cRcIKJIWZOzJ5Txwh9XGLhrQPIaszSGhCUcYv48OSdnyPLnqAFxFgwBRZu0C6Ba4pYB6prPEtB2B0GdF_lpIPhsT8qA8Skh1PuqhRpVbGrCEtsG6nrMZQe1rWvKbBQmihHcYU8Ip-7IoEWX-hhaoVOJBNMFGkoVU3Qryc5ANGLQFQitsh4JtugzEJMqTjEIrwtKkdgysksx50idOi7k6xymCwel-3zYE3w6rKAMmoaB8sdSn0HNrfEMtPPcJmDQmbID03quMjDjkq0SjMeMDMbPhqLNGtLYgEUjaw62mQ4HBrYdhS_ACrTMglUr6hKsxrIjie5tSMCOrphI6TCRnrDQgsB6US0t2LkvFEKPPhcp9K2XfQm96FEz6MfQFhMMuBRzB1OHktYzGVuVEhxiPFhCm2WGMFe0M9eMwsXg_JIeFLhZDisHj3XeJOBrVy4T-CYcbAy-VVwU4DtTTSTR9ZB1BJHalKA4XrAyK8FPc3Fm4J3KdQbeK24a8HSxmiRBJnvyHV15KiGYhesCgjumDUJYxGFJIZzXZC1hqU0cUlhkHdPzL6M_xAhLWKr1BEfveSdhrV1yRFhlz0ILqxZ8rWE1S4rJN2JYtBuHXgxh-0OYWz1ujroNahtXCdsooTsVtjHnbIN2UrgNbhabBnvhcHt3pi-j293Ln9L4tPue774NFLVjLN-xZPd6fLPBgX5q0OPgt2_wbC9hT29e_nz3H2ddA3cBBAAA
access-control-allow-headers
*
expires
Sat, 27 Jan 2024 15:00:40 GMT
H4sIAAAAAAAAAC2TzYolNRTHq7ttR0RHnEHEF2jEgTlJVeprcZEZRxDctPixsBfNSSWp5Cb1cZNU3dv1JD7EiG_iC7jxBdy0GzeCueDm_-Oc8z9_QkLe_pVdLz67urt7_e2_n33S93_Ul1l2mrMsu0j9y7vXb__-9J933_vhz__bV79n13HxfLpIltvL982AvYT9L...
mediaservice.audi.com/media/fast/ Frame 8956 		98 KB
99 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://mediaservice.audi.com/media/fast/H4sIAAAAAAAAAC2TzYolNRTHq7ttR0RHnEHEF2jEgTlJVeprcZEZRxDctPixsBfNSSWp5Cb1cZNU3dv1JD7EiG_iC7jxBdy0GzeCueDm_-Oc8z9_QkLe_pVdLz67urt7_e2_n33S93_Ul1l2mrMsu0j9y7vXb__-9J933_vhz__bV79n13HxfLpIltvL982AvYT9LPsPHx8fP8qepHZ2fR7-nOTigyRPnid557fsrL-cJ3dn-eJcX_56ldynFPvNeS97-nTxbkaPw8vOT_P48edlw7FgBeOqaVrMGadlVRclQ9aWpBKKdaQhdds-Sxkvw3GDkfkOFOO4FBRykjOg7AWRREJZvUAPiIskCChFLlZAvVJBAA1niwJ0_UGmKsjqZBJCuU_OiPREE_i-FcBRU8sTVuo64HyqVA_ccZ4yO425Jgn-sKfQxVN_JCDQF4GCkKZQmGD7WIFQmu67hLReg-zkaFqQRpdDl-DWWIKcdX3KQQZTpxSFgqR1JZcKU6WPq6LQe2xiAdoM1XhICMUYQVu0ugYdjo15AL0IGwowPjBXgUVvmx6sCEyXYKe13BTYgGVHEhaLOdgtFtSCQ6s4A9fNh0MDTkwy1OAkOuLA6Q1Nahps-mQxg4s5uMnXMwXnMVchYU0XBC7IdhXglqHWHQwYKlnAIIIaGhjkgIbAMEVHDYy41ksPc48qEpita9M5PSIdXYIoS5uwtOk5fDdJT8GHtTho8IsaNwYBedXlELhv1hlCFw-OQhCayQpCb9s5WQwfy32CLFyRoBmesRGnIMxL_UAgeF2ZEkLQzHYQoqh5m6DyfQ_h6JtTA9GuzJYQ_bHoEOIqD2sB8WHLtwZWbml6jlVxus9hncKBCljj2m4SjiGwXsHGfX5E2NRAooDNSLZx2OxaYP6lHFfjp3GQY9x9HxdhppujEVHvaJuTGy1Nr-OOMkZu0M0ad9Ev8qbDQXrc3T6kL2PE_asfC3q6_47dfx1T1D0h1T3J77-a3tzgmH5qNNMYdm_wwZ3Dnl-9-un2P2faSdUBBAAA
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.229.202.7 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (muc/3312) /
Resource Hash
d77748de3db19c0ca3aecac4b5fc364537a9bcd9991194a8c92ea9296ce0e1df
Security Headers
Name Value
Strict-Transport-Security max-age=7884000 ; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://s0.2mdn.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 30 Dec 2023 15:00:40 GMT
strict-transport-security
max-age=7884000 ; includeSubDomains
x-content-type-options
nosniff
x-con-timestamp
Fri, 29 Dec 2023 22:23:37 GMT
age
59823
x-cache
HIT
x-con-clone
1003199
content-length
100194
last-modified
Fri, 29 Dec 2023 22:23:37 GMT
server
ECAcc (muc/3312)
etag
"bef9e84b67a6fa2ead43ff0a51f45b9175cd7c47"
x-con-mediastate
VALID
x-frame-options
DENY
access-control-allow-methods
GET, POST, OPTIONS
content-type
image/jpeg
access-control-allow-origin
*
x-ruleset-version
2.2
accept-ranges
bytes
x-edgio-rewrite
/801C0BF8/eu-prod-render/media/fast/H4sIAAAAAAAAAC2TzYolNRTHq7ttR0RHnEHEF2jEgTlJVeprcZEZRxDctPixsBfNSSWp5Cb1cZNU3dv1JD7EiG_iC7jxBdy0GzeCueDm_-Oc8z9_QkLe_pVdLz67urt7_e2_n33S93_Ul1l2mrMsu0j9y7vXb__-9J933_vhz__bV79n13HxfLpIltvL982AvYT9LPsPHx8fP8qepHZ2fR7-nOTigyRPnid557fsrL-cJ3dn-eJcX_56ldynFPvNeS97-nTxbkaPw8vOT_P48edlw7FgBeOqaVrMGadlVRclQ9aWpBKKdaQhdds-Sxkvw3GDkfkOFOO4FBRykjOg7AWRREJZvUAPiIskCChFLlZAvVJBAA1niwJ0_UGmKsjqZBJCuU_OiPREE_i-FcBRU8sTVuo64HyqVA_ccZ4yO425Jgn-sKfQxVN_JCDQF4GCkKZQmGD7WIFQmu67hLReg-zkaFqQRpdDl-DWWIKcdX3KQQZTpxSFgqR1JZcKU6WPq6LQe2xiAdoM1XhICMUYQVu0ugYdjo15AL0IGwowPjBXgUVvmx6sCEyXYKe13BTYgGVHEhaLOdgtFtSCQ6s4A9fNh0MDTkwy1OAkOuLA6Q1Nahps-mQxg4s5uMnXMwXnMVchYU0XBC7IdhXglqHWHQwYKlnAIIIaGhjkgIbAMEVHDYy41ksPc48qEpita9M5PSIdXYIoS5uwtOk5fDdJT8GHtTho8IsaNwYBedXlELhv1hlCFw-OQhCayQpCb9s5WQwfy32CLFyRoBmesRGnIMxL_UAgeF2ZEkLQzHYQoqh5m6DyfQ_h6JtTA9GuzJYQ_bHoEOIqD2sB8WHLtwZWbml6jlVxus9hncKBCljj2m4SjiGwXsHGfX5E2NRAooDNSLZx2OxaYP6lHFfjp3GQY9x9HxdhppujEVHvaJuTGy1Nr-OOMkZu0M0ad9Ev8qbDQXrc3T6kL2PE_asfC3q6_47dfx1T1D0h1T3J77-a3tzgmH5qNNMYdm_wwZ3Dnl-9-un2P2faSdUBBAAA
access-control-allow-headers
*
expires
Sat, 27 Jan 2024 15:00:40 GMT
sodar
pagead2.googlesyndication.com/pagead/ 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gda_r20231207&jk=3836462664446130&bg=!PT6lPnHNAAY3kmNgF5I7ADQBe5WfOBW2j5TBSeiI1VDSE1lZw5URuLs47vk-BXB4pYCr-Ot3XMHoAAoEkDNg6zRKs6xhAgAAADhSAAAAAWgBBwoAWithTUAjojW_nklAJlLbJVMHJvH6NduXnZwwXC33ZsWHD3ptwVtVUvsJ2Q3RqHtXmmk1CUiQoGsininlU85H3VT8jPptv6nx7QjZWznQQXxzOZ_7G4MofoHMyJkCt2mOTcsuB-vuXO22b0iOFExavd4JOBE0wK1qD2C4mP4rrRv9X_9o3voHcgFCVVdn8CdzsKeIntqTkaIbMz-4SH828_LvDEa3vxzcK1aRJJw5379pXNxGTJHfmgzI1318baXffQxQucWN8SIiI3uRcrvyCKjcYs1tN_bJHZVe0FcPekT_wBfV2dCFk8Y4a_fiQHeMYIPm-MxuG-Ky9YhaQS4FhYRgGUbPn_YHmqjsiVAm2ktV8XK5Smxyu4BdzaWiuPEbZcluFsi2iYOg8gk7Vx6VBu_V3586sQ8eLXaxGUzIgGqsa5EPCdozlRAPbE2vp1Fh_ULzYj1poLL1bV45GZSQz7dHWa87dk5H8tyFepn3bUXEHUGppogbkFV8Qa5qOOlNrHHjlbR0WHPz7Qo0Gch78Ukoqn-l8IB98f6UWKUgx5poREqJkZAdkoAxzTO8T3a4GHe-9Gy9vkeTPVSKE35EAkuNPZbWWNPE_ptYbq-LgguGBWKfRHECkGOTspDYmLjfeqwH85mvfANvfGu0puon3ByYfBF4JuVMG25rWKdNr-Qm6yVH2ivdrvVHFYBvW2pmOZxP6P-fbbX-ZjYPBjGlk11p-GrFInx5ZWOWwSnn6QgHJTTgFjGHTJKPttBSdAqyEr36tKKyXUOcFFFAKEa5ya4cWtfgr079QOe4oypVALEEoR2fo7sXZpDppsWAgXBlPDjuZm7v0Y5KuMgC662ys8_zjRO7qJEAbFYka80QBEqTL0keRal7YxqX0nfotLwSiNMa8fbgf96Cp5nDz2VpTSs_20a07dErZPWSDHWc3KPDcxSKwtJlrMCyU-Z6raydgmU2tbqyUs6mxjuSSGT6ZleCHe3fuvbJVtuYzIbCBTc6ywFSZVikh_rFXc4bzGX13tPVd26uvLg0nXQNJJuPOQpkfm1d
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://winning-wizard.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers
gen_204
pagead2.googlesyndication.com/pagead/ Frame 70B5 		0
20 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=2476813354712&version=m202309260101&ct=132&x=1&cor=18248576333173610000
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 30 Dec 2023 15:00:40 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
track.adform.net/serving/unload/ Frame 9DBA 		35 B
600 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://track.adform.net/serving/unload/?version=15&unload=6529977260297476738@@70207642,224310550411844571,100|1075|0|0|0|0|0|0|0||54|1|||1075|0|1|0|0|2VViD-AgDDBcPlakbYq96eUpOKaccSEx7HkPYdp5ercStbatY-1wMa55XJEIBmke0|||11||0|0|
Requested by
Host: s1.adform.net
URL: https://s1.adform.net/stoat/630/s1.adform.net/bootstrap.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.157.6.237 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software
nginx /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://googleads.g.doubleclick.net/
accept-language
de-CH,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

