www2.kusports.com Open in urlscan Pro
208.91.60.6 Public Scan

Go To Rescan
Add Verdict Report

URL:
http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=???+Buy+Hydroxychloroquine+Over+the+Counter:+??+www.He...
Submission: On January 15 via api (January 15th 2022, 4:42:44 pm UTC) from CZ — Scanned from DE

Summary HTTP 424 Redirects Links 16 Behaviour Indicators

Summary

This website contacted 60 IPs in 10 countries across 58 domains to perform 424 HTTP transactions. The main IP is 208.91.60.6, located in United States and belongs to NSIHOSTING-EQX-VA, US. The main domain is www2.kusports.com. The Cisco Umbrella rank of the primary domain is 481165.

This is the only time www2.kusports.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 3	208.91.60.6 208.91.60.6	14244 (NSIHOSTIN...) (NSIHOSTING-EQX-VA)
89	208.91.60.7 208.91.60.7	14244 (NSIHOSTIN...) (NSIHOSTING-EQX-VA)
3	2a00:1450:400... 2a00:1450:4001:830::200e	15169 (GOOGLE) (GOOGLE)
1	151.101.66.133 151.101.66.133	54113 (FASTLY) (FASTLY)
1	178.79.242.181 178.79.242.181	22822 (LLNW) (LLNW)
1 3	3.33.220.150 3.33.220.150	16509 (AMAZON-02) (AMAZON-02)
1	52.216.77.172 52.216.77.172	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:4001:809::2008	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:827::200a	15169 (GOOGLE) (GOOGLE)
1	35.190.90.202 35.190.90.202	15169 (GOOGLE) (GOOGLE)
26	2a00:1450:400... 2a00:1450:4001:82b::2002	15169 (GOOGLE) (GOOGLE)
2	2a03:2880:f02... 2a03:2880:f02d:100:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
3	151.101.1.44 151.101.1.44	54113 (FASTLY) (FASTLY)
2	66.155.71.149 66.155.71.149	13768 (COGECO-PEER1) (COGECO-PEER1)
49	142.250.186.130 142.250.186.130	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:827::200e	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:808::2002	15169 (GOOGLE) (GOOGLE)
59	2a00:1450:400... 2a00:1450:4001:82a::2002	15169 (GOOGLE) (GOOGLE)
17	2a00:1450:400... 2a00:1450:4001:803::2001	15169 (GOOGLE) (GOOGLE)
2	2a03:2880:f12... 2a03:2880:f12d:181:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
1	2a00:1450:400... 2a00:1450:400c:c0b::9b	15169 (GOOGLE) (GOOGLE)
1	2620:116:800d... 2620:116:800d:21:3175:5196:e3fd:8c1d	16509 (AMAZON-02) (AMAZON-02)
10	2a00:1450:400... 2a00:1450:4001:803::2004	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:808::2003	15169 (GOOGLE) (GOOGLE)
1 3	13.35.253.75 13.35.253.75	16509 (AMAZON-02) (AMAZON-02)
1 2	2600:9000:206... 2600:9000:206f:ba00:6:44e3:f8c0:93a1	16509 (AMAZON-02) (AMAZON-02)
7	2600:9000:224... 2600:9000:224a:800:13:a391:88c0:21	16509 (AMAZON-02) (AMAZON-02)
40	2a00:1450:400... 2a00:1450:4001:82b::2001	15169 (GOOGLE) (GOOGLE)
1 2	2620:116:800d... 2620:116:800d:21:8c6e:cf2c:8d6:9fb5	16509 (AMAZON-02) (AMAZON-02)
7	2606:4700:303... 2606:4700:3032::ac43:cb69	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2600:9000:224... 2600:9000:224a:dc00:8:48e:53c0:93a1	16509 (AMAZON-02) (AMAZON-02)
7	35.244.159.8 35.244.159.8	15169 (GOOGLE) (GOOGLE)
2	116.202.46.88 116.202.46.88	24940 (HETZNER-AS) (HETZNER-AS)
2	35.201.98.64 35.201.98.64	15169 (GOOGLE) (GOOGLE)
7 25	142.250.185.226 142.250.185.226	15169 (GOOGLE) (GOOGLE)
3 5	2.18.234.21 2.18.234.21	16625 (AKAMAI-AS) (AKAMAI-AS)
3 5	37.252.173.22 37.252.173.22	29990 (ASN-APPNEX) (ASN-APPNEX)
2	46.4.10.49 46.4.10.49	24940 (HETZNER-AS) (HETZNER-AS)
1 4	138.201.63.164 138.201.63.164	24940 (HETZNER-AS) (HETZNER-AS)
7	2a00:1450:400... 2a00:1450:4001:810::2006	15169 (GOOGLE) (GOOGLE)
2	104.111.242.245 104.111.242.245	16625 (AKAMAI-AS) (AKAMAI-AS)
3 4	185.94.180.126 185.94.180.126	35220 (SPOTX-AMS) (SPOTX-AMS)
2	2a00:1288:80:... 2a00:1288:80:800::7001	203220 (YAHOO-DEB) (YAHOO-DEB)
1 2	142.250.186.38 142.250.186.38	15169 (GOOGLE) (GOOGLE)
2	142.250.185.66 142.250.185.66	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:830::200a	15169 (GOOGLE) (GOOGLE)
2	51.75.147.170 51.75.147.170	16276 (OVH) (OVH)
1 1	185.29.134.244 185.29.134.244	30419 (MEDIAMATH...) (MEDIAMATH-INC)
2 2	213.155.156.185 213.155.156.185	1299 (TWELVE99 ...) (TWELVE99 Twelve99)
2 2	69.173.144.165 69.173.144.165	26667 (RUBICONPR...) (RUBICONPROJECT)
1 1	2600:9000:205... 2600:9000:2057:200:1b:5138:8a40:93a1	16509 (AMAZON-02) (AMAZON-02)
1 1	104.108.144.24 104.108.144.24	16625 (AKAMAI-AS) (AKAMAI-AS)
4	136.243.149.243 136.243.149.243	24940 (HETZNER-AS) (HETZNER-AS)
1	2a00:1450:400... 2a00:1450:4001:830::2003	15169 (GOOGLE) (GOOGLE)
1 2	2606:4700::68... 2606:4700::6812:c05	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 1	44.194.225.67 44.194.225.67	14618 (AMAZON-AES) (AMAZON-AES)
1	178.162.133.149 178.162.133.149	60781 (LEASEWEB-...) (LEASEWEB-NL-AMS-01 Netherlands)
1	54.77.232.22 54.77.232.22	16509 (AMAZON-02) (AMAZON-02)
1	35.212.101.174 35.212.101.174	15169 (GOOGLE) (GOOGLE)
1 1	151.101.66.49 151.101.66.49	54113 (FASTLY) (FASTLY)
1 1	169.50.137.182 169.50.137.182	36351 (SOFTLAYER) (SOFTLAYER)
1 1	35.190.0.66 35.190.0.66	15169 (GOOGLE) (GOOGLE)
1 1	172.104.105.5 172.104.105.5	63949 (LINODE-AP...) (LINODE-AP Linode)
2 2	193.232.148.140 193.232.148.140	48061 (UMA-TECH-AS) (UMA-TECH-AS)
2 2	50.31.142.255 50.31.142.255	23352 (SERVERCEN...) (SERVERCENTRAL)
1	2600:9000:231... 2600:9000:2315:e200:15:90db:9f40:93a1	16509 (AMAZON-02) (AMAZON-02)
1	2600:9000:231... 2600:9000:2315:bc00:18:1fcd:34f:cdc1	16509 (AMAZON-02) (AMAZON-02)
1	3.217.103.91 3.217.103.91	14618 (AMAZON-AES) (AMAZON-AES)
2 6	2600:9000:225... 2600:9000:225e:2000:6:9280:1080:93a1	16509 (AMAZON-02) (AMAZON-02)
6 9	34.250.56.243 34.250.56.243	16509 (AMAZON-02) (AMAZON-02)
1 2	3.123.163.195 3.123.163.195	16509 (AMAZON-02) (AMAZON-02)
424	60

3 208.91.60.6 (United States) 1 redirects

ASN14244 (NSIHOSTING-EQX-VA, US)
PTR: ellingtoncms.com

www2.kusports.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

89 208.91.60.7 (United States)

ASN14244 (NSIHOSTING-EQX-VA, US)

worldonline.media.clients.ellingtoncms.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:830::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

maps.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.66.133 (United States)

ASN54113 (FASTLY, US)

cdn.includemodal.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 178.79.242.181 (United States)

ASN22822 (LLNW, US)
PTR: https-178-79-242-181.fra.llnw.net

cdn01.basis.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 3.33.220.150 (United States) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: a12b7a488abeaa9e4.awsglobalaccelerator.com

insight.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
match.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.216.77.172 (Ashburn, United States)

ASN16509 (AMAZON-02, US)
PTR: s3-1-w.amazonaws.com

ogden_images.s3.amazonaws.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:809::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:827::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

maps.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.190.90.202 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 202.90.190.35.bc.googleusercontent.com

quizzicalzephyr.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

26 2a00:1450:4001:82b::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f02d:100:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 151.101.1.44 (United States)

ASN54113 (FASTLY, US)

cdn.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 66.155.71.149 (Portsmouth, United Kingdom)

ASN13768 (COGECO-PEER1, CA)

pixel.sitescout.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

49 142.250.186.130 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s07-in-f2.1e100.net

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:827::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:808::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

59 2a00:1450:4001:82a::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

17 2a00:1450:4001:803::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
d447947e5223a193934f4964357ce0ce.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
1ff0d7ce146b4c1d840a5528702b361e.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
25dcde5c459e907cdba546ad0f24cb2c.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cfe830dcf8ef79dded614f38a7af9ab6.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
33ecd2ec6bae0c8c308958ffacaf82e2.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
d8d1f6c6b5c9aafb9667b3c0a66b013c.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f12d:181:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c0b::9b (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:116:800d:21:3175:5196:e3fd:8c1d (United States)

ASN16509 (AMAZON-02, US)

edge.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 2a00:1450:4001:803::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:808::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 13.35.253.75 (United States) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: server-13-35-253-75.fra6.r.cloudfront.net

sb.scorecardresearch.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:9000:206f:ba00:6:44e3:f8c0:93a1 (United States) 1 redirects

ASN16509 (AMAZON-02, US)

rules.quantcount.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2600:9000:224a:800:13:a391:88c0:21 (United States)

ASN16509 (AMAZON-02, US)

d3plfjw9uod7ab.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

40 2a00:1450:4001:82b::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2620:116:800d:21:8c6e:cf2c:8d6:9fb5 (United States) 1 redirects

ASN16509 (AMAZON-02, US)

pixel.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2606:4700:3032::ac43:cb69 (United States)

ASN13335 (CLOUDFLARENET, US)

analyticssystems.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:224a:dc00:8:48e:53c0:93a1 (United States)

ASN16509 (AMAZON-02, US)

static.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 35.244.159.8 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 8.159.244.35.bc.googleusercontent.com

us-ads.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
us-u.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 116.202.46.88 (Grunwald, Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.88.46.202.116.clients.your-server.de

servedbyadbutler.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.201.98.64 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 64.98.201.35.bc.googleusercontent.com

butterbulb.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

25 142.250.185.226 (United States) 7 redirects

ASN15169 (GOOGLE, US)
PTR: fra16s53-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2.18.234.21 (Frankfurt am Main, Germany) 3 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-234-21.deploy.static.akamaitechnologies.com

dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 37.252.173.22 (Frankfurt am Main, Germany) 3 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 536.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 46.4.10.49 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.49.10.4.46.clients.your-server.de

hal9000.redintelligence.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 138.201.63.164 (Hockenheim, Germany) 1 redirects

ASN24940 (HETZNER-AS, DE)
PTR: static.164.63.201.138.clients.your-server.de

hal90006.redintelligence.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a00:1450:4001:810::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

s0.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.111.242.245 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a104-111-242-245.deploy.static.akamaitechnologies.com

sync.teads.tv	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 185.94.180.126 (Amsterdam, Netherlands) 3 redirects

ASN35220 (SPOTX-AMS, US)

sync.search.spotxchange.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1288:80:800::7001 (United Kingdom)

ASN203220 (YAHOO-DEB, GB)

ads.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.186.38 (United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: fra24s04-in-f6.1e100.net

8019191.fls.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.185.66 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s48-in-f2.1e100.net

googleads4.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:830::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

ajax.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 51.75.147.170 (France)

ASN16276 (OVH, FR)
PTR: ns3133977.ip-51-75-147.eu

cdn.contentspread.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.29.134.244 (United Kingdom) 1 redirects

ASN30419 (MEDIAMATH-INC, US)

sync.mathtag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 213.155.156.185 (Uppsala, Sweden) 2 redirects

ASN1299 (TWELVE99 Twelve99, Telia Carrier, SE)
PTR: 213-155-156-185.teliacarrier-cust.com

d5p.de17a.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 69.173.144.165 (Frankfurt am Main, Germany) 2 redirects

ASN26667 (RUBICONPROJECT, US)

pixel.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2057:200:1b:5138:8a40:93a1 (United States) 1 redirects

ASN16509 (AMAZON-02, US)

s.ad.smaato.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.108.144.24 (Berlin, Germany) 1 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a104-108-144-24.deploy.static.akamaitechnologies.com

cs.media.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 136.243.149.243 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.243.149.243.136.clients.your-server.de

hal900030.redintelligence.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:830::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6812:c05 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

a.tribalfusion.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
s.tribalfusion.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 44.194.225.67 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-44-194-225-67.compute-1.amazonaws.com

fksnk.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 178.162.133.149 (Rotterdam, Netherlands)

ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL)
PTR: ams-1-sync.go.sonobi.com

sync.go.sonobi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.77.232.22 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-77-232-22.eu-west-1.compute.amazonaws.com

ads.yieldmo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.212.101.174 (Washington, United States)

ASN15169 (GOOGLE, US)
PTR: 174.101.212.35.bc.googleusercontent.com

cs.chocolateplatform.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.66.49 (United States) 1 redirects

ASN54113 (FASTLY, US)

sync-tm.everesttech.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 169.50.137.182 (United States) 1 redirects

ASN36351 (SOFTLAYER, US)
PTR: b6.89.32a9.ip4.static.sl-reverse.com

um.simpli.fi	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.190.0.66 (Kansas City, United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: 66.0.190.35.bc.googleusercontent.com

ads.travelaudience.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.104.105.5 (Tokyo, Japan) 1 redirects

ASN63949 (LINODE-AP Linode, LLC, US)
PTR: li1715-5.members.linode.com

a.c.appier.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 193.232.148.140 (Russian Federation) 2 redirects

ASN48061 (UMA-TECH-AS, RU)
PTR: smtp1.sender.ltmse.com

px.adhigh.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 50.31.142.255 (United States) 2 redirects

ASN23352 (SERVERCENTRAL, US)
PTR: chi.outbrain.com

b1sync.zemanta.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2315:e200:15:90db:9f40:93a1 (United States)

ASN16509 (AMAZON-02, US)

a.adroll.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2315:bc00:18:1fcd:34f:cdc1 (United States)

ASN16509 (AMAZON-02, US)

static.chartbeat.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.217.103.91 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-217-103-91.compute-1.amazonaws.com

ping.chartbeat.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2600:9000:225e:2000:6:9280:1080:93a1 (United States) 2 redirects

ASN16509 (AMAZON-02, US)

s.adroll.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 34.250.56.243 (Dublin, Ireland) 6 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-34-250-56-243.eu-west-1.compute.amazonaws.com

d.adroll.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 3.123.163.195 (Frankfurt am Main, Germany) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-3-123-163-195.eu-central-1.compute.amazonaws.com

x.bidswitch.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
108	googlesyndication.com 67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com tpc.googlesyndication.com — Cisco Umbrella Rank: 127 d447947e5223a193934f4964357ce0ce.safeframe.googlesyndication.com 1ff0d7ce146b4c1d840a5528702b361e.safeframe.googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 94 25dcde5c459e907cdba546ad0f24cb2c.safeframe.googlesyndication.com cfe830dcf8ef79dded614f38a7af9ab6.safeframe.googlesyndication.com 33ecd2ec6bae0c8c308958ffacaf82e2.safeframe.googlesyndication.com d8d1f6c6b5c9aafb9667b3c0a66b013c.safeframe.googlesyndication.com	500 KB
89	ellingtoncms.com worldonline.media.clients.ellingtoncms.com — Cisco Umbrella Rank: 476497	1 MB
85	doubleclick.net 8 redirects securepubads.g.doubleclick.net — Cisco Umbrella Rank: 175 stats.g.doubleclick.net — Cisco Umbrella Rank: 78 googleads.g.doubleclick.net — Cisco Umbrella Rank: 44 cm.g.doubleclick.net — Cisco Umbrella Rank: 169 8019191.fls.doubleclick.net — Cisco Umbrella Rank: 185469 googleads4.g.doubleclick.net — Cisco Umbrella Rank: 276	1 MB
21	google.com maps.google.com — Cisco Umbrella Rank: 1725 adservice.google.com — Cisco Umbrella Rank: 69 www.google.com — Cisco Umbrella Rank: 8	178 KB
16	adroll.com 8 redirects a.adroll.com — Cisco Umbrella Rank: 115792 s.adroll.com — Cisco Umbrella Rank: 2208 d.adroll.com — Cisco Umbrella Rank: 1320	25 KB
14	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 151	509 KB
10	redintelligence.net 1 redirects hal9000.redintelligence.net — Cisco Umbrella Rank: 27409 hal90006.redintelligence.net — Cisco Umbrella Rank: 194590 hal900030.redintelligence.net — Cisco Umbrella Rank: 212677	18 KB
8	google.de adservice.google.de — Cisco Umbrella Rank: 8579 www.google.de — Cisco Umbrella Rank: 6151	2 KB
7	2mdn.net s0.2mdn.net — Cisco Umbrella Rank: 245	112 KB
7	openx.net us-ads.openx.net — Cisco Umbrella Rank: 341217 us-u.openx.net — Cisco Umbrella Rank: 316	36 KB
7	analyticssystems.net analyticssystems.net — Cisco Umbrella Rank: 8550	4 KB
7	cloudfront.net d3plfjw9uod7ab.cloudfront.net	195 KB
5	adnxs.com 3 redirects ib.adnxs.com — Cisco Umbrella Rank: 210	5 KB
5	casalemedia.com 3 redirects dsum-sec.casalemedia.com — Cisco Umbrella Rank: 496	4 KB
4	spotxchange.com 3 redirects sync.search.spotxchange.com — Cisco Umbrella Rank: 418	2 KB
4	googleapis.com maps.googleapis.com — Cisco Umbrella Rank: 334 ajax.googleapis.com — Cisco Umbrella Rank: 258 fonts.googleapis.com — Cisco Umbrella Rank: 37	181 KB
3	scorecardresearch.com 1 redirects sb.scorecardresearch.com — Cisco Umbrella Rank: 124	2 KB
3	quantserve.com 1 redirects edge.quantserve.com — Cisco Umbrella Rank: 10887 pixel.quantserve.com — Cisco Umbrella Rank: 380	11 KB
3	taboola.com cdn.taboola.com — Cisco Umbrella Rank: 847	160 KB
3	adsrvr.org 1 redirects insight.adsrvr.org — Cisco Umbrella Rank: 602 match.adsrvr.org — Cisco Umbrella Rank: 295	773 B
3	kusports.com 1 redirects www2.kusports.com — Cisco Umbrella Rank: 481165	48 KB
2	bidswitch.net 1 redirects x.bidswitch.net — Cisco Umbrella Rank: 254	1 KB
2	zemanta.com 2 redirects b1sync.zemanta.com — Cisco Umbrella Rank: 533	1 KB
2	adhigh.net 2 redirects px.adhigh.net — Cisco Umbrella Rank: 10763	961 B
2	tribalfusion.com 1 redirects a.tribalfusion.com — Cisco Umbrella Rank: 678 s.tribalfusion.com — Cisco Umbrella Rank: 1925	1 KB
2	rubiconproject.com 2 redirects pixel.rubiconproject.com — Cisco Umbrella Rank: 270	918 B
2	de17a.com 2 redirects d5p.de17a.com — Cisco Umbrella Rank: 4740	724 B
2	contentspread.net cdn.contentspread.net — Cisco Umbrella Rank: 37206	106 KB
2	yahoo.com ads.yahoo.com — Cisco Umbrella Rank: 722	740 B
2	teads.tv sync.teads.tv — Cisco Umbrella Rank: 750	344 B
2	butterbulb.com butterbulb.com — Cisco Umbrella Rank: 208146	662 B
2	servedbyadbutler.com servedbyadbutler.com — Cisco Umbrella Rank: 13444	11 KB
2	quantcount.com 1 redirects rules.quantcount.com — Cisco Umbrella Rank: 822	865 B
2	facebook.com www.facebook.com — Cisco Umbrella Rank: 88	497 B
2	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 33	20 KB
2	sitescout.com pixel.sitescout.com — Cisco Umbrella Rank: 2742	267 B
2	facebook.net connect.facebook.net — Cisco Umbrella Rank: 126	114 KB
1	chartbeat.net ping.chartbeat.net — Cisco Umbrella Rank: 960	294 B
1	chartbeat.com static.chartbeat.com — Cisco Umbrella Rank: 1071	14 KB
1	appier.net 1 redirects a.c.appier.net — Cisco Umbrella Rank: 17883	557 B
1	travelaudience.com 1 redirects ads.travelaudience.com — Cisco Umbrella Rank: 18482	522 B
1	simpli.fi 1 redirects um.simpli.fi — Cisco Umbrella Rank: 631	710 B
1	everesttech.net 1 redirects sync-tm.everesttech.net — Cisco Umbrella Rank: 491	536 B
1	chocolateplatform.com cs.chocolateplatform.com — Cisco Umbrella Rank: 2076	122 B
1	yieldmo.com ads.yieldmo.com — Cisco Umbrella Rank: 634	35 B
1	sonobi.com sync.go.sonobi.com — Cisco Umbrella Rank: 832	474 B
1	fksnk.com 1 redirects fksnk.com — Cisco Umbrella Rank: 3518	616 B
1	gstatic.com fonts.gstatic.com	16 KB
1	media.net 1 redirects cs.media.net — Cisco Umbrella Rank: 1533	1 KB
1	smaato.net 1 redirects s.ad.smaato.net — Cisco Umbrella Rank: 671	444 B
1	mathtag.com 1 redirects sync.mathtag.com — Cisco Umbrella Rank: 372	864 B
1	adsafeprotected.com static.adsafeprotected.com — Cisco Umbrella Rank: 526	481 B
1	quizzicalzephyr.com quizzicalzephyr.com — Cisco Umbrella Rank: 494008	26 KB
1	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 62	38 KB
1	amazonaws.com ogden_images.s3.amazonaws.com	36 KB
1	basis.net cdn01.basis.net — Cisco Umbrella Rank: 6707	1 KB
1	includemodal.com cdn.includemodal.com — Cisco Umbrella Rank: 22017	34 KB
0	adfrontiers.com Failed media.adfrontiers.com Failed
424	58

	Domain	Requested by
89	worldonline.media.clients.ellingtoncms.com	www2.kusports.com worldonline.media.clients.ellingtoncms.com
51	pagead2.googlesyndication.com	securepubads.g.doubleclick.net www2.kusports.com tpc.googlesyndication.com 25dcde5c459e907cdba546ad0f24cb2c.safeframe.googlesyndication.com googleads.g.doubleclick.net 33ecd2ec6bae0c8c308958ffacaf82e2.safeframe.googlesyndication.com d8d1f6c6b5c9aafb9667b3c0a66b013c.safeframe.googlesyndication.com www.googletagservices.com
49	securepubads.g.doubleclick.net	www.googletagservices.com securepubads.g.doubleclick.net 67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com www2.kusports.com
40	tpc.googlesyndication.com	67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com securepubads.g.doubleclick.net tpc.googlesyndication.com 25dcde5c459e907cdba546ad0f24cb2c.safeframe.googlesyndication.com googleads.g.doubleclick.net 33ecd2ec6bae0c8c308958ffacaf82e2.safeframe.googlesyndication.com www2.kusports.com d8d1f6c6b5c9aafb9667b3c0a66b013c.safeframe.googlesyndication.com
25	cm.g.doubleclick.net	7 redirects googleads.g.doubleclick.net 25dcde5c459e907cdba546ad0f24cb2c.safeframe.googlesyndication.com www2.kusports.com 33ecd2ec6bae0c8c308958ffacaf82e2.safeframe.googlesyndication.com d8d1f6c6b5c9aafb9667b3c0a66b013c.safeframe.googlesyndication.com
14	www.googletagservices.com	www2.kusports.com 67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com securepubads.g.doubleclick.net 25dcde5c459e907cdba546ad0f24cb2c.safeframe.googlesyndication.com 33ecd2ec6bae0c8c308958ffacaf82e2.safeframe.googlesyndication.com d8d1f6c6b5c9aafb9667b3c0a66b013c.safeframe.googlesyndication.com
10	www.google.com	www2.kusports.com tpc.googlesyndication.com 25dcde5c459e907cdba546ad0f24cb2c.safeframe.googlesyndication.com 33ecd2ec6bae0c8c308958ffacaf82e2.safeframe.googlesyndication.com
9	d.adroll.com	6 redirects a.adroll.com
8	67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
8	adservice.google.com	securepubads.g.doubleclick.net 8019191.fls.doubleclick.net
7	s0.2mdn.net	www2.kusports.com s0.2mdn.net 33ecd2ec6bae0c8c308958ffacaf82e2.safeframe.googlesyndication.com
7	analyticssystems.net	67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com
7	d3plfjw9uod7ab.cloudfront.net	67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com
7	adservice.google.de	securepubads.g.doubleclick.net
6	s.adroll.com	2 redirects a.adroll.com
6	googleads.g.doubleclick.net	25dcde5c459e907cdba546ad0f24cb2c.safeframe.googlesyndication.com www2.kusports.com 33ecd2ec6bae0c8c308958ffacaf82e2.safeframe.googlesyndication.com d8d1f6c6b5c9aafb9667b3c0a66b013c.safeframe.googlesyndication.com
5	ib.adnxs.com	3 redirects googleads.g.doubleclick.net
5	dsum-sec.casalemedia.com	3 redirects googleads.g.doubleclick.net
4	hal900030.redintelligence.net	hal9000.redintelligence.net hal900030.redintelligence.net
4	sync.search.spotxchange.com	3 redirects googleads.g.doubleclick.net
4	hal90006.redintelligence.net	1 redirects 25dcde5c459e907cdba546ad0f24cb2c.safeframe.googlesyndication.com hal90006.redintelligence.net
4	us-ads.openx.net	securepubads.g.doubleclick.net us-ads.openx.net
3	us-u.openx.net	googleads.g.doubleclick.net
3	sb.scorecardresearch.com	1 redirects cdn.taboola.com www2.kusports.com
3	cdn.taboola.com	www2.kusports.com cdn.taboola.com
3	maps.google.com	www2.kusports.com maps.google.com
3	www2.kusports.com	1 redirects www2.kusports.com
2	x.bidswitch.net	1 redirects
2	b1sync.zemanta.com	2 redirects
2	px.adhigh.net	2 redirects
2	pixel.rubiconproject.com	2 redirects
2	d5p.de17a.com	2 redirects
2	cdn.contentspread.net	hal90006.redintelligence.net hal900030.redintelligence.net
2	ajax.googleapis.com	hal90006.redintelligence.net hal900030.redintelligence.net
2	googleads4.g.doubleclick.net	www2.kusports.com
2	8019191.fls.doubleclick.net	1 redirects www2.kusports.com
2	ads.yahoo.com	googleads.g.doubleclick.net
2	sync.teads.tv	googleads.g.doubleclick.net
2	hal9000.redintelligence.net	25dcde5c459e907cdba546ad0f24cb2c.safeframe.googlesyndication.com d8d1f6c6b5c9aafb9667b3c0a66b013c.safeframe.googlesyndication.com
2	d8d1f6c6b5c9aafb9667b3c0a66b013c.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
2	33ecd2ec6bae0c8c308958ffacaf82e2.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
2	butterbulb.com	quizzicalzephyr.com
2	25dcde5c459e907cdba546ad0f24cb2c.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
2	servedbyadbutler.com	67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com servedbyadbutler.com
2	pixel.quantserve.com	1 redirects www2.kusports.com
2	rules.quantcount.com	1 redirects www2.kusports.com
2	www.facebook.com	www2.kusports.com
2	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com
2	pixel.sitescout.com	www2.kusports.com
2	connect.facebook.net	www2.kusports.com connect.facebook.net
2	insight.adsrvr.org	1 redirects www2.kusports.com
1	ping.chartbeat.net
1	static.chartbeat.com	www2.kusports.com
1	a.adroll.com	www2.kusports.com
1	a.c.appier.net	1 redirects
1	ads.travelaudience.com	1 redirects
1	match.adsrvr.org	d8d1f6c6b5c9aafb9667b3c0a66b013c.safeframe.googlesyndication.com
1	um.simpli.fi	1 redirects
1	sync-tm.everesttech.net	1 redirects
1	cs.chocolateplatform.com	33ecd2ec6bae0c8c308958ffacaf82e2.safeframe.googlesyndication.com
1	ads.yieldmo.com	33ecd2ec6bae0c8c308958ffacaf82e2.safeframe.googlesyndication.com
1	sync.go.sonobi.com	33ecd2ec6bae0c8c308958ffacaf82e2.safeframe.googlesyndication.com
1	fksnk.com	1 redirects
1	s.tribalfusion.com	www2.kusports.com
1	a.tribalfusion.com	1 redirects
1	fonts.gstatic.com	fonts.googleapis.com
1	cs.media.net	1 redirects
1	s.ad.smaato.net	1 redirects
1	sync.mathtag.com	1 redirects
1	fonts.googleapis.com	s0.2mdn.net
1	cfe830dcf8ef79dded614f38a7af9ab6.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
1	1ff0d7ce146b4c1d840a5528702b361e.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
1	d447947e5223a193934f4964357ce0ce.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
1	static.adsafeprotected.com	www2.kusports.com
1	www.google.de	www2.kusports.com
1	edge.quantserve.com	www2.kusports.com
1	stats.g.doubleclick.net	www.google-analytics.com
1	quizzicalzephyr.com	www2.kusports.com
1	maps.googleapis.com	maps.google.com
1	www.googletagmanager.com	www2.kusports.com
1	ogden_images.s3.amazonaws.com	www2.kusports.com
1	cdn01.basis.net	www2.kusports.com
1	cdn.includemodal.com	www2.kusports.com
0	media.adfrontiers.com Failed	www2.kusports.com
424	84

This site contains links to these domains. Also see Links.