pragma
no-cache
date
Sat, 30 Dec 2023 15:00:40 GMT
strict-transport-security
max-age=31536000; includeSubDomains
server
nginx
accept-ch
Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
access-control-max-age
86400
access-control-allow-methods
GET, POST
content-type
image/gif
access-control-allow-origin
https://googleads.g.doubleclick.net
p3p
CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
cache-control
no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials
true
access-control-allow-headers
Content-Type, Cache-Control, Accept-Encoding, X-Requested-With
expires
-1
watchit_ad.&adspace=
fundingchoicesmessages.google.com/f/AGSKWxXs6gS8PyvzVmimkYTN2MComz8GZi7m2t1tb3nCAYkOTKuDU6qWgvzfJ1qXWcDWmulnXVP7HWqoUutBLSr0ND4vUZoJBEMPs_6jtkX_fJR9att6lG1pRccpslAeYW3BWlpaO7Fcxe3aSuGreySmccfOYApBI... 		54 B
109 B 		Script
General
Check archive.org
Download Go to
Full URL
https://fundingchoicesmessages.google.com/f/AGSKWxXs6gS8PyvzVmimkYTN2MComz8GZi7m2t1tb3nCAYkOTKuDU6qWgvzfJ1qXWcDWmulnXVP7HWqoUutBLSr0ND4vUZoJBEMPs_6jtkX_fJR9att6lG1pRccpslAeYW3BWlpaO7Fcxe3aSuGreySmccfOYApBILpc12Tr5LjvisZT3myiJuTLkdl6g6zr/_/doubleclick.min_ad01./ad_forum_/watchit_ad.&adspace=
Requested by
Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.de.UvFBQR34S5U.es5.O/d=1/exm=kernel_loader,loader_js_executable,web_iab_tcf_v2_signal_executable/ed=1/rs=AJlcJMwWfbcbLtnPlY16R7U9M_hg5D_tIw/m=ad_blocking_detection_executable
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
87c792c02a9c299445e00e6aa8db1bd75f82bbffd14bcbcc4553ab489eaf006f
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-Lj5087fzGyhafrshVx0LeA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://winning-wizard.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 30 Dec 2023 15:00:40 GMT
content-security-policy
script-src 'report-sample' 'nonce-Lj5087fzGyhafrshVx0LeA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
pragma
no-cache
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy
same-origin
server
ESF
vary
Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-frame-options
SAMEORIGIN
content-type
application/javascript; charset=utf-8
cache-control
no-cache, no-store, max-age=0, must-revalidate
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
expires
Mon, 01 Jan 1990 00:00:00 GMT
adsbygoogle.js
pagead2.googlesyndication.com/pagead/js/ 		145 KB
50 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?fcd=true
Requested by
Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.de.UvFBQR34S5U.es5.O/d=1/exm=kernel_loader,loader_js_executable,web_iab_tcf_v2_signal_executable/ed=1/rs=AJlcJMwWfbcbLtnPlY16R7U9M_hg5D_tIw/m=ad_blocking_detection_executable
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
7d59e6514ec40748cd1f5aca31f11b214a780e111007a0493dde1f8756bb4b18
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://winning-wizard.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 30 Dec 2023 15:00:40 GMT
content-encoding
br
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
51239
x-xss-protection
0
server
cafe
etag
5038713185561384118
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin
*
expires
Sat, 30 Dec 2023 15:00:40 GMT
AGSKWxW4roUTfGzf00dY8Uu-wCZeG-hROozh_CNwcc0uaKBm6InsiwAxi9bRjH7yhqPlnsa6AXj49t4Cxh7bE0J-JcbQovUfKYFphIf5sGxQITL0iS6flbBRqChmZO12yOj8Y4T7qUeEkw==
fundingchoicesmessages.google.com/el/ 		0
28 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://fundingchoicesmessages.google.com/el/AGSKWxW4roUTfGzf00dY8Uu-wCZeG-hROozh_CNwcc0uaKBm6InsiwAxi9bRjH7yhqPlnsa6AXj49t4Cxh7bE0J-JcbQovUfKYFphIf5sGxQITL0iS6flbBRqChmZO12yOj8Y4T7qUeEkw==
Requested by
Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.de.UvFBQR34S5U.es5.O/am=wA/d=1/rs=AJlcJMwHoQ20fbHqWwNC8d65sakOgGWhJg/m=kernel_loader,loader_js_executable
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-LX2YN7etY1tF9xXaT0T6Rw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://winning-wizard.com/
accept-language
de-CH,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type
text/plain

Response headers

date
Sat, 30 Dec 2023 15:00:40 GMT
content-security-policy
script-src 'report-sample' 'nonce-LX2YN7etY1tF9xXaT0T6Rw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
pragma
no-cache
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy
same-origin
server
ESF
vary
Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
access-control-max-age
86400
access-control-allow-methods
POST, GET, OPTIONS
access-control-allow-origin
https://winning-wizard.com
content-type
text/html; charset=utf-8
cache-control
no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials
true
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
x-frame-options
SAMEORIGIN
expires
Mon, 01 Jan 1990 00:00:00 GMT
AGSKWxW4roUTfGzf00dY8Uu-wCZeG-hROozh_CNwcc0uaKBm6InsiwAxi9bRjH7yhqPlnsa6AXj49t4Cxh7bE0J-JcbQovUfKYFphIf5sGxQITL0iS6flbBRqChmZO12yOj8Y4T7qUeEkw==
fundingchoicesmessages.google.com/el/ 		0
28 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://fundingchoicesmessages.google.com/el/AGSKWxW4roUTfGzf00dY8Uu-wCZeG-hROozh_CNwcc0uaKBm6InsiwAxi9bRjH7yhqPlnsa6AXj49t4Cxh7bE0J-JcbQovUfKYFphIf5sGxQITL0iS6flbBRqChmZO12yOj8Y4T7qUeEkw==
Requested by
Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.de.UvFBQR34S5U.es5.O/am=wA/d=1/rs=AJlcJMwHoQ20fbHqWwNC8d65sakOgGWhJg/m=kernel_loader,loader_js_executable
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-Y2btqCR-H35a2L4vua8oSA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://winning-wizard.com/
accept-language
de-CH,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type
text/plain

Response headers

date
Sat, 30 Dec 2023 15:00:40 GMT
content-security-policy
require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-Y2btqCR-H35a2L4vua8oSA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
pragma
no-cache
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy
same-origin
server
ESF
access-control-max-age
86400
vary
Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
content-type
text/html; charset=utf-8
access-control-allow-origin
https://winning-wizard.com
access-control-allow-methods
POST, GET, OPTIONS
cache-control
no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials
true
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
x-frame-options
SAMEORIGIN
expires
Mon, 01 Jan 1990 00:00:00 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame B9B3 		0
20 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=9202124858556&version=m202309260101&ct=76&x=1&cor=16226502418888030000
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 30 Dec 2023 15:00:40 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
AGSKWxW4roUTfGzf00dY8Uu-wCZeG-hROozh_CNwcc0uaKBm6InsiwAxi9bRjH7yhqPlnsa6AXj49t4Cxh7bE0J-JcbQovUfKYFphIf5sGxQITL0iS6flbBRqChmZO12yOj8Y4T7qUeEkw==
fundingchoicesmessages.google.com/el/ 		0
28 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://fundingchoicesmessages.google.com/el/AGSKWxW4roUTfGzf00dY8Uu-wCZeG-hROozh_CNwcc0uaKBm6InsiwAxi9bRjH7yhqPlnsa6AXj49t4Cxh7bE0J-JcbQovUfKYFphIf5sGxQITL0iS6flbBRqChmZO12yOj8Y4T7qUeEkw==
Requested by
Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.de.UvFBQR34S5U.es5.O/am=wA/d=1/rs=AJlcJMwHoQ20fbHqWwNC8d65sakOgGWhJg/m=kernel_loader,loader_js_executable
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-SQWZ1Zason1ZfOxnhkI2OQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://winning-wizard.com/
accept-language
de-CH,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type
text/plain

Response headers

date
Sat, 30 Dec 2023 15:00:40 GMT
content-security-policy
script-src 'report-sample' 'nonce-SQWZ1Zason1ZfOxnhkI2OQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
pragma
no-cache
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy
same-origin
server
ESF
access-control-max-age
86400
vary
Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
content-type
text/html; charset=utf-8
access-control-allow-origin
https://winning-wizard.com
access-control-allow-methods
POST, GET, OPTIONS
cache-control
no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials
true
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
x-frame-options
SAMEORIGIN
expires
Mon, 01 Jan 1990 00:00:00 GMT
AGSKWxW4roUTfGzf00dY8Uu-wCZeG-hROozh_CNwcc0uaKBm6InsiwAxi9bRjH7yhqPlnsa6AXj49t4Cxh7bE0J-JcbQovUfKYFphIf5sGxQITL0iS6flbBRqChmZO12yOj8Y4T7qUeEkw==
fundingchoicesmessages.google.com/el/ 		0
28 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://fundingchoicesmessages.google.com/el/AGSKWxW4roUTfGzf00dY8Uu-wCZeG-hROozh_CNwcc0uaKBm6InsiwAxi9bRjH7yhqPlnsa6AXj49t4Cxh7bE0J-JcbQovUfKYFphIf5sGxQITL0iS6flbBRqChmZO12yOj8Y4T7qUeEkw==
Requested by
Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.de.UvFBQR34S5U.es5.O/am=wA/d=1/rs=AJlcJMwHoQ20fbHqWwNC8d65sakOgGWhJg/m=kernel_loader,loader_js_executable
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-c3UkpTMsoqoJjth9GqShlQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://winning-wizard.com/
accept-language
de-CH,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type
text/plain