Domain
www.meritrustcu.org
seatgeek.com
shop.ljworld.com
ljworld.com
boards.kusports.com
www.facebook.com
twitter.com
www2.ljworld.com
geo.itunes.apple.com
play.google.com
www.kuathletics.com
www.kualumni.org
rn12.ultipro.com

Subject Issuer	Validity	Valid
cdn01.basis.net GeoTrust TLS DV RSA Mixed SHA256 2020 CA-1	`2021-06-14` - `2022-06-14`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2021-12-08` - `2022-03-02`	3 months	crt.sh
quizzicalzephyr.com R3	`2021-12-17` - `2022-03-17`	3 months	crt.sh
*.sitescout.com GeoTrust TLS DV RSA Mixed SHA256 2020 CA-1	`2021-12-15` - `2023-01-15`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2021-12-08` - `2022-03-02`	3 months	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2021-10-24` - `2022-01-22`	3 months	crt.sh
*.google.de GTS CA 1C3	`2021-12-08` - `2022-03-02`	3 months	crt.sh
*.google.com GTS CA 1C3	`2021-12-08` - `2022-03-02`	3 months	crt.sh
www.google.com GTS CA 1C3	`2021-12-08` - `2022-03-02`	3 months	crt.sh
www.google.de GTS CA 1C3	`2021-12-08` - `2022-03-02`	3 months	crt.sh
*.taboola.com DigiCert TLS RSA SHA256 2020 CA1	`2021-11-28` - `2022-12-29`	a year	crt.sh
*.scorecardresearch.com Amazon	`2021-02-28` - `2022-03-29`	a year	crt.sh
*.cloudfront.net Amazon	`2021-03-19` - `2022-03-17`	a year	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2021-12-08` - `2022-03-02`	3 months	crt.sh
*.analyticssystems.net R3	`2021-12-08` - `2022-03-08`	3 months	crt.sh
static.adsafeprotected.com Amazon	`2021-09-05` - `2022-10-04`	a year	crt.sh
*.openx.net GeoTrust RSA CA 2018	`2021-07-08` - `2022-08-08`	a year	crt.sh
servedbyadbutler.com Sectigo RSA Domain Validation Secure Server CA	`2022-01-11` - `2023-01-11`	a year	crt.sh
butterbulb.com R3	`2021-12-21` - `2022-03-21`	3 months	crt.sh
redintelligence.net R3	`2021-12-21` - `2022-03-21`	3 months	crt.sh
*.doubleclick.net GTS CA 1C3	`2021-12-08` - `2022-03-02`	3 months	crt.sh
teads.tv R3	`2022-01-03` - `2022-04-03`	3 months	crt.sh
ui.aps.ads.yahoo.com DigiCert SHA2 High Assurance Server CA	`2022-01-07` - `2022-02-23`	2 months	crt.sh
upload.video.google.com GTS CA 1C3	`2021-12-08` - `2022-03-02`	3 months	crt.sh
contentspread.net R3	`2021-12-03` - `2022-03-03`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2021-12-08` - `2022-03-02`	3 months	crt.sh
*.go.sonobi.com Go Daddy Secure Certificate Authority - G2	`2021-12-08` - `2023-01-09`	a year	crt.sh
*.yieldmo.com Amazon	`2021-05-25` - `2022-06-23`	a year	crt.sh
chocolateplatform.com GTS CA 1D4	`2021-12-21` - `2022-03-21`	3 months	crt.sh
*.adsrvr.org GlobalSign GCC R3 DV TLS CA 2020	`2021-03-18` - `2022-04-19`	a year	crt.sh
s.adroll.com Amazon	`2021-08-02` - `2022-08-31`	a year	crt.sh
adroll.mgr.consensu.org Amazon	`2021-09-09` - `2022-10-08`	a year	crt.sh

This page contains 49 frames:

Primary Page: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=???+Buy+Hydroxychloroquine+Over+the+Counter:+??+www.HealsPills.store+??+Uses,+Dosage+???Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Frame ID: AF3642BE4649C74C2E64C1679C3EBC57
Requests: 153 HTTP requests in this frame

Frame: https://67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 1DCBD79D2E9528218C26701835703BA1
Requests: 1 HTTP requests in this frame

Frame: https://pixel.sitescout.com/dmp/asyncPixelSync
Frame ID: 481608239E5273E2EBDB2A04EF508FE6
Requests: 1 HTTP requests in this frame

Frame: https://67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 881A650E8017E4CE1C4B95CB900A3CC9
Requests: 17 HTTP requests in this frame

Frame: https://67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 15A23382AA08FA72555D1F37804294D7
Requests: 18 HTTP requests in this frame

Frame: https://67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: B0BD5D187DA39540A864FB056F41E1B6
Requests: 17 HTTP requests in this frame

Frame: https://67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 9DDA9C62B0F55DBBD8BAF29D57FC8838
Requests: 17 HTTP requests in this frame

Frame: https://67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 19ADA0F55F629FF6F0E7DA34DD2EAE8C
Requests: 18 HTTP requests in this frame

Frame: https://d447947e5223a193934f4964357ce0ce.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Frame ID: 0897B4F5C7968A9B5CA31DB35458F021
Requests: 1 HTTP requests in this frame

Frame: https://67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: D91B3DB90933C125862E06EF67F2898C
Requests: 11 HTTP requests in this frame

Frame: https://1ff0d7ce146b4c1d840a5528702b361e.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Frame ID: 9557B25A1A29CB1A62CA61AA47A33056
Requests: 1 HTTP requests in this frame

Frame: https://67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: ED572AAD07D783E5B306D1AEDC9D9D03
Requests: 18 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsty2cqfA1I_JuRweeUy2AHKX5cl10KPcEIO-xsbPiSJyPluvpJwOE0lZZn0pFapgKNl5taeOj68EyAqNOvM_tikp-med_esQLiN9axftXnu7c7CkKSGDi9tY_GApQ8QCCUd-L4CIUrJ9yon5Th73hITRPIvjvTpwCLJoUzUo98PQyYPymyIqJxC4FhKyGNiQpLmUmWkAa0c3VAQkVXJdqYbrlD6Cc-d0TU5RWKwEa97sc-FP6oGkfMy2QTay1dRON1ykkevi2k0nds5uVhIIbxoGHvX8LjfEauQXtvkRjJvZbzdrwC8bQRil81AkuV6vX8DHA5hBVfv3LGpm9SA6dKB9XO9jGbOnA&sig=Cg0ArKJSzGISl54Xf9r3EAE&uach_m=[UACH]&urlfix=1&adurl=
Frame ID: 470B0A219587BFC1DD485EB469BDA7DB
Requests: 6 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstBs7eyqiVQzDjEqOGXnMmab3kQxDoJnTMylT3bPtx22Kog7AAgq_fMm2nvveJhezZLoQqa2ybv71D1cUtuES9JIA046Cb6wYGM50J3cDapXICk8ztxFo68LMfkh0AudgTrKgeMMzGhZSfFH_GdvdO8rT586deehIULn2N8U4_gsBms4dRjij4ydPM0W-01OfLy4Dnt7JM9htLiBunouQECph9q_8tJlXMJexCWCfitB4WiYLugUlTrth7GG1gKUJQoVRC4k5wtQNuODpOTeLqbHiI93Y6v8EEy1_G-qL7WGfgjkzYYGWelg2f2Pl-0EgTias9bUvwJcRsrVIyncAvO3Ij85PYevw&sig=Cg0ArKJSzHOcCGk57b1uEAE&uach_m=[UACH]&urlfix=1&adurl=
Frame ID: ADB9A5328696D041EC3AC3D508479849
Requests: 6 HTTP requests in this frame

Frame: https://25dcde5c459e907cdba546ad0f24cb2c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Frame ID: B264B7DF6D213A13004914DC85FE9424
Requests: 1 HTTP requests in this frame

Frame: https://cfe830dcf8ef79dded614f38a7af9ab6.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Frame ID: D81A61156B58DBB0EC1B66B92C69BDEA
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: FA7E120B8DDA5D3A804E1784668188F2
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 6E92C94C462FF22886A2B8A675CF6713
Requests: 2 HTTP requests in this frame

Frame: https://33ecd2ec6bae0c8c308958ffacaf82e2.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Frame ID: 4546AF426E1A1F5A66F1B176D77F48EC
Requests: 1 HTTP requests in this frame

Frame: https://25dcde5c459e907cdba546ad0f24cb2c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Frame ID: 21EDABAFC4832B7E9C2D78E8DED8E877
Requests: 13 HTTP requests in this frame

Frame: https://d8d1f6c6b5c9aafb9667b3c0a66b013c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Frame ID: B51DAA8189A0EB5E59C55D401005A4EE
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhCn9EsYvNLFlQEwAQ&v=APEucNVCOgKm39xxnmCSXP24_j3K-TiJMkoWWdq35T8a63jrUhHTkChgAhawkLq6IaiOWVarnhBnobSxUP2QYY8R9EvtaZtSked3uGlotURz00lwgrPo0mL9ZJjeBlbzTObJOz4-4_yQ0I_V_Hr1pwx1AtNOiZHlWxtgXmIosEwBRkqw213WzrLIHBYtjC7EMA14sp4so7IDrxUKb6a-W1oBRTtokxPk1g
Frame ID: B89637D678606A273C83E2CFA3E413B8
Requests: 5 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 8FCA0C66830ACA033D325B6FA57864E5
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 57E1A5B8FC026821C1C88E91CE796CB5
Requests: 2 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 69793D73878CA4EC5ABB759FAEB829D4
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 80CB10624D35DF03DE7E8F5C0232B3B2
Requests: 2 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: FCF7722D74E57495A3BB35AA8D1742B9
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 47862D2E3FB8147F9F57DD78AB2E4AEF
Requests: 2 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: B1E5A59D9A9A3C9FDE1E6EBC808DD2AE
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 77DA65071C939F489A008320233B8813
Requests: 2 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsuzjX4Y5vOcQy_-xOdVl_SkhPcPrEHGKyZufZRKeVLMM9BsF72mhn4sMxlAU7mONuVPu1Cy6sf1H5X0TUKgf3Y-LPlSe5GveuVRpvdFHG6WcgOrfrhapHNoQtrXOaZU3BY1uqbunWr_bJVfvn5YDncjVdktkE830eqKpNPJA3f66RlTtiyi12rhTxwOdl0KTv6rD_7JC9b-SGvfYl0KEAkVrZPfnia7uY463nnQd1hhxcb9vadOVOL2dcGEWLeycGX-rXiUPh5Mkh07ipGyDP1Xo_1gNx1l9iC-r4uKIW4F3oQB00udhbSKghUC8jPe1a-2fKx0Tk4vKYGGKw0aPEVI9zZnw1AzWg&sig=Cg0ArKJSzOIwSTvOjFoJEAE&uach_m=[UACH]&urlfix=1&adurl=
Frame ID: BCA9BA45E0087781C5D92BF096E6F972
Requests: 6 HTTP requests in this frame

Frame: https://33ecd2ec6bae0c8c308958ffacaf82e2.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Frame ID: EDF7AAE6F3305C6A1E8D1115432E0A44
Requests: 15 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 14586D86D40F1355F2F418048E6F97C6
Requests: 3 HTTP requests in this frame

Frame: https://d8d1f6c6b5c9aafb9667b3c0a66b013c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Frame ID: 040685544045AA8746CEE3A9A515FBC6
Requests: 12 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPDkLxDD7WMY9P2hvQEwAQ&v=APEucNWnK_gwsbdbTYRgWPscq6Pkzpkr7gUJgC909eWtHPDpq0MBfqOFCfW9XZYrXkNrt6QjULl9H9a0ghTzbBcfw8KQWY3iWNSt_D21VRkSU-5ExXJw2K96MHQUyF5ifArr_x4a15GEWh1oxOMU-zUYTY6JRUn-Sc3K4rur08SWz0C3LbQqvPZPZW2r_psQiVwnFPWu4rXipf0f1MDrDLBXxj1A_zfh1w
Frame ID: 80D13F2E83CFF712639B32814D184E45
Requests: 5 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 5192F3175A526147AE26343589E74665
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: E20346FABDD715355845C1498F03500B
Requests: 2 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhCn9EsY9P6pXTAB&v=APEucNX0q9VASQsVlFCefCxMeijhdT047SYv5cecdBsRTcwCJnKboHWSMYurLhSCVzrUY4ZaVPdmLr6DMzqGZX_l1-TwWfCURW-uMA7oHl9I_9_eCoD1rQn_zKOJaQl_6ZJKzyFE_4valcuUCqgki-UqZkoJgFlxRrexpDVmcLO9xCXcKDYcgV11_57EJJ9GnKEFoU1gRXlzsoQAi8_-5fy3FZHQNvWKrg
Frame ID: 83BC5DCB235B1EAD53AA5140CB864BF2
Requests: 4 HTTP requests in this frame

Frame: https://8019191.fls.doubleclick.net/activityi;dc_pre=CM-Oj9yZtPUCFYemGwodXxsK9A;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=3813178367164.5938
Frame ID: E1CB38804DDB47520D024C36521CD0E6
Requests: 2 HTTP requests in this frame

Frame: https://hal90006.redintelligence.net/request_content.php?s=12622400155036900710612011840006&a=35602aa5
Frame ID: 95570C2E9B24283A5997A43D8042B743
Requests: 5 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: F63A0EE986B1079DAB70DE932985D460
Requests: 8 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/10787963051330895359/index.html
Frame ID: 493AB9ECC8E553F9099F0540AEE96DC8
Requests: 7 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 36421C17BE122C88CE0F492A7ADBDBF8
Requests: 9 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: E74D4100DBFD539DD725BA1122CEEDFF
Requests: 3 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 9116CD7ED7A7DAD2134C1344506EA453
Requests: 3 HTTP requests in this frame

Frame: https://hal900030.redintelligence.net/request_content.php?s=89334900122487000757597011840030&a=cd04553b
Frame ID: 57B10C319C5BBDF9990D87A76123CDC9
Requests: 6 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 3D4DD8CB00F7230389FB0146E05F4B9E
Requests: 9 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: A8CA2265ACE4536FB0C18E51200784AE
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: AC63D05E88A4FDC7F6756E5E94CD11C2
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

"??? Buy Hydroxychloroquine Over the Counter: ?? www.HealsPills.store ?? Uses, Dosage ???Buy Hydroxychloroquine Sulfate Buy Hydroxychloroquine" | Search | KUsports.com

Detected technologies

Google Maps (Maps) Expand

Overall confidence: 100%
Detected patterns

//maps\.google(?:apis)?\.com/maps/api/js

AdRoll (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

(?:a|s)\.adroll\.com

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

Chartbeat (Analytics) Expand

Overall confidence: 100%
Detected patterns

chartbeat\.js

DoubleClick Ad Exchange (AdX) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

tpc\.googlesyndication\.com/safeframe

DoubleClick Campaign Manager (DCM) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

2mdn\.net

DoubleClick for Publishers (DFP) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googletagservices\.com/tag/js/gpt(?:_mobile)?\.js

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/
2mdn\.net

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js

Lightbox (JavaScript Libraries) Expand

OpenX (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.openx\.net

Quantcast Measure (Analytics) Expand

Overall confidence: 100%
Detected patterns

\.quantserve\.com/quant\.js

SWFObject (Miscellaneous) Expand

Overall confidence: 100%
Detected patterns

swfobject.*\.js

comScore (Analytics) Expand

Overall confidence: 100%
Detected patterns

<iframe[^>]* (?:id="comscore"|scr=[^>]+comscore)|\.scorecardresearch\.com/beacon\.js|COMSCORE\.beacon
\.scorecardresearch\.com/beacon\.js|COMSCORE\.beacon

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

/([\d.]+)/jquery(?:\.min)?\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

424
Requests

65 %
HTTPS

41 %
IPv6

58
Domains

84
Subdomains

60
IPs

10
Countries

4964 kB
Transfer

11580 kB
Size

48
Cookies

16 Outgoing links

These are links going to different origins than the main page.

URL: https://www.meritrustcu.org/home/personal/checking?utm_campaign=debit_cards_red&utm_source=LJW_digital&utm_medium=paid//
Title: Sponsored by:

Search URL Search Domain Scan URL

URL: https://www.meritrustcu.org/home/personal/checking?utm_campaign=debit_cards_red&utm_source=LJW_digital&utm_medium=paid/

Search URL Search Domain Scan URL

URL: https://seatgeek.com/kansas-jayhawks-basketball-tickets?aid=12341
Title: Tickets

Search URL Search Domain Scan URL

URL: https://shop.ljworld.com/
Title: Shop

Search URL Search Domain Scan URL

URL: http://ljworld.com/
Title: LJWorld

Search URL Search Domain Scan URL

URL: http://boards.kusports.com/
Title: Message boards

Search URL Search Domain Scan URL

URL: https://www.facebook.com/KUsportsdotcom/
Title: Facebook

Search URL Search Domain Scan URL

URL: http://twitter.com/kusports/
Title: Twitter

Search URL Search Domain Scan URL

URL: http://www2.ljworld.com/news/champions2008/
Title: Self-made Champions

Search URL Search Domain Scan URL

URL: https://geo.itunes.apple.com/us/app/kusports.com/id389444893?mt=8
Title: iPhone App

Search URL Search Domain Scan URL

URL: https://play.google.com/store/apps/details?id=com.whiz.kusports
Title: Android App

Search URL Search Domain Scan URL

URL: http://www.kuathletics.com/staff.aspx
Title: KAI directory

Search URL Search Domain Scan URL

URL: http://www.kualumni.org/chapters/watchsites/
Title: KU Alumni Assoc. Watch Party Sites

Search URL Search Domain Scan URL

URL: http://boards.kusports.com/ubb/postlist.php?Cat=&Board=football
Title: Message Boards

Search URL Search Domain Scan URL

URL: http://boards.kusports.com/ubb/postlist.php?Cat=&Board=basketball
Title: Message Boards

Search URL Search Domain Scan URL

URL: https://rn12.ultipro.com/WOR1007/JobBoard/ListJobs.aspx?__vt=ExtCan
Title: Jobs

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 41

http://insight.adsrvr.org/track/evnt/?adv=71kqd28j&ct=0:1yygqtov&fmt=3 HTTP 301
https://insight.adsrvr.org/track/evnt/?adv=71kqd28j&ct=0:1yygqtov&fmt=3

Request Chain 44

http://www2.kusports.com/search/vertical/photogalleries.gallery/_t200?63053ce3c12ccdabb07c8a8609241a2395705911 HTTP 302
http://www2.kusports.com/search/vertical/photogalleries.gallery/_t200/?63053ce3c12ccdabb07c8a8609241a2395705911=

Request Chain 93

http://connect.facebook.net/en_US/fbevents.js HTTP 307
https://connect.facebook.net/en_US/fbevents.js

Request Chain 129

http://rules.quantcount.com/rules-p-b9OfuctfLWqtE.js HTTP 301
https://rules.quantcount.com/rules-p-b9OfuctfLWqtE.js

Request Chain 134

https://sb.scorecardresearch.com/b?c1=7&c2=34354936&c3=1&ns__t=1642264957639&ns_c=UTF-8&cv=3.5&c8=%22%3F%3F%3F%20Buy%20Hydroxychloroquine%20Over%20the%20Counter%3A%20%3F%3F%20www.HealsPills.store%20%3F%3F%20Uses%2C%20Dosage%20%3F%3F%3FBuy%20Hydroxychloroquine%20Sulfate%20Buy%20Hydroxychloroquine%22%20%7C%20Search%20%7C%20KUsports.com&c7=http%3A%2F%2Fwww2.kusports.com%2Fsearch%2Fvertical%2Fphotogalleries.gallery%2F%3Fq%3D%3F%3F%3F%2BBuy%2BHydroxychloroquine%2BOver%2Bthe%2BCounter%3A%2B%3F%3F%2Bwww.HealsPills.store%2B%3F%3F%2BUses%2C%2BDosage%2B%3F%3F%3FBuy%2BHydroxychloroquine%2BSulfate%2BBuy%2BHydroxychloroquine&c9= HTTP 302
https://sb.scorecardresearch.com/b2?c1=7&c2=34354936&c3=1&ns__t=1642264957639&ns_c=UTF-8&cv=3.5&c8=%22%3F%3F%3F%20Buy%20Hydroxychloroquine%20Over%20the%20Counter%3A%20%3F%3F%20www.HealsPills.store%20%3F%3F%20Uses%2C%20Dosage%20%3F%3F%3FBuy%20Hydroxychloroquine%20Sulfate%20Buy%20Hydroxychloroquine%22%20%7C%20Search%20%7C%20KUsports.com&c7=http%3A%2F%2Fwww2.kusports.com%2Fsearch%2Fvertical%2Fphotogalleries.gallery%2F%3Fq%3D%3F%3F%3F%2BBuy%2BHydroxychloroquine%2BOver%2Bthe%2BCounter%3A%2B%3F%3F%2Bwww.HealsPills.store%2B%3F%3F%2BUses%2C%2BDosage%2B%3F%3F%3FBuy%2BHydroxychloroquine%2BSulfate%2BBuy%2BHydroxychloroquine&c9=

Request Chain 140

http://pixel.quantserve.com/pixel;r=1349682753;rf=0;a=p-b9OfuctfLWqtE;url=http%3A%2F%2Fwww2.kusports.com%2Fsearch%2Fvertical%2Fphotogalleries.gallery%2F%3Fq%3D%3F%3F%3F%2BBuy%2BHydroxychloroquine%2BOver%2Bthe%2BCounter%3A%2B%3F%3F%2Bwww.HealsPills.store%2B%3F%3F%2BUses%2C%2BDosage%2B%3F%3F%3FBuy%2BHydroxychloroquine%2BSulfate%2BBuy%2BHydroxychloroquine;uht=2;fpan=1;fpa=P0-2006399965-1642264957691;pbc=;ns=0;ce=1;qjs=1;qv=92a3679b-20211110211611;cm=;gdpr=0;ref=;d=kusports.com;je=0;sr=1600x1200x24;dst=0;et=1642264957691;tzo=0;ogl=image.http%3A%2F%2Fworldonline%252Emedia%252Eclients%252Eellingtoncms%252Ecom%2Fstatic%2Fkusports%252Ecom%2Fimages%2Fkus HTTP 301
https://pixel.quantserve.com/pixel;r=1349682753;rf=0;a=p-b9OfuctfLWqtE;url=http%3A%2F%2Fwww2.kusports.com%2Fsearch%2Fvertical%2Fphotogalleries.gallery%2F%3Fq%3D%3F%3F%3F%2BBuy%2BHydroxychloroquine%2BOver%2Bthe%2BCounter%3A%2B%3F%3F%2Bwww.HealsPills.store%2B%3F%3F%2BUses%2C%2BDosage%2B%3F%3F%3FBuy%2BHydroxychloroquine%2BSulfate%2BBuy%2BHydroxychloroquine;uht=2;fpan=1;fpa=P0-2006399965-1642264957691;pbc=;ns=0;ce=1;qjs=1;qv=92a3679b-20211110211611;cm=;gdpr=0;ref=;d=kusports.com;je=0;sr=1600x1200x24;dst=0;et=1642264957691;tzo=0;ogl=image.http%3A%2F%2Fworldonline%252Emedia%252Eclients%252Eellingtoncms%252Ecom%2Fstatic%2Fkusports%252Ecom%2Fimages%2Fkus

Request Chain 270

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESENq-HCGYG357z2xFeouTTD4&google_cver=1 HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESENq-HCGYG357z2xFeouTTD4&google_cver=1&C=1

Request Chain 271

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YeL5flf2Q4Nzqfisvhje4wAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESENq-HCGYG357z2xFeouTTD4&google_cver=1

Request Chain 272

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEMHl2iuBw0w06iZdnAuE6g8&google_cver=1 HTTP 307
https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEMHl2iuBw0w06iZdnAuE6g8%26google_cver%3D1

Request Chain 273

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MTg3ODcxNTY5OTIxMzU3OTcwMg%3D%3D

Request Chain 298

https://hal90006.redintelligence.net/request.php?zone=4727t6qteyti&nw=20&renderingType=javascript&namespace=564d890d5a&subid=&uid=6c45d125ad12aa03&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DC3zjGfvniYeeWEoiP9u8PwvuXyAi1zfmDV_zYuavlDPAuEAEgiIC_FGCV6vuBlAfIAQmpAjTwtOc1J7M-qAMBqgT6AU_Qj_89smv0J7N2OZGKrqiyt9sK_9gnoEo5n-Qr9R4PieVduJsuQDNN77VEDAbKwz22UabW1bypBKQhQOpc5kaXBo4XFIvbkrtVAJYsAzdAwODIaJrylUl0Og7rxklKMtypuxwOxBGj_MUP2KY1ndSMf2iC7v5obDrHJobf_qrwiOpKDGaw6hG8Tu4_otktcT3RqVe6EuI1fPcWLtw3mgnVh4q3hLrN17O3cSo3vmXnRvbJx2X8DetPYVfS74I6wltheiW9OGxlpXgg0l5Eg3IzktBA3ouqvNI9gVn8f1-Su60D_M8lSNET5V5TWqjwN7p1drAE84cQPLTABKqd_L7PAeAEA5AGAaAGTYAH6-foXqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB9XJG6gHpr4bqAfz0RuoB5bYG6gHqpuxAqgH35-xAtgHANIICQiA4YAQEAEYHYAKA5gLAcgLAYAMAbAT3JnrDdATANgTA9gUAdAVAYAXAQ%26ae%3D1%26num%3D1%26cid%3DCAASEuRo4fpBlHM-kwKl-AYOM9_ubg%26sig%3DAOD64_2jTtixKpOXgzvDlOZlRkMD3LQaWA%26client%3Dca-pub-6163857992956964%26dbm_c%3DAKAmf-D1rHP1GoDNaOZvi_55aI1I3PjJcr79Eb-J9hN8ALP0g2O2xDlpFSVTK-rwwXz1nkdXQOl7WdwtA9_i0fz5Oq803isQGnyfGI3P1lYAjhG-mq0ZOIdY94sy9BwGJD1eH4QhtX0Kl9-KPTiKJ9TV-Y4ap0C15A%26cry%3D1%26dbm_d%3DAKAmf-AK-PW1n0j3kO1NxlIc9usmcV5NA6a9vmuEMhKy0hvsuE7WklQ0HQl48y-h9exGVsBr14AQBp3xk3LTEig-t-FJrtkDChdVcHOlboG-JvZ6AHIEp7Mi2KPnZHHO_VV236L69tpg8i7EHU3eZcOoBR-3n5hXrDWckHgxUKtXoksvVy93NfYfVF34w1nsyKxnhThpgRNUF4crh1c8umR73oLl7_4mwHyNkYcN1A6RXQQ3ljR3XtZRI265ndBZsw8mdstzFyso2QZesCWisAGgou5D-VX2E1xmbWeGGzxBgdlZ1E5JVFj6exAjT_i3UVbXBnGswm1WpoaraZ-LMhVZj4q3i0BWDKvF88RKpOMHxN8QFwwE-uVw5htzmJYw9ekGScL9vryrfwQQBJpzERv7ZWEUIMe-Rw%26adurl%3D&documentReferer=https%3A%2F%2F67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com%2F&ancestorOrigins=https%3A%2F%2F67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com%2Chttp%3A%2F%2Fwww2.kusports.com&random=5935810419535&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0 HTTP 302
https://hal90006.redintelligence.net/request.php?zone=4727t6qteyti&nw=20&renderingType=javascript&namespace=564d890d5a&subid=&uid=6c45d125ad12aa03&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DC3zjGfvniYeeWEoiP9u8PwvuXyAi1zfmDV_zYuavlDPAuEAEgiIC_FGCV6vuBlAfIAQmpAjTwtOc1J7M-qAMBqgT6AU_Qj_89smv0J7N2OZGKrqiyt9sK_9gnoEo5n-Qr9R4PieVduJsuQDNN77VEDAbKwz22UabW1bypBKQhQOpc5kaXBo4XFIvbkrtVAJYsAzdAwODIaJrylUl0Og7rxklKMtypuxwOxBGj_MUP2KY1ndSMf2iC7v5obDrHJobf_qrwiOpKDGaw6hG8Tu4_otktcT3RqVe6EuI1fPcWLtw3mgnVh4q3hLrN17O3cSo3vmXnRvbJx2X8DetPYVfS74I6wltheiW9OGxlpXgg0l5Eg3IzktBA3ouqvNI9gVn8f1-Su60D_M8lSNET5V5TWqjwN7p1drAE84cQPLTABKqd_L7PAeAEA5AGAaAGTYAH6-foXqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB9XJG6gHpr4bqAfz0RuoB5bYG6gHqpuxAqgH35-xAtgHANIICQiA4YAQEAEYHYAKA5gLAcgLAYAMAbAT3JnrDdATANgTA9gUAdAVAYAXAQ%26ae%3D1%26num%3D1%26cid%3DCAASEuRo4fpBlHM-kwKl-AYOM9_ubg%26sig%3DAOD64_2jTtixKpOXgzvDlOZlRkMD3LQaWA%26client%3Dca-pub-6163857992956964%26dbm_c%3DAKAmf-D1rHP1GoDNaOZvi_55aI1I3PjJcr79Eb-J9hN8ALP0g2O2xDlpFSVTK-rwwXz1nkdXQOl7WdwtA9_i0fz5Oq803isQGnyfGI3P1lYAjhG-mq0ZOIdY94sy9BwGJD1eH4QhtX0Kl9-KPTiKJ9TV-Y4ap0C15A%26cry%3D1%26dbm_d%3DAKAmf-AK-PW1n0j3kO1NxlIc9usmcV5NA6a9vmuEMhKy0hvsuE7WklQ0HQl48y-h9exGVsBr14AQBp3xk3LTEig-t-FJrtkDChdVcHOlboG-JvZ6AHIEp7Mi2KPnZHHO_VV236L69tpg8i7EHU3eZcOoBR-3n5hXrDWckHgxUKtXoksvVy93NfYfVF34w1nsyKxnhThpgRNUF4crh1c8umR73oLl7_4mwHyNkYcN1A6RXQQ3ljR3XtZRI265ndBZsw8mdstzFyso2QZesCWisAGgou5D-VX2E1xmbWeGGzxBgdlZ1E5JVFj6exAjT_i3UVbXBnGswm1WpoaraZ-LMhVZj4q3i0BWDKvF88RKpOMHxN8QFwwE-uVw5htzmJYw9ekGScL9vryrfwQQBJpzERv7ZWEUIMe-Rw%26adurl%3D&documentReferer=https%3A%2F%2F67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com%2F&ancestorOrigins=https%3A%2F%2F67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com%2Chttp%3A%2F%2Fwww2.kusports.com&random=5935810419535&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1

Request Chain 324

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_dbm HTTP 302
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEE-8OyXzAQCPIyNfsjZgDGY&google_cver=1

Request Chain 326

https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_cm&google_dbm HTTP 302
https://sync.teads.tv/um?eid=3&uid=CAESEMChXitWymKko4qJHPqGEp0&google_cver=1

Request Chain 332

https://cm.g.doubleclick.net/pixel?google_nid=spotxchange_dbm&google_cm&google_dbm HTTP 302
https://sync.search.spotxchange.com/partner?adv_id=7025&uid=CAESEJp0Rbl-kFBn4dg8J7aizzI&google_cver=1 HTTP 302
https://sync.search.spotxchange.com/partner?adv_id=7025&uid=CAESEJp0Rbl-kFBn4dg8J7aizzI&google_cver=1&__user_check__=1&sync_id=26af5590-7622-11ec-aba2-1e5bf6c20106

Request Chain 333

https://sync.search.spotxchange.com/partner?adv_id=7025&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dspotxchange_dbm%26google_hm%3D%24SPOTX_BASE64_USER_ID HTTP 302
https://sync.search.spotxchange.com/partner?adv_id=7025&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dspotxchange_dbm%26google_hm%3D%24SPOTX_BASE64_USER_ID&__user_check__=1&sync_id=26aa4eb0-7622-11ec-907a-1ce730eb0106 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=spotxchange_dbm&google_hm=MjZhZjU1M2QtNzYyMi0xMWVjLWFiYTItMWU1YmY2YzIwMTA2

Request Chain 335

https://8019191.fls.doubleclick.net/activityi;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=3813178367164.5938 HTTP 302
https://8019191.fls.doubleclick.net/activityi;dc_pre=CM-Oj9yZtPUCFYemGwodXxsK9A;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=3813178367164.5938

Request Chain 357

https://sync.mathtag.com/sync/img?mt_exid=4&google_gid=CAESEFkm2radO-OAXFazQ1lFaCg&google_cver=1&google_push=AYg5qPKJdFSIFskLoOdDnjsakdFGe5xqOne1SlgB3ayO39oqVIlxY3uYv0P5OdWUDXLh-rlQhvz0NFTEMANfzFlxSavUglO_vokzqA HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=&google_push=AYg5qPKJdFSIFskLoOdDnjsakdFGe5xqOne1SlgB3ayO39oqVIlxY3uYv0P5OdWUDXLh-rlQhvz0NFTEMANfzFlxSavUglO_vokzqA

Request Chain 358

https://d5p.de17a.com/cookies/google?google_gid=CAESEMR3InjEtHCWRIllHfCd1Qw&google_cver=1&google_push=AYg5qPKaIjTbHfV9rlq447k8hL7j1YDB82BlUgH_FtpDRFmPz3VABmtdgoZOpSGoLYXNCf3mvTrfu7t-4sTKWrOVXrd-A3s6gzZkOQ HTTP 302
https://d5p.de17a.com/cookies/google;c?google_gid=CAESEMR3InjEtHCWRIllHfCd1Qw&google_cver=1&google_push=AYg5qPKaIjTbHfV9rlq447k8hL7j1YDB82BlUgH_FtpDRFmPz3VABmtdgoZOpSGoLYXNCf3mvTrfu7t-4sTKWrOVXrd-A3s6gzZkOQ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=delta_projects_ab&google_ula=668382&google_push=AYg5qPKaIjTbHfV9rlq447k8hL7j1YDB82BlUgH_FtpDRFmPz3VABmtdgoZOpSGoLYXNCf3mvTrfu7t-4sTKWrOVXrd-A3s6gzZkOQ

Request Chain 359

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEED_e3kPZ9voa4jjmFRa-IY&google_cver=1&google_push=AYg5qPJIeIIMPH7tLmxyhptImzRBYqANeDuXd3L3Gamh1aiNZEavzSOBxTQVt8Ze00UX0JAm1esBXLy_P1YBl3llDSmShJCa7Zdx HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1lHMjVLTTAtUi02TUVL&google_push=AYg5qPJIeIIMPH7tLmxyhptImzRBYqANeDuXd3L3Gamh1aiNZEavzSOBxTQVt8Ze00UX0JAm1esBXLy_P1YBl3llDSmShJCa7Zdx

Request Chain 360

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEFAjvzAKmoHvAp9hSPIAdq8&google_cver=1&google_push=AYg5qPKb9x9VPfi-qn24h9wxtVy1eM-c19XHaitqj5Z_zZBfPsYYS6aJkcrHadra9WmpOt-tKMwIfk_HkhKREk4k2vlE7sIJHhBftg HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YeL5flf2Q4Nzqfisvhje4wAABKAAAAIB&google_gid=CAESEFAjvzAKmoHvAp9hSPIAdq8&google_cver=1&google_push=AYg5qPKb9x9VPfi-qn24h9wxtVy1eM-c19XHaitqj5Z_zZBfPsYYS6aJkcrHadra9WmpOt-tKMwIfk_HkhKREk4k2vlE7sIJHhBftg HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YeL5flf2Q4Nzqfisvhje4wAABKAAAAIB&google_gid=CAESEFAjvzAKmoHvAp9hSPIAdq8&google_cver=1&google_push=AYg5qPKb9x9VPfi-qn24h9wxtVy1eM-c19XHaitqj5Z_zZBfPsYYS6aJkcrHadra9WmpOt-tKMwIfk_HkhKREk4k2vlE7sIJHhBftg HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YeL5flf2Q4Nzqfisvhje4wAABKAAAAIB&google_gid=CAESEFAjvzAKmoHvAp9hSPIAdq8&google_cver=1&google_push=AYg5qPKb9x9VPfi-qn24h9wxtVy1eM-c19XHaitqj5Z_zZBfPsYYS6aJkcrHadra9WmpOt-tKMwIfk_HkhKREk4k2vlE7sIJHhBftg HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YeL5flf2Q4Nzqfisvhje4wAABKAAAAIB&google_gid=CAESEFAjvzAKmoHvAp9hSPIAdq8&google_cver=1&google_push=AYg5qPKb9x9VPfi-qn24h9wxtVy1eM-c19XHaitqj5Z_zZBfPsYYS6aJkcrHadra9WmpOt-tKMwIfk_HkhKREk4k2vlE7sIJHhBftg HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YeL5flf2Q4Nzqfisvhje4wAABKAAAAIB&google_gid=CAESEFAjvzAKmoHvAp9hSPIAdq8&google_cver=1&google_push=AYg5qPKb9x9VPfi-qn24h9wxtVy1eM-c19XHaitqj5Z_zZBfPsYYS6aJkcrHadra9WmpOt-tKMwIfk_HkhKREk4k2vlE7sIJHhBftg HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YeL5flf2Q4Nzqfisvhje4wAABKAAAAIB&google_gid=CAESEFAjvzAKmoHvAp9hSPIAdq8&google_cver=1&google_push=AYg5qPKb9x9VPfi-qn24h9wxtVy1eM-c19XHaitqj5Z_zZBfPsYYS6aJkcrHadra9WmpOt-tKMwIfk_HkhKREk4k2vlE7sIJHhBftg HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YeL5flf2Q4Nzqfisvhje4wAABKAAAAIB&google_gid=CAESEFAjvzAKmoHvAp9hSPIAdq8&google_cver=1&google_push=AYg5qPKb9x9VPfi-qn24h9wxtVy1eM-c19XHaitqj5Z_zZBfPsYYS6aJkcrHadra9WmpOt-tKMwIfk_HkhKREk4k2vlE7sIJHhBftg HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YeL5flf2Q4Nzqfisvhje4wAABKAAAAIB&google_gid=CAESEFAjvzAKmoHvAp9hSPIAdq8&google_cver=1&google_push=AYg5qPKb9x9VPfi-qn24h9wxtVy1eM-c19XHaitqj5Z_zZBfPsYYS6aJkcrHadra9WmpOt-tKMwIfk_HkhKREk4k2vlE7sIJHhBftg HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YeL5flf2Q4Nzqfisvhje4wAABKAAAAIB&google_gid=CAESEFAjvzAKmoHvAp9hSPIAdq8&google_cver=1&google_push=AYg5qPKb9x9VPfi-qn24h9wxtVy1eM-c19XHaitqj5Z_zZBfPsYYS6aJkcrHadra9WmpOt-tKMwIfk_HkhKREk4k2vlE7sIJHhBftg HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YeL5flf2Q4Nzqfisvhje4wAABKAAAAIB&google_gid=CAESEFAjvzAKmoHvAp9hSPIAdq8&google_cver=1&google_push=AYg5qPKb9x9VPfi-qn24h9wxtVy1eM-c19XHaitqj5Z_zZBfPsYYS6aJkcrHadra9WmpOt-tKMwIfk_HkhKREk4k2vlE7sIJHhBftg HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YeL5flf2Q4Nzqfisvhje4wAABKAAAAIB&google_gid=CAESEFAjvzAKmoHvAp9hSPIAdq8&google_cver=1&google_push=AYg5qPKb9x9VPfi-qn24h9wxtVy1eM-c19XHaitqj5Z_zZBfPsYYS6aJkcrHadra9WmpOt-tKMwIfk_HkhKREk4k2vlE7sIJHhBftg HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YeL5flf2Q4Nzqfisvhje4wAABKAAAAIB&google_gid=CAESEFAjvzAKmoHvAp9hSPIAdq8&google_cver=1&google_push=AYg5qPKb9x9VPfi-qn24h9wxtVy1eM-c19XHaitqj5Z_zZBfPsYYS6aJkcrHadra9WmpOt-tKMwIfk_HkhKREk4k2vlE7sIJHhBftg HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YeL5flf2Q4Nzqfisvhje4wAABKAAAAIB&google_gid=CAESEFAjvzAKmoHvAp9hSPIAdq8&google_cver=1&google_push=AYg5qPKb9x9VPfi-qn24h9wxtVy1eM-c19XHaitqj5Z_zZBfPsYYS6aJkcrHadra9WmpOt-tKMwIfk_HkhKREk4k2vlE7sIJHhBftg HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YeL5flf2Q4Nzqfisvhje4wAABKAAAAIB&google_gid=CAESEFAjvzAKmoHvAp9hSPIAdq8&google_cver=1&google_push=AYg5qPKb9x9VPfi-qn24h9wxtVy1eM-c19XHaitqj5Z_zZBfPsYYS6aJkcrHadra9WmpOt-tKMwIfk_HkhKREk4k2vlE7sIJHhBftg HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YeL5flf2Q4Nzqfisvhje4wAABKAAAAIB&google_gid=CAESEFAjvzAKmoHvAp9hSPIAdq8&google_cver=1&google_push=AYg5qPKb9x9VPfi-qn24h9wxtVy1eM-c19XHaitqj5Z_zZBfPsYYS6aJkcrHadra9WmpOt-tKMwIfk_HkhKREk4k2vlE7sIJHhBftg HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YeL5flf2Q4Nzqfisvhje4wAABKAAAAIB&google_gid=CAESEFAjvzAKmoHvAp9hSPIAdq8&google_cver=1&google_push=AYg5qPKb9x9VPfi-qn24h9wxtVy1eM-c19XHaitqj5Z_zZBfPsYYS6aJkcrHadra9WmpOt-tKMwIfk_HkhKREk4k2vlE7sIJHhBftg HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YeL5flf2Q4Nzqfisvhje4wAABKAAAAIB&google_gid=CAESEFAjvzAKmoHvAp9hSPIAdq8&google_cver=1&google_push=AYg5qPKb9x9VPfi-qn24h9wxtVy1eM-c19XHaitqj5Z_zZBfPsYYS6aJkcrHadra9WmpOt-tKMwIfk_HkhKREk4k2vlE7sIJHhBftg HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YeL5flf2Q4Nzqfisvhje4wAABKAAAAIB&google_gid=CAESEFAjvzAKmoHvAp9hSPIAdq8&google_cver=1&google_push=AYg5qPKb9x9VPfi-qn24h9wxtVy1eM-c19XHaitqj5Z_zZBfPsYYS6aJkcrHadra9WmpOt-tKMwIfk_HkhKREk4k2vlE7sIJHhBftg HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YeL5flf2Q4Nzqfisvhje4wAABKAAAAIB&google_gid=CAESEFAjvzAKmoHvAp9hSPIAdq8&google_cver=1&google_push=AYg5qPKb9x9VPfi-qn24h9wxtVy1eM-c19XHaitqj5Z_zZBfPsYYS6aJkcrHadra9WmpOt-tKMwIfk_HkhKREk4k2vlE7sIJHhBftg HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YeL5flf2Q4Nzqfisvhje4wAABKAAAAIB&google_gid=CAESEFAjvzAKmoHvAp9hSPIAdq8&google_cver=1&google_push=AYg5qPKb9x9VPfi-qn24h9wxtVy1eM-c19XHaitqj5Z_zZBfPsYYS6aJkcrHadra9WmpOt-tKMwIfk_HkhKREk4k2vlE7sIJHhBftg

Request Chain 361

https://s.ad.smaato.net/c/n///-?adNetInit=g&google_gid=CAESEBAq6VYIqLBPd0dGLV8mgSo&google_cver=1&google_push=AYg5qPJA6NEx9toxEKdPqY5TETFTQ8vt0_MC_uEy1jSmZqraC5qZavCEQfAX8NgLS3M_VlpEAH7yrOzKxtFbFid_huJk8YKQavEMTA HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=smaato&google_push=AYg5qPJA6NEx9toxEKdPqY5TETFTQ8vt0_MC_uEy1jSmZqraC5qZavCEQfAX8NgLS3M_VlpEAH7yrOzKxtFbFid_huJk8YKQavEMTA

Request Chain 362

https://cs.media.net/cksync?type=g&google_gid=CAESELfmrm9lvgVeOwlhPS40EDg&google_cver=1&google_push=AYg5qPIFNvM_ofdsg8zVwQ_Onf5bhhTT-6RwcQ5-RZs1UYRpd7X38p-jlAyfTxSP80lU7aEd0oOwKTrzz5Vymck58VZgxQJ0omN7kg HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=media&google_hm=Mjg1MjY2NTU5ODg4NDIyODAwMFYxMA%3d%3d&mn_hm=Mjg1MjY2NTU5ODg4NDIyODAwMFYxMA%3d%3d&google_sc=1&google_push=AYg5qPIFNvM_ofdsg8zVwQ_Onf5bhhTT-6RwcQ5-RZs1UYRpd7X38p-jlAyfTxSP80lU7aEd0oOwKTrzz5Vymck58VZgxQJ0omN7kg&gdpr=&gdpr_consent=

Request Chain 370

https://a.tribalfusion.com/i.match?p=b6&u=CAESEG0rM5Ut5kGYyZ0QyETnn2Q&google_cver=1&google_push=AYg5qPL9hijyvbZbSkqbxcbNB5g6S-kvbXnK16ITiNNy7u6CHBiqC3eudQyzwiW3app02k3ekitTPpC8xogSKsuGwukYxXAtyBV5&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAYg5qPL9hijyvbZbSkqbxcbNB5g6S-kvbXnK16ITiNNy7u6CHBiqC3eudQyzwiW3app02k3ekitTPpC8xogSKsuGwukYxXAtyBV5%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24 HTTP 302
https://s.tribalfusion.com/z/i.match?p=b6&u=CAESEG0rM5Ut5kGYyZ0QyETnn2Q&google_cver=1&google_push=AYg5qPL9hijyvbZbSkqbxcbNB5g6S-kvbXnK16ITiNNy7u6CHBiqC3eudQyzwiW3app02k3ekitTPpC8xogSKsuGwukYxXAtyBV5&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAYg5qPL9hijyvbZbSkqbxcbNB5g6S-kvbXnK16ITiNNy7u6CHBiqC3eudQyzwiW3app02k3ekitTPpC8xogSKsuGwukYxXAtyBV5%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24

Request Chain 371

https://fksnk.com/cs/google?google_gid=CAESELbsr-sGDCR3Cs1h9X2Y6EA&google_cver=1&google_push=AYg5qPJnt4q9K8yWgnHqnlrSq3ZKKJySmZb_INg3wIQc-6AKcKGhGx9lrCSbzu_uSPqRi1EKgRUAgVJXU82rIA7kgHmaaptX2bPQ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=fiksu&google_hm=NjAzMEQwOTMxODA3RjMwRQ==

Request Chain 372

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEED_e3kPZ9voa4jjmFRa-IY&google_cver=1&google_push=AYg5qPIyAJY3RsoPdF-mflJ7mZkIEbCJgusqv_PzaruOfvx1YPCXs6DAlUeB0fN1uJmyQYVOEcMTTM_cHAQqIimvictr5ugMxlca HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1lHMjVLTk8tMUMtOTBORA==&google_push=AYg5qPIyAJY3RsoPdF-mflJ7mZkIEbCJgusqv_PzaruOfvx1YPCXs6DAlUeB0fN1uJmyQYVOEcMTTM_cHAQqIimvictr5ugMxlca

Request Chain 397

https://sync-tm.everesttech.net/upi/pid/5w3jqr4k?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dg8f47s39e399f3fe%26google_hm%3D%24%7BTM_USER_ID_BASE64ENC_URLENC%7D&google_gid=CAESEAdxGFXhhF1yxn27wFS3Za0&google_cver=1&google_push=AYg5qPI3Ec01DtnIUTGHDc2clWmlb6VkfoARMMyWkdKPlU9p175KfsfMhRZJZ5HwsUvUl4yXkzxXLUJld9iafJeM2ctdkT_ar1ye HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=&google_cver=1&google_gid=CAESEAdxGFXhhF1yxn27wFS3Za0&google_push=AYg5qPI3Ec01DtnIUTGHDc2clWmlb6VkfoARMMyWkdKPlU9p175KfsfMhRZJZ5HwsUvUl4yXkzxXLUJld9iafJeM2ctdkT_ar1ye

Request Chain 398

https://um.simpli.fi/gp_match?google_gid=CAESEK4iHHVzzff6pBRhAmwV2OM&google_cver=1&google_push=AYg5qPI5jxx4uNR1QCDPwB0J3VW-TDzp2PI9WiLeGneexjUdSf4yBKnHE1B0AxPNnBZiOgfZgdpnlKL_J49ebtYUm5igQuoV9dsx HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=D063CE548A7E4109BE50F299F8309B83&google_push=AYg5qPI5jxx4uNR1QCDPwB0J3VW-TDzp2PI9WiLeGneexjUdSf4yBKnHE1B0AxPNnBZiOgfZgdpnlKL_J49ebtYUm5igQuoV9dsx

Request Chain 400

https://ads.travelaudience.com/google_pixel?google_gid=CAESEJidL22Wt82Yh_7NzpPxjN0&google_cver=1&google_push=AYg5qPLqqi6m-Zz9VS5ji7KtxsnQCIuiW5s7p-TH24Ehbg13YT8I_jD75jCaUjMa1GeaYOxjHOni0bqoV14nFvNqbJu53NRHi0KC HTTP 307
https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=n93O2de7QK-CZqWVkwZw7Q2&google_push=AYg5qPLqqi6m-Zz9VS5ji7KtxsnQCIuiW5s7p-TH24Ehbg13YT8I_jD75jCaUjMa1GeaYOxjHOni0bqoV14nFvNqbJu53NRHi0KC

Request Chain 401

https://a.c.appier.net/gcm?google_gid=CAESEG1ZOlp6IeE5ys1eZDmst7Q&google_cver=1&google_push=AYg5qPL2gDbhiC6gWi8bjfMr59GY1iG8fE6vnDDD4wqh9-zIQEKNTQYnWfABLDML1xkNH3Q-BwSEssCNjFDvW0K0IhBlUM4TaRY HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appier&google_hm=NnVHX21qUXdBNldaVkh4RGdQbmlZUQ%3D%3D&google_push=AYg5qPL2gDbhiC6gWi8bjfMr59GY1iG8fE6vnDDD4wqh9-zIQEKNTQYnWfABLDML1xkNH3Q-BwSEssCNjFDvW0K0IhBlUM4TaRY

Request Chain 402

https://px.adhigh.net/p/gm/rub?google_gid=CAESEJyK-ap9szcAfYImiiew1Oc&google_cver=1&google_push=AYg5qPJwxcSkShlINzQvzLjnsFuUfaQj5hsTs2mPiw2m1_9kxUM6MldVJSuJRJPLzVMNp69G5xX7N8ceyQlkN9bUT8fPdrr9VM_H HTTP 302
https://px.adhigh.net/p/gm/rub?google_gid=CAESEJyK-ap9szcAfYImiiew1Oc&google_cver=1&google_push=AYg5qPJwxcSkShlINzQvzLjnsFuUfaQj5hsTs2mPiw2m1_9kxUM6MldVJSuJRJPLzVMNp69G5xX7N8ceyQlkN9bUT8fPdrr9VM_H&bounced=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=gint&google_push=AYg5qPJwxcSkShlINzQvzLjnsFuUfaQj5hsTs2mPiw2m1_9kxUM6MldVJSuJRJPLzVMNp69G5xX7N8ceyQlkN9bUT8fPdrr9VM_H&google_hm=kfqa09veiCcAAikABlF-Xp6bMg%3D%3D

Request Chain 403

https://b1sync.zemanta.com/usersync/googleadx/?google_gid=CAESEEzfblPzvwaN6YveXIKngi4&google_cver=1&google_push=AYg5qPIWz-aMWugySlPUf6smKLrFSDqPKpPz6qDc-NZjF9cOnSu01E6lnjDr19o84ATQHuY0i-fCeyGVybOKF88-rncdgJCSMVfr HTTP 302
https://b1sync.zemanta.com/usersync/googleadx/?google_cver=1&google_gid=CAESEEzfblPzvwaN6YveXIKngi4&google_push=AYg5qPIWz-aMWugySlPUf6smKLrFSDqPKpPz6qDc-NZjF9cOnSu01E6lnjDr19o84ATQHuY0i-fCeyGVybOKF88-rncdgJCSMVfr&s=2 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=zemanta&google_push=AYg5qPIWz-aMWugySlPUf6smKLrFSDqPKpPz6qDc-NZjF9cOnSu01E6lnjDr19o84ATQHuY0i-fCeyGVybOKF88-rncdgJCSMVfr&google_hm=eUxjYVhGTWZ1dmVGLUd3RlhnOV8=

Request Chain 416

https://s.adroll.com/j/exp/X7723AQJHJDWVHXHZOPVBN/index.js HTTP 302
https://s.adroll.com/j/exp/index.js

Request Chain 417

https://s.adroll.com/j/pre/X7723AQJHJDWVHXHZOPVBN/XTQPGD4JMZBBLO774N2I4E/fpconsent.js HTTP 302
https://s.adroll.com/j/pre/index.js

Request Chain 420

https://d.adroll.com/pixel/X7723AQJHJDWVHXHZOPVBN/XTQPGD4JMZBBLO774N2I4E?adroll_fpc=2f68077e95303746ba34ea6739280cb0-1642264960048&arrfrr=http%3A%2F%2Fwww2.kusports.com%2Fsearch%2Fvertical%2Fphotogalleries.gallery%2F%3Fq%3D%3F%3F%3F%2BBuy%2BHydroxychloroquine%2BOver%2Bthe%2BCounter%3A%2B%3F%3F%2Bwww.HealsPills.store%2B%3F%3F%2BUses%2C%2BDosage%2B%3F%3F%3FBuy%2BHydroxychloroquine%2BSulfate%2BBuy%2BHydroxychloroquine&pv=22477105749.291958&cookie=&adroll_s_ref=&keyw= HTTP 302
https://s.adroll.com/pixel/X7723AQJHJDWVHXHZOPVBN/XTQPGD4JMZBBLO774N2I4E/NT3YRS4RBBEJXN5JBMR5A3.js

Request Chain 421

https://d.adroll.com/cm/r/out?adroll_fpc=2f68077e95303746ba34ea6739280cb0-1642264960048&arrfrr=http%3A%2F%2Fwww2.kusports.com%2Fsearch%2Fvertical%2Fphotogalleries.gallery%2F%3Fq%3D%3F%3F%3F%2BBuy%2BHydroxychloroquine%2BOver%2Bthe%2BCounter%3A%2B%3F%3F%2Bwww.HealsPills.store%2B%3F%3F%2BUses%2C%2BDosage%2B%3F%3F%3FBuy%2BHydroxychloroquine%2BSulfate%2BBuy%2BHydroxychloroquine&advertisable=X7723AQJHJDWVHXHZOPVBN HTTP 302
https://ads.yahoo.com/cms/v1?esig=1~bf4e7dc4546a90c08591652d78a230d3f2ef5733&nwid=10001032567&sigv=1&gdpr=1&gdpr_consent=BOOla_OOOla_OA2ABBENAkwAAAAXyACAAyAIIA

Request Chain 422

https://d.adroll.com/cm/b/out?adroll_fpc=2f68077e95303746ba34ea6739280cb0-1642264960048&arrfrr=http%3A%2F%2Fwww2.kusports.com%2Fsearch%2Fvertical%2Fphotogalleries.gallery%2F%3Fq%3D%3F%3F%3F%2BBuy%2BHydroxychloroquine%2BOver%2Bthe%2BCounter%3A%2B%3F%3F%2Bwww.HealsPills.store%2B%3F%3F%2BUses%2C%2BDosage%2B%3F%3F%3FBuy%2BHydroxychloroquine%2BSulfate%2BBuy%2BHydroxychloroquine&advertisable=X7723AQJHJDWVHXHZOPVBN HTTP 302
https://x.bidswitch.net/sync?dsp_id=44&user_id=MWI1ZmMyMjM2NzU4MWE1Y2RhMzUxYzRlNDc1Zjc5Nzc HTTP 302
https://x.bidswitch.net/ul_cb/sync?dsp_id=44&user_id=MWI1ZmMyMjM2NzU4MWE1Y2RhMzUxYzRlNDc1Zjc5Nzc

Request Chain 423

https://d.adroll.com/cm/x/out?adroll_fpc=2f68077e95303746ba34ea6739280cb0-1642264960048&arrfrr=http%3A%2F%2Fwww2.kusports.com%2Fsearch%2Fvertical%2Fphotogalleries.gallery%2F%3Fq%3D%3F%3F%3F%2BBuy%2BHydroxychloroquine%2BOver%2Bthe%2BCounter%3A%2B%3F%3F%2Bwww.HealsPills.store%2B%3F%3F%2BUses%2C%2BDosage%2B%3F%3F%3FBuy%2BHydroxychloroquine%2BSulfate%2BBuy%2BHydroxychloroquine&advertisable=X7723AQJHJDWVHXHZOPVBN HTTP 302
https://ib.adnxs.com/setuid?entity=172&code=MWI1ZmMyMjM2NzU4MWE1Y2RhMzUxYzRlNDc1Zjc5Nzc

Request Chain 425

https://d.adroll.com/cm/o/out?adroll_fpc=2f68077e95303746ba34ea6739280cb0-1642264960048&arrfrr=http%3A%2F%2Fwww2.kusports.com%2Fsearch%2Fvertical%2Fphotogalleries.gallery%2F%3Fq%3D%3F%3F%3F%2BBuy%2BHydroxychloroquine%2BOver%2Bthe%2BCounter%3A%2B%3F%3F%2Bwww.HealsPills.store%2B%3F%3F%2BUses%2C%2BDosage%2B%3F%3F%3FBuy%2BHydroxychloroquine%2BSulfate%2BBuy%2BHydroxychloroquine&advertisable=X7723AQJHJDWVHXHZOPVBN HTTP 302
https://us-u.openx.net/w/1.0/sd?id=537103138&val=1b5fc22367581a5cda351c4e475f7977

Request Chain 426

https://d.adroll.com/cm/g/out?adroll_fpc=2f68077e95303746ba34ea6739280cb0-1642264960048&arrfrr=http%3A%2F%2Fwww2.kusports.com%2Fsearch%2Fvertical%2Fphotogalleries.gallery%2F%3Fq%3D%3F%3F%3F%2BBuy%2BHydroxychloroquine%2BOver%2Bthe%2BCounter%3A%2B%3F%3F%2Bwww.HealsPills.store%2B%3F%3F%2BUses%2C%2BDosage%2B%3F%3F%3FBuy%2BHydroxychloroquine%2BSulfate%2BBuy%2BHydroxychloroquine&advertisable=X7723AQJHJDWVHXHZOPVBN&google_nid=adroll5 HTTP 302
https://cm.g.doubleclick.net/pixel?google_sc&google_nid=artb&google_hm=G1_CI2dYGlzaNRxOR195dw HTTP 302
https://d.adroll.com/cm/g/in

424 HTTP transactions
15 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request / Show response
www2.kusports.com/search/vertical/photogalleries.gallery/ 55 KB
12 KB 535ms
432ms Document
text/html 208.91.60.6
NSIHOSTING-EQX-VA

General

Check archive.org

Show headers Download Go to

Full URL

http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=???+Buy+Hydroxychloroquine+Over+the+Counter:+??+www.HealsPills.store+??+Uses,+Dosage+???Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine

Protocol

HTTP/1.1

Server

208.91.60.6 , United States, ASN14244 (NSIHOSTING-EQX-VA, US),

Reverse DNS

ellingtoncms.com

Software

nginx /

Resource Hash

a224c5707e2af298f1722a4134bde6c520668f177a7a7ca9401ea7d2653ebed9

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9

Response headers

Server: nginx
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding, Cookie
X-Beatles: ellington-app-15
Content-Encoding: gzip
Content-Length: 12283
Accept-Ranges: bytes
Date: Sat, 15 Jan 2022 16:42:35 GMT
X-Varnish: 4151095671
Age: 0
Via: 1.1 varnish
Connection: keep-alive
X-Frame-Options: SAMEORIGIN
X-Cache: MISS

GET
H/1.1 200
OK min.css
worldonline.media.clients.ellingtoncms.com/static/ellington_defaults/2.3.0/ 183 KB
183 KB 380ms
91ms Stylesheet
text/css 208.91.60.7
NSIHOSTING-EQX-VA

General

Check archive.org

Show headers Download Go to

Full URL: http://worldonline.media.clients.ellingtoncms.com/static/ellington_defaults/2.3.0/min.css
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=???+Buy+Hydroxychloroquine+Over+the+Counter:+??+www.HealsPills.store+??+Uses,+Dosage+???Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: HTTP/1.1
Server: 208.91.60.7 , United States, ASN14244 (NSIHOSTING-EQX-VA, US),
Reverse DNS
Software: /
Resource Hash: 3d313e573148b8aa541b772ed63b36b5b05520fd0ca9e20dce848bb65916c1ce

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Sat, 15 Jan 2022 16:42:36 GMT
Last-Modified: Mon, 16 May 2016 19:57:42 GMT
Age: 0
ETag: "1042492297"
Vary: Accept-Encoding
X-Cache: MISS
Content-Type: text/css
Access-Control-Allow-Origin: *
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 187511
X-Cache-Hits: 0

GET
H/1.1 200
OK apps.css
worldonline.media.clients.ellingtoncms.com/static/worldonline_defaults/stylesheets/ 2 KB
2 KB 382ms
92ms Stylesheet
text/css 208.91.60.7
NSIHOSTING-EQX-VA

General

Check archive.org

Show headers Download Go to

Full URL: http://worldonline.media.clients.ellingtoncms.com/static/worldonline_defaults/stylesheets/apps.css
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=???+Buy+Hydroxychloroquine+Over+the+Counter:+??+www.HealsPills.store+??+Uses,+Dosage+???Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: HTTP/1.1
Server: 208.91.60.7 , United States, ASN14244 (NSIHOSTING-EQX-VA, US),
Reverse DNS
Software: /
Resource Hash: e678f057332a81514ac9719a101737d107488a36cdfa6b612799283695492545

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Sat, 15 Jan 2022 16:42:36 GMT
Last-Modified: Tue, 14 Jun 2016 16:15:26 GMT
Age: 0
ETag: "1793899651"
Vary: Accept-Encoding
X-Cache: MISS
Content-Type: text/css
Access-Control-Allow-Origin: *
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1921
X-Cache-Hits: 0

GET
H/1.1 200
OK core.css
worldonline.media.clients.ellingtoncms.com/static/worldonline_defaults/stylesheets/ 19 KB
19 KB 400ms
108ms Stylesheet
text/css 208.91.60.7
NSIHOSTING-EQX-VA

General

Check archive.org

Show headers Download Go to

Full URL: http://worldonline.media.clients.ellingtoncms.com/static/worldonline_defaults/stylesheets/core.css
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=???+Buy+Hydroxychloroquine+Over+the+Counter:+??+www.HealsPills.store+??+Uses,+Dosage+???Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: HTTP/1.1
Server: 208.91.60.7 , United States, ASN14244 (NSIHOSTING-EQX-VA, US),
Reverse DNS
Software: /
Resource Hash: d80e5177d7cc173424caf8c3a5a3d5f260123d61ae92678b1a3e9a6bbf99ada5

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Sat, 15 Jan 2022 16:42:36 GMT
Last-Modified: Thu, 18 Feb 2016 18:23:54 GMT
Age: 0
ETag: "1706498810"
Vary: Accept-Encoding
X-Cache: MISS
Content-Type: text/css
Access-Control-Allow-Origin: *
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 19234
X-Cache-Hits: 0

GET
H/1.1 200
OK forms.css
worldonline.media.clients.ellingtoncms.com/static/worldonline_defaults/stylesheets/ 5 KB
5 KB 386ms
94ms Stylesheet
text/css 208.91.60.7
NSIHOSTING-EQX-VA

General

Check archive.org

Show headers Download Go to

Full URL: http://worldonline.media.clients.ellingtoncms.com/static/worldonline_defaults/stylesheets/forms.css
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=???+Buy+Hydroxychloroquine+Over+the+Counter:+??+www.HealsPills.store+??+Uses,+Dosage+???Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: HTTP/1.1
Server: 208.91.60.7 , United States, ASN14244 (NSIHOSTING-EQX-VA, US),
Reverse DNS
Software: /
Resource Hash: 8fda2396e315276e1fc4e8fe3a0a265fdfbfdb0e45f8005d142b78015a76503c

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Sat, 15 Jan 2022 16:42:36 GMT
Last-Modified: Wed, 30 Jan 2013 22:35:07 GMT
Age: 0
ETag: "1187713669"
Vary: Accept-Encoding
X-Cache: MISS
Content-Type: text/css
Access-Control-Allow-Origin: *
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 4718
X-Cache-Hits: 0

GET
H/1.1 200
OK containers.css
worldonline.media.clients.ellingtoncms.com/static/worldonline_defaults/stylesheets/apps/ 9 KB
9 KB 403ms
110ms Stylesheet
text/css 208.91.60.7
NSIHOSTING-EQX-VA

General

Check archive.org

Show headers Download Go to

Full URL: http://worldonline.media.clients.ellingtoncms.com/static/worldonline_defaults/stylesheets/apps/containers.css
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=???+Buy+Hydroxychloroquine+Over+the+Counter:+??+www.HealsPills.store+??+Uses,+Dosage+???Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: HTTP/1.1
Server: 208.91.60.7 , United States, ASN14244 (NSIHOSTING-EQX-VA, US),
Reverse DNS
Software: /
Resource Hash: 3752258f545f1cd6c4be6593f9f64ec4eb2d377b8d7e5ce52a1b908d9dcf1875

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Sat, 15 Jan 2022 16:42:36 GMT
Last-Modified: Fri, 28 Aug 2015 19:45:38 GMT
Age: 0
ETag: "2520653564"
Vary: Accept-Encoding
X-Cache: MISS
Content-Type: text/css
Access-Control-Allow-Origin: *
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 8980
X-Cache-Hits: 0

GET
H/1.1 200
OK comments.css
worldonline.media.clients.ellingtoncms.com/static/worldonline_defaults/stylesheets/ 1 KB
2 KB 403ms
110ms Stylesheet
text/css 208.91.60.7
NSIHOSTING-EQX-VA

General

Check archive.org

Show headers Download Go to

Full URL: http://worldonline.media.clients.ellingtoncms.com/static/worldonline_defaults/stylesheets/comments.css
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=???+Buy+Hydroxychloroquine+Over+the+Counter:+??+www.HealsPills.store+??+Uses,+Dosage+???Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: HTTP/1.1
Server: 208.91.60.7 , United States, ASN14244 (NSIHOSTING-EQX-VA, US),
Reverse DNS
Software: /
Resource Hash: 9f0e38142f0b67f679d1eaff046562070e44443234a81c1f313f6d0ff41e6f86

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Sat, 15 Jan 2022 16:42:36 GMT
Last-Modified: Wed, 30 Jan 2013 22:35:07 GMT
Age: 0
ETag: "1665733583"
Vary: Accept-Encoding
X-Cache: MISS
Content-Type: text/css
Access-Control-Allow-Origin: *
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1233
X-Cache-Hits: 0

GET
H/1.1 200
OK news.css
worldonline.media.clients.ellingtoncms.com/static/worldonline_defaults/stylesheets/apps/ 5 KB
5 KB 473ms
91ms Stylesheet
text/css 208.91.60.7
NSIHOSTING-EQX-VA