Response headers

date
Sat, 30 Dec 2023 15:00:41 GMT
content-security-policy
require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-c3UkpTMsoqoJjth9GqShlQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
pragma
no-cache
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy
same-origin
server
ESF
vary
Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
access-control-max-age
86400
access-control-allow-methods
POST, GET, OPTIONS
access-control-allow-origin
https://winning-wizard.com
content-type
text/html; charset=utf-8
cache-control
no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials
true
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
x-frame-options
SAMEORIGIN
expires
Mon, 01 Jan 1990 00:00:00 GMT
AGSKWxXZE9F8shlsg2s8dSpzBMeGmuQW9XQM-059B8Lcj7nvG7t6qvaTW5-_fGVst6HdvMndbTxUaaJWFkSKyZCO2_YSrjXwaMDESKeD012Wyr5QbwnBlhaRWP7zUhtPbAu8bDfOmFImzw==
fundingchoicesmessages.google.com/f/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://fundingchoicesmessages.google.com/f/AGSKWxXZE9F8shlsg2s8dSpzBMeGmuQW9XQM-059B8Lcj7nvG7t6qvaTW5-_fGVst6HdvMndbTxUaaJWFkSKyZCO2_YSrjXwaMDESKeD012Wyr5QbwnBlhaRWP7zUhtPbAu8bDfOmFImzw==?fccs=W251bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLFsxNzAzOTQ4NDQwLDk3ODAwMDAwMF0sbnVsbCxudWxsLG51bGwsW251bGwsWzcsOSw2XSxudWxsLDIsbnVsbCwiZW4iLG51bGwsbnVsbCxudWxsLG51bGwsbnVsbCwxXSwiaHR0cHM6Ly93aW5uaW5nLXdpemFyZC5jb20vIixudWxsLFtbOCwiVXZGQlFSMzRTNVUiXSxbOSwiZGUiXSxbMTgsIltbWzBdXV0iXSxbMTksIjIiXSxbMTcsIlswXSJdXV0
Requested by
Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.de.UvFBQR34S5U.es5.O/am=wA/d=1/rs=AJlcJMwHoQ20fbHqWwNC8d65sakOgGWhJg/m=kernel_loader,loader_js_executable
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
92e13acb724846504592865321b80a6bbcaf2cb6193480dad1b2e8d463ed952a
Security Headers
Name Value
Content-Security-Policy require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport, script-src 'report-sample' 'nonce-rYMii9yaedQdKI47blixgg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://winning-wizard.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 30 Dec 2023 15:00:41 GMT
content-security-policy
require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport, script-src 'report-sample' 'nonce-rYMii9yaedQdKI47blixgg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
pragma
no-cache
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy
same-origin
server
ESF
vary
Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-frame-options
SAMEORIGIN
content-type
application/javascript; charset=utf-8
cache-control
no-cache, no-store, max-age=0, must-revalidate
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
timing-allow-origin
*
expires
Mon, 01 Jan 1990 00:00:00 GMT
AGSKWxXhu8YE-sGb-1TuwRth0F_Pq4oIRjNvglUMvimCeLSY5KpB1_nFhOjzqJKnWKkCz5odAN4Ka6vrhEe7qsry3N7MiKIXJgUJoqR7lDZi0uwDxjAaMXnxya2XtKL0RO37-OAQELo_BQ==
fundingchoicesmessages.google.com/el/ 		0
28 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://fundingchoicesmessages.google.com/el/AGSKWxXhu8YE-sGb-1TuwRth0F_Pq4oIRjNvglUMvimCeLSY5KpB1_nFhOjzqJKnWKkCz5odAN4Ka6vrhEe7qsry3N7MiKIXJgUJoqR7lDZi0uwDxjAaMXnxya2XtKL0RO37-OAQELo_BQ==
Requested by
Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.de.UvFBQR34S5U.es5.O/am=wA/d=1/rs=AJlcJMwHoQ20fbHqWwNC8d65sakOgGWhJg/m=kernel_loader,loader_js_executable
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-XenNDz2u7Bzt-xwwr51-Xg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://winning-wizard.com/
accept-language
de-CH,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type
text/plain

Response headers

date
Sat, 30 Dec 2023 15:00:41 GMT
content-security-policy
require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-XenNDz2u7Bzt-xwwr51-Xg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
pragma
no-cache
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy
same-origin
server
ESF
vary
Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
access-control-max-age
86400
access-control-allow-methods
POST, GET, OPTIONS
access-control-allow-origin
https://winning-wizard.com
content-type
text/html; charset=utf-8
cache-control
no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials
true
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
x-frame-options
SAMEORIGIN
expires
Mon, 01 Jan 1990 00:00:00 GMT
AGSKWxW4roUTfGzf00dY8Uu-wCZeG-hROozh_CNwcc0uaKBm6InsiwAxi9bRjH7yhqPlnsa6AXj49t4Cxh7bE0J-JcbQovUfKYFphIf5sGxQITL0iS6flbBRqChmZO12yOj8Y4T7qUeEkw==
fundingchoicesmessages.google.com/el/ 		0
28 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://fundingchoicesmessages.google.com/el/AGSKWxW4roUTfGzf00dY8Uu-wCZeG-hROozh_CNwcc0uaKBm6InsiwAxi9bRjH7yhqPlnsa6AXj49t4Cxh7bE0J-JcbQovUfKYFphIf5sGxQITL0iS6flbBRqChmZO12yOj8Y4T7qUeEkw==
Requested by
Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.de.UvFBQR34S5U.es5.O/am=wA/d=1/rs=AJlcJMwHoQ20fbHqWwNC8d65sakOgGWhJg/m=kernel_loader,loader_js_executable
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-h-x71v3bhnmNS3IoMJ0CGQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://winning-wizard.com/
accept-language
de-CH,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type
text/plain