General

Check archive.org

Show headers Download Go to

Full URL: http://worldonline.media.clients.ellingtoncms.com/static/worldonline_defaults/stylesheets/apps/news.css
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=???+Buy+Hydroxychloroquine+Over+the+Counter:+??+www.HealsPills.store+??+Uses,+Dosage+???Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: HTTP/1.1
Server: 208.91.60.7 , United States, ASN14244 (NSIHOSTING-EQX-VA, US),
Reverse DNS
Software: /
Resource Hash: 34983bb02be1afc41c4bd28a7bf5f89d84138fc3d37b09ad61d3fbe680fc466e

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Sat, 15 Jan 2022 16:42:36 GMT
Last-Modified: Wed, 30 Jan 2013 22:35:07 GMT
Age: 0
ETag: "1135088283"
Vary: Accept-Encoding
X-Cache: MISS
Content-Type: text/css
Access-Control-Allow-Origin: *
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 4813
X-Cache-Hits: 0

GET
H/1.1 200
OK destinations.css
worldonline.media.clients.ellingtoncms.com/static/worldonline_defaults/stylesheets/apps/ 4 KB
4 KB 479ms
94ms Stylesheet
text/css 208.91.60.7
NSIHOSTING-EQX-VA

General

Check archive.org

Show headers Download Go to

Full URL: http://worldonline.media.clients.ellingtoncms.com/static/worldonline_defaults/stylesheets/apps/destinations.css
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=???+Buy+Hydroxychloroquine+Over+the+Counter:+??+www.HealsPills.store+??+Uses,+Dosage+???Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: HTTP/1.1
Server: 208.91.60.7 , United States, ASN14244 (NSIHOSTING-EQX-VA, US),
Reverse DNS
Software: /
Resource Hash: feeab718072b4a4d047a582abb7dede4ee9f8ee0b3ba36cfd6828a5afa78c572

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Sat, 15 Jan 2022 16:42:36 GMT
Last-Modified: Wed, 30 Jan 2013 22:35:07 GMT
Age: 0
ETag: "3601797957"
Vary: Accept-Encoding
X-Cache: MISS
Content-Type: text/css
Access-Control-Allow-Origin: *
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 3789
X-Cache-Hits: 0

GET
H/1.1 200
OK twitter.css
worldonline.media.clients.ellingtoncms.com/static/worldonline_defaults/stylesheets/apps/ 3 KB
3 KB 498ms
95ms Stylesheet
text/css 208.91.60.7
NSIHOSTING-EQX-VA

General

Check archive.org

Show headers Download Go to

Full URL: http://worldonline.media.clients.ellingtoncms.com/static/worldonline_defaults/stylesheets/apps/twitter.css
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=???+Buy+Hydroxychloroquine+Over+the+Counter:+??+www.HealsPills.store+??+Uses,+Dosage+???Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: HTTP/1.1
Server: 208.91.60.7 , United States, ASN14244 (NSIHOSTING-EQX-VA, US),
Reverse DNS
Software: /
Resource Hash: 06ea3f6c711322097aef91b87415a2b67cdacce2b8a08baf5129935fed10591e

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Sat, 15 Jan 2022 16:42:36 GMT
Last-Modified: Wed, 30 Jan 2013 22:35:07 GMT
Age: 0
ETag: "304747337"
Vary: Accept-Encoding
X-Cache: MISS
Content-Type: text/css
Access-Control-Allow-Origin: *
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 3140
X-Cache-Hits: 0

GET
H/1.1 200
OK videos.css
worldonline.media.clients.ellingtoncms.com/static/worldonline_defaults/stylesheets/apps/ 2 KB
2 KB 500ms
97ms Stylesheet
text/css 208.91.60.7
NSIHOSTING-EQX-VA

General

Check archive.org

Show headers Download Go to

Full URL: http://worldonline.media.clients.ellingtoncms.com/static/worldonline_defaults/stylesheets/apps/videos.css
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=???+Buy+Hydroxychloroquine+Over+the+Counter:+??+www.HealsPills.store+??+Uses,+Dosage+???Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: HTTP/1.1
Server: 208.91.60.7 , United States, ASN14244 (NSIHOSTING-EQX-VA, US),
Reverse DNS
Software: /
Resource Hash: fcf8a02102c695c381e74234f4a4bdf158f63d9c405697970f46816e572550bd

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Sat, 15 Jan 2022 16:42:36 GMT
Last-Modified: Fri, 07 Nov 2014 03:45:54 GMT
Age: 0
ETag: "748043333"
Vary: Accept-Encoding
X-Cache: MISS
Content-Type: text/css
Access-Control-Allow-Origin: *
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1774
X-Cache-Hits: 0

GET
H/1.1 200
OK weblogs.css
worldonline.media.clients.ellingtoncms.com/static/worldonline_defaults/stylesheets/apps/ 3 KB
3 KB 567ms
93ms Stylesheet
text/css 208.91.60.7
NSIHOSTING-EQX-VA

General

Check archive.org

Show headers Download Go to

Full URL: http://worldonline.media.clients.ellingtoncms.com/static/worldonline_defaults/stylesheets/apps/weblogs.css
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=???+Buy+Hydroxychloroquine+Over+the+Counter:+??+www.HealsPills.store+??+Uses,+Dosage+???Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: HTTP/1.1
Server: 208.91.60.7 , United States, ASN14244 (NSIHOSTING-EQX-VA, US),
Reverse DNS
Software: /
Resource Hash: deea56467e818b9345873eec410a3e53c1be3a1ea2f4f3486a42e8ff64534e6a

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Sat, 15 Jan 2022 16:42:36 GMT
Last-Modified: Fri, 28 Aug 2015 21:34:33 GMT
Age: 0
ETag: "584843429"
Vary: Accept-Encoding
X-Cache: MISS
Content-Type: text/css
Access-Control-Allow-Origin: *
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 3039
X-Cache-Hits: 0

GET
H/1.1 200
OK activity.css
worldonline.media.clients.ellingtoncms.com/static/worldonline_defaults/stylesheets/apps/ 2 KB
2 KB 573ms
94ms Stylesheet
text/css 208.91.60.7
NSIHOSTING-EQX-VA

General

Check archive.org

Show headers Download Go to

Full URL: http://worldonline.media.clients.ellingtoncms.com/static/worldonline_defaults/stylesheets/apps/activity.css
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=???+Buy+Hydroxychloroquine+Over+the+Counter:+??+www.HealsPills.store+??+Uses,+Dosage+???Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: HTTP/1.1
Server: 208.91.60.7 , United States, ASN14244 (NSIHOSTING-EQX-VA, US),
Reverse DNS
Software: /
Resource Hash: 6ff6c41c1b3e156f7f83074f774356106087b7149eb7fa198673d2c50eaa9490

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Sat, 15 Jan 2022 16:42:36 GMT
Last-Modified: Wed, 30 Jan 2013 22:35:07 GMT
Age: 0
ETag: "3324842763"
Vary: Accept-Encoding
X-Cache: MISS
Content-Type: text/css
Access-Control-Allow-Origin: *
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 2098
X-Cache-Hits: 0

GET
H/1.1 200
OK tagging.css
worldonline.media.clients.ellingtoncms.com/static/worldonline_defaults/stylesheets/apps/ 492 B
800 B 586ms
95ms Stylesheet
text/css 208.91.60.7
NSIHOSTING-EQX-VA

General

Check archive.org

Show headers Download Go to

Full URL: http://worldonline.media.clients.ellingtoncms.com/static/worldonline_defaults/stylesheets/apps/tagging.css
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=???+Buy+Hydroxychloroquine+Over+the+Counter:+??+www.HealsPills.store+??+Uses,+Dosage+???Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: HTTP/1.1
Server: 208.91.60.7 , United States, ASN14244 (NSIHOSTING-EQX-VA, US),
Reverse DNS
Software: /
Resource Hash: 4af952994baa0cdd0cee4927dbb7f207a7a28f34bd4b748f4cf5ef30c9a6cde4

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Sat, 15 Jan 2022 16:42:36 GMT
Last-Modified: Wed, 30 Jan 2013 22:35:07 GMT
Age: 0
ETag: "1798324929"
Vary: Accept-Encoding
X-Cache: MISS
Content-Type: text/css
Access-Control-Allow-Origin: *
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 492
X-Cache-Hits: 0

GET
H/1.1 200
OK comments.css
worldonline.media.clients.ellingtoncms.com/static/ellington_defaults/2.3.0/stylesheets/apps/ 7 KB
7 KB 592ms
95ms Stylesheet
text/css 208.91.60.7
NSIHOSTING-EQX-VA

General

Check archive.org

Show headers Download Go to

Full URL: http://worldonline.media.clients.ellingtoncms.com/static/ellington_defaults/2.3.0/stylesheets/apps/comments.css
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=???+Buy+Hydroxychloroquine+Over+the+Counter:+??+www.HealsPills.store+??+Uses,+Dosage+???Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: HTTP/1.1
Server: 208.91.60.7 , United States, ASN14244 (NSIHOSTING-EQX-VA, US),
Reverse DNS
Software: /
Resource Hash: 8eb0885d968635a6e7a706c190c00a8a6f1d88f0b528201eec558e441395d7f8

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Sat, 15 Jan 2022 16:42:36 GMT
Last-Modified: Tue, 28 Oct 2014 21:34:32 GMT
Age: 0
ETag: "3476462056"
Vary: Accept-Encoding
X-Cache: MISS
Content-Type: text/css
Access-Control-Allow-Origin: *
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 6878
X-Cache-Hits: 0

GET
H/1.1 200
OK ugc-photos.css
worldonline.media.clients.ellingtoncms.com/static/ellington_defaults/2.3.0/stylesheets/apps/ 1 KB
2 KB 596ms
97ms Stylesheet
text/css 208.91.60.7
NSIHOSTING-EQX-VA

General

Check archive.org

Show headers Download Go to

Full URL: http://worldonline.media.clients.ellingtoncms.com/static/ellington_defaults/2.3.0/stylesheets/apps/ugc-photos.css
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=???+Buy+Hydroxychloroquine+Over+the+Counter:+??+www.HealsPills.store+??+Uses,+Dosage+???Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: HTTP/1.1
Server: 208.91.60.7 , United States, ASN14244 (NSIHOSTING-EQX-VA, US),
Reverse DNS
Software: /
Resource Hash: 3023b8c8a44629993a179f9b49e46244f8d9ec755e3068d1532bb48c0235ecd6

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Sat, 15 Jan 2022 16:42:36 GMT
Last-Modified: Tue, 28 Oct 2014 21:34:32 GMT
Age: 0
ETag: "2256181310"
Vary: Accept-Encoding
X-Cache: MISS
Content-Type: text/css
Access-Control-Allow-Origin: *
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1320
X-Cache-Hits: 0

GET
H/1.1 200
OK menus.css
worldonline.media.clients.ellingtoncms.com/static/ellington_defaults/2.3.0/stylesheets/lib/ 917 B
1 KB 661ms
95ms Stylesheet
text/css 208.91.60.7
NSIHOSTING-EQX-VA

General

Check archive.org

Show headers Download Go to

Full URL: http://worldonline.media.clients.ellingtoncms.com/static/ellington_defaults/2.3.0/stylesheets/lib/menus.css
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=???+Buy+Hydroxychloroquine+Over+the+Counter:+??+www.HealsPills.store+??+Uses,+Dosage+???Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: HTTP/1.1
Server: 208.91.60.7 , United States, ASN14244 (NSIHOSTING-EQX-VA, US),
Reverse DNS
Software: /
Resource Hash: edce0f5742c946e7271ad95325d3ab2c2ad012adc0a790e52b69c04a37a6a9f7

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Sat, 15 Jan 2022 16:42:36 GMT
Last-Modified: Tue, 28 Oct 2014 21:34:32 GMT
Age: 0
ETag: "77644060"
Vary: Accept-Encoding
X-Cache: MISS
Content-Type: text/css
Access-Control-Allow-Origin: *
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 917
X-Cache-Hits: 0

GET
H/1.1 200
OK core.css
worldonline.media.clients.ellingtoncms.com/static/kusports.com/stylesheets/ 79 KB
80 KB 666ms
96ms Stylesheet
text/css 208.91.60.7
NSIHOSTING-EQX-VA

General

Check archive.org

Show headers Download Go to

Full URL: http://worldonline.media.clients.ellingtoncms.com/static/kusports.com/stylesheets/core.css?123
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=???+Buy+Hydroxychloroquine+Over+the+Counter:+??+www.HealsPills.store+??+Uses,+Dosage+???Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: HTTP/1.1
Server: 208.91.60.7 , United States, ASN14244 (NSIHOSTING-EQX-VA, US),
Reverse DNS
Software: /
Resource Hash: 8a215ebe4733750286ea1780bcb0c9500c96aa14ebf1abe588193e76b7763f1e

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Sat, 15 Jan 2022 16:42:36 GMT
Last-Modified: Wed, 09 Dec 2020 18:24:09 GMT
Age: 0
ETag: "1844968605"
Vary: Accept-Encoding
X-Cache: MISS
Content-Type: text/css
Access-Control-Allow-Origin: *
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 81138
X-Cache-Hits: 0

GET
H/1.1 200
OK apps.css
worldonline.media.clients.ellingtoncms.com/static/kusports.com/stylesheets/ 31 KB
31 KB 679ms
96ms Stylesheet
text/css 208.91.60.7
NSIHOSTING-EQX-VA

General

Check archive.org

Show headers Download Go to

Full URL: http://worldonline.media.clients.ellingtoncms.com/static/kusports.com/stylesheets/apps.css
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=???+Buy+Hydroxychloroquine+Over+the+Counter:+??+www.HealsPills.store+??+Uses,+Dosage+???Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: HTTP/1.1
Server: 208.91.60.7 , United States, ASN14244 (NSIHOSTING-EQX-VA, US),
Reverse DNS
Software: /
Resource Hash: 8e3c124520f136bd31f51db7504c41590e86a39c13e8ea479547e2c2cdfeb0db

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Sat, 15 Jan 2022 16:42:36 GMT
Last-Modified: Wed, 30 Jan 2013 22:35:36 GMT
Age: 0
ETag: "1520510295"
Vary: Accept-Encoding
X-Cache: MISS
Content-Type: text/css
Access-Control-Allow-Origin: *
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 31687
X-Cache-Hits: 0

GET
H/1.1 200
OK activity.css
worldonline.media.clients.ellingtoncms.com/static/kusports.com/stylesheets/ 3 KB
4 KB 685ms
97ms Stylesheet
text/css 208.91.60.7
NSIHOSTING-EQX-VA

General

Check archive.org

Show headers Download Go to

Full URL: http://worldonline.media.clients.ellingtoncms.com/static/kusports.com/stylesheets/activity.css
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=???+Buy+Hydroxychloroquine+Over+the+Counter:+??+www.HealsPills.store+??+Uses,+Dosage+???Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: HTTP/1.1
Server: 208.91.60.7 , United States, ASN14244 (NSIHOSTING-EQX-VA, US),
Reverse DNS
Software: /
Resource Hash: 1e6d070b6dfc55e901e9280547ca443bf3089030043408df167cf7ae5b1025c7

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Sat, 15 Jan 2022 16:42:36 GMT
Last-Modified: Wed, 30 Jan 2013 22:35:36 GMT
Age: 0
ETag: "3857257241"
Vary: Accept-Encoding
X-Cache: MISS
Content-Type: text/css
Access-Control-Allow-Origin: *
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 3397
X-Cache-Hits: 0

GET
H/1.1 200
OK inlines.css
worldonline.media.clients.ellingtoncms.com/static/kusports.com/stylesheets/ 4 KB
4 KB 689ms
96ms Stylesheet
text/css 208.91.60.7
NSIHOSTING-EQX-VA

General

Check archive.org

Show headers Download Go to

Full URL: http://worldonline.media.clients.ellingtoncms.com/static/kusports.com/stylesheets/inlines.css
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=???+Buy+Hydroxychloroquine+Over+the+Counter:+??+www.HealsPills.store+??+Uses,+Dosage+???Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: HTTP/1.1
Server: 208.91.60.7 , United States, ASN14244 (NSIHOSTING-EQX-VA, US),
Reverse DNS
Software: /
Resource Hash: 71f59d13d69d502b117d87f28fa286757c478447b06f87d4b02c44361c4a4855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Sat, 15 Jan 2022 16:42:36 GMT
Last-Modified: Wed, 30 Jan 2013 22:35:36 GMT
Age: 0
ETag: "4142142171"
Vary: Accept-Encoding
X-Cache: MISS
Content-Type: text/css
Access-Control-Allow-Origin: *
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 4281
X-Cache-Hits: 0

GET
H/1.1 200
OK js Show response
maps.google.com/maps/api/ 156 KB
52 KB 48ms
25ms Script
text/javascript 2a00:1450:4001:830::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

http://maps.google.com/maps/api/js?sensor=true

Requested by

Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=???+Buy+Hydroxychloroquine+Over+the+Counter:+??+www.HealsPills.store+??+Uses,+Dosage+???Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine

Protocol

HTTP/1.1

Server

2a00:1450:4001:830::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

mafe /

Resource Hash

561efbd8ea18ac526a913da03b3f3e4557994af182ca61c586212f0aa71a634b

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Sat, 15 Jan 2022 16:42:36 GMT
Content-Encoding: gzip
Vary: Accept-Language
Server: mafe
X-Frame-Options: SAMEORIGIN
Content-Type: text/javascript; charset=UTF-8
Cache-Control: public, max-age=1800
Cross-Origin-Resource-Policy: cross-origin
Server-Timing: gfet4t7; dur=11
Content-Length: 52409
X-XSS-Protection: 0
Expires: Sat, 15 Jan 2022 17:12:36 GMT

GET
H/1.1 200
OK min.js Show response
worldonline.media.clients.ellingtoncms.com/static/ellington_defaults/2.3.0/ 455 KB
455 KB 751ms
93ms Script
text/javascript 208.91.60.7
NSIHOSTING-EQX-VA

General

Check archive.org

Show headers Download Go to

Full URL: http://worldonline.media.clients.ellingtoncms.com/static/ellington_defaults/2.3.0/min.js
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=???+Buy+Hydroxychloroquine+Over+the+Counter:+??+www.HealsPills.store+??+Uses,+Dosage+???Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: HTTP/1.1
Server: 208.91.60.7 , United States, ASN14244 (NSIHOSTING-EQX-VA, US),
Reverse DNS
Software: /
Resource Hash: 3fde16febe487398469364de1dad7fa7640a9fb9dfe2c109c616d6df38d91ba6

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Sat, 15 Jan 2022 16:42:36 GMT
Last-Modified: Wed, 03 Jul 2019 17:07:33 GMT
Age: 0
ETag: "116644464"
Vary: Accept-Encoding
X-Cache: MISS
Content-Type: text/javascript
Access-Control-Allow-Origin: *
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 465974
X-Cache-Hits: 0

GET
H/1.1 200
OK prerolls.js Show response
worldonline.media.clients.ellingtoncms.com/static/worldonline_defaults/javascript/ 8 KB
8 KB 780ms
100ms Script
text/javascript 208.91.60.7
NSIHOSTING-EQX-VA

General

Check archive.org

Show headers Download Go to

Full URL: http://worldonline.media.clients.ellingtoncms.com/static/worldonline_defaults/javascript/prerolls.js
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=???+Buy+Hydroxychloroquine+Over+the+Counter:+??+www.HealsPills.store+??+Uses,+Dosage+???Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: HTTP/1.1
Server: 208.91.60.7 , United States, ASN14244 (NSIHOSTING-EQX-VA, US),
Reverse DNS
Software: /
Resource Hash: 6dd9c52de77964061f706c1650a89766e99348f63be12b7b6467970bb34ccfbe

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Sat, 15 Jan 2022 16:42:36 GMT
Last-Modified: Wed, 30 Jan 2013 22:35:06 GMT
Age: 0
ETag: "653136474"
Vary: Accept-Encoding
X-Cache: MISS
Content-Type: text/javascript
Access-Control-Allow-Origin: *
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 7870
X-Cache-Hits: 0

GET
H/1.1 200
OK swfobject2.js Show response
worldonline.media.clients.ellingtoncms.com/static/worldonline_defaults/javascript/ 9 KB
9 KB 780ms
95ms Script
text/javascript 208.91.60.7
NSIHOSTING-EQX-VA

General

Check archive.org

Show headers Download Go to

Full URL: http://worldonline.media.clients.ellingtoncms.com/static/worldonline_defaults/javascript/swfobject2.js
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=???+Buy+Hydroxychloroquine+Over+the+Counter:+??+www.HealsPills.store+??+Uses,+Dosage+???Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: HTTP/1.1
Server: 208.91.60.7 , United States, ASN14244 (NSIHOSTING-EQX-VA, US),
Reverse DNS
Software: /
Resource Hash: aad4f11790ae41d11a7c7bb613b9f82206f37eb4894966fe15e5f880c5d9b72a

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Sat, 15 Jan 2022 16:42:36 GMT
Last-Modified: Wed, 30 Jan 2013 22:35:06 GMT
Age: 0
ETag: "853807514"
Vary: Accept-Encoding
X-Cache: MISS
Content-Type: text/javascript
Access-Control-Allow-Origin: *
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 8868
X-Cache-Hits: 0

GET
H/1.1 200
OK jquery.template.js Show response
worldonline.media.clients.ellingtoncms.com/static/worldonline_defaults/javascript/ 6 KB
6 KB 785ms
96ms Script
text/javascript 208.91.60.7
NSIHOSTING-EQX-VA

General

Check archive.org

Show headers Download Go to

Full URL: http://worldonline.media.clients.ellingtoncms.com/static/worldonline_defaults/javascript/jquery.template.js
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=???+Buy+Hydroxychloroquine+Over+the+Counter:+??+www.HealsPills.store+??+Uses,+Dosage+???Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: HTTP/1.1
Server: 208.91.60.7 , United States, ASN14244 (NSIHOSTING-EQX-VA, US),
Reverse DNS
Software: /
Resource Hash: 4d64cca2d081e3574a789840fb2d888796a38e8a6cb8c09df541c03a7c2fe627

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Sat, 15 Jan 2022 16:42:36 GMT
Last-Modified: Wed, 30 Jan 2013 22:35:06 GMT
Age: 0
ETag: "1164776152"
Vary: Accept-Encoding
X-Cache: MISS
Content-Type: text/javascript
Access-Control-Allow-Origin: *
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 5917
X-Cache-Hits: 0

GET
H/1.1 200
OK quicksilver.score.js Show response
worldonline.media.clients.ellingtoncms.com/static/worldonline_defaults/javascript/ 3 KB
4 KB 869ms
93ms Script
text/javascript 208.91.60.7
NSIHOSTING-EQX-VA

General

Check archive.org

Show headers Download Go to

Full URL: http://worldonline.media.clients.ellingtoncms.com/static/worldonline_defaults/javascript/quicksilver.score.js
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=???+Buy+Hydroxychloroquine+Over+the+Counter:+??+www.HealsPills.store+??+Uses,+Dosage+???Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: HTTP/1.1
Server: 208.91.60.7 , United States, ASN14244 (NSIHOSTING-EQX-VA, US),
Reverse DNS
Software: /
Resource Hash: b2c4af40afb1e40563e65b50bf08c21a4b1543fab3050440be96974445edf7dc

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Sat, 15 Jan 2022 16:42:36 GMT
Last-Modified: Wed, 30 Jan 2013 22:35:06 GMT
Age: 0
ETag: "90706754"
Vary: Accept-Encoding
X-Cache: MISS
Content-Type: text/javascript
Access-Control-Allow-Origin: *
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 3457
X-Cache-Hits: 0

GET
H/1.1 200
OK jquery.livefilter.js Show response
worldonline.media.clients.ellingtoncms.com/static/worldonline_defaults/javascript/ 963 B
1 KB 874ms
94ms Script
text/javascript 208.91.60.7
NSIHOSTING-EQX-VA

General

Check archive.org

Show headers Download Go to

Full URL: http://worldonline.media.clients.ellingtoncms.com/static/worldonline_defaults/javascript/jquery.livefilter.js
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=???+Buy+Hydroxychloroquine+Over+the+Counter:+??+www.HealsPills.store+??+Uses,+Dosage+???Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: HTTP/1.1
Server: 208.91.60.7 , United States, ASN14244 (NSIHOSTING-EQX-VA, US),
Reverse DNS
Software: /
Resource Hash: 0bb5eb51c0ee0972c3b2b6ebf6bcb3b0c1cbb7c4c93b0acd442110005c1c3289

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Sat, 15 Jan 2022 16:42:36 GMT
Last-Modified: Wed, 30 Jan 2013 22:35:06 GMT
Age: 0
ETag: "2610385626"
Vary: Accept-Encoding
X-Cache: MISS
Content-Type: text/javascript
Access-Control-Allow-Origin: *
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 963
X-Cache-Hits: 0

GET
H/1.1 200
OK jquery.carousel.js Show response
worldonline.media.clients.ellingtoncms.com/static/ellington_default_old/javascript/ 5 KB
5 KB 876ms
96ms Script
text/javascript 208.91.60.7
NSIHOSTING-EQX-VA

General

Check archive.org

Show headers Download Go to

Full URL: http://worldonline.media.clients.ellingtoncms.com/static/ellington_default_old/javascript/jquery.carousel.js
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=???+Buy+Hydroxychloroquine+Over+the+Counter:+??+www.HealsPills.store+??+Uses,+Dosage+???Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: HTTP/1.1
Server: 208.91.60.7 , United States, ASN14244 (NSIHOSTING-EQX-VA, US),
Reverse DNS
Software: /
Resource Hash: 0d35142f32786296129b89d4acaee1ff5201114af38d139b384412fa38777d7a

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Sat, 15 Jan 2022 16:42:36 GMT
Last-Modified: Wed, 30 Jan 2013 22:35:38 GMT
Age: 0
ETag: "3492287122"
Vary: Accept-Encoding
X-Cache: MISS
Content-Type: text/javascript
Access-Control-Allow-Origin: *
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 5224
X-Cache-Hits: 0

GET
H/1.1 200
OK map_maker.js Show response
worldonline.media.clients.ellingtoncms.com/static/ellington_default_old/javascript/maps/ 5 KB
5 KB 881ms
97ms Script
text/javascript 208.91.60.7
NSIHOSTING-EQX-VA

General

Check archive.org

Show headers Download Go to

Full URL: http://worldonline.media.clients.ellingtoncms.com/static/ellington_default_old/javascript/maps/map_maker.js
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=???+Buy+Hydroxychloroquine+Over+the+Counter:+??+www.HealsPills.store+??+Uses,+Dosage+???Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: HTTP/1.1
Server: 208.91.60.7 , United States, ASN14244 (NSIHOSTING-EQX-VA, US),
Reverse DNS
Software: /
Resource Hash: 7ac61bbd491ea91981ae5f8c99a162d2cf7f6836e80e2283448ae4c29fdf2420

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Sat, 15 Jan 2022 16:42:36 GMT
Last-Modified: Wed, 30 Jan 2013 22:35:38 GMT
Age: 0
ETag: "3242463942"
Vary: Accept-Encoding
X-Cache: MISS
Content-Type: text/javascript
Access-Control-Allow-Origin: *
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 4836
X-Cache-Hits: 0

GET
H/1.1 200
OK onload.js Show response
worldonline.media.clients.ellingtoncms.com/static/ellington_defaults/2.3.0/javascript/ 2 KB
2 KB 951ms
96ms Script
text/javascript 208.91.60.7
NSIHOSTING-EQX-VA

General

Check archive.org

Show headers Download Go to

Full URL: http://worldonline.media.clients.ellingtoncms.com/static/ellington_defaults/2.3.0/javascript/onload.js
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=???+Buy+Hydroxychloroquine+Over+the+Counter:+??+www.HealsPills.store+??+Uses,+Dosage+???Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: HTTP/1.1
Server: 208.91.60.7 , United States, ASN14244 (NSIHOSTING-EQX-VA, US),
Reverse DNS
Software: /
Resource Hash: ca29fa98b9edf564b5abb0a0f06c7fc1658a5db5ac05759183e34f44a58db9eb

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Sat, 15 Jan 2022 16:42:36 GMT
Last-Modified: Tue, 28 Oct 2014 21:34:31 GMT
Age: 0
ETag: "3799685163"
Vary: Accept-Encoding
X-Cache: MISS
Content-Type: text/javascript
Access-Control-Allow-Origin: *
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1858
X-Cache-Hits: 0

GET
H/1.1 200
OK yahoo-dom-event.js Show response
worldonline.media.clients.ellingtoncms.com/static/ellington_default_old/javascript/ 31 KB
31 KB 961ms
92ms Script
text/javascript 208.91.60.7
NSIHOSTING-EQX-VA

General

Check archive.org

Show headers Download Go to

Full URL: http://worldonline.media.clients.ellingtoncms.com/static/ellington_default_old/javascript/yahoo-dom-event.js
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=???+Buy+Hydroxychloroquine+Over+the+Counter:+??+www.HealsPills.store+??+Uses,+Dosage+???Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: HTTP/1.1
Server: 208.91.60.7 , United States, ASN14244 (NSIHOSTING-EQX-VA, US),
Reverse DNS
Software: /
Resource Hash: 7e2ed03bbc185372cb541663170321544300747ae296389772dc8f722551eb3c

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Sat, 15 Jan 2022 16:42:36 GMT
Last-Modified: Wed, 30 Jan 2013 22:35:38 GMT
Age: 0
ETag: "1851860393"
Vary: Accept-Encoding
X-Cache: MISS
Content-Type: text/javascript
Access-Control-Allow-Origin: *
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 31636
X-Cache-Hits: 0

GET
H/1.1 200
OK flash.js Show response
worldonline.media.clients.ellingtoncms.com/static/ellington_default_old/javascript/ 3 KB
4 KB 968ms
94ms Script
text/javascript 208.91.60.7
NSIHOSTING-EQX-VA

General

Check archive.org

Show headers Download Go to

Full URL: http://worldonline.media.clients.ellingtoncms.com/static/ellington_default_old/javascript/flash.js
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=???+Buy+Hydroxychloroquine+Over+the+Counter:+??+www.HealsPills.store+??+Uses,+Dosage+???Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: HTTP/1.1
Server: 208.91.60.7 , United States, ASN14244 (NSIHOSTING-EQX-VA, US),
Reverse DNS
Software: /
Resource Hash: 25049c305b208bde887cde10dc3fe87d0e39d98d7f126acaa42338f2fb51cb6a

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Sat, 15 Jan 2022 16:42:36 GMT
Last-Modified: Wed, 30 Jan 2013 22:35:37 GMT
Age: 0
ETag: "2687046417"
Vary: Accept-Encoding
X-Cache: MISS
Content-Type: text/javascript
Access-Control-Allow-Origin: *
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 3454
X-Cache-Hits: 0

GET
H/1.1 200
OK audioplayer.js Show response
worldonline.media.clients.ellingtoncms.com/static/ellington_default_old/javascript/ 2 KB
2 KB 971ms
95ms Script
text/javascript 208.91.60.7
NSIHOSTING-EQX-VA

General

Check archive.org

Show headers Download Go to

Full URL: http://worldonline.media.clients.ellingtoncms.com/static/ellington_default_old/javascript/audioplayer.js
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=???+Buy+Hydroxychloroquine+Over+the+Counter:+??+www.HealsPills.store+??+Uses,+Dosage+???Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: HTTP/1.1
Server: 208.91.60.7 , United States, ASN14244 (NSIHOSTING-EQX-VA, US),
Reverse DNS
Software: /
Resource Hash: 482c5ca644f49f87f08ea6ad0e046a21d98ca5009192127e25c3c7342bd81ba1

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Sat, 15 Jan 2022 16:42:36 GMT
Last-Modified: Wed, 30 Jan 2013 22:35:38 GMT
Age: 0
ETag: "3509523352"
Vary: Accept-Encoding
X-Cache: MISS
Content-Type: text/javascript
Access-Control-Allow-Origin: *
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1726
X-Cache-Hits: 0

GET
H/1.1 200
OK video-js.css
worldonline.media.clients.ellingtoncms.com/static/worldonline_defaults/javascript/video-js/ 21 KB
22 KB 774ms
119ms Stylesheet
text/css 208.91.60.7
NSIHOSTING-EQX-VA

General

Check archive.org

Show headers Download Go to

Full URL: http://worldonline.media.clients.ellingtoncms.com/static/worldonline_defaults/javascript/video-js/video-js.css
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=???+Buy+Hydroxychloroquine+Over+the+Counter:+??+www.HealsPills.store+??+Uses,+Dosage+???Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: HTTP/1.1
Server: 208.91.60.7 , United States, ASN14244 (NSIHOSTING-EQX-VA, US),
Reverse DNS
Software: /
Resource Hash: 0fc0fbb7321bca17d95d35cbb2bcbc81ac7e78c61a50b2af2ed130a1fe6f1691

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Sat, 15 Jan 2022 16:42:36 GMT
Last-Modified: Mon, 25 Nov 2013 04:26:10 GMT
Age: 0
ETag: "418525954"
Vary: Accept-Encoding
X-Cache: MISS
Content-Type: text/css
Access-Control-Allow-Origin: *
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 21853
X-Cache-Hits: 0

GET
H/1.1 200
OK video.js Show response
worldonline.media.clients.ellingtoncms.com/static/worldonline_defaults/javascript/video-js/ 51 KB
51 KB 977ms
96ms Script
text/javascript 208.91.60.7
NSIHOSTING-EQX-VA

General

Check archive.org

Show headers Download Go to

Full URL: http://worldonline.media.clients.ellingtoncms.com/static/worldonline_defaults/javascript/video-js/video.js
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=???+Buy+Hydroxychloroquine+Over+the+Counter:+??+www.HealsPills.store+??+Uses,+Dosage+???Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: HTTP/1.1
Server: 208.91.60.7 , United States, ASN14244 (NSIHOSTING-EQX-VA, US),
Reverse DNS
Software: /
Resource Hash: e0c5c27ad304e1d5b111c4c67d9c3aa45d64b35e6d322c2bc4c7462813b1d204

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Sat, 15 Jan 2022 16:42:36 GMT
Last-Modified: Mon, 25 Nov 2013 04:26:26 GMT
Age: 0
ETag: "223480570"
Vary: Accept-Encoding
X-Cache: MISS
Content-Type: text/javascript
Access-Control-Allow-Origin: *
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 51740
X-Cache-Hits: 0

GET
H/1.1 200
OK video_player_v2.js Show response
worldonline.media.clients.ellingtoncms.com/static/worldonline_defaults/javascript/ 4 KB
5 KB 1045ms
94ms Script
text/javascript 208.91.60.7
NSIHOSTING-EQX-VA

General

Check archive.org

Show headers Download Go to

Full URL: http://worldonline.media.clients.ellingtoncms.com/static/worldonline_defaults/javascript/video_player_v2.js
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=???+Buy+Hydroxychloroquine+Over+the+Counter:+??+www.HealsPills.store+??+Uses,+Dosage+???Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: HTTP/1.1
Server: 208.91.60.7 , United States, ASN14244 (NSIHOSTING-EQX-VA, US),
Reverse DNS
Software: /
Resource Hash: fb9234052ac419d5c2aab3ec5f16365d70ff41096426b821c2b693593a1a559a

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Sat, 15 Jan 2022 16:42:36 GMT
Last-Modified: Mon, 25 Nov 2013 17:38:35 GMT
Age: 0
ETag: "68033224"
Vary: Accept-Encoding
X-Cache: MISS
Content-Type: text/javascript
Access-Control-Allow-Origin: *
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 4551
X-Cache-Hits: 0

GET
H/1.1 200
OK cookies.js Show response
worldonline.media.clients.ellingtoncms.com/static/ellington_defaults/2.3.0/javascript/lib/ 1 KB
1 KB 1056ms
94ms Script
text/javascript 208.91.60.7
NSIHOSTING-EQX-VA

General

Check archive.org

Show headers Download Go to

Full URL: http://worldonline.media.clients.ellingtoncms.com/static/ellington_defaults/2.3.0/javascript/lib/cookies.js
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=???+Buy+Hydroxychloroquine+Over+the+Counter:+??+www.HealsPills.store+??+Uses,+Dosage+???Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: HTTP/1.1
Server: 208.91.60.7 , United States, ASN14244 (NSIHOSTING-EQX-VA, US),
Reverse DNS
Software: /
Resource Hash: 17b91841811d67da94317ebd549a5a35e66e380be5a2ca51a34a8139f9a1415a

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Sat, 15 Jan 2022 16:42:36 GMT
Last-Modified: Tue, 28 Oct 2014 21:34:30 GMT
Age: 0
ETag: "853252152"
Vary: Accept-Encoding
X-Cache: MISS
Content-Type: text/javascript
Access-Control-Allow-Origin: *
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1188
X-Cache-Hits: 0

GET
H/1.1 200
OK mobile_detect.js Show response
worldonline.media.clients.ellingtoncms.com/static/ellington_defaults/2.3.0/javascript/lib/ 2 KB
3 KB 1061ms
94ms Script
text/javascript 208.91.60.7
NSIHOSTING-EQX-VA

General

Check archive.org

Show headers Download Go to

Full URL: http://worldonline.media.clients.ellingtoncms.com/static/ellington_defaults/2.3.0/javascript/lib/mobile_detect.js
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=???+Buy+Hydroxychloroquine+Over+the+Counter:+??+www.HealsPills.store+??+Uses,+Dosage+???Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: HTTP/1.1
Server: 208.91.60.7 , United States, ASN14244 (NSIHOSTING-EQX-VA, US),
Reverse DNS
Software: /
Resource Hash: 8ca119bc1f1fc4736ccedf20d3aafcc50aead2109a92e32c89bf74af72a1e057

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Sat, 15 Jan 2022 16:42:36 GMT
Last-Modified: Tue, 28 Oct 2014 21:34:30 GMT
Age: 0
ETag: "3082590460"
Vary: Accept-Encoding
X-Cache: MISS
Content-Type: text/javascript
Access-Control-Allow-Origin: *
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 2301
X-Cache-Hits: 0

GET
H/1.1 200
OK sp.js Show response
cdn.includemodal.com/ 126 KB
34 KB 59ms
20ms Script
application/javascript 151.101.66.133
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: http://cdn.includemodal.com/sp.js
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=???+Buy+Hydroxychloroquine+Over+the+Counter:+??+www.HealsPills.store+??+Uses,+Dosage+???Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: HTTP/1.1
Server: 151.101.66.133 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: b00dec76f7bd930c41b4b779f73fc4bce681079b8ef9d5f9abe488c6193bd096

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

x-amz-version-id: RMaN7MsO2HgV2dgJXHhghVFCLxMC8ZFJ
Via: 1.1 521484bc87dc7b3d509c41618270e818.cloudfront.net (CloudFront), 1.1 varnish
ETag: W/"9d801abb9b8ac1f3c9af59352538559d"
Age: 1115
X-Cache: Hit from cloudfront, HIT
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 34567
X-Served-By: cache-mxp6930-MXP
Last-Modified: Fri, 14 Jan 2022 16:22:38 GMT
Server: AmazonS3
X-Timer: S1642264956.038921,VS0,VE0
Date: Sat, 15 Jan 2022 16:42:36 GMT
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=3600, public
X-Amz-Cf-Pop: MXP64-C3
Accept-Ranges: bytes
X-Amz-Cf-Id: JtbnNpXO4sWd8ERaaVr-3ahUXpecrJQ7IyoyAOJO97ui5p-FNV6b1A==
X-Cache-Hits: 2

GET
H2 200 up.js Show response
cdn01.basis.net/assets/ 2 KB
1 KB 30ms
7ms Script
application/javascript 178.79.242.181
LLNW

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn01.basis.net/assets/up.js?um=1
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=???+Buy+Hydroxychloroquine+Over+the+Counter:+??+www.HealsPills.store+??+Uses,+Dosage+???Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 178.79.242.181 , United States, ASN22822 (LLNW, US),
Reverse DNS: https-178-79-242-181.fra.llnw.net
Software: AC1.1 /
Resource Hash: 5bdf1120c4df8c868092d0bcb7f2540a85456fd94cd1e1a5570c9b63906b1a5b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 16:42:36 GMT
content-encoding: gzip
last-modified: Mon, 24 Aug 2020 15:06:26 GMT
server: AC1.1
age: 405371
vary: Accept-Encoding
content-type: application/javascript
accept-ranges: bytes
content-length: 1041
x-llid: a37a21ee3580bf5e2ec0358f58565d6c

GET
H/1.1 200
OK ellington-ga.js Show response
worldonline.media.clients.ellingtoncms.com/static/ 3 KB
4 KB 1065ms
94ms Script
text/javascript 208.91.60.7
NSIHOSTING-EQX-VA

General

Check archive.org

Show headers Download Go to

Full URL: http://worldonline.media.clients.ellingtoncms.com/static/ellington-ga.js?v=11
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=???+Buy+Hydroxychloroquine+Over+the+Counter:+??+www.HealsPills.store+??+Uses,+Dosage+???Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: HTTP/1.1
Server: 208.91.60.7 , United States, ASN14244 (NSIHOSTING-EQX-VA, US),
Reverse DNS
Software: /
Resource Hash: 95af646b01ee702570f9abad3701e98b1713487822310baba992363f92513e26

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Sat, 15 Jan 2022 16:42:37 GMT
Last-Modified: Fri, 28 Jul 2017 15:48:34 GMT
Age: 0
ETag: "2862375767"
Vary: Accept-Encoding
X-Cache: MISS
Content-Type: text/javascript
Access-Control-Allow-Origin: *
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 3355
X-Cache-Hits: 0

GET
H2

200

/
insight.adsrvr.org/track/evnt/
Redirect Chain

http://insight.adsrvr.org/track/evnt/?adv=71kqd28j&ct=0:1yygqtov&fmt=3
https://insight.adsrvr.org/track/evnt/?adv=71kqd28j&ct=0:1yygqtov&fmt=3

70 B
261 B

102ms
32ms

Image
image/gif

3.33.220.150
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://insight.adsrvr.org/track/evnt/?adv=71kqd28j&ct=0:1yygqtov&fmt=3
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=???+Buy+Hydroxychloroquine+Over+the+Counter:+??+www.HealsPills.store+??+Uses,+Dosage+???Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: H2
Server: 3.33.220.150 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a12b7a488abeaa9e4.awsglobalaccelerator.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 15 Jan 2022 16:42:37 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-type: image/gif
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

Redirect headers

Location: https://insight.adsrvr.org:443/track/evnt/?adv=71kqd28j&ct=0:1yygqtov&fmt=3
Date: Sat, 15 Jan 2022 16:42:37 GMT
Server: awselb/2.0
Connection: keep-alive
Content-Length: 134
Content-Type: text/html

GET
H/1.1 200
OK logotab.png
worldonline.media.clients.ellingtoncms.com/static/kusports.com/images/light/ 2 KB
2 KB 185ms
100ms Image
image/png 208.91.60.7
NSIHOSTING-EQX-VA

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://worldonline.media.clients.ellingtoncms.com/static/kusports.com/images/light/logotab.png
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=???+Buy+Hydroxychloroquine+Over+the+Counter:+??+www.HealsPills.store+??+Uses,+Dosage+???Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: HTTP/1.1
Server: 208.91.60.7 , United States, ASN14244 (NSIHOSTING-EQX-VA, US),
Reverse DNS
Software: /
Resource Hash: fa1bbe501b149144f7d0195697ed240c0bbfab218313922bd1733fa02d4f3bcd

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Sat, 15 Jan 2022 16:42:37 GMT
Last-Modified: Wed, 30 Jan 2013 22:35:35 GMT
Age: 0
ETag: "4146598750"
X-Cache: MISS
Content-Type: image/png
Access-Control-Allow-Origin: *
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 2122
X-Cache-Hits: 0

GET
H/1.1 200
OK meritrust-logo.png
ogden_images.s3.amazonaws.com/www.ljworld.com/images/2021/12/30092118/ 35 KB
36 KB 256ms
115ms Image
image/png 52.216.77.172
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://ogden_images.s3.amazonaws.com/www.ljworld.com/images/2021/12/30092118/meritrust-logo.png
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=???+Buy+Hydroxychloroquine+Over+the+Counter:+??+www.HealsPills.store+??+Uses,+Dosage+???Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: HTTP/1.1
Server: 52.216.77.172 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: s3-1-w.amazonaws.com
Software: AmazonS3 /
Resource Hash: ca03203fdd79bb26a6787fcaa3d8bb2d74514e04cea540daf0441d35308e0827

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Sat, 15 Jan 2022 16:42:38 GMT
Last-Modified: Thu, 30 Dec 2021 15:21:19 GMT
Server: AmazonS3
x-amz-request-id: ZPBTK3XHM9K2HQ0W
ETag: "38d416f31a969011c25be08c19cad3f9"
Content-Type: image/png
Cache-Control: max-age=31536000
Accept-Ranges: bytes
Content-Length: 36055
x-amz-id-2: 4e0tkZ0nLcX314VPc+E8SujOQdvZabwMfpaZHzpZiTx9yhRxir0ttYbrqeLXeiXA5J/7CA1IoOw=
Expires: Fri, 30 Dec 2022 15:21:18 GMT

GET
H/1.1

404
NOT FOUND

/
www2.kusports.com/search/vertical/photogalleries.gallery/_t200/
Redirect Chain

http://www2.kusports.com/search/vertical/photogalleries.gallery/_t200?63053ce3c12ccdabb07c8a8609241a2395705911
http://www2.kusports.com/search/vertical/photogalleries.gallery/_t200/?63053ce3c12ccdabb07c8a8609241a2395705911=

36 KB
36 KB

95ms
94ms

Image
text/html

208.91.60.6
NSIHOSTING-EQX-VA

General

Check archive.org

Show headers Download Go to Show image

Full URL

http://www2.kusports.com/search/vertical/photogalleries.gallery/_t200/?63053ce3c12ccdabb07c8a8609241a2395705911=

Requested by

Protocol

HTTP/1.1

Server

208.91.60.6 , United States, ASN14244 (NSIHOSTING-EQX-VA, US),

Reverse DNS

ellingtoncms.com

Software

nginx /

Resource Hash

dffb2854fbfb6bfb95e6949a623fe55063e7cc929b3755ed7b27adf7f31b52eb

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=???+Buy+Hydroxychloroquine+Over+the+Counter:+??+www.HealsPills.store+??+Uses,+Dosage+???Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Sat, 15 Jan 2022 16:42:37 GMT
Content-Encoding: gzip
Vary: Accept-Encoding, Cookie
Server: nginx
Age: 51
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
X-Varnish: 4151095798 4151093094
Via: 1.1 varnish
Connection: keep-alive
Accept-Ranges: bytes
Content-Type: text/html; charset=utf-8
Content-Length: 8742
X-Cache-Hits: 1

Redirect headers

Date: Sat, 15 Jan 2022 16:42:37 GMT
Via: 1.1 varnish
Server: nginx
Age: 51
X-Frame-Options: SAMEORIGIN
X-Cache: HIT
X-Varnish: 4151095791 4151093082
Location: http://www2.kusports.com/search/vertical/photogalleries.gallery/_t200/?63053ce3c12ccdabb07c8a8609241a2395705911=
Connection: keep-alive
Accept-Ranges: bytes
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-Beatles: ellington-app-16
X-Cache-Hits: 1

GET
H/1.1 200
OK ku_bkc_isu_06_t200.jpg
worldonline.media.clients.ellingtoncms.com/img/photos/2022/01/11/ 15 KB
16 KB 174ms
96ms Image
image/jpeg 208.91.60.7
NSIHOSTING-EQX-VA

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://worldonline.media.clients.ellingtoncms.com/img/photos/2022/01/11/ku_bkc_isu_06_t200.jpg?63053ce3c12ccdabb07c8a8609241a2395705911
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=???+Buy+Hydroxychloroquine+Over+the+Counter:+??+www.HealsPills.store+??+Uses,+Dosage+???Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: HTTP/1.1
Server: 208.91.60.7 , United States, ASN14244 (NSIHOSTING-EQX-VA, US),
Reverse DNS
Software: /
Resource Hash: 728a9a5773bddf02be49c8ac1c8e4f64086c4814abe7b5e95a4d14fdaa9d7486

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Wed, 12 Jan 2022 03:34:32 GMT
Last-Modified: Wed, 12 Jan 2022 03:23:26 GMT
Age: 306485
ETag: "1793138685"
X-Cache: HIT
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Expires: Fri, 11 Feb 2022 03:34:32 GMT
Cache-Control: max-age=2592000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 15719
X-Cache-Hits: 9

GET
H/1.1 200
OK ku_bkc_isu_06_r50x40.jpg
worldonline.media.clients.ellingtoncms.com/img/photos/2022/01/11/ 2 KB
2 KB 97ms
96ms Image
image/jpeg 208.91.60.7
NSIHOSTING-EQX-VA

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://worldonline.media.clients.ellingtoncms.com/img/photos/2022/01/11/ku_bkc_isu_06_r50x40.jpg?ad8d1b116c121fbc85d2e92ba6430d59959ea093
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=???+Buy+Hydroxychloroquine+Over+the+Counter:+??+www.HealsPills.store+??+Uses,+Dosage+???Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: HTTP/1.1
Server: 208.91.60.7 , United States, ASN14244 (NSIHOSTING-EQX-VA, US),
Reverse DNS
Software: /
Resource Hash: f2023b1b62da87163faad2f2ed5d116be69bae647670048d738f3526167c2632

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Wed, 12 Jan 2022 04:00:08 GMT
Last-Modified: Wed, 12 Jan 2022 03:59:38 GMT
Age: 304948
ETag: "1445639886"
X-Cache: HIT
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Expires: Fri, 11 Feb 2022 04:00:08 GMT
Cache-Control: max-age=2592000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 2182
X-Cache-Hits: 7260

GET
H/1.1 200
OK ku_bkc_isu_05_r50x40.jpg
worldonline.media.clients.ellingtoncms.com/img/photos/2022/01/11/ 2 KB
3 KB 95ms
94ms Image
image/jpeg 208.91.60.7
NSIHOSTING-EQX-VA

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://worldonline.media.clients.ellingtoncms.com/img/photos/2022/01/11/ku_bkc_isu_05_r50x40.jpg?ad8d1b116c121fbc85d2e92ba6430d59959ea093
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=???+Buy+Hydroxychloroquine+Over+the+Counter:+??+www.HealsPills.store+??+Uses,+Dosage+???Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: HTTP/1.1
Server: 208.91.60.7 , United States, ASN14244 (NSIHOSTING-EQX-VA, US),
Reverse DNS
Software: /
Resource Hash: 945d81de37368bdb21409830e9bd81a52fe4eea9e698d444ad510eddc77ca1a9

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Wed, 12 Jan 2022 03:58:55 GMT
Last-Modified: Wed, 12 Jan 2022 03:58:14 GMT
Age: 305021
ETag: "3577918218"
X-Cache: HIT
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Expires: Fri, 11 Feb 2022 03:58:55 GMT
Cache-Control: max-age=2592000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 2504
X-Cache-Hits: 7269

GET
H/1.1 200
OK ku_bkc_isu_02_r50x40.jpg
worldonline.media.clients.ellingtoncms.com/img/photos/2022/01/11/ 2 KB
3 KB 91ms
91ms Image
image/jpeg 208.91.60.7
NSIHOSTING-EQX-VA

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://worldonline.media.clients.ellingtoncms.com/img/photos/2022/01/11/ku_bkc_isu_02_r50x40.jpg?ad8d1b116c121fbc85d2e92ba6430d59959ea093
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=???+Buy+Hydroxychloroquine+Over+the+Counter:+??+www.HealsPills.store+??+Uses,+Dosage+???Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: HTTP/1.1
Server: 208.91.60.7 , United States, ASN14244 (NSIHOSTING-EQX-VA, US),
Reverse DNS
Software: /
Resource Hash: d4f8bc08ed1a374a36388cfe41f2609c5f1025de20422d698368be48f1896ce1

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Wed, 12 Jan 2022 03:58:55 GMT
Last-Modified: Wed, 12 Jan 2022 03:58:12 GMT
Age: 305022
ETag: "3831804672"
X-Cache: HIT
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Expires: Fri, 11 Feb 2022 03:58:55 GMT
Cache-Control: max-age=2592000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 2336
X-Cache-Hits: 7278

GET
H/1.1 200
OK ku_bkc_isu_03_r50x40.jpg
worldonline.media.clients.ellingtoncms.com/img/photos/2022/01/11/ 2 KB
3 KB 90ms
89ms Image
image/jpeg 208.91.60.7
NSIHOSTING-EQX-VA

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://worldonline.media.clients.ellingtoncms.com/img/photos/2022/01/11/ku_bkc_isu_03_r50x40.jpg?ad8d1b116c121fbc85d2e92ba6430d59959ea093
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=???+Buy+Hydroxychloroquine+Over+the+Counter:+??+www.HealsPills.store+??+Uses,+Dosage+???Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: HTTP/1.1
Server: 208.91.60.7 , United States, ASN14244 (NSIHOSTING-EQX-VA, US),
Reverse DNS
Software: /
Resource Hash: 2f86987acb8ba6f3703a815c5dbb09d282cf25c1714ae91d1c2afd9d9af7c08a

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Wed, 12 Jan 2022 03:58:55 GMT
Last-Modified: Wed, 12 Jan 2022 03:58:13 GMT
Age: 305022
ETag: "1153676047"
X-Cache: HIT
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Expires: Fri, 11 Feb 2022 03:58:55 GMT
Cache-Control: max-age=2592000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 2497
X-Cache-Hits: 7293

GET
H/1.1 200
OK ku_bkc_isu_01_r50x40.jpg
worldonline.media.clients.ellingtoncms.com/img/photos/2022/01/11/ 2 KB
3 KB 93ms
93ms Image
image/jpeg 208.91.60.7
NSIHOSTING-EQX-VA

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://worldonline.media.clients.ellingtoncms.com/img/photos/2022/01/11/ku_bkc_isu_01_r50x40.jpg?ad8d1b116c121fbc85d2e92ba6430d59959ea093
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=???+Buy+Hydroxychloroquine+Over+the+Counter:+??+www.HealsPills.store+??+Uses,+Dosage+???Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: HTTP/1.1
Server: 208.91.60.7 , United States, ASN14244 (NSIHOSTING-EQX-VA, US),
Reverse DNS
Software: /
Resource Hash: 0e9793afd5d57a188f900a3561b714829cb7fddbe1fc7dd454dc94f6515121ee

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Wed, 12 Jan 2022 03:58:55 GMT
Last-Modified: Wed, 12 Jan 2022 03:58:13 GMT
Age: 305022
ETag: "2741744387"
X-Cache: HIT
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Expires: Fri, 11 Feb 2022 03:58:55 GMT
Cache-Control: max-age=2592000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 2278
X-Cache-Hits: 3638

GET
H/1.1 200
OK MitchTech_r50x40.jpg
worldonline.media.clients.ellingtoncms.com/img/photos/2022/01/08/ 2 KB
3 KB 93ms
93ms Image
image/jpeg 208.91.60.7
NSIHOSTING-EQX-VA

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://worldonline.media.clients.ellingtoncms.com/img/photos/2022/01/08/MitchTech_r50x40.jpg?ad8d1b116c121fbc85d2e92ba6430d59959ea093
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=???+Buy+Hydroxychloroquine+Over+the+Counter:+??+www.HealsPills.store+??+Uses,+Dosage+???Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: HTTP/1.1
Server: 208.91.60.7 , United States, ASN14244 (NSIHOSTING-EQX-VA, US),
Reverse DNS
Software: /
Resource Hash: 2e7b133667cf862ce360aec2578c08adcf317bdeffb5b5ae26f22c7928bed85f

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Sun, 09 Jan 2022 02:21:43 GMT
Last-Modified: Sun, 09 Jan 2022 02:20:19 GMT
Age: 570053
ETag: "656618056"
X-Cache: HIT
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Expires: Tue, 08 Feb 2022 02:21:43 GMT
Cache-Control: max-age=2592000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 2375
X-Cache-Hits: 10200

GET
H/1.1 200
OK CBhookTech_r50x40.jpg
worldonline.media.clients.ellingtoncms.com/img/photos/2022/01/08/ 2 KB
2 KB 93ms
93ms Image
image/jpeg 208.91.60.7
NSIHOSTING-EQX-VA

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://worldonline.media.clients.ellingtoncms.com/img/photos/2022/01/08/CBhookTech_r50x40.jpg?ad8d1b116c121fbc85d2e92ba6430d59959ea093
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=???+Buy+Hydroxychloroquine+Over+the+Counter:+??+www.HealsPills.store+??+Uses,+Dosage+???Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: HTTP/1.1
Server: 208.91.60.7 , United States, ASN14244 (NSIHOSTING-EQX-VA, US),
Reverse DNS
Software: /
Resource Hash: 03f40b2a01bbba09852e901342f46c741a9a3f8fb9450bfa29a5e13f568af04e

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Sun, 09 Jan 2022 02:21:43 GMT
Last-Modified: Sun, 09 Jan 2022 02:20:19 GMT
Age: 570053
ETag: "1419915854"
X-Cache: HIT
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Expires: Tue, 08 Feb 2022 02:21:43 GMT
Cache-Control: max-age=2592000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 2002
X-Cache-Hits: 10181

GET
H/1.1 200
OK DajuanTech_r50x40.jpg
worldonline.media.clients.ellingtoncms.com/img/photos/2022/01/08/ 2 KB
3 KB 95ms
95ms Image
image/jpeg 208.91.60.7
NSIHOSTING-EQX-VA

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://worldonline.media.clients.ellingtoncms.com/img/photos/2022/01/08/DajuanTech_r50x40.jpg?ad8d1b116c121fbc85d2e92ba6430d59959ea093
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=???+Buy+Hydroxychloroquine+Over+the+Counter:+??+www.HealsPills.store+??+Uses,+Dosage+???Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: HTTP/1.1
Server: 208.91.60.7 , United States, ASN14244 (NSIHOSTING-EQX-VA, US),
Reverse DNS
Software: /
Resource Hash: c94e49334083ad99ce4fe5cc543eaf92320f702c473b1a134d8e0d2751683786

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Sun, 09 Jan 2022 02:21:43 GMT
Last-Modified: Sun, 09 Jan 2022 02:20:18 GMT
Age: 570053
ETag: "1445343817"
X-Cache: HIT
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Expires: Tue, 08 Feb 2022 02:21:43 GMT
Cache-Control: max-age=2592000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 2307
X-Cache-Hits: 10205

GET
H/1.1 200
OK TechatRim_r50x40.jpg
worldonline.media.clients.ellingtoncms.com/img/photos/2022/01/08/ 2 KB
3 KB 91ms
90ms Image
image/jpeg 208.91.60.7
NSIHOSTING-EQX-VA

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://worldonline.media.clients.ellingtoncms.com/img/photos/2022/01/08/TechatRim_r50x40.jpg?ad8d1b116c121fbc85d2e92ba6430d59959ea093
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=???+Buy+Hydroxychloroquine+Over+the+Counter:+??+www.HealsPills.store+??+Uses,+Dosage+???Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: HTTP/1.1
Server: 208.91.60.7 , United States, ASN14244 (NSIHOSTING-EQX-VA, US),
Reverse DNS
Software: /
Resource Hash: f7059be255f87b9ee45ab619650998acb10637aa0d41a3e34f12cb563a31e824

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Sun, 09 Jan 2022 02:21:43 GMT
Last-Modified: Sun, 09 Jan 2022 02:20:18 GMT
Age: 570053
ETag: "295776841"
X-Cache: HIT
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Expires: Tue, 08 Feb 2022 02:21:43 GMT
Cache-Control: max-age=2592000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 2348
X-Cache-Hits: 10207

GET
H/1.1 200
OK SelfatTech_r50x40.jpg
worldonline.media.clients.ellingtoncms.com/img/photos/2022/01/08/ 2 KB
3 KB 90ms
89ms Image
image/jpeg 208.91.60.7
NSIHOSTING-EQX-VA

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://worldonline.media.clients.ellingtoncms.com/img/photos/2022/01/08/SelfatTech_r50x40.jpg?ad8d1b116c121fbc85d2e92ba6430d59959ea093
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=???+Buy+Hydroxychloroquine+Over+the+Counter:+??+www.HealsPills.store+??+Uses,+Dosage+???Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: HTTP/1.1
Server: 208.91.60.7 , United States, ASN14244 (NSIHOSTING-EQX-VA, US),
Reverse DNS
Software: /
Resource Hash: 4ca98a9f6e5b6b5acb8c8c474b3366e13372946d998d4c12470ce606b05df393

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Sun, 09 Jan 2022 02:21:43 GMT
Last-Modified: Sun, 09 Jan 2022 02:20:18 GMT
Age: 570053
ETag: "1956655691"
X-Cache: HIT
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Expires: Tue, 08 Feb 2022 02:21:43 GMT
Cache-Control: max-age=2592000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 2222
X-Cache-Hits: 6167

GET
H/1.1 200
OK Juan_steal_r50x40.jpg
worldonline.media.clients.ellingtoncms.com/img/photos/2022/01/05/ 2 KB
3 KB 95ms
93ms Image
image/jpeg 208.91.60.7
NSIHOSTING-EQX-VA

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://worldonline.media.clients.ellingtoncms.com/img/photos/2022/01/05/Juan_steal_r50x40.jpg?ad8d1b116c121fbc85d2e92ba6430d59959ea093
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=???+Buy+Hydroxychloroquine+Over+the+Counter:+??+www.HealsPills.store+??+Uses,+Dosage+???Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: HTTP/1.1
Server: 208.91.60.7 , United States, ASN14244 (NSIHOSTING-EQX-VA, US),
Reverse DNS
Software: /
Resource Hash: 2649d411849441560a08d65ecc699902799d2219cb10ddf8c365b9803ae66acc

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Wed, 05 Jan 2022 07:18:38 GMT
Last-Modified: Wed, 05 Jan 2022 07:16:29 GMT
Age: 897838
ETag: "2052207382"
X-Cache: HIT
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Expires: Fri, 04 Feb 2022 07:18:38 GMT
Cache-Control: max-age=2592000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 2418
X-Cache-Hits: 14146

GET
H/1.1 200
OK AP22005104812577_r50x40.jpg
worldonline.media.clients.ellingtoncms.com/img/photos/2022/01/05/ 2 KB
2 KB 93ms
93ms Image
image/jpeg 208.91.60.7
NSIHOSTING-EQX-VA

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://worldonline.media.clients.ellingtoncms.com/img/photos/2022/01/05/AP22005104812577_r50x40.jpg?ad8d1b116c121fbc85d2e92ba6430d59959ea093
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=???+Buy+Hydroxychloroquine+Over+the+Counter:+??+www.HealsPills.store+??+Uses,+Dosage+???Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: HTTP/1.1
Server: 208.91.60.7 , United States, ASN14244 (NSIHOSTING-EQX-VA, US),
Reverse DNS
Software: /
Resource Hash: 46f91934dfcf2858e78684bf1255b45320ef80059f80d4f376bc829446f5505c

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Wed, 05 Jan 2022 07:18:38 GMT
Last-Modified: Wed, 05 Jan 2022 07:16:30 GMT
Age: 897838
ETag: "1842557749"
X-Cache: HIT
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Expires: Fri, 04 Feb 2022 07:18:38 GMT
Cache-Control: max-age=2592000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 2107
X-Cache-Hits: 14139

GET
H/1.1 200
OK Mitch_block_r50x40.jpg
worldonline.media.clients.ellingtoncms.com/img/photos/2022/01/05/ 2 KB
2 KB 94ms
93ms Image
image/jpeg 208.91.60.7
NSIHOSTING-EQX-VA

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://worldonline.media.clients.ellingtoncms.com/img/photos/2022/01/05/Mitch_block_r50x40.jpg?ad8d1b116c121fbc85d2e92ba6430d59959ea093
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=???+Buy+Hydroxychloroquine+Over+the+Counter:+??+www.HealsPills.store+??+Uses,+Dosage+???Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: HTTP/1.1
Server: 208.91.60.7 , United States, ASN14244 (NSIHOSTING-EQX-VA, US),
Reverse DNS
Software: /
Resource Hash: b3094bd6c20ebdde1e03ad0f9e5f271b6d56d5a9c32b0bf7d731f5bb72dfeb25

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Wed, 05 Jan 2022 07:18:38 GMT
Last-Modified: Wed, 05 Jan 2022 07:16:30 GMT
Age: 897838
ETag: "526201653"
X-Cache: HIT
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Expires: Fri, 04 Feb 2022 07:18:38 GMT
Cache-Control: max-age=2592000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 2172
X-Cache-Hits: 14162

GET
H/1.1 200
OK Dave_layup_r50x40.jpg
worldonline.media.clients.ellingtoncms.com/img/photos/2022/01/05/ 2 KB
2 KB 95ms
95ms Image
image/jpeg 208.91.60.7
NSIHOSTING-EQX-VA

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://worldonline.media.clients.ellingtoncms.com/img/photos/2022/01/05/Dave_layup_r50x40.jpg?ad8d1b116c121fbc85d2e92ba6430d59959ea093
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=???+Buy+Hydroxychloroquine+Over+the+Counter:+??+www.HealsPills.store+??+Uses,+Dosage+???Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: HTTP/1.1
Server: 208.91.60.7 , United States, ASN14244 (NSIHOSTING-EQX-VA, US),
Reverse DNS
Software: /
Resource Hash: da1360e9617591ce97b284615498f1a406c4b00fcdddfd59724e5356769c667c