Response headers

date
Sat, 30 Dec 2023 15:00:41 GMT
content-security-policy
script-src 'report-sample' 'nonce-h-x71v3bhnmNS3IoMJ0CGQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
pragma
no-cache
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy
same-origin
server
ESF
vary
Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
access-control-max-age
86400
access-control-allow-methods
POST, GET, OPTIONS
access-control-allow-origin
https://winning-wizard.com
content-type
text/html; charset=utf-8
cache-control
no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials
true
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
x-frame-options
SAMEORIGIN
expires
Mon, 01 Jan 1990 00:00:00 GMT
dt
dt.adsafeprotected.com/ Frame B9B3 		43 B
215 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dt.adsafeprotected.com/dt?advEntityId=1293200&asId=9d336324-3795-3518-8ec5-3c1f383e25f4&tv=%7Bc:yiqEcL,pingTime:1,time:2358,type:p,clog:%5B%7Bpiv:0,vs:o,r:r,w:336,h:280,t:18%7D,%7Bpiv:78,vs:i,r:,t:1357%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:0,b11:0,cnod:1,gm:0,slTimes:%7Bi:1001,o:1357,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:17,wc:0.0.1600.1200,ac:NaN.NaN.336.280,am:i,cc:NaN.NaN.336.280,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B1353~0,0~75%5D,as:%5B1353~336.280%5D%7D%7D,%7Bsl:i,t:1357,wc:0.0.1600.1200,ac:NaN.NaN.336.280,am:i,cc:NaN.NaN.336.280,piv:78,obst:0,th:0,reas:,bkn:%7Bpiv:%5B1001~75%5D,as:%5B1001~336.280%5D%7D%7D%5D,slEventCount:2,em:true,fr:false,e:,tt:rjss,dtt:105,fm:tZW203D+11%7C12%7C13%7C1411%7C151*.1293200-68276434%7C1511%7C1611%7C17%7C18%7C19%7C1a%7C1b%7C1c1%7C1d1,idMap:151*,rmeas:1,rend:1,renddet:XIFRAME.qs.lf,siq:18,sis:237%7D&br=c
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:1f18:1aca:4282:3137:249d:649b:b354 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
nginx /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 30 Dec 2023 15:00:41 GMT
server
nginx
x-server-name
dt17.va.303net.net
p3p
CP="COM NAV INT STA NID OUR IND NOI"
content-type
image/gif
cache-control
no-cache
content-length
43
dt
dt.adsafeprotected.com/ Frame B9B3 		0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
dt.adsafeprotected.com
URL
https://dt.adsafeprotected.com/dt?advEntityId=1293200&asId=9d336324-3795-3518-8ec5-3c1f383e25f4&tv=%7Bc:yiqEsU,pingTime:2,time:3359,type:c,clog:%5B%7Bpiv:0,vs:o,r:r,w:336,h:280,t:18%7D,%7Bpiv:78,vs:i,r:,t:1357%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:0,b11:0,cnod:1,gm:0,slTimes:%7Bi:2002,o:1357,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:17,wc:0.0.1600.1200,ac:NaN.NaN.336.280,am:i,cc:NaN.NaN.336.280,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B1353~0,0~75%5D,as:%5B1353~336.280%5D%7D%7D,%7Bsl:i,t:1357,wc:0.0.1600.1200,ac:NaN.NaN.336.280,am:i,cc:NaN.NaN.336.280,piv:78,obst:0,th:0,reas:,bkn:%7Bpiv:%5B2002~75%5D,as:%5B2002~336.280%5D%7D%7D%5D,slEventCount:2,em:true,fr:false,e:,tt:rjss,dtt:104,fm:tZW203D+11%7C12%7C13%7C1411%7C151*.1293200-68276434%7C1511%7C1611%7C17%7C18%7C19%7C1a%7C1b%7C1c1%7C1d1,idMap:151*,rmeas:1,rend:1,renddet:XIFRAME.qs.lf,siq:18,sis:237,metricId:carre1,cmr:t%7D&br=c

Verdicts & Comments Add Verdict or Comment

88 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| 3 object| 4 object| 5 object| 6 object| 7 object| 8 object| 9 object| 10 object| 11 object| 12 object| 13 object| documentPictureInPicture object| _wpemojiSettings object| a2a_config undefined| $ function| jQuery object| _Hasync object| adsbygoogle object| offSide object| a2a function| a2a_init function| chfh function| chfh2 string| _HST_cntval object| Histats object| google_js_reporting_queue number| google_srt object| google_persistent_state_async object| google_logging_queue number| tmod object| google_ad_modifications object| ggeac boolean| google_measure_js_timing object| google_tag_data object| google_reactive_ads_global_state object| google_sa_queue function| google_process_slots object| google_ama_state function| google_spfd number| google_unique_id object| google_sv_map number| google_rum_task_id_counter string| google_user_agent_client_hint function| google_sa_impl number| google_global_correlator object| google_prev_clients object| gaGlobal object| ampInaboxIframes object| ampInaboxPendingMessages object| generateOffside object| closeElements object| slideoutLinks function| closeOffsideOnAction function| offside object| _HistatsCounterGraphics_0_setValues object| smooth object| gpscroll function| SmoothScroll object| generatepressMenu object| _stq function| st_go function| linktracker_init object| wpcom object| twemoji object| wp object| google_llp object| googlefc boolean| adsbygoogle_ama_fc_has_run object| google_image_requests object| default_ContributorServingResponseClientJs object| _F_toggles object| __googlefc string| __fcInvoked string| __fcexpdef string| MjMyNWM1YTcwN2E3YjhjNGxvYWRlcl9qcw== string| MjMyNWM1YTcwN2E3YjhjNGNhY2hlZF9qcw== object| __fcInternalApiManager boolean| __fcInternalApiPostMessageReady object| __tcfapiEventListeners function| __tcfapi object| __tcfapiManager boolean| __tcfapiPostMessageReady object| googletag object| GoogleGcLKhOms boolean| 7bb4938c-c213-4d5e-b7e5-ecb990ee703c

20 Cookies

Domain/Path Name / Value
winning-wizard.com/ Name: HstCfa4806435
Value: 1703948437577
winning-wizard.com/ Name: HstCla4806435
Value: 1703948437577
winning-wizard.com/ Name: HstCmu4806435
Value: 1703948437577
winning-wizard.com/ Name: HstPn4806435
Value: 1
winning-wizard.com/ Name: HstPt4806435
Value: 1
winning-wizard.com/ Name: HstCnv4806435
Value: 1
winning-wizard.com/ Name: HstCns4806435
Value: 1
.winning-wizard.com/ Name: __gads
Value: ID=3e5d3adb0348802b:T=1703948437:RT=1703948437:S=ALNI_Mb0hL0E1KOyncXTOUoE6kDjAKY7NA
.winning-wizard.com/ Name: __gpi
Value: UID=00000ceae1d32a4b:T=1703948437:RT=1703948437:S=ALNI_Ma9_pzuxfkyYEG51rK0j8ZVtOP24Q
.doubleclick.net/ Name: IDE
Value: AHWqTUnOaYStMWJtzlGduU5YBwqJMEX9pCcBu5S7JroT_yeDGB032wAbl39nFb_2
.casalemedia.com/ Name: CMID
Value: ZZAwllHC-kvLSQ1bpil8dAAA
.casalemedia.com/ Name: CMPS
Value: 1189
.casalemedia.com/ Name: CMPRO
Value: 1189
.adform.net/ Name: C
Value: 1
.adform.net/ Name: receive-cookie-deprecation
Value: 1
.doubleclick.net/ Name: ar_debug
Value: 1
.adform.net/ Name: uid
Value: 6529977260297476738
.adform.net/ Name: TPC
Value: 1703948439360
.googleadservices.com/ Name: ar_debug
Value: 1
.winning-wizard.com/ Name: FCNEC
Value: %5B%5B%22AKsRol9dtfPQHYXZibWSVEPdCm-BxTVi2HPU7BVov7jbuB3rHVwzAju3pjj4DWR9tbpaoYgCKSLFkx3D9LZHIGF3D1Wb5e1-qufdA3Mr1HgjP1KyN2_FpSH1W_dtvrDEJsOvgqZgEoM7UC5HlJue4k6OBwPoYkOlsg%3D%3D%22%5D%5D