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Wed, 05 Jan 2022 07:18:38 GMT
Last-Modified: Wed, 05 Jan 2022 07:16:30 GMT
Age: 897838
ETag: "266089271"
X-Cache: HIT
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Expires: Fri, 04 Feb 2022 07:18:38 GMT
Cache-Control: max-age=2592000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 2063
X-Cache-Hits: 14099

GET
H/1.1 200
OK Mitch_dive_r50x40.jpg
worldonline.media.clients.ellingtoncms.com/img/photos/2022/01/05/ 2 KB
3 KB 91ms
91ms Image
image/jpeg 208.91.60.7
NSIHOSTING-EQX-VA

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://worldonline.media.clients.ellingtoncms.com/img/photos/2022/01/05/Mitch_dive_r50x40.jpg?ad8d1b116c121fbc85d2e92ba6430d59959ea093
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=???+Buy+Hydroxychloroquine+Over+the+Counter:+??+www.HealsPills.store+??+Uses,+Dosage+???Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: HTTP/1.1
Server: 208.91.60.7 , United States, ASN14244 (NSIHOSTING-EQX-VA, US),
Reverse DNS
Software: /
Resource Hash: 97192cf227b40aa5c09387cc46230ef31fa177e946cc91fa98a55e89c1c436ff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Wed, 05 Jan 2022 07:21:20 GMT
Last-Modified: Wed, 05 Jan 2022 07:17:34 GMT
Age: 897677
ETag: "2138281653"
X-Cache: HIT
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Expires: Fri, 04 Feb 2022 07:21:20 GMT
Cache-Control: max-age=2592000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 2312
X-Cache-Hits: 9256

GET
H/1.1 200
OK ku_bkc_mason_01_r50x40.jpg
worldonline.media.clients.ellingtoncms.com/img/photos/2022/01/01/ 2 KB
3 KB 90ms
90ms Image
image/jpeg 208.91.60.7
NSIHOSTING-EQX-VA

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://worldonline.media.clients.ellingtoncms.com/img/photos/2022/01/01/ku_bkc_mason_01_r50x40.jpg?ad8d1b116c121fbc85d2e92ba6430d59959ea093
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=???+Buy+Hydroxychloroquine+Over+the+Counter:+??+www.HealsPills.store+??+Uses,+Dosage+???Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: HTTP/1.1
Server: 208.91.60.7 , United States, ASN14244 (NSIHOSTING-EQX-VA, US),
Reverse DNS
Software: /
Resource Hash: b78362d3e11d02a90489865565e984d658e9cbc2d442ee7884fd956fb71b0159

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Sun, 02 Jan 2022 00:38:25 GMT
Last-Modified: Sun, 02 Jan 2022 00:37:46 GMT
Age: 1181052
ETag: "2529146521"
X-Cache: HIT
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Expires: Tue, 01 Feb 2022 00:38:25 GMT
Cache-Control: max-age=2592000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 2456
X-Cache-Hits: 16506

GET
H/1.1 200
OK ku_bkc_mason_12_r50x40.jpg
worldonline.media.clients.ellingtoncms.com/img/photos/2022/01/01/ 2 KB
3 KB 93ms
92ms Image
image/jpeg 208.91.60.7
NSIHOSTING-EQX-VA

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://worldonline.media.clients.ellingtoncms.com/img/photos/2022/01/01/ku_bkc_mason_12_r50x40.jpg?ad8d1b116c121fbc85d2e92ba6430d59959ea093
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=???+Buy+Hydroxychloroquine+Over+the+Counter:+??+www.HealsPills.store+??+Uses,+Dosage+???Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: HTTP/1.1
Server: 208.91.60.7 , United States, ASN14244 (NSIHOSTING-EQX-VA, US),
Reverse DNS
Software: /
Resource Hash: 623d4350b84c3db35766c93aa589955ad02710b1cbb5bb8fe0fbfdda1bdba321

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Sun, 02 Jan 2022 00:37:41 GMT
Last-Modified: Sun, 02 Jan 2022 00:36:55 GMT
Age: 1181095
ETag: "2754786932"
X-Cache: HIT
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Expires: Tue, 01 Feb 2022 00:37:41 GMT
Cache-Control: max-age=2592000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 2363
X-Cache-Hits: 16469

GET
H/1.1 200
OK ku_bkc_mason_22_r50x40.jpg
worldonline.media.clients.ellingtoncms.com/img/photos/2022/01/01/ 2 KB
2 KB 93ms
93ms Image
image/jpeg 208.91.60.7
NSIHOSTING-EQX-VA

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://worldonline.media.clients.ellingtoncms.com/img/photos/2022/01/01/ku_bkc_mason_22_r50x40.jpg?ad8d1b116c121fbc85d2e92ba6430d59959ea093
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=???+Buy+Hydroxychloroquine+Over+the+Counter:+??+www.HealsPills.store+??+Uses,+Dosage+???Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: HTTP/1.1
Server: 208.91.60.7 , United States, ASN14244 (NSIHOSTING-EQX-VA, US),
Reverse DNS
Software: /
Resource Hash: e93f3187fcfb44d155e7119c58627506ff3765fa4afe66dc87f338b6b8a13a54

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Sun, 02 Jan 2022 00:55:32 GMT
Last-Modified: Sun, 02 Jan 2022 00:54:52 GMT
Age: 1180024
ETag: "4012980133"
X-Cache: HIT
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Expires: Tue, 01 Feb 2022 00:55:32 GMT
Cache-Control: max-age=2592000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1834
X-Cache-Hits: 16408

GET
H/1.1 200
OK ku_bkc_mason_02_r50x40.jpg
worldonline.media.clients.ellingtoncms.com/img/photos/2022/01/01/ 2 KB
3 KB 93ms
93ms Image
image/jpeg 208.91.60.7
NSIHOSTING-EQX-VA

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://worldonline.media.clients.ellingtoncms.com/img/photos/2022/01/01/ku_bkc_mason_02_r50x40.jpg?ad8d1b116c121fbc85d2e92ba6430d59959ea093
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=???+Buy+Hydroxychloroquine+Over+the+Counter:+??+www.HealsPills.store+??+Uses,+Dosage+???Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: HTTP/1.1
Server: 208.91.60.7 , United States, ASN14244 (NSIHOSTING-EQX-VA, US),
Reverse DNS
Software: /
Resource Hash: 51fafa8da3b03ac77d9ac2fdeafe93a313829891e3a922a596801146ba41444a

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Sun, 02 Jan 2022 00:38:25 GMT
Last-Modified: Sun, 02 Jan 2022 00:37:46 GMT
Age: 1181052
ETag: "2174203545"
X-Cache: HIT
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Expires: Tue, 01 Feb 2022 00:38:25 GMT
Cache-Control: max-age=2592000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 2448
X-Cache-Hits: 16443

GET
H/1.1 200
OK ku_bkc_mason_03_r50x40.jpg
worldonline.media.clients.ellingtoncms.com/img/photos/2022/01/01/ 2 KB
3 KB 95ms
95ms Image
image/jpeg 208.91.60.7
NSIHOSTING-EQX-VA

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://worldonline.media.clients.ellingtoncms.com/img/photos/2022/01/01/ku_bkc_mason_03_r50x40.jpg?ad8d1b116c121fbc85d2e92ba6430d59959ea093
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=???+Buy+Hydroxychloroquine+Over+the+Counter:+??+www.HealsPills.store+??+Uses,+Dosage+???Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: HTTP/1.1
Server: 208.91.60.7 , United States, ASN14244 (NSIHOSTING-EQX-VA, US),
Reverse DNS
Software: /
Resource Hash: 777fd3cae235313f40770e1af8a7fa1c1a326e040d79014f2bd732a1f5153a51

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Sun, 02 Jan 2022 00:38:25 GMT
Last-Modified: Sun, 02 Jan 2022 00:37:46 GMT
Age: 1181052
ETag: "2702620311"
X-Cache: HIT
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Expires: Tue, 01 Feb 2022 00:38:25 GMT
Cache-Control: max-age=2592000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 2369
X-Cache-Hits: 11769

GET
H/1.1 200
OK Q1-12_r90x60.jpg
worldonline.media.clients.ellingtoncms.com/img/photos/2022/01/13/ 5 KB
6 KB 92ms
92ms Image
image/jpeg 208.91.60.7
NSIHOSTING-EQX-VA

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://worldonline.media.clients.ellingtoncms.com/img/photos/2022/01/13/Q1-12_r90x60.jpg?781011941c6c07bdfc65b7b14fce7e91909b1ea6
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=???+Buy+Hydroxychloroquine+Over+the+Counter:+??+www.HealsPills.store+??+Uses,+Dosage+???Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: HTTP/1.1
Server: 208.91.60.7 , United States, ASN14244 (NSIHOSTING-EQX-VA, US),
Reverse DNS
Software: /
Resource Hash: 0de9144bce06e89231efdcb0acd8d48483ca86649c44e991895fbf4dff221cf9

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Fri, 14 Jan 2022 03:07:20 GMT
Last-Modified: Fri, 14 Jan 2022 03:03:33 GMT
Age: 135317
ETag: "3335947030"
X-Cache: HIT
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Expires: Sun, 13 Feb 2022 03:07:20 GMT
Cache-Control: max-age=2592000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 5352
X-Cache-Hits: 327

GET
H/1.1 200
OK Q1-3_r90x60.jpg
worldonline.media.clients.ellingtoncms.com/img/photos/2022/01/12/ 5 KB
5 KB 91ms
89ms Image
image/jpeg 208.91.60.7
NSIHOSTING-EQX-VA

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://worldonline.media.clients.ellingtoncms.com/img/photos/2022/01/12/Q1-3_r90x60.jpg?781011941c6c07bdfc65b7b14fce7e91909b1ea6
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=???+Buy+Hydroxychloroquine+Over+the+Counter:+??+www.HealsPills.store+??+Uses,+Dosage+???Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: HTTP/1.1
Server: 208.91.60.7 , United States, ASN14244 (NSIHOSTING-EQX-VA, US),
Reverse DNS
Software: /
Resource Hash: c8bbd5afa4c30e05186b03ce140ee8bb262f7bf321d74d04042d11fa05eadfae

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Thu, 13 Jan 2022 02:51:54 GMT
Last-Modified: Thu, 13 Jan 2022 02:45:51 GMT
Age: 222643
ETag: "1873852374"
X-Cache: HIT
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Expires: Sat, 12 Feb 2022 02:51:54 GMT
Cache-Control: max-age=2592000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 4944
X-Cache-Hits: 696

GET
H/1.1 200
OK Screen_Shot_2022-01-12_at_2.59.36_PM_r90x60.png
worldonline.media.clients.ellingtoncms.com/img/photos/2022/01/12/ 11 KB
11 KB 94ms
93ms Image
image/png 208.91.60.7
NSIHOSTING-EQX-VA

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://worldonline.media.clients.ellingtoncms.com/img/photos/2022/01/12/Screen_Shot_2022-01-12_at_2.59.36_PM_r90x60.png?781011941c6c07bdfc65b7b14fce7e91909b1ea6
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=???+Buy+Hydroxychloroquine+Over+the+Counter:+??+www.HealsPills.store+??+Uses,+Dosage+???Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: HTTP/1.1
Server: 208.91.60.7 , United States, ASN14244 (NSIHOSTING-EQX-VA, US),
Reverse DNS
Software: /
Resource Hash: ba17a6a569b64b5d243273cde129feedf2b7fc5180be7bca1eb297572aafb809

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Wed, 12 Jan 2022 23:14:29 GMT
Last-Modified: Wed, 12 Jan 2022 23:11:40 GMT
Age: 235688
ETag: "2381718166"
X-Cache: HIT
Content-Type: image/png
Access-Control-Allow-Origin: *
Expires: Fri, 11 Feb 2022 23:14:29 GMT
Cache-Control: max-age=2592000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 11303
X-Cache-Hits: 729

GET
H/1.1 200
OK ku_bkc_isu_27_hEALDKE_r90x60.jpg
worldonline.media.clients.ellingtoncms.com/img/photos/2022/01/12/ 5 KB
5 KB 95ms
94ms Image
image/jpeg 208.91.60.7
NSIHOSTING-EQX-VA

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://worldonline.media.clients.ellingtoncms.com/img/photos/2022/01/12/ku_bkc_isu_27_hEALDKE_r90x60.jpg?781011941c6c07bdfc65b7b14fce7e91909b1ea6
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=???+Buy+Hydroxychloroquine+Over+the+Counter:+??+www.HealsPills.store+??+Uses,+Dosage+???Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: HTTP/1.1
Server: 208.91.60.7 , United States, ASN14244 (NSIHOSTING-EQX-VA, US),
Reverse DNS
Software: /
Resource Hash: 858a0e23502aa2fcb9ae9e6a1f746e3b9f9e0967f383215898bae4ca797fc67c

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Wed, 12 Jan 2022 17:25:42 GMT
Last-Modified: Wed, 12 Jan 2022 17:25:16 GMT
Age: 256614
ETag: "152379321"
X-Cache: HIT
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Expires: Fri, 11 Feb 2022 17:25:42 GMT
Cache-Control: max-age=2592000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 4698
X-Cache-Hits: 3137

GET
H/1.1 200
OK ku_bkc_isu_06_r90x60.jpg
worldonline.media.clients.ellingtoncms.com/img/photos/2022/01/11/ 4 KB
5 KB 94ms
93ms Image
image/jpeg 208.91.60.7
NSIHOSTING-EQX-VA

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://worldonline.media.clients.ellingtoncms.com/img/photos/2022/01/11/ku_bkc_isu_06_r90x60.jpg?781011941c6c07bdfc65b7b14fce7e91909b1ea6
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=???+Buy+Hydroxychloroquine+Over+the+Counter:+??+www.HealsPills.store+??+Uses,+Dosage+???Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: HTTP/1.1
Server: 208.91.60.7 , United States, ASN14244 (NSIHOSTING-EQX-VA, US),
Reverse DNS
Software: /
Resource Hash: f0eb8a4eac4068c80d1249dfde9bcc0adbb127f197edd147ed6e2304e8d01f5c

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Wed, 12 Jan 2022 02:52:54 GMT
Last-Modified: Wed, 12 Jan 2022 02:51:57 GMT
Age: 308983
ETag: "51230602"
X-Cache: HIT
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Expires: Fri, 11 Feb 2022 02:52:54 GMT
Cache-Control: max-age=2592000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 4440
X-Cache-Hits: 3954

GET
H/1.1 200
OK ku_bkc_isu_07_r90x60.jpg
worldonline.media.clients.ellingtoncms.com/img/photos/2022/01/11/ 4 KB
4 KB 96ms
95ms Image
image/jpeg 208.91.60.7
NSIHOSTING-EQX-VA

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://worldonline.media.clients.ellingtoncms.com/img/photos/2022/01/11/ku_bkc_isu_07_r90x60.jpg?781011941c6c07bdfc65b7b14fce7e91909b1ea6
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=???+Buy+Hydroxychloroquine+Over+the+Counter:+??+www.HealsPills.store+??+Uses,+Dosage+???Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: HTTP/1.1
Server: 208.91.60.7 , United States, ASN14244 (NSIHOSTING-EQX-VA, US),
Reverse DNS
Software: /
Resource Hash: 770f39534d503d9feff3bf990db12b6775bcb8bf7a06a178d326dce53d0ab5e9

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Wed, 12 Jan 2022 03:51:12 GMT
Last-Modified: Wed, 12 Jan 2022 03:51:04 GMT
Age: 305484
ETag: "2950923106"
X-Cache: HIT
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Expires: Fri, 11 Feb 2022 03:51:12 GMT
Cache-Control: max-age=2592000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 4179
X-Cache-Hits: 3828

GET
H/1.1 200
OK ku_bkc_isu_11_r90x60.jpg
worldonline.media.clients.ellingtoncms.com/img/photos/2022/01/11/ 5 KB
5 KB 92ms
92ms Image
image/jpeg 208.91.60.7
NSIHOSTING-EQX-VA

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://worldonline.media.clients.ellingtoncms.com/img/photos/2022/01/11/ku_bkc_isu_11_r90x60.jpg?781011941c6c07bdfc65b7b14fce7e91909b1ea6
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=???+Buy+Hydroxychloroquine+Over+the+Counter:+??+www.HealsPills.store+??+Uses,+Dosage+???Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: HTTP/1.1
Server: 208.91.60.7 , United States, ASN14244 (NSIHOSTING-EQX-VA, US),
Reverse DNS
Software: /
Resource Hash: 1097c01b38cb84d60d03c6ceaba1616b06740a5bb2bbd3d82ec559ab07204035

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Wed, 12 Jan 2022 03:51:13 GMT
Last-Modified: Wed, 12 Jan 2022 03:51:11 GMT
Age: 305483
ETag: "2304803659"
X-Cache: HIT
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Expires: Fri, 11 Feb 2022 03:51:13 GMT
Cache-Control: max-age=2592000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 4754
X-Cache-Hits: 3855

GET
H/1.1 200
OK ku_bkc_isu_09_r90x60.jpg
worldonline.media.clients.ellingtoncms.com/img/photos/2022/01/11/ 5 KB
5 KB 91ms
91ms Image
image/jpeg 208.91.60.7
NSIHOSTING-EQX-VA

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://worldonline.media.clients.ellingtoncms.com/img/photos/2022/01/11/ku_bkc_isu_09_r90x60.jpg?781011941c6c07bdfc65b7b14fce7e91909b1ea6
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=???+Buy+Hydroxychloroquine+Over+the+Counter:+??+www.HealsPills.store+??+Uses,+Dosage+???Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: HTTP/1.1
Server: 208.91.60.7 , United States, ASN14244 (NSIHOSTING-EQX-VA, US),
Reverse DNS
Software: /
Resource Hash: d6a97846477d5f74dc49c320addd8360addfd351e22f14206c145c4a44d13bdf

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Wed, 12 Jan 2022 03:51:13 GMT
Last-Modified: Wed, 12 Jan 2022 03:51:11 GMT
Age: 305483
ETag: "3093398357"
X-Cache: HIT
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Expires: Fri, 11 Feb 2022 03:51:13 GMT
Cache-Control: max-age=2592000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 4866
X-Cache-Hits: 3855

GET
H/1.1 200
OK ku_bkc_isu_08_r90x60.jpg
worldonline.media.clients.ellingtoncms.com/img/photos/2022/01/11/ 5 KB
5 KB 94ms
93ms Image
image/jpeg 208.91.60.7
NSIHOSTING-EQX-VA

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://worldonline.media.clients.ellingtoncms.com/img/photos/2022/01/11/ku_bkc_isu_08_r90x60.jpg?781011941c6c07bdfc65b7b14fce7e91909b1ea6
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=???+Buy+Hydroxychloroquine+Over+the+Counter:+??+www.HealsPills.store+??+Uses,+Dosage+???Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: HTTP/1.1
Server: 208.91.60.7 , United States, ASN14244 (NSIHOSTING-EQX-VA, US),
Reverse DNS
Software: /
Resource Hash: 33a7f1daa51a3d81a190b331e6ce2bdca98966dc7846894d5619c87a3ceb319e

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Wed, 12 Jan 2022 03:52:14 GMT
Last-Modified: Wed, 12 Jan 2022 03:51:46 GMT
Age: 305422
ETag: "1265338338"
X-Cache: HIT
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Expires: Fri, 11 Feb 2022 03:52:14 GMT
Cache-Control: max-age=2592000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 5090
X-Cache-Hits: 3858

GET
H/1.1 200
OK ku_bkc_isu_14_r90x60.jpg
worldonline.media.clients.ellingtoncms.com/img/photos/2022/01/11/ 4 KB
5 KB 93ms
93ms Image
image/jpeg 208.91.60.7
NSIHOSTING-EQX-VA

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://worldonline.media.clients.ellingtoncms.com/img/photos/2022/01/11/ku_bkc_isu_14_r90x60.jpg?781011941c6c07bdfc65b7b14fce7e91909b1ea6
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=???+Buy+Hydroxychloroquine+Over+the+Counter:+??+www.HealsPills.store+??+Uses,+Dosage+???Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: HTTP/1.1
Server: 208.91.60.7 , United States, ASN14244 (NSIHOSTING-EQX-VA, US),
Reverse DNS
Software: /
Resource Hash: ccef7c15c0af13ab8c5f8008e24095ac3d6e6376b6d7ac86f60c5b85578855ba

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Wed, 12 Jan 2022 03:52:14 GMT
Last-Modified: Wed, 12 Jan 2022 03:51:46 GMT
Age: 305422
ETag: "1525319590"
X-Cache: HIT
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Expires: Fri, 11 Feb 2022 03:52:14 GMT
Cache-Control: max-age=2592000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 4283
X-Cache-Hits: 3835

GET
H/1.1 200
OK ku_bkc_isu_10_r90x60.jpg
worldonline.media.clients.ellingtoncms.com/img/photos/2022/01/11/ 5 KB
5 KB 94ms
93ms Image
image/jpeg 208.91.60.7
NSIHOSTING-EQX-VA

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://worldonline.media.clients.ellingtoncms.com/img/photos/2022/01/11/ku_bkc_isu_10_r90x60.jpg?781011941c6c07bdfc65b7b14fce7e91909b1ea6
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=???+Buy+Hydroxychloroquine+Over+the+Counter:+??+www.HealsPills.store+??+Uses,+Dosage+???Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: HTTP/1.1
Server: 208.91.60.7 , United States, ASN14244 (NSIHOSTING-EQX-VA, US),
Reverse DNS
Software: /
Resource Hash: df79e61186e6f38bfe193b619c426fd6e7fb7cf732f14a2e358329a739461ef4

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Wed, 12 Jan 2022 03:52:48 GMT
Last-Modified: Wed, 12 Jan 2022 03:52:28 GMT
Age: 305389
ETag: "2610988834"
X-Cache: HIT
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Expires: Fri, 11 Feb 2022 03:52:48 GMT
Cache-Control: max-age=2592000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 4741
X-Cache-Hits: 3832

GET
H/1.1 200
OK ku_bkc_isu_15_r90x60.jpg
worldonline.media.clients.ellingtoncms.com/img/photos/2022/01/11/ 5 KB
5 KB 95ms
95ms Image
image/jpeg 208.91.60.7
NSIHOSTING-EQX-VA

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://worldonline.media.clients.ellingtoncms.com/img/photos/2022/01/11/ku_bkc_isu_15_r90x60.jpg?781011941c6c07bdfc65b7b14fce7e91909b1ea6
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=???+Buy+Hydroxychloroquine+Over+the+Counter:+??+www.HealsPills.store+??+Uses,+Dosage+???Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: HTTP/1.1
Server: 208.91.60.7 , United States, ASN14244 (NSIHOSTING-EQX-VA, US),
Reverse DNS
Software: /
Resource Hash: 0e25495ffd09f6b677ce228b97bc09623d45aa81fc770413c46259a040b81fbc

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Wed, 12 Jan 2022 03:52:48 GMT
Last-Modified: Wed, 12 Jan 2022 03:52:28 GMT
Age: 305389
ETag: "2854717244"
X-Cache: HIT
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Expires: Fri, 11 Feb 2022 03:52:48 GMT
Cache-Control: max-age=2592000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 4872
X-Cache-Hits: 3842

GET
H/1.1 200
OK site.js Show response
worldonline.media.clients.ellingtoncms.com/static/kusports.com/javascript/ 8 KB
9 KB 98ms
97ms Script
text/javascript 208.91.60.7
NSIHOSTING-EQX-VA

General

Check archive.org

Show headers Download Go to

Full URL: http://worldonline.media.clients.ellingtoncms.com/static/kusports.com/javascript/site.js
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=???+Buy+Hydroxychloroquine+Over+the+Counter:+??+www.HealsPills.store+??+Uses,+Dosage+???Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: HTTP/1.1
Server: 208.91.60.7 , United States, ASN14244 (NSIHOSTING-EQX-VA, US),
Reverse DNS
Software: /
Resource Hash: 762f2135d7f709ed01ed2a4829ac28b051d6df007aec607df238d60950b03453

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Sat, 15 Jan 2022 16:42:37 GMT
Last-Modified: Tue, 24 Feb 2015 21:33:28 GMT
Age: 0
ETag: "475726466"
Vary: Accept-Encoding
X-Cache: MISS
Content-Type: text/javascript
Access-Control-Allow-Origin: *
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 8431
X-Cache-Hits: 0

GET
H/1.1 200
OK jquery.ui.js Show response
worldonline.media.clients.ellingtoncms.com/static/ellington_defaults/2.2.0/javascript/thirdparty/ 188 KB
188 KB 95ms
95ms Script
text/javascript 208.91.60.7
NSIHOSTING-EQX-VA

General

Check archive.org

Show headers Download Go to

Full URL: http://worldonline.media.clients.ellingtoncms.com/static/ellington_defaults/2.2.0/javascript/thirdparty/jquery.ui.js
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=???+Buy+Hydroxychloroquine+Over+the+Counter:+??+www.HealsPills.store+??+Uses,+Dosage+???Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: HTTP/1.1
Server: 208.91.60.7 , United States, ASN14244 (NSIHOSTING-EQX-VA, US),
Reverse DNS
Software: /
Resource Hash: f515ed490405435b0c8a7ede74fd2c8e7834ee45c81aa76db3736fe50dc1da87

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Sat, 15 Jan 2022 16:42:37 GMT
Last-Modified: Thu, 13 Mar 2014 08:57:18 GMT
Age: 0
ETag: "3699883348"
Vary: Accept-Encoding
X-Cache: MISS
Content-Type: text/javascript
Access-Control-Allow-Origin: *
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 192328
X-Cache-Hits: 0

GET
H/1.1 200
OK jquery.lightbox_me.js Show response
worldonline.media.clients.ellingtoncms.com/static/worldonline_defaults/javascript/3p/lightbox_me/ 9 KB
10 KB 99ms
97ms Script
text/javascript 208.91.60.7
NSIHOSTING-EQX-VA

General

Check archive.org

Show headers Download Go to

Full URL: http://worldonline.media.clients.ellingtoncms.com/static/worldonline_defaults/javascript/3p/lightbox_me/jquery.lightbox_me.js
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=???+Buy+Hydroxychloroquine+Over+the+Counter:+??+www.HealsPills.store+??+Uses,+Dosage+???Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: HTTP/1.1
Server: 208.91.60.7 , United States, ASN14244 (NSIHOSTING-EQX-VA, US),
Reverse DNS
Software: /
Resource Hash: be18e4f5d4b03d521cd77cab0bd078809764b28e93abd36def170df9b9a93411

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Sat, 15 Jan 2022 16:42:37 GMT
Last-Modified: Wed, 30 Jan 2013 22:35:06 GMT
Age: 0
ETag: "1718161862"
Vary: Accept-Encoding
X-Cache: MISS
Content-Type: text/javascript
Access-Control-Allow-Origin: *
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 9630
X-Cache-Hits: 0

GET
H/1.1 200
OK jquery.autofocus-min.js Show response
worldonline.media.clients.ellingtoncms.com/static/worldonline_defaults/javascript/3p/ 205 B
520 B 102ms
96ms Script
text/javascript 208.91.60.7
NSIHOSTING-EQX-VA

General

Check archive.org

Show headers Download Go to

Full URL: http://worldonline.media.clients.ellingtoncms.com/static/worldonline_defaults/javascript/3p/jquery.autofocus-min.js
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=???+Buy+Hydroxychloroquine+Over+the+Counter:+??+www.HealsPills.store+??+Uses,+Dosage+???Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: HTTP/1.1
Server: 208.91.60.7 , United States, ASN14244 (NSIHOSTING-EQX-VA, US),
Reverse DNS
Software: /
Resource Hash: 51d53492d7322fd92bdeb78693bda92a5810de0906203c9d800f36f3650e7c58

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Sat, 15 Jan 2022 16:42:37 GMT
Last-Modified: Wed, 30 Jan 2013 22:35:06 GMT
Age: 0
ETag: "4170269388"
Vary: Accept-Encoding
X-Cache: MISS
Content-Type: text/javascript
Access-Control-Allow-Origin: *
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 205
X-Cache-Hits: 0

GET
H/1.1 200
OK wol.defaults.js Show response
worldonline.media.clients.ellingtoncms.com/static/worldonline_defaults/javascript/ 8 KB
9 KB 98ms
92ms Script
text/javascript 208.91.60.7
NSIHOSTING-EQX-VA

General

Check archive.org

Show headers Download Go to

Full URL: http://worldonline.media.clients.ellingtoncms.com/static/worldonline_defaults/javascript/wol.defaults.js?v=2
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=???+Buy+Hydroxychloroquine+Over+the+Counter:+??+www.HealsPills.store+??+Uses,+Dosage+???Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: HTTP/1.1
Server: 208.91.60.7 , United States, ASN14244 (NSIHOSTING-EQX-VA, US),
Reverse DNS
Software: /
Resource Hash: 26e2c6e5dcba43026ac44b78c9c73bb51d099a786ca808c9a2061c3ed81625e2

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Sat, 15 Jan 2022 16:42:37 GMT
Last-Modified: Tue, 21 Feb 2017 23:03:07 GMT
Age: 0
ETag: "4156348889"
Vary: Accept-Encoding
X-Cache: MISS
Content-Type: text/javascript
Access-Control-Allow-Origin: *
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 8519
X-Cache-Hits: 0

GET
H/1.1 200
OK jquery.media.js Show response
worldonline.media.clients.ellingtoncms.com/static/ellington_default_old/javascript/ 15 KB
15 KB 100ms
95ms Script
text/javascript 208.91.60.7
NSIHOSTING-EQX-VA

General

Check archive.org

Show headers Download Go to

Full URL: http://worldonline.media.clients.ellingtoncms.com/static/ellington_default_old/javascript/jquery.media.js
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=???+Buy+Hydroxychloroquine+Over+the+Counter:+??+www.HealsPills.store+??+Uses,+Dosage+???Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: HTTP/1.1
Server: 208.91.60.7 , United States, ASN14244 (NSIHOSTING-EQX-VA, US),
Reverse DNS
Software: /
Resource Hash: 1979e136df73c0182593b957b1ccb3c6b659c018e3ae61b13f9db6ca3377acbd

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Sat, 15 Jan 2022 16:42:37 GMT
Last-Modified: Wed, 30 Jan 2013 22:35:38 GMT
Age: 0
ETag: "555824375"
Vary: Accept-Encoding
X-Cache: MISS
Content-Type: text/javascript
Access-Control-Allow-Origin: *
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 14973
X-Cache-Hits: 0

GET
H/1.1 200
OK jquery.defaults.js Show response
worldonline.media.clients.ellingtoncms.com/static/ellington_default_old/javascript/ 9 KB
10 KB 98ms
98ms Script
text/javascript 208.91.60.7
NSIHOSTING-EQX-VA

General

Check archive.org

Show headers Download Go to

Full URL: http://worldonline.media.clients.ellingtoncms.com/static/ellington_default_old/javascript/jquery.defaults.js
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=???+Buy+Hydroxychloroquine+Over+the+Counter:+??+www.HealsPills.store+??+Uses,+Dosage+???Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: HTTP/1.1
Server: 208.91.60.7 , United States, ASN14244 (NSIHOSTING-EQX-VA, US),
Reverse DNS
Software: /
Resource Hash: 904341d95fce95e7520a3a6ecb4d0b337038c2f5d277874a563e0e24fd90e709

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Sat, 15 Jan 2022 16:42:37 GMT
Last-Modified: Wed, 30 Jan 2013 22:35:37 GMT
Age: 0
ETag: "2997555603"
Vary: Accept-Encoding
X-Cache: MISS
Content-Type: text/javascript
Access-Control-Allow-Origin: *
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 9541
X-Cache-Hits: 0

GET
H/1.1 200
OK extended_sharingtools.js Show response
worldonline.media.clients.ellingtoncms.com/static/worldonline_defaults/javascript/ 672 B
987 B 96ms
95ms Script
text/javascript 208.91.60.7
NSIHOSTING-EQX-VA

General

Check archive.org

Show headers Download Go to

Full URL: http://worldonline.media.clients.ellingtoncms.com/static/worldonline_defaults/javascript/extended_sharingtools.js
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=???+Buy+Hydroxychloroquine+Over+the+Counter:+??+www.HealsPills.store+??+Uses,+Dosage+???Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: HTTP/1.1
Server: 208.91.60.7 , United States, ASN14244 (NSIHOSTING-EQX-VA, US),
Reverse DNS
Software: /
Resource Hash: a821eac48e731c18eb2ed4bce2c2804add93870078ce7a75b643357e6a98a9fe

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Sat, 15 Jan 2022 16:42:37 GMT
Last-Modified: Wed, 30 Jan 2013 22:35:06 GMT
Age: 0
ETag: "2333373124"
Vary: Accept-Encoding
X-Cache: MISS
Content-Type: text/javascript
Access-Control-Allow-Origin: *
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 672
X-Cache-Hits: 0

GET
H/1.1 200
OK repost.js Show response
worldonline.media.clients.ellingtoncms.com/static/worldonline_defaults/javascript/ 2 KB
2 KB 96ms
96ms Script
text/javascript 208.91.60.7
NSIHOSTING-EQX-VA

General

Check archive.org

Show headers Download Go to

Full URL: http://worldonline.media.clients.ellingtoncms.com/static/worldonline_defaults/javascript/repost.js
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=???+Buy+Hydroxychloroquine+Over+the+Counter:+??+www.HealsPills.store+??+Uses,+Dosage+???Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: HTTP/1.1
Server: 208.91.60.7 , United States, ASN14244 (NSIHOSTING-EQX-VA, US),
Reverse DNS
Software: /
Resource Hash: 9e25ba946939ee4a3d6b5acc652b3a3d3c87f0b982d9a35b9fd19f37b3bee4ab

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Sat, 15 Jan 2022 16:42:37 GMT
Last-Modified: Wed, 30 Jan 2013 22:35:06 GMT
Age: 0
ETag: "3270185738"
Vary: Accept-Encoding
X-Cache: MISS
Content-Type: text/javascript
Access-Control-Allow-Origin: *
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 2098
X-Cache-Hits: 0

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 97 KB
38 KB 53ms
31ms Script
application/javascript 2a00:1450:4001:809::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-NQ7KXJ6

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

61fc6b2e6ade614703f36702e86e66785c0fe8060e6da84c001cdc98611e7135

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 16:42:37 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 38332
x-xss-protection: 0
last-modified: Sat, 15 Jan 2022 15:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Sat, 15 Jan 2022 16:42:37 GMT

GET
H/1.1 200
OK print.css
worldonline.media.clients.ellingtoncms.com/static/ellington_defaults/2.3.0/stylesheets/ 481 B
789 B 92ms
91ms Stylesheet
text/css 208.91.60.7
NSIHOSTING-EQX-VA

General

Check archive.org

Show headers Download Go to

Full URL: http://worldonline.media.clients.ellingtoncms.com/static/ellington_defaults/2.3.0/stylesheets/print.css
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=???+Buy+Hydroxychloroquine+Over+the+Counter:+??+www.HealsPills.store+??+Uses,+Dosage+???Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: HTTP/1.1
Server: 208.91.60.7 , United States, ASN14244 (NSIHOSTING-EQX-VA, US),
Reverse DNS
Software: /
Resource Hash: 1b67d92a3588252269bc6cdeca8fbfccb5446d70e0cfcdcdaf78898d815d9c62

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Sat, 15 Jan 2022 16:42:38 GMT
Last-Modified: Tue, 28 Oct 2014 21:34:32 GMT
Age: 0
ETag: "2537664774"
Vary: Accept-Encoding
X-Cache: MISS
Content-Type: text/css
Access-Control-Allow-Origin: *
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 481
X-Cache-Hits: 0

GET
H/1.1 200
OK print.css
worldonline.media.clients.ellingtoncms.com/static/kusports.com/stylesheets/ 1 KB
1 KB 91ms
91ms Stylesheet
text/css 208.91.60.7
NSIHOSTING-EQX-VA

General

Check archive.org

Show headers Download Go to

Full URL: http://worldonline.media.clients.ellingtoncms.com/static/kusports.com/stylesheets/print.css
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=???+Buy+Hydroxychloroquine+Over+the+Counter:+??+www.HealsPills.store+??+Uses,+Dosage+???Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: HTTP/1.1
Server: 208.91.60.7 , United States, ASN14244 (NSIHOSTING-EQX-VA, US),
Reverse DNS
Software: /
Resource Hash: 2f9c35e984c1b63a7e6b13f07d6afb5d8335a1aba0e382d7e0c66e23b049de68

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Sat, 15 Jan 2022 16:42:37 GMT
Last-Modified: Wed, 30 Jan 2013 22:35:36 GMT
Age: 0
ETag: "3868070813"
Vary: Accept-Encoding
X-Cache: MISS
Content-Type: text/css
Access-Control-Allow-Origin: *
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1192
X-Cache-Hits: 0

GET
H/1.1 403
Forbidden gen_204 Show response
maps.googleapis.com/maps/api/mapsjs/ 133 B
621 B 23ms
17ms XHR
application/json 2a00:1450:4001:827::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

http://maps.googleapis.com/maps/api/mapsjs/gen_204?csp_test=true

Requested by

Host: maps.google.com
URL: http://maps.google.com/maps/api/js?sensor=true

Protocol

HTTP/1.1

Server

2a00:1450:4001:827::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

scaffolding on HTTPServer2 /

Resource Hash

eb81dbb47530932dd4d6eac5041f8c4462f17c0b87c8ef699b24dbafc5a8c861

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Sat, 15 Jan 2022 16:42:36 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Server: scaffolding on HTTPServer2
X-Frame-Options: SAMEORIGIN
Content-Type: application/json; charset=UTF-8
Access-Control-Allow-Origin: http://www2.kusports.com
Access-Control-Expose-Headers: vary,vary,vary,content-encoding,date,server,content-length
Cache-Control: private
Vary: Origin, X-Origin, Referer
Content-Length: 132
X-XSS-Protection: 0

GET
H2 200 toeMSvHmP_4fPO2bOZYY87iEN82c5Cz4OimLjg_YbLj670aB-v2iE843QETaIw-2wkW6Lth0vCX Show response
quizzicalzephyr.com/v2/0/ 88 KB
26 KB 497ms
298ms Script
text/javascript 35.190.90.202
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://quizzicalzephyr.com/v2/0/toeMSvHmP_4fPO2bOZYY87iEN82c5Cz4OimLjg_YbLj670aB-v2iE843QETaIw-2wkW6Lth0vCX

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

35.190.90.202 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

202.90.190.35.bc.googleusercontent.com

Software

Resource Hash

8cd36d44cbe77da83d36feb6eac124b88175db50d43c72fc3a95a2a3741e617a

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

strict-transport-security: max-age=15724800; preload
content-encoding: br
x-datacenter: gce-europe-west1
etag: "d048ce9981aa6a014c6986e43ada627a91ddce6f621b858b3bb78a0dd00e7716"
vary: Accept-Encoding, Accept-Language
x-hostname: fen-hoothoot-europe-west1-spot-d6q6
content-type: text/javascript; charset=utf-8
cache-control: private, must-revalidate, max-age=21600
date: Sat, 15 Jan 2022 16:42:37 GMT
timing-allow-origin: *

GET
H/1.1 200
OK gpt.js Show response
www.googletagservices.com/tag/js/ 78 KB
27 KB 20ms
14ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

http://www.googletagservices.com/tag/js/gpt.js

Requested by

Protocol

HTTP/1.1

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

37ffaf519d628423e1ea7147364a8d2af10c3b63f3ec5a9b598f989aeaafd74c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Sat, 15 Jan 2022 16:42:37 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Server: sffe
ETag: "1102 / 714 of 1000 / last-modified: 1642206167"
Vary: Accept-Encoding
Report-To: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
Content-Type: text/javascript
Cache-Control: private, max-age=900, stale-while-revalidate=3600
Cross-Origin-Resource-Policy: cross-origin
Timing-Allow-Origin: *
Content-Length: 26979
X-XSS-Protection: 0
Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="ads-gpt-scs"
Expires: Sat, 15 Jan 2022 16:42:37 GMT

GET
H2

200

fbevents.js Show response
connect.facebook.net/en_US/
Redirect Chain

http://connect.facebook.net/en_US/fbevents.js
https://connect.facebook.net/en_US/fbevents.js

98 KB
26 KB

22ms
7ms

Script
application/x-javascript

2a03:2880:f02d:100:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Protocol

Server

2a03:2880:f02d:100:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

b23807a4c5d90afca0dc47d688c0a05302779429dab75f5e6182562dcc2970f6

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding: gzip
x-content-type-options: nosniff
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=3600,h3-29=":443"; ma=3600
content-length: 25965
x-xss-protection: 0
pragma: public
x-fb-debug: m9dWaEJp6sRcr/plhC7IZt1EQ41WacPmGw0/+zPAXJTrxSV+p5paIDnmjw6oJFBIdT1Jlh46Lwkr0KVEKYtbLg==
x-fb-trip-id: 917726464
x-frame-options: DENY
date: Sat, 15 Jan 2022 16:42:37 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
x-fb-rlafr: 0
expires: Sat, 01 Jan 2000 00:00:00 GMT

Redirect headers

Location: https://connect.facebook.net/en_US/fbevents.js
Non-Authoritative-Reason: HSTS

GET
H/1.1 200
OK loader.js Show response
cdn.taboola.com/libtrc/theworldcompany-network/ 342 KB
33 KB 236ms
215ms Script
application/javascript 151.101.1.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: http://cdn.taboola.com/libtrc/theworldcompany-network/loader.js
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=???+Buy+Hydroxychloroquine+Over+the+Counter:+??+www.HealsPills.store+??+Uses,+Dosage+???Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: HTTP/1.1
Server: 151.101.1.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: obaker.95.1.2-11.184 /
Resource Hash: 9d260eb3d33f4638a5a13ea33c2ff3693fb8e25d6d02e77cac784508a58f3545

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

X-Amz-Version-Id: ShnZPVBCXVM7wd4SCTUp9Qg9nYW1fSH6
Content-Encoding: gzip
Etag: "a776b835b6ab86abf29d74fe1ba42a6b6d4a3fc1"
Age: 0
Via: 1.1 varnish
X-Cache: MISS
X-From-Cache: 1
Connection: keep-alive
Content-Length: 32603
X-Amz-Id-2: 7B1CNi/69mAX3OX2cMrZfGqIlE8lXYgSNoFIxwK8tLWtm0+hPjyHF0bT4WcgDm6zTkSEMmip0J4=
X-Served-By: cache-mxp6925-MXP
Last-Modified: Sat, 15 Jan 2022 16:42:37 UTC
Server: obaker.95.1.2-11.184
X-Timer: S1642264957.314930,VS0,VE200
Date: Sat, 15 Jan 2022 16:42:37 GMT
Vary: Accept-Encoding, Accept-Encoding
X-Amz-Request-Id: ZPBXR9GKZ0VCQTSZ
Access-Control-Allow-Origin: *
Cache-Control: private,max-age=14400
Accept-Ranges: bytes
Content-Type: application/javascript; charset=utf-8
abp: 6
X-Cache-Hits: 0

GET
H2 200 6fae6b69d349c48f
pixel.sitescout.com/up/ 43 B
267 B 88ms
29ms Image
image/gif 66.155.71.149
COGECO-PEER1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.sitescout.com/up/6fae6b69d349c48f?cntr_url=http%3A%2F%2Fwww2.kusports.com%2Fsearch%2Fvertical%2Fphotogalleries.gallery%2F%3Fq%3D%3F%3F%3F%2BBuy%2BHydroxychloroquine%2BOver%2Bthe%2BCounter%3A%2B%3F%3F%2Bwww.HealsPills.store%2B%3F%3F%2BUses%2C%2BDosage%2B%3F%3F%3FBuy%2BHydroxychloroquine%2BSulfate%2BBuy%2BHydroxychloroquine
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=???+Buy+Hydroxychloroquine+Over+the+Counter:+??+www.HealsPills.store+??+Uses,+Dosage+???Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 66.155.71.149 Portsmouth, United Kingdom, ASN13768 (COGECO-PEER1, CA),
Reverse DNS
Software: AC1.1 /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 15 Jan 2022 16:42:36 GMT
server: AC1.1
p3p: CP="NON DEVa PSAa PSDa OUR NOR NAV",policyref="/w3c/p3p.xml"
cache-control: max-age=0,no-cache,no-store
content-type: image/gif
content-length: 43
expires: Tue, 11 Oct 1977 12:34:56 GMT

GET
H/1.1 200
OK bg.png
worldonline.media.clients.ellingtoncms.com/static/kusports.com/images/light/ 1 KB
2 KB 162ms
105ms Image
image/png 208.91.60.7
NSIHOSTING-EQX-VA

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://worldonline.media.clients.ellingtoncms.com/static/kusports.com/images/light/bg.png
Requested by: Host: worldonline.media.clients.ellingtoncms.com
URL: http://worldonline.media.clients.ellingtoncms.com/static/kusports.com/stylesheets/core.css?123
Protocol: HTTP/1.1
Server: 208.91.60.7 , United States, ASN14244 (NSIHOSTING-EQX-VA, US),
Reverse DNS
Software: /
Resource Hash: 2b911d51ed949642e3d9b146c0ac22914c134bcb104a0acfe8df42353d168a3e

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://worldonline.media.clients.ellingtoncms.com/static/kusports.com/stylesheets/core.css?123
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Sat, 15 Jan 2022 16:42:37 GMT
Last-Modified: Wed, 30 Jan 2013 22:35:34 GMT
Age: 0
ETag: "3601798039"
X-Cache: MISS
Content-Type: image/png
Access-Control-Allow-Origin: *
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1501
X-Cache-Hits: 0

GET
H/1.1 200
OK gradient_bg.png
worldonline.media.clients.ellingtoncms.com/static/kusports.com/images/light/ 28 KB
28 KB 174ms
93ms Image
image/png 208.91.60.7
NSIHOSTING-EQX-VA

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://worldonline.media.clients.ellingtoncms.com/static/kusports.com/images/light/gradient_bg.png
Requested by: Host: worldonline.media.clients.ellingtoncms.com
URL: http://worldonline.media.clients.ellingtoncms.com/static/kusports.com/stylesheets/core.css?123
Protocol: HTTP/1.1
Server: 208.91.60.7 , United States, ASN14244 (NSIHOSTING-EQX-VA, US),
Reverse DNS
Software: /
Resource Hash: c302efe6c47d24adb92d327f1c3a8383d9593acd29699464309e0b295700d4f5

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://worldonline.media.clients.ellingtoncms.com/static/kusports.com/stylesheets/core.css?123
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Sat, 15 Jan 2022 16:42:37 GMT
Last-Modified: Wed, 30 Jan 2013 22:35:34 GMT
Age: 0
ETag: "1122053897"
X-Cache: MISS
Content-Type: image/png
Access-Control-Allow-Origin: *
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 28296
X-Cache-Hits: 0

GET
H/1.1 200
OK button_bg.gif
worldonline.media.clients.ellingtoncms.com/static/ellington_default_old/images/ 274 B
559 B 165ms
97ms Image
image/gif 208.91.60.7
NSIHOSTING-EQX-VA

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://worldonline.media.clients.ellingtoncms.com/static/ellington_default_old/images/button_bg.gif
Requested by: Host: worldonline.media.clients.ellingtoncms.com
URL: http://worldonline.media.clients.ellingtoncms.com/static/kusports.com/stylesheets/core.css?123
Protocol: HTTP/1.1
Server: 208.91.60.7 , United States, ASN14244 (NSIHOSTING-EQX-VA, US),
Reverse DNS
Software: /
Resource Hash: e2d3f8696617c48a1f82529015ed2050d19c0a961a7249466dbb16456fe733bc

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://worldonline.media.clients.ellingtoncms.com/static/kusports.com/stylesheets/core.css?123
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Sat, 15 Jan 2022 16:42:37 GMT
Last-Modified: Wed, 30 Jan 2013 22:35:39 GMT
Age: 0
ETag: "271665826"
X-Cache: MISS
Content-Type: image/gif
Access-Control-Allow-Origin: *
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 274
X-Cache-Hits: 0

GET
H/1.1 200
OK black_20.png
worldonline.media.clients.ellingtoncms.com/static/kusports.com/images/transparent/ 118 B
404 B 163ms
95ms Image
image/png 208.91.60.7
NSIHOSTING-EQX-VA

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://worldonline.media.clients.ellingtoncms.com/static/kusports.com/images/transparent/black_20.png
Requested by: Host: worldonline.media.clients.ellingtoncms.com
URL: http://worldonline.media.clients.ellingtoncms.com/static/kusports.com/stylesheets/core.css?123
Protocol: HTTP/1.1
Server: 208.91.60.7 , United States, ASN14244 (NSIHOSTING-EQX-VA, US),
Reverse DNS
Software: /
Resource Hash: 15cd950fdf0a22946139981c83584014730ea322856de684bbb7b9a638e99330

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://worldonline.media.clients.ellingtoncms.com/static/kusports.com/stylesheets/core.css?123
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Sat, 15 Jan 2022 16:42:37 GMT
Last-Modified: Wed, 30 Jan 2013 22:35:35 GMT
Age: 0
ETag: "1192579752"
X-Cache: MISS
Content-Type: image/png
Access-Control-Allow-Origin: *
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 118
X-Cache-Hits: 0

GET
H/1.1 200
OK sidebar_grey_bg.png
worldonline.media.clients.ellingtoncms.com/static/kusports.com/images/misc/ 146 B
431 B 231ms
99ms Image
image/png 208.91.60.7
NSIHOSTING-EQX-VA

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://worldonline.media.clients.ellingtoncms.com/static/kusports.com/images/misc/sidebar_grey_bg.png
Requested by: Host: worldonline.media.clients.ellingtoncms.com
URL: http://worldonline.media.clients.ellingtoncms.com/static/kusports.com/stylesheets/core.css?123
Protocol: HTTP/1.1
Server: 208.91.60.7 , United States, ASN14244 (NSIHOSTING-EQX-VA, US),
Reverse DNS
Software: /
Resource Hash: b98008ad770fed8298d565a3ee5da7d233895b23d0a9e13cae7f92c5ac15d7e9

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://worldonline.media.clients.ellingtoncms.com/static/kusports.com/stylesheets/core.css?123
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Sat, 15 Jan 2022 16:42:37 GMT
Last-Modified: Wed, 30 Jan 2013 22:35:35 GMT
Age: 0
ETag: "353532584"
X-Cache: MISS
Content-Type: image/png
Access-Control-Allow-Origin: *
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 146
X-Cache-Hits: 0

GET
H/1.1 200
OK sidebar_header_grey_bg.png
worldonline.media.clients.ellingtoncms.com/static/kusports.com/images/misc/ 170 B
455 B 238ms
93ms Image
image/png 208.91.60.7
NSIHOSTING-EQX-VA

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://worldonline.media.clients.ellingtoncms.com/static/kusports.com/images/misc/sidebar_header_grey_bg.png
Requested by: Host: worldonline.media.clients.ellingtoncms.com
URL: http://worldonline.media.clients.ellingtoncms.com/static/kusports.com/stylesheets/core.css?123
Protocol: HTTP/1.1
Server: 208.91.60.7 , United States, ASN14244 (NSIHOSTING-EQX-VA, US),
Reverse DNS
Software: /
Resource Hash: aa5f185e7c327bc34525d29785309cdb9ecb8a470be2af0bfbef85d6317feb61

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://worldonline.media.clients.ellingtoncms.com/static/kusports.com/stylesheets/core.css?123
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Sat, 15 Jan 2022 16:42:37 GMT
Last-Modified: Wed, 30 Jan 2013 22:35:35 GMT
Age: 0
ETag: "638739112"
X-Cache: MISS
Content-Type: image/png
Access-Control-Allow-Origin: *
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 170
X-Cache-Hits: 0

GET
H2 200 pubads_impl_2022011002.js Show response
securepubads.g.doubleclick.net/gpt/ 352 KB
119 KB 26ms
6ms Script
text/javascript 142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js

Requested by

Host: www.googletagservices.com
URL: http://www.googletagservices.com/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

sffe /

Resource Hash

e87e542e34fc3af7847f53ae5c258f82ff2d8739646ed8d249c9a54ede9f7128

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 16:33:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 555
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 121009
x-xss-protection: 0
last-modified: Mon, 10 Jan 2022 21:10:00 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Sun, 15 Jan 2023 16:33:22 GMT

GET
H2 200 ppub_config Show response
securepubads.g.doubleclick.net/pagead/ 90 B
719 B 39ms
17ms XHR
application/json 142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/ppub_config?ippd=www2.kusports.com

Requested by

Host: www.googletagservices.com
URL: http://www.googletagservices.com/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

cafe /

Resource Hash

fc98d0a05f35dbe183a65f8aa5371168f175e3f8578d7afa3dbd07e84c15f80c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 15 Jan 2022 16:42:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private, max-age=3600, stale-while-revalidate=3600
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 83
x-xss-protection: 0
expires: Sat, 15 Jan 2022 16:42:37 GMT

GET
H2 200 226738544330346 Show response
connect.facebook.net/signals/config/ 305 KB
88 KB 138ms
137ms Script
application/x-javascript 2a03:2880:f02d:100:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/226738544330346?v=2.9.48&r=stable

Requested by

Host: connect.facebook.net
URL: http://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f02d:100:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

a04b971d335d737b89946f19095fd6e18c88561d3846404081729739ca81a80d

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'self';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

content-security-policy: default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
content-encoding: gzip
x-content-type-options: nosniff
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=3600,h3-29=":443"; ma=3600
x-xss-protection: 0
pragma: public
x-fb-debug: UxpnK1dtKW2AgYWgQFrQGirOF2fHMRNGgafEfDhzzWffQ7jvl7H6OJiQ87wrvzBUSw8gj7uU3PN2Ej0sZjiNpw==
x-fb-trip-id: 917726464
x-frame-options: DENY
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
date: Sat, 15 Jan 2022 16:42:37 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
x-fb-rlafr: 0
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 49 KB
20 KB 29ms
6ms Script
text/javascript 2a00:1450:4001:827::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-NQ7KXJ6

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 02 Nov 2021 17:39:06 GMT
server: Golfe2
age: 6091
date: Sat, 15 Jan 2022 15:01:06 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20006
expires: Sat, 15 Jan 2022 17:01:06 GMT

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
792 B 64ms
16ms Script
application/javascript 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=www2.kusports.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 15 Jan 2022 16:42:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
549 B 38ms
16ms Script
application/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=www2.kusports.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 15 Jan 2022 16:42:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 18 KB
9 KB 420ms
405ms XHR
text/plain 142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=659603808775719&correlator=118106015145593&output=ldjh&impl=fif&eid=44757101%2C31060888&vrg=2022011002&ptt=17&sc=0&sfv=1-0-38&ecs=20220115&iu_parts=1024221%2CKU_lb&enc_prev_ius=%2F0%2F1&prev_iu_szs=728x90&prev_scp=Pos%3D1&cust_params=url%3D%252Fsearch%252Fvertical%252Fphotogalleries.gallery%252F&cookie_enabled=1&bc=23&abxe=1&lmt=1642264957&dt=1642264957398&dlt=1642264955962&idt=1399&frm=20&biw=1600&bih=1200&oid=2&adxs=436&adys=90&adks=3960793290&ucis=1&ifi=1&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=http%3A%2F%2Fwww2.kusports.com%2Fsearch%2Fvertical%2Fphotogalleries.gallery%2F%3Fq%3D%3F%3F%3F%2BBuy%2BHydroxychloroquine%2BOver%2Bthe%2BCounter%3A%2B%3F%3F%2Bwww.HealsPills.store%2B%3F%3F%2BUses%2C%2BDosage%2B%3F%3F%3FBuy%2BHydroxychloroquine%2BSulfate%2BBuy%2BHydroxychloroquine&vis=1&scr_x=0&scr_y=0&psz=728x0&msz=728x0&ga_vid=1287151075.1642264957&ga_sid=1642264957&ga_hid=1772628476&ga_fc=false&fws=0&ohw=0&btvi=0&nvt=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

cafe /

Resource Hash

805f8be13d321e8bb783c1e9969b6166bc3702933c4d12f2287aa0e5bf01e31a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 16:42:37 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8923
x-xss-protection: 0
google-lineitem-id: 811848131
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138375755306
content-type: text/plain; charset=UTF-8
access-control-allow-origin: http://www2.kusports.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 18 KB
8 KB 539ms
525ms XHR
text/plain 142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=659603808775719&correlator=118106015145593&output=ldjh&impl=fif&eid=44757101%2C31060888&vrg=2022011002&ptt=17&sc=0&sfv=1-0-38&ecs=20220115&iu_parts=1024221%2CKUS_halfPage&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x600&cust_params=url%3D%252Fsearch%252Fvertical%252Fphotogalleries.gallery%252F&cookie_enabled=1&bc=23&abxe=1&lmt=1642264957&dt=1642264957402&dlt=1642264955962&idt=1399&frm=20&biw=1600&bih=1200&oid=2&adxs=990&adys=205&adks=1250131073&ucis=2&ifi=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=http%3A%2F%2Fwww2.kusports.com%2Fsearch%2Fvertical%2Fphotogalleries.gallery%2F%3Fq%3D%3F%3F%3F%2BBuy%2BHydroxychloroquine%2BOver%2Bthe%2BCounter%3A%2B%3F%3F%2Bwww.HealsPills.store%2B%3F%3F%2BUses%2C%2BDosage%2B%3F%3F%3FBuy%2BHydroxychloroquine%2BSulfate%2BBuy%2BHydroxychloroquine&vis=1&scr_x=0&scr_y=0&psz=310x25&msz=300x0&ga_vid=1287151075.1642264957&ga_sid=1642264957&ga_hid=1772628476&ga_fc=false&fws=0&ohw=0&btvi=0&nvt=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

cafe /

Resource Hash

b745fbb1d74ba59b2a0166f9732c3702756a1ff6e7c7852864a2d278ecab8cac

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 16:42:37 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8607
x-xss-protection: 0
google-lineitem-id: 811848011
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138375755435
content-type: text/plain; charset=UTF-8
access-control-allow-origin: http://www2.kusports.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 18 KB
8 KB 223ms
209ms XHR
text/plain 142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=659603808775719&correlator=118106015145593&output=ldjh&impl=fif&eid=44757101%2C31060888&vrg=2022011002&ptt=17&sc=0&sfv=1-0-38&ecs=20220115&iu_parts=1024221%2CKU_mr&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250&prev_scp=Pos%3D1&cust_params=url%3D%252Fsearch%252Fvertical%252Fphotogalleries.gallery%252F&cookie_enabled=1&bc=23&abxe=1&lmt=1642264957&dt=1642264957404&dlt=1642264955962&idt=1399&frm=20&biw=1600&bih=1200&oid=2&adxs=990&adys=245&adks=2978949804&ucis=3&ifi=3&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=http%3A%2F%2Fwww2.kusports.com%2Fsearch%2Fvertical%2Fphotogalleries.gallery%2F%3Fq%3D%3F%3F%3F%2BBuy%2BHydroxychloroquine%2BOver%2Bthe%2BCounter%3A%2B%3F%3F%2Bwww.HealsPills.store%2B%3F%3F%2BUses%2C%2BDosage%2B%3F%3F%3FBuy%2BHydroxychloroquine%2BSulfate%2BBuy%2BHydroxychloroquine&vis=1&scr_x=0&scr_y=0&psz=310x260&msz=300x-1&ga_vid=1287151075.1642264957&ga_sid=1642264957&ga_hid=1772628476&ga_fc=false&fws=0&ohw=0&btvi=0&nvt=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

cafe /

Resource Hash

47177d8e3e181c1a42716d167be62d74dc10a30c318f4856c56cf5cef0c71cb1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 16:42:37 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8565
x-xss-protection: 0
google-lineitem-id: 811847531
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138376208209
content-type: text/plain; charset=UTF-8
access-control-allow-origin: http://www2.kusports.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 18 KB
8 KB 349ms
336ms XHR
text/plain 142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=659603808775719&correlator=118106015145593&output=ldjh&impl=fif&eid=44757101%2C31060888&vrg=2022011002&ptt=17&sc=0&sfv=1-0-38&ecs=20220115&iu_parts=1024221%2CKU_mr&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250&prev_scp=Pos%3D2&cust_params=url%3D%252Fsearch%252Fvertical%252Fphotogalleries.gallery%252F&cookie_enabled=1&bc=23&abxe=1&lmt=1642264957&dt=1642264957405&dlt=1642264955962&idt=1399&frm=20&biw=1600&bih=1200&oid=2&adxs=990&adys=520&adks=1494288404&ucis=4&ifi=4&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=http%3A%2F%2Fwww2.kusports.com%2Fsearch%2Fvertical%2Fphotogalleries.gallery%2F%3Fq%3D%3F%3F%3F%2BBuy%2BHydroxychloroquine%2BOver%2Bthe%2BCounter%3A%2B%3F%3F%2Bwww.HealsPills.store%2B%3F%3F%2BUses%2C%2BDosage%2B%3F%3F%3FBuy%2BHydroxychloroquine%2BSulfate%2BBuy%2BHydroxychloroquine&vis=1&scr_x=0&scr_y=0&psz=310x260&msz=300x-1&ga_vid=1287151075.1642264957&ga_sid=1642264957&ga_hid=1772628476&ga_fc=false&fws=0&ohw=0&btvi=0&nvt=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

cafe /

Resource Hash

d770e1a44dee6b5773b5c705b1083b2fb70e5a9ed04527555cf4bb283223e3e5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 16:42:37 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8581
x-xss-protection: 0
google-lineitem-id: 811847651
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138375756477
content-type: text/plain; charset=UTF-8
access-control-allow-origin: http://www2.kusports.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 19 KB
9 KB 502ms
488ms XHR
text/plain 142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=659603808775719&correlator=118106015145593&output=ldjh&impl=fif&eid=44757101%2C31060888&vrg=2022011002&ptt=17&sc=0&sfv=1-0-38&ecs=20220115&iu_parts=1024221%2CKU_mr&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250&prev_scp=Pos%3D4&cust_params=url%3D%252Fsearch%252Fvertical%252Fphotogalleries.gallery%252F&cookie_enabled=1&bc=23&abxe=1&lmt=1642264957&dt=1642264957407&dlt=1642264955962&idt=1399&frm=20&biw=1600&bih=1200&oid=2&adxs=990&adys=795&adks=3930813595&ucis=5&ifi=5&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=http%3A%2F%2Fwww2.kusports.com%2Fsearch%2Fvertical%2Fphotogalleries.gallery%2F%3Fq%3D%3F%3F%3F%2BBuy%2BHydroxychloroquine%2BOver%2Bthe%2BCounter%3A%2B%3F%3F%2Bwww.HealsPills.store%2B%3F%3F%2BUses%2C%2BDosage%2B%3F%3F%3FBuy%2BHydroxychloroquine%2BSulfate%2BBuy%2BHydroxychloroquine&vis=1&scr_x=0&scr_y=0&psz=310x10&msz=300x0&ga_vid=1287151075.1642264957&ga_sid=1642264957&ga_hid=1772628476&ga_fc=false&fws=0&ohw=0&btvi=0&nvt=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

cafe /

Resource Hash

5a20f3b7959eef06cd86e480be05e0130d61df46bdefe9b8be4d240da15cc819

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 16:42:37 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8763
x-xss-protection: 0
google-lineitem-id: 800070611
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138242546191
content-type: text/plain; charset=UTF-8
access-control-allow-origin: http://www2.kusports.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 18 KB
8 KB 140ms
126ms XHR
text/plain 142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=659603808775719&correlator=118106015145593&output=ldjh&impl=fif&eid=44757101%2C31060888&vrg=2022011002&ptt=17&sc=0&sfv=1-0-38&ecs=20220115&iu_parts=1024221%2CKU_mr&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250&prev_scp=Pos%3D3&cust_params=url%3D%252Fsearch%252Fvertical%252Fphotogalleries.gallery%252F&cookie_enabled=1&bc=23&abxe=1&lmt=1642264957&dt=1642264957410&dlt=1642264955962&idt=1399&frm=20&biw=1600&bih=1200&oid=2&adxs=990&adys=2146&adks=2239055522&ucis=6&ifi=6&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=http%3A%2F%2Fwww2.kusports.com%2Fsearch%2Fvertical%2Fphotogalleries.gallery%2F%3Fq%3D%3F%3F%3F%2BBuy%2BHydroxychloroquine%2BOver%2Bthe%2BCounter%3A%2B%3F%3F%2Bwww.HealsPills.store%2B%3F%3F%2BUses%2C%2BDosage%2B%3F%3F%3FBuy%2BHydroxychloroquine%2BSulfate%2BBuy%2BHydroxychloroquine&vis=1&scr_x=0&scr_y=0&psz=310x260&msz=300x-1&ga_vid=1287151075.1642264957&ga_sid=1642264957&ga_hid=1772628476&ga_fc=false&fws=0&ohw=0&btvi=1&nvt=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