1 Console Messages

Source Level URL
Text
network error URL: https://track.ghgjarvis.com/kosi?uid=0&gdpr_consent=false&clientid=6&bannerid=AUDI-CH-ODC-47%20IAB5%20-%20Interest%20-%20Always%20On%20-%20Sept21&bannersize=336x280&interactiontype=impression&interactionlabel=&interactionarea=the%20creative&mousecoordinatesx=0&mousecoordinatesy=0&timepassed=0&phase=start&numberofeventstriggered=0&variant=&lemonpiadsetid=12050&appnexusauctionid=0&appnexuscampaignid=0&appnexuscreativeid=0&templatetype=&appnexusadvertiserid=0&kosiversion=4.0.7&environment=live&impressionid=60ec6dd1e-0822-e49a-0b54-f1f53c890663&custom1=&custom2=&custom3=&custom4=&custom5=not_viewable&screenresolution=1600x1200&devicepixelratio=1
Message:
Failed to load resource: the server responded with a status of 405 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ad.doubleclick.net
assets.lemonpi.io
b1t-sindc1.zemanta.com
bid.g.doubleclick.net
c0.wp.com
cdnjs.cloudflare.com
cm.g.doubleclick.net
content.lemonpi.io
creative-libraries.lemonpi.io
dsum-sec.casalemedia.com
dt.adsafeprotected.com
fonts.googleapis.com
fonts.gstatic.com
fundingchoicesmessages.google.com
fw.adsafeprotected.com
googleads.g.doubleclick.net
googleads4.g.doubleclick.net
i0.wp.com
image.lemonpi.io
log.lemonpi.io
mediaservice.audi.com
pagead2.googlesyndication.com
pixel.wp.com
s0.2mdn.net
s1.adform.net
s10.histats.com
s4.histats.com
static.addtoany.com
static.adsafeprotected.com
stats.wp.com
tpc.googlesyndication.com
track.adform.net
track.ghgjarvis.com
widgets.outbrain.com
winning-wizard.com
www.google.com
www.googleadservices.com
www.googletagservices.com
www.gstatic.com
dt.adsafeprotected.com
104.18.36.155
108.128.186.239
142.250.184.194
142.250.185.194
142.251.173.156
172.217.16.134
184.30.17.67
192.0.76.3
192.0.77.2
192.0.77.37
192.229.202.7
216.58.212.162
23.108.101.160
2600:1f18:1aca:4282:3137:249d:649b:b354
2600:9000:2156:fe00:1:5992:c8c0:93a1
2600:9000:223f:8a00:8:48e:53c0:93a1
2600:9000:2260:4600:5:98ca:e7c0:93a1
2600:9000:243d:ba00:f:7bbd:36c0:93a1
2606:4700:10::6814:5063
2606:4700:10::ac43:2794
2606:4700:3034::6815:5fc2
2606:4700::6811:190e
2a00:1450:4001:806::2002
2a00:1450:4001:81c::2001
2a00:1450:4001:81c::2004
2a00:1450:4001:829::2002
2a00:1450:4001:829::2003
2a00:1450:4001:82a::2002
2a00:1450:4001:830::2003
2a00:1450:4001:830::2006
2a00:1450:4001:830::200e
2a00:1450:4001:831::200a
37.157.2.249
37.157.6.237
52.209.50.140
54.39.156.32
54.73.206.118
63.34.161.226
01cee6a7a3f1444680b188ab84052e2b6c85966f53a718d3926135ebcc832ffd
033684882b2557bfc3ad94a277205d5d902e5318803d9b24708f01ab10ddcbf4
0414d0221112224b4c926de91a6e316f9d9aba685aa8b05fd0654848d8fcdf55
0468af8d74ba377eec707308168b6bfcd146fe0a2669a11a9af0128ad85b3bc2
0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a
0b5339b8471baf6d76ba076636ca547071ea3718ba1aa63fa8acac27f33be5f5
0b829f09c0e84bf2a97e4871d794d7511d44bccb14fa767033f9859b3cdf8a6b
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0ce65499ae484159bdce018ce17657672852407efe4a6f7a68fefd43fc34d755
0dc2ab2774f0572fdc80c8cea27095c4b249ba628ae83ec41300b482fb4fe17e
0e1956f949ecfd0657de76d32f1000ec49f21f6c70c9f8902de667d73459b0ce
0edb7ff8b4775b1a73c15d06b1c7edab503f0f5a30b2dbf1a139d65a1c18e0ec
107c597edaea192338c169c19b8a2ae99f4b483280609f45f254a2ee4137522f
10e0a0cbd95b4ea35efc98fbff81df090292953d6da6e3f89c609993a672849c
123827e2cca60e6317c29edb99af2d65b67d869d4d2bdce1a640efbf1771e844
14dfa6d6aa94460826b695c54c1c1683110beee606b061278172e2d4c7574af1
1642dd5dc126df4feff2255cba0988528507973d842d0a73331a5873f6b9d4e5
174066535cb768d1715ae34808cd4e83f16f23715524bfff79db8860e8c03296
18575bd2f8eef871b65a997c1ba8f0624273235c7a0f01d5d2e0fa7e96e171f7
1c229e59da3e7db8ea3ac10fda40d79d399da450275ad25d009f41641986c57b
1caec3a0ec8b3477df4b44f3fc3ff543f7d1de22e4107fd2a6ba62848df13fe9
1d1980b2ff1c1bc1d1a109f41807602e60ffb9d741dd2d20ebdf818b785b0891
1d2956d83bf9a27cb56e6459a9d083aa07caf5e98ec8a7d782e5c74a204d2635
1da122614781b2512f2a11cecaa9192272f9f52065f570e64cd885a48b6b36d8
1ea35fb46e9a5c09a7920472fb385c0e9a84f4b42d73f8756d72871b3dc45fea
1fc8dfdb8f646e934bf93bc6f793604bb12c6b304c04ac509aa86cdc1a2dbbea
24ae285de70e97454df4b4be46427f770e257a91896db13dc8706e7d3f7dae89
25cb3d1ddb75dffa7e8e889118ad72d814f609ab7fdd70e211f9ddc9dbf3f6c9
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df
27d5ba2175dc395614adb2c69fe9f4bff9abddef3a7c6e3e30a68587f428a37b
27dd9b075cc59cf5f3c0f6ee075f4bd113782d81ce30a4f16aac669ecfdc4fa2
2d0922bd18f06df3c7413fcd6a3f1c5ec9545b4b07b131e362f30df7275fc058
2d31720ef462a4707d4cd725a798c839ebd8a74df58793e6fc5233153105541e
2defe59e357a7d0683c8283ac42841db404a0884cae2eaecebf4b676e559dede
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
2e10d353ff038c2cad3492fc17801af3e6ef2669c9e9713bdb78b1dcb104c4fe
301199b5e7bb7487d6d4a72b03c332d27a01a4ae7800705114ca615e3cf8ddb2
30a45b94d456d148192820f4dceb3563f97670dff2309fd731996f33d2ca288a
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
334af650b09d8b4f1295481579e6630234686ae8ee0394220218e5d32c1ce2bb
335bf3a1377ac3518b9ff03e11a1982af8d3e841d16efdb7b05ae6ecc3ea0782
33be66f63aca50629829ad77a1b1def4d69887f267ec408420286cd0138dd587
34682341a6a6bc2c5f9a1a14d653a2c445f9a7ddf973e5dea261eb5ec057ba35
356f55a7d22a10b1298120689f65b14b29900bd1bbfeb65f54da7fba2a75c2d7
36b8ecf8a419d5c862e6f43ed4ca15178bec2ea9e51865b8b4298a0cb3480e75
38eb0379c855f10a0e69073af6b54582216fa37b7e2b1563a1246bbf1ef49642
39ba31e1beb1585a6615f1a0a2dcb18f9914ddc9cf57452e40ff69c08d4a3c5d
3b0a04f5aa3291e26f44613add53e1bbd56a09147f6a0b390dc4c3369dd1731d
3b7b8a4b411ddf8db9bacc2f3aabf406f8e4c0c087829b336ca331c40adfdff1
40ad67d06519a22417ff121bb7176695e975cb9357a3a61c1e8822e9ed193d47
41b43f64c3e5d7f9eca80634429adb1b8e0a1c5e1fe67ad71ec651a991ebfe68
41d2526e9c4595fc1fc747555bda18a041033a863a9b2ed180e7b5836918facd
41da0e8f859290e1e40f65957b6ef6cb33abbec931271fbc5735fa43dac93cf3
435db380c9936c0970dcd3d9941eab6aec2fcf2a38c3e2b4e02d957e8e76bd1f
44551ce3db548e59e1ab096d62869dc093e9a87940256ecb56eb31a19f2ed4b9
453cb806084fdabec32e286af2e88899f79022125c2527afffbec507975d2c22
457852000f1b85c1d570224fe5aaacc709625fc3bff458ad4e8a35420d21843d
46c9d00376aee811e48bc9788885ae924414616864272d05c86796d505ab3b7b
4938582385703f00475274d4a9b6de609a446e89ea52040a172d91fe57d5531f
496d3e15e45caf61d752327228755dcc6e666da41fffc88a5ff474ff91f84302
4bc1375fe1e79ab6a71efa3f8db42a98f69c5ed92574ffe9cd54d807cfe2611b
4d8acaab0c6de9d52b0c6111b91ab530855a52e0f3c42efd7b6b546ec2d5f5a3
4f5a717980490890f6779f467c77657dbb702a2c05241bd0dcb1044ed895e347
4f79a89d16a5f717110fe080c0bf90b7e05ff95a4c4983f64d33110bf5f9c230
5059eaa623cb4b0af00382ddc489b94c3babbef4db39e8a05c85599786b69adb
50679e0e3933c945348a2db0cc128bb14b57a60a74fabf8cae13acc14efbb2e1
50f45618bc140ba6770a2a0ffdd8ba7a703b22e74ef216a053395ea5cf0d27fd
5274f11e6fb32ae0cf2dfb9f8043272865c397a7c4223b4cfa7d50ea52fbde89
53d656f7170a1e40ea43f179ff4aba82b4d8df7c9332056e7f9dd661aa404f3b
53ff762a6ebff55ea6f42e59054a9bb022ca364987cd8788fa040008efdadf29
547dda3c14b284819be511be1e410da94a5efc6ccc4a9afe1c75394f9333191a
54a41a067d6b8c3c9d9161cbcd63ef437b70029f56e12ad443d247c199d3054b
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
565592ede82822decb298ebd1e6f56e9c6a680b1a79cd4208513a834295e4c43
566012676f5d43acfea4dc0bc5d9bb2c0805d8775fcdd081b1c895310956829a
57a50c99a31ef4e89e86664e96f6dfbdde163a2eb96e88b3b492c49aa4be2f37
5a4192e762a449dfd6e63bee835e0941627223c9159e8219acdd01881a1ac175
5fc78dd3dab9f937047daa5873919eacd4b24f5798653d0ff246031ac60ae865
60b27da98e45e4e97ce7186285774a8bd678c5d71ef789434b5a66ec257a4ac1
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
63ef318d96b5d0d0ceba6e04a4e622b1158335cdc67c49e27839132c6f655058
69844f047838ecf5204c54453c4781c46270b4d6ddd93687ba5c0435062ce815
698b89c0da3d319754d6a837b5e6d4e6a42dc402d9ffd7559b8c4cb29c644340
6a360e4e3e7c65709b0ffefc54e4f116ea6d8c9909e68ff4578284ebaf07c5f1
6cdb7ebf1cdae37f1843ac95a8be89e189148869b2ebd724cbfa3b0aa13b9187
6cefd1c1df05558f0881180e0294a02f9e64f8770693e275d1d38bd44f5765b9
6f4813e4fe6dd891838e421479bf603f6d3f0d2a55b90517b875a77050471d4b
6f6afb4882995bfc4d4023b9567cfbec2866639de4da43a19d46838ae2b5fc5e
70fa7d6af1775ea7cbb76511f73b02a74a55c965b1956e7cc5ef3798871badca
712bf11a3755c81fa1ce57249e7a61f6845b843b84aea09889a11478515234ca
7813226abb8a96b43c775baa0c109186ec8b6e723789ada7aaa43346596b6450
7a785e8b2ad30e6279397d656a61f70ad6341ee944c310df19593d8fabd79d9f
7c142c1b9411bcd7ff900ec74b91dd43ffc850a5c07b77fba4667ba144ab736e
7d59e6514ec40748cd1f5aca31f11b214a780e111007a0493dde1f8756bb4b18
7e545a7e4d7f69a26daa026799b6ab7caea7cfe6aa822b0038f63c14a5f69cf1
807f25ea453461a27415ffee61fe87d589337c6358053fe4e7b567585b6a772c
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
8460aaf36b73e229c6b0fcaf7bac791e23c3145e87de6a04d0d91541e39289b6
856246a73e306909f430cc16ecc1457dda770b3abd732854df3cf9054b35b31a
86d45e218fa301b4e1f81d6ecad50c1a8f847e669aa2d9c91f0b487ceb56b67f
87c792c02a9c299445e00e6aa8db1bd75f82bbffd14bcbcc4553ab489eaf006f
88d8f6792a750ea8e85a104094b8b1acc977a4e8df5af822c1a6fa2cff141a47
88df0b5a7bc397dbc13a26bb8b3742cc62cd1c9b0dded57da7832416d6f52f42
8ab4ece4b4ea7dcf4659844e1f60aa2b9922a861db3b15f206120a692054c082
8c10d16781d6fa271cc1234c3cef2431c2a955efd41775f39d794d347ba623bb
8d6679c1ce1ac8605f5c410f30d1b06713479732043b75e81130cbe21b60e579
8ebb47c070e5160eecd3d35c1616249b84c4341a2de8d2346343679a79dd8507
8f0796d6190b92496cb2e06366e4fd7577323a9f926241ff985421badcf5732e
918b7dc3e2e2d015c16ce08b57bcb64d2253bafc1707658f361e72865498e537
92e13acb724846504592865321b80a6bbcaf2cb6193480dad1b2e8d463ed952a
936ebd4ebd4b4482b4a673ba1b4860dc8a4387577547447a0f2fd2ab5831aee8
971212093e3803ddbdbc5d65138217d3c56cae79c0ecf14a73c2cd7f42ed3e35
9844337d0b1b36b45473c8fc27cba7d1c9f8aab2107e23e684b9e1a48e6066b5
994398dd55d214971a39c1e3f84b05713d93dc99e63fa339118154ddc2cefd54
9a9e82b2cbbd63c55f0bca77d770dd7f3b059b01adf97beb8b9cb5291809571c
9ab6ba1e7e051b464b2a5855abc359ba0f4cde98edc2335e2648bbfe5a35cf38
9ba56f5ffa579747efde1d2a429b325a9fb7220d30f4268e4a44ecbe4a9bf034
9c109bcd7145a95e1a1745df508b35a167585137a1bb5bf7426cfaf3e3186893
9caffafcdae7b42e3d074103c18a33640d4edf81401c216e99dbb77a15dfa511
9cc46d40f2dae5956a6b6fb0bf33162c5c65680515beae438de306bbf7509736
9d8f82c45b478f1a5b6945e093836b3f52dd160470090a30e4baa0173d8cb2b3
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
a21826201b72c4b868dd8099cb47bfc9684627ae234bc1cc46da444e5faa9551
a32034f1a6a78a94a792021a838bdc2a75dbb07e4c699984d4a89ff96480482b
a3848b26f59269eecb46a80fce264f9a793b9a87fa805ab77cba4fbde680d7e2
a6d36aa3d742ccd6f1ca3c76dcf885af72f7bebe2fcc001ea011a7aea2f55678
a863a77e9ee263a0ec9c1e792bb33ed0f663582b7369f472261df7b6040990c4
ae64d757b28500e5f59e3a801286a29a844be14078da53a327582bb0c3506e42
afb2724d257caf90beb067d689cb5cd2b7b6c06b7b346e18a6a8a89560e3ad17
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b4c47808e011137844d742962048ec95bff6bd5be945db9d2af983845b1d2bcf
b7114bd948d7c267e87a5efecf5e36da76bf1dab4d6d82866756a57f46228a10
b7908a015a567ec2363011df2475368dbff34360e9da3fdff50604d6395fb646
b7ebb32d384268f0bc36c64b903c5635cf98adb003f141c56336b98ec0555bde
b803459801c9b53216edeffb784c98542309d0862e424fc33a820342ecbf51a1
bc12347103da4da2ac30f8b4defd567679284e0bad691a54fad78ad804fc9c27
be764d640a7efa0022ca94a330ec3c7f38f462016f79f400d06da583be69a31e
c03fc7c2991c6ff541ec79af79825f54c15ab7bbea66f5a0c6635300de5e2ffd
c19e3e4151ea4933fa9ba9703c51fe20ad469237771214b1c5001d1b107ddef5
c59b310ca0567c17489b7a3d7affa46e41c22971abd4f007e51384c4838c0d3d
c5bcc597ce8a3ec0c0ef52ee8ece8f284ca9739c1bd1bbac380a3deb672d5446
c814c09e80cc8b3c71725252832a777cdd8e36a4ae60eca0df1590cb6499641a
c98bcc33cd47cfef6487dca1e3a4f0e2ae2f7eb08f23478d3fe52263376f21d3
ca09f279223052e61e11119613238d24bae7c54acf5a6fe6dac874d3065df6f2
ca7752fb33cf3a98c0f29bc4eec563112025da4109a0dcc69dabf5f861751258
ca7dce2391845e8aec7da135f33fabd10f74eed28a532ac66fd01f761fcfb42f
cb6f2d32c49d1c2b25e9ffc9aaafa3f83075346c01bcd4ae6eb187392a4292cf
cfd40dfc94b05e09a77284fd05c9b4f45ffae3966bed1235e76a2abc926d25cd
d217d9699cc9a98be5c13b4ceeabb14ab4a0fc2b7aa821897ed54ece6f281f08
d5053d3e4aa240467d964a4dcc239b7405a69c3e716df1288fafb3a5c1edd2ff
d77748de3db19c0ca3aecac4b5fc364537a9bcd9991194a8c92ea9296ce0e1df
d7c57fc5a24a61d5610b1059415c0a82d50bc95e24e4f946ef9e9d72fb71a3aa
d7eef9b0ab3136d8787664a3779820a9a1ccd54fd290307928dc76b14b1b15b5
d7fee07b08f21a5a9c385220b8e279007527e8bfb32434d53da04727600362ba
d92226a6e32cb457f003683c2b8f63ffe364b2a32d0930c23b16fcd1d3309706
db018ec8c1f0ad83591ef2a6f90809fbae8fd0c8ab807d904fd2a5c195487a42
db2bdaad0dc9232fadb3de900bf039a0f356521698f213df1edf601e02a5870d
dbaa426769789bd75a8a55682484208d36207cc12f9e01c487f97f49fc4c3d78
dd2b5fc733b2ae06229f554019201594468d1e3723c9e41048e83346766d4d5a
e2762f6add208043c0cbbec0b35291a223c9f75f509e79e83277516076c7dc1c
e2ec81b19233fd4cd6ef5adcb45c0cbec6bd5673716ba0454ce56b67486ece46
e2f2c7cd093ef9243064a183d6b4afeee6f9f2072b293debb5e11380f10e67ea
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e6b4122b94b82886e32952c07c78d342647b3a38a2834f4489e0922308a95eab
e99dff49c7c99247de6542b0388d26bdf3bb1291e50f85872b1734bd17a72582
ea8e7319ff8bca1c71887b69ae3e749a9a5e8683b5146a2a2696484caa02d80d
eb66c7c9d097d5ba414230f422484c17fa6f37157d30e1ded2cc5f65a9667987
ed8343699e054a0900f23319e31cba32ad43bf77136313508ea25d86073366bb
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
ef5dafe5eaed774ece1224014fc854b80526ea8d9b2a4dbf49790cb37948b921
f24059ce692538a538ad3b9ef4e7e9361c7d49858f52a72430ba8a25c46bea32
f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1
f4188f3023032fe9b1a9249ecf10dfd40abf1cff8bbe26fc7fb8f68c2216eb5e
f896bfe7bc6440e86407b482ffb91c21180379318e933146b0ed337089fa3cfe
fda79681589dce147628df83be43d9dee60d7e07a0592427c790dc44b3208c37
fdfc9b7fdc5fa9fe0636a49b9d7a3c99bdc2f798c9ad482578877a693f4f6f2f
fe926748a4e96460b79b1cd15ca79d5ed37813de800af9657651ba9d63890e04
fee86fd46a67912ffd9ae2997c583f59abe6e11c532496c52759e94136837d48