cafe /

Resource Hash

35508406d42a01c3a94bd6f879455cdb9bc2b9f7a4ccfc5fd9becc811307b492

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 16:42:37 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8567
x-xss-protection: 0
google-lineitem-id: 811847771
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138375756279
content-type: text/plain; charset=UTF-8
access-control-allow-origin: http://www2.kusports.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 420 B
253 B 417ms
403ms XHR
text/plain 142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=659603808775719&correlator=118106015145593&output=ldjh&impl=fif&eid=44757101%2C31060888&vrg=2022011002&ptt=17&sc=0&sfv=1-0-38&ecs=20220115&iu_parts=1024221%2CKUS_richmedia&enc_prev_ius=%2F0%2F1&prev_iu_szs=1x1&cust_params=url%3D%252Fsearch%252Fvertical%252Fphotogalleries.gallery%252F&cookie_enabled=1&bc=23&abxe=1&lmt=1642264957&dt=1642264957411&dlt=1642264955962&idt=1399&frm=20&biw=1600&bih=1200&oid=2&adxs=985&adys=2416&adks=691364917&ucis=7&ifi=7&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=http%3A%2F%2Fwww2.kusports.com%2Fsearch%2Fvertical%2Fphotogalleries.gallery%2F%3Fq%3D%3F%3F%3F%2BBuy%2BHydroxychloroquine%2BOver%2Bthe%2BCounter%3A%2B%3F%3F%2Bwww.HealsPills.store%2B%3F%3F%2BUses%2C%2BDosage%2B%3F%3F%3FBuy%2BHydroxychloroquine%2BSulfate%2BBuy%2BHydroxychloroquine&vis=1&scr_x=0&scr_y=0&psz=310x2216&msz=310x0&ga_vid=1287151075.1642264957&ga_sid=1642264957&ga_hid=1772628476&ga_fc=false&fws=0&ohw=0&btvi=2&nvt=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

cafe /

Resource Hash

c87756ba933265fe4d369e989f769efeeefb21b611598c433dc96c3bb676157d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 16:42:37 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 223
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: http://www2.kusports.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 414 B
252 B 422ms
409ms XHR
text/plain 142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=659603808775719&correlator=118106015145593&output=ldjh&impl=fif&eid=44757101%2C31060888&vrg=2022011002&ptt=17&sc=0&sfv=1-0-38&ecs=20220115&iu_parts=1024221%2CKUS_OOP&enc_prev_ius=%2F0%2F1&prev_iu_szs=1x1&ists=1&cust_params=url%3D%252Fsearch%252Fvertical%252Fphotogalleries.gallery%252F&cookie_enabled=1&bc=23&abxe=1&lmt=1642264957&dt=1642264957412&dlt=1642264955962&idt=1399&frm=20&biw=1600&bih=1200&oid=2&adxs=985&adys=2416&adks=2426795537&ucis=8&ifi=8&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=http%3A%2F%2Fwww2.kusports.com%2Fsearch%2Fvertical%2Fphotogalleries.gallery%2F%3Fq%3D%3F%3F%3F%2BBuy%2BHydroxychloroquine%2BOver%2Bthe%2BCounter%3A%2B%3F%3F%2Bwww.HealsPills.store%2B%3F%3F%2BUses%2C%2BDosage%2B%3F%3F%3FBuy%2BHydroxychloroquine%2BSulfate%2BBuy%2BHydroxychloroquine&vis=1&scr_x=0&scr_y=0&psz=310x2216&msz=310x0&ga_vid=1287151075.1642264957&ga_sid=1642264957&ga_hid=1772628476&ga_fc=false&fws=0&ohw=0&btvi=3&nvt=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

cafe /

Resource Hash

db806ed2c313a4acf85b0d8a32dcedc441ac806ebd78419cdb1dc525f25e54f3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 16:42:37 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 222
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: http://www2.kusports.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 18 KB
8 KB 287ms
274ms XHR
text/plain 142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=659603808775719&correlator=118106015145593&output=ldjh&impl=fif&eid=44757101%2C31060888&vrg=2022011002&ptt=17&sc=0&sfv=1-0-38&ecs=20220115&iu_parts=1024221%2CKU_lb&enc_prev_ius=%2F0%2F1&prev_iu_szs=728x90&prev_scp=Pos%3D2&cust_params=url%3D%252Fsearch%252Fvertical%252Fphotogalleries.gallery%252F&cookie_enabled=1&bc=23&abxe=1&lmt=1642264957&dt=1642264957414&dlt=1642264955962&idt=1399&frm=20&biw=1600&bih=1200&oid=2&adxs=436&adys=2787&adks=3586950149&ucis=9&ifi=9&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=http%3A%2F%2Fwww2.kusports.com%2Fsearch%2Fvertical%2Fphotogalleries.gallery%2F%3Fq%3D%3F%3F%3F%2BBuy%2BHydroxychloroquine%2BOver%2Bthe%2BCounter%3A%2B%3F%3F%2Bwww.HealsPills.store%2B%3F%3F%2BUses%2C%2BDosage%2B%3F%3F%3FBuy%2BHydroxychloroquine%2BSulfate%2BBuy%2BHydroxychloroquine&vis=1&scr_x=0&scr_y=0&psz=990x520&msz=728x-1&ga_vid=1287151075.1642264957&ga_sid=1642264957&ga_hid=1772628476&ga_fc=false&fws=0&ohw=0&btvi=4&nvt=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

cafe /

Resource Hash

1b0a2d32dddd0bb1af04f40b8effc735eaa2e8b8f04ebc32cd66ce4c64cf8b53

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 16:42:37 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8579
x-xss-protection: 0
google-lineitem-id: 811848251
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138375755667
content-type: text/plain; charset=UTF-8
access-control-allow-origin: http://www2.kusports.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 1DCB 6 KB
4 KB 99ms
16ms Document
text/html 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
date: Sat, 15 Jan 2022 16:42:37 GMT
expires: Sun, 15 Jan 2023 16:42:37 GMT
cache-control: public, immutable, max-age=31536000
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

POST
H3 200 collect Show response
www.google-analytics.com/j/ 2 B
22 B 28ms
14ms XHR
text/plain 2a00:1450:4001:827::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j96&a=1772628476&t=pageview&_s=1&dl=http%3A%2F%2Fwww2.kusports.com%2Fsearch%2Fvertical%2Fphotogalleries.gallery%2F%3Fq%3D%3F%3F%3F%2BBuy%2BHydroxychloroquine%2BOver%2Bthe%2BCounter%3A%2B%3F%3F%2Bwww.HealsPills.store%2B%3F%3F%2BUses%2C%2BDosage%2B%3F%3F%3FBuy%2BHydroxychloroquine%2BSulfate%2BBuy%2BHydroxychloroquine&ul=en-us&de=UTF-8&dt=%22%3F%3F%3F%20Buy%20Hydroxychloroquine%20Over%20the%20Counter%3A%20%3F%3F%20www.HealsPills.store%20%3F%3F%20Uses%2C%20Dosage%20%3F%3F%3FBuy%20Hydroxychloroquine%20Sulfate%20Buy%20Hydroxychloroquine%22%20%7C%20Search%20%7C%20KUsports.com&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YAhAAEABAAAAAC~&jid=467232609&gjid=1760088404&cid=1287151075.1642264957&tid=UA-381152-3&_gid=1402875769.1642264957&_r=1&gtm=2wg1c0NQ7KXJ6&cd2=&cd3=&z=758636471

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: http://www2.kusports.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sat, 15 Jan 2022 16:42:37 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: http://www2.kusports.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.facebook.com/tr/ 44 B
406 B 21ms
7ms Image
image/gif 2a03:2880:f12d:181:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=226738544330346&ev=PageView&dl=http%3A%2F%2Fwww2.kusports.com%2Fsearch%2Fvertical%2Fphotogalleries.gallery%2F%3Fq%3D%3F%3F%3F%2BBuy%2BHydroxychloroquine%2BOver%2Bthe%2BCounter%3A%2B%3F%3F%2Bwww.HealsPills.store%2B%3F%3F%2BUses%2C%2BDosage%2B%3F%3F%3FBuy%2BHydroxychloroquine%2BSulfate%2BBuy%2BHydroxychloroquine&rl=&if=false&ts=1642264957490&sw=1600&sh=1200&v=2.9.48&r=stable&ec=0&o=30&fbp=fb.1.1642264957489.941843378&it=1642264957312&coo=false&exp=p1&rqm=GET

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f12d:181:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 16:42:37 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
cache-control: no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length: 44
expires: Sat, 15 Jan 2022 16:42:37 GMT

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
443 B 57ms
19ms XHR
text/plain 2a00:1450:400c:c0b::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-381152-3&cid=1287151075.1642264957&jid=467232609&gjid=1760088404&_gid=1402875769.1642264957&_u=YAhAAEAAAAAAAC~&z=120075752

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c0b::9b Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: http://www2.kusports.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Sat, 15 Jan 2022 16:42:37 GMT
content-type: text/plain
access-control-allow-origin: http://www2.kusports.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK quant.js Show response
edge.quantserve.com/ 24 KB
10 KB 22ms
7ms Script
application/javascript 2620:116:800d:21:3175:5196:e3fd:8c1d
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: http://edge.quantserve.com/quant.js
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=???+Buy+Hydroxychloroquine+Over+the+Counter:+??+www.HealsPills.store+??+Uses,+Dosage+???Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: HTTP/1.1
Server: 2620:116:800d:21:3175:5196:e3fd:8c1d , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 487fce51fd801415c362f3f9f2df43c445a4b9ba38f9b6d49dfc898dc85ede94

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Sat, 15 Jan 2022 16:42:37 GMT
Content-Encoding: gzip
Etag: "FMCWFRCBdbNj8Eh2c0G78Q=="
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: private, max-age=604800
Transfer-Encoding: chunked
Cross-Origin-Resource-Policy: cross-origin
Connection: keep-alive
Accept-Ranges: bytes
Expires: Sat, 22 Jan 2022 16:42:37 GMT

GET
H2 204 asyncPixelSync
pixel.sitescout.com/dmp/ Frame 4816 0
0 26ms
26ms Document
text/plain 66.155.71.149
COGECO-PEER1

General

Check archive.org

Show headers Download Go to

Full URL: https://pixel.sitescout.com/dmp/asyncPixelSync
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=???+Buy+Hydroxychloroquine+Over+the+Counter:+??+www.HealsPills.store+??+Uses,+Dosage+???Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 66.155.71.149 Portsmouth, United Kingdom, ASN13768 (COGECO-PEER1, CA),
Reverse DNS
Software: AC1.1 /
Resource Hash

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/

Response headers

cache-control: max-age=0,no-cache,no-store
pragma: no-cache
expires: Tue, 11 Oct 1977 12:34:56 GMT
p3p: CP="NON DEVa PSAa PSDa OUR NOR NAV",policyref="/w3c/p3p.xml"
date: Sat, 15 Jan 2022 16:42:37 GMT
server: AC1.1

GET
H2 200 ga-audiences
www.google.com/ads/ 42 B
501 B 54ms
32ms Image
image/gif 2a00:1450:4001:803::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-381152-3&cid=1287151075.1642264957&jid=467232609&_u=YAhAAEAAAAAAAC~&z=1343700351

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 15 Jan 2022 16:42:37 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
501 B 52ms
30ms Image
image/gif 2a00:1450:4001:808::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-381152-3&cid=1287151075.1642264957&jid=467232609&_u=YAhAAEAAAAAAAC~&z=1343700351

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 15 Jan 2022 16:42:37 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 impl.20220106-5_b1-PR-41673-DEV-104281-create-a-version-with-modulecontext-this-without-use-strict-8b12fb836c9-SNAPSHOT.js Show response
cdn.taboola.com/libtrc/ 615 KB
127 KB 75ms
26ms Script
application/javascript 151.101.1.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.taboola.com/libtrc/impl.20220106-5_b1-PR-41673-DEV-104281-create-a-version-with-modulecontext-this-without-use-strict-8b12fb836c9-SNAPSHOT.js
Requested by: Host: cdn.taboola.com
URL: http://cdn.taboola.com/libtrc/theworldcompany-network/loader.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.1.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3-br /
Resource Hash: 9606ce01d2a5dd012f1ed956999b35d6e2dd5ad20eca0fd8a0fcd3259dda49e8

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

x-amz-version-id: 4j4xfLkYS6B7wt._ZYu2R0Oe_g1GMxAl
content-encoding: br
etag: "0781890a82e02b120fc8a2b7a3018021"
age: 24591
x-cache: HIT
content-length: 129724
x-amz-id-2: u0zTNVb/ydilqm2WhfD3QNnfxsgqmjJ640MfuW/Vpsu0EeAGNorwkJPWnl8cd17FWzai3H/vIFw=
x-served-by: cache-mxp6920-MXP
last-modified: Sun, 09 Jan 2022 09:35:03 GMT
server: AmazonS3-br
x-timer: S1642264958.637776,VS0,VE0
date: Sat, 15 Jan 2022 16:42:37 GMT
vary: Accept-Encoding
x-amz-request-id: R6QFX00HWW1YS5EY
via: 1.1 varnish
cache-control: private,max-age=14400
accept-ranges: bytes
content-type: application/javascript
abp: 79
x-cache-hits: 2696

GET
H2 200 beacon.js Show response
sb.scorecardresearch.com/ 1 KB
1 KB 24ms
8ms Script
application/javascript 13.35.253.75
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://sb.scorecardresearch.com/beacon.js
Requested by: Host: cdn.taboola.com
URL: http://cdn.taboola.com/libtrc/theworldcompany-network/loader.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.35.253.75 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-35-253-75.fra6.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: a256529bd5b1b8846f8d2536ce7581fb6cea4479992f222d01535903dff48d79

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 04:58:53 GMT
content-encoding: gzip
etag: W/"1827f116c73f319409b97f10b8a58ade"
last-modified: Fri, 26 Feb 2021 14:35:05 GMT
server: AmazonS3
age: 47639
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 9bca546700a965c9c77ef5b8dbe65cc4.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA6-C1
x-amz-cf-id: 99TDlaCqq9coMiYod7ufCyu3Hi9HsKJm5mFBjUT_yf09nMSctgvliQ==

GET
H2 200 tr5
cdn.taboola.com/libtrc/ 3 B
179 B 32ms
25ms Image
text/html 151.101.1.44
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.taboola.com/libtrc/tr5?abgroup=strict_vs_this_var
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=???+Buy+Hydroxychloroquine+Over+the+Counter:+??+www.HealsPills.store+??+Uses,+Dosage+???Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.1.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: Varnish /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 16:42:37 GMT
via: 1.1 varnish
server: Varnish
x-timer: S1642264958.637900,VS0,VE0
x-served-by: cache-mxp6920-MXP
x-cache: HIT
content-type: text/html
cache-control: private,max-age=14400
accept-ranges: bytes
content-length: 3
retry-after: 0
x-cache-hits: 0

GET
H3 200 container.html Show response
67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 881A 6 KB
3 KB 22ms
7ms Document
text/html 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 15 Jan 2022 16:42:37 GMT
expires: Sun, 15 Jan 2023 16:42:37 GMT
cache-control: public, immutable, max-age=31536000
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
content-type: text/html
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2

200

rules-p-b9OfuctfLWqtE.js Show response
rules.quantcount.com/
Redirect Chain

http://rules.quantcount.com/rules-p-b9OfuctfLWqtE.js
https://rules.quantcount.com/rules-p-b9OfuctfLWqtE.js

3 B
438 B

26ms
11ms

Script
application/javascript

2600:9000:206f:ba00:6:44e3:f8c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://rules.quantcount.com/rules-p-b9OfuctfLWqtE.js
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=???+Buy+Hydroxychloroquine+Over+the+Counter:+??+www.HealsPills.store+??+Uses,+Dosage+???Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: H2
Server: 2600:9000:206f:ba00:6:44e3:f8c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 04:53:05 GMT
via: 1.1 a618edcb8ddcdae59a3a61a6c82ff54c.cloudfront.net (CloudFront)
age: 42573
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 3
last-modified: Sat, 04 Mar 2017 20:50:23 GMT
server: AmazonS3
etag: "8a80554c91d9fca8acb82f023de02f11"
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=86400
x-amz-cf-pop: FRA56-C1
accept-ranges: bytes
x-amz-cf-id: qLePw2u2drxniZPp50GypQJji0BeJ9pTdEbqXQtekyfj8cNnY61qLw==

Redirect headers

Date: Sat, 15 Jan 2022 16:42:37 GMT
Via: 1.1 3dd91613764eafe7ad199013ce202442.cloudfront.net (CloudFront)
Server: CloudFront
X-Amz-Cf-Pop: FRA56-C1
X-Cache: Redirect from cloudfront
Content-Type: text/html
Location: https://rules.quantcount.com/rules-p-b9OfuctfLWqtE.js
Connection: keep-alive
Content-Length: 183
X-Amz-Cf-Id: OqJ-nRvOqrj2ogu_x0AluZ5I3YuWcjID-fPbKQzbvE8aFxG9zUcVcg==

GET
H2 200 88b48cd9-e40a-4c18-8297-ecf618708ada.js Show response
d3plfjw9uod7ab.cloudfront.net/ad/ Frame 881A 110 KB
28 KB 90ms
39ms Script
application/javascript 2600:9000:224a:800:13:a391:88c0:21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d3plfjw9uod7ab.cloudfront.net/ad/88b48cd9-e40a-4c18-8297-ecf618708ada.js
Requested by: Host: 67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com
URL: https://67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:224a:800:13:a391:88c0:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 9a2f12de85cc2a2e68c9d341d85fbdb2baf94877b985f32ab8694218d6cc548f

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

x-amz-version-id: PIIOv2xieGBoNLT19H7cXReef4nzgGIf
content-encoding: br
last-modified: Fri, 14 Jan 2022 16:23:10 GMT
server: AmazonS3
age: 5004
etag: W/"7f03b76e1ed076cb7b21811f1160deb2"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 b85afd3a476827aadec8c79e8673c564.cloudfront.net (CloudFront)
cache-control: max-age=7200, public
date: Sat, 15 Jan 2022 15:19:14 GMT
x-amz-cf-pop: DUS51-P1
x-amz-cf-id: 5JMvvzd9LQs1cdKkYIENyNH0i4UoYf-_rzuyHrDwgBMcmbBR8mGJDg==

GET
H2 200 ext.js Show response
tpc.googlesyndication.com/safeframe/1-0-38/js/ Frame 881A 22 KB
7 KB 30ms
6ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/safeframe/1-0-38/js/ext.js

Requested by

Host: 67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com
URL: https://67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0bcac89d72d5f0b2bef20f815406384ff05489e4294acee57409060c2eccffc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 13 Jan 2022 00:35:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 230824
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7022
x-xss-protection: 0
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Fri, 13 Jan 2023 00:35:33 GMT

GET
H3 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ Frame 881A 78 KB
26 KB 15ms
15ms Script
text/javascript 142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: 67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com
URL: https://67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

sffe /

Resource Hash

37ffaf519d628423e1ea7147364a8d2af10c3b63f3ec5a9b598f989aeaafd74c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 16:42:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 26979
x-xss-protection: 0
server: sffe
etag: "1102 / 293 of 1000 / last-modified: 1642206167"
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Sat, 15 Jan 2022 16:42:37 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 881A 121 KB
37 KB 161ms
138ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com
URL: https://67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

83a9ab434109bc8045cf6ccdd0365b0e53b6acf155438de7370ce67fd0facc79

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 16:42:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37895
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1641990413359145"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Sat, 15 Jan 2022 16:42:37 GMT

GET
H2

204

b2
sb.scorecardresearch.com/
Redirect Chain

https://sb.scorecardresearch.com/b?c1=7&c2=34354936&c3=1&ns__t=1642264957639&ns_c=UTF-8&cv=3.5&c8=%22%3F%3F%3F%20Buy%20Hydroxychloroquine%20Over%20the%20Counter%3A%20%3F%3F%20www.HealsPills.store%2...
https://sb.scorecardresearch.com/b2?c1=7&c2=34354936&c3=1&ns__t=1642264957639&ns_c=UTF-8&cv=3.5&c8=%22%3F%3F%3F%20Buy%20Hydroxychloroquine%20Over%20the%20Counter%3A%20%3F%3F%20www.HealsPills.store%...

0
223 B

9ms
8ms

Image
text/plain

13.35.253.75
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sb.scorecardresearch.com/b2?c1=7&c2=34354936&c3=1&ns__t=1642264957639&ns_c=UTF-8&cv=3.5&c8=%22%3F%3F%3F%20Buy%20Hydroxychloroquine%20Over%20the%20Counter%3A%20%3F%3F%20www.HealsPills.store%20%3F%3F%20Uses%2C%20Dosage%20%3F%3F%3FBuy%20Hydroxychloroquine%20Sulfate%20Buy%20Hydroxychloroquine%22%20%7C%20Search%20%7C%20KUsports.com&c7=http%3A%2F%2Fwww2.kusports.com%2Fsearch%2Fvertical%2Fphotogalleries.gallery%2F%3Fq%3D%3F%3F%3F%2BBuy%2BHydroxychloroquine%2BOver%2Bthe%2BCounter%3A%2B%3F%3F%2Bwww.HealsPills.store%2B%3F%3F%2BUses%2C%2BDosage%2B%3F%3F%3FBuy%2BHydroxychloroquine%2BSulfate%2BBuy%2BHydroxychloroquine&c9=
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=???+Buy+Hydroxychloroquine+Over+the+Counter:+??+www.HealsPills.store+??+Uses,+Dosage+???Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: H2
Server: 13.35.253.75 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-35-253-75.fra6.r.cloudfront.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 16:42:37 GMT
via: 1.1 9bca546700a965c9c77ef5b8dbe65cc4.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA6-C1
etag: W/"0-2jmj7l5rSw0yVb/vlWAYkK/YBwk"
x-amz-cf-id: pxDxmM9-ZOcsAauJnZCNUzlpQ24Q6B0qbGFyaywKkCJ2c3eVbuI6AQ==
x-cache: Miss from cloudfront

Redirect headers

date: Sat, 15 Jan 2022 16:42:37 GMT
via: 1.1 9bca546700a965c9c77ef5b8dbe65cc4.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA6-C1
vary: Accept
x-cache: Miss from cloudfront
content-type: text/plain; charset=utf-8
location: https://sb.scorecardresearch.com/b2?c1=7&c2=34354936&c3=1&ns__t=1642264957639&ns_c=UTF-8&cv=3.5&c8=%22%3F%3F%3F%20Buy%20Hydroxychloroquine%20Over%20the%20Counter%3A%20%3F%3F%20www.HealsPills.store%20%3F%3F%20Uses%2C%20Dosage%20%3F%3F%3FBuy%20Hydroxychloroquine%20Sulfate%20Buy%20Hydroxychloroquine%22%20%7C%20Search%20%7C%20KUsports.com&c7=http%3A%2F%2Fwww2.kusports.com%2Fsearch%2Fvertical%2Fphotogalleries.gallery%2F%3Fq%3D%3F%3F%3F%2BBuy%2BHydroxychloroquine%2BOver%2Bthe%2BCounter%3A%2B%3F%3F%2Bwww.HealsPills.store%2B%3F%3F%2BUses%2C%2BDosage%2B%3F%3F%3FBuy%2BHydroxychloroquine%2BSulfate%2BBuy%2BHydroxychloroquine&c9=
content-length: 646
x-amz-cf-id: TIRDhovzfV-usccQoz4_bIUbexRbZFN1BLfrpuDaocrlK9oTdotJyg==

GET
H3 200 container.html Show response
67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 15A2 6 KB
3 KB 6ms
6ms Document
text/html 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 15 Jan 2022 16:42:37 GMT
expires: Sun, 15 Jan 2023 16:42:37 GMT
cache-control: public, immutable, max-age=31536000
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
content-type: text/html
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 88b48cd9-e40a-4c18-8297-ecf618708ada.js Show response
d3plfjw9uod7ab.cloudfront.net/ad/ Frame 15A2 110 KB
28 KB 25ms
22ms Script
application/javascript 2600:9000:224a:800:13:a391:88c0:21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d3plfjw9uod7ab.cloudfront.net/ad/88b48cd9-e40a-4c18-8297-ecf618708ada.js
Requested by: Host: 67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com
URL: https://67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:224a:800:13:a391:88c0:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 9a2f12de85cc2a2e68c9d341d85fbdb2baf94877b985f32ab8694218d6cc548f

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

x-amz-version-id: PIIOv2xieGBoNLT19H7cXReef4nzgGIf
content-encoding: br
last-modified: Fri, 14 Jan 2022 16:23:10 GMT
server: AmazonS3
age: 5004
etag: W/"7f03b76e1ed076cb7b21811f1160deb2"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 b85afd3a476827aadec8c79e8673c564.cloudfront.net (CloudFront)
cache-control: max-age=7200, public
date: Sat, 15 Jan 2022 15:19:14 GMT
x-amz-cf-pop: DUS51-P1
x-amz-cf-id: lwOoa6Ygbizj6eadg-D2G13r7s5nh-CNlYfc4pgi4BTs9sEJOMwnyA==

GET
H3 200 ext.js Show response
tpc.googlesyndication.com/safeframe/1-0-38/js/ Frame 15A2 22 KB
7 KB 24ms
7ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/safeframe/1-0-38/js/ext.js

Requested by

Host: 67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com
URL: https://67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0bcac89d72d5f0b2bef20f815406384ff05489e4294acee57409060c2eccffc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 13 Jan 2022 00:35:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 230824
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7022
x-xss-protection: 0
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Fri, 13 Jan 2023 00:35:33 GMT

GET
H3 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ Frame 15A2 78 KB
26 KB 20ms
19ms Script
text/javascript 142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: 67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com
URL: https://67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

sffe /

Resource Hash

37ffaf519d628423e1ea7147364a8d2af10c3b63f3ec5a9b598f989aeaafd74c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 16:42:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 26979
x-xss-protection: 0
server: sffe
etag: "1102 / 105 of 1000 / last-modified: 1642206167"
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Sat, 15 Jan 2022 16:42:37 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 15A2 121 KB
38 KB 107ms
107ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com
URL: https://67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

83a9ab434109bc8045cf6ccdd0365b0e53b6acf155438de7370ce67fd0facc79

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 16:42:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37895
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1641990413359145"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Sat, 15 Jan 2022 16:42:37 GMT

GET
H2

200

pixel;r=1349682753;rf=0;a=p-b9OfuctfLWqtE;url=http%3A%2F%2Fwww2.kusports.com%2Fsearch%2Fvertical%2Fphotogalleries.gallery%2F%3Fq%3D%3F%3F%3F%2BBuy%2BHydroxychloroquine%2BOver%2Bthe%2BCounter%3A%2B%...
pixel.quantserve.com/
Redirect Chain

http://pixel.quantserve.com/pixel;r=1349682753;rf=0;a=p-b9OfuctfLWqtE;url=http%3A%2F%2Fwww2.kusports.com%2Fsearch%2Fvertical%2Fphotogalleries.gallery%2F%3Fq%3D%3F%3F%3F%2BBuy%2BHydroxychloroquine%2...
https://pixel.quantserve.com/pixel;r=1349682753;rf=0;a=p-b9OfuctfLWqtE;url=http%3A%2F%2Fwww2.kusports.com%2Fsearch%2Fvertical%2Fphotogalleries.gallery%2F%3Fq%3D%3F%3F%3F%2BBuy%2BHydroxychloroquine%...

35 B
372 B

25ms
9ms

Image
image/gif

2620:116:800d:21:8c6e:cf2c:8d6:9fb5
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pixel.quantserve.com/pixel;r=1349682753;rf=0;a=p-b9OfuctfLWqtE;url=http%3A%2F%2Fwww2.kusports.com%2Fsearch%2Fvertical%2Fphotogalleries.gallery%2F%3Fq%3D%3F%3F%3F%2BBuy%2BHydroxychloroquine%2BOver%2Bthe%2BCounter%3A%2B%3F%3F%2Bwww.HealsPills.store%2B%3F%3F%2BUses%2C%2BDosage%2B%3F%3F%3FBuy%2BHydroxychloroquine%2BSulfate%2BBuy%2BHydroxychloroquine;uht=2;fpan=1;fpa=P0-2006399965-1642264957691;pbc=;ns=0;ce=1;qjs=1;qv=92a3679b-20211110211611;cm=;gdpr=0;ref=;d=kusports.com;je=0;sr=1600x1200x24;dst=0;et=1642264957691;tzo=0;ogl=image.http%3A%2F%2Fworldonline%252Emedia%252Eclients%252Eellingtoncms%252Ecom%2Fstatic%2Fkusports%252Ecom%2Fimages%2Fkus

Requested by

Protocol

Server

2620:116:800d:21:8c6e:cf2c:8d6:9fb5 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 15 Jan 2022 16:42:37 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
cache-control: private, no-cache, no-store, proxy-revalidate
content-type: image/gif
content-length: 35
expires: Fri, 04 Aug 1978 12:00:00 GMT

Redirect headers

Location: https://pixel.quantserve.com/pixel;r=1349682753;rf=0;a=p-b9OfuctfLWqtE;url=http%3A%2F%2Fwww2.kusports.com%2Fsearch%2Fvertical%2Fphotogalleries.gallery%2F%3Fq%3D%3F%3F%3F%2BBuy%2BHydroxychloroquine%2BOver%2Bthe%2BCounter%3A%2B%3F%3F%2Bwww.HealsPills.store%2B%3F%3F%2BUses%2C%2BDosage%2B%3F%3F%3FBuy%2BHydroxychloroquine%2BSulfate%2BBuy%2BHydroxychloroquine;uht=2;fpan=1;fpa=P0-2006399965-1642264957691;pbc=;ns=0;ce=1;qjs=1;qv=92a3679b-20211110211611;cm=;gdpr=0;ref=;d=kusports.com;je=0;sr=1600x1200x24;dst=0;et=1642264957691;tzo=0;ogl=image.http%3A%2F%2Fworldonline%252Emedia%252Eclients%252Eellingtoncms%252Ecom%2Fstatic%2Fkusports%252Ecom%2Fimages%2Fkus
Date: Sat, 15 Jan 2022 16:42:37 GMT
Cache-Control: private, no-transform, max-age=86400
Connection: keep-alive
Content-Length: 0
Expires: Sun, 16 Jan 2022 16:42:37 GMT

GET
H2 202 88b48cd9-e40a-4c18-8297-ecf618708ada
analyticssystems.net/api/v2/ad/impression/ Frame 15A2 0
292 B 238ms
171ms Image
text/plain 2606:4700:3032::ac43:cb69
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://analyticssystems.net/api/v2/ad/impression/88b48cd9-e40a-4c18-8297-ecf618708ada?rand=306848
Requested by: Host: 67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com
URL: https://67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3032::ac43:cb69 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 16:42:37 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Zf6F00OWvr8oNgTpabahHuneuVQBwYwxkH8ijUqjx3aJAFvvKQk8tR5xtW0twUQ%2F1Y52wmsxW%2FYlQ9Fqv5j1%2FwE5FB6IUq53n7WhMRJKwawFTFhnyG4g86oMyRhixewVfzDCEhrFWNTuSLpOfKKniqtegQ%3D%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin: *
access-control-expose-headers
cache-control: max-age=0, private, must-revalidate
access-control-allow-credentials: true
cf-ray: 6ce08ef25ea03751-MXP
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 0
x-request-id: Fsp_RzKOfkDcvzYAWBFB

GET
H3 200 container.html Show response
67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame B0BD 6 KB
3 KB 7ms
6ms Document
text/html 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 15 Jan 2022 16:42:37 GMT
expires: Sun, 15 Jan 2023 16:42:37 GMT
cache-control: public, immutable, max-age=31536000
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
content-type: text/html
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
BLOB 200
OK 56d9c5ba-929f-46e3-ac73-21edb30b55a5
https://67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com/ Frame 15A2 789 B
0 Other
application/javascript

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com/56d9c5ba-929f-46e3-ac73-21edb30b55a5
Requested by: Host: 67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com
URL: https://67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 9bf39525e3f021f8ee678d293c118f8cd7bd2459d505ed31782655f907533fc1

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Content-Length: 789
Content-Type: application/javascript

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 15A2 0
0 42ms
42ms Fetch
image/gif 142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsvmPel07MUsOvks2PwGRl4u9A9ek7Z6aCBmoB1c0dPYwuE-9jI6s5vXwrLXJn8NkXCZl3ZJdtfpYEVHlM3pKMuBnWOOLhtRTJXCLnJ6lZZIY5AlI0aG9ZNYsAwfgAxpKAD8hoJb3_1BG6dE6eRtOq8ZKsDFczSuJDGgZ3W_Eh8IX9c-udIL3G4fdm6nTj2peuTpT9p88n6LGOSa02-Bsbreo0hfusBowsADIdqwDfRj3zB4Ifa8dq4xKOuS_EYpw0_OHL6FQr1rMWl097TQ2qLwVAhVW3j9S4VqEheRI3X7fG5guztfhg&sai=AMfl-YQ3i9Qrz18p6b4pqm5AnsTM3oh-8YNI50zXtimkmYjqTXRs05yjyBgDASAgma2gQXWrlf_FYuUb9w0x1LbRSwJBj4fsMnuqV8f_Tj7CEjQDKcVJ_tLuZhuZHRQE8vnQ&sig=Cg0ArKJSzDaX8TGMrTzHEAE&uach_m=[UACH]&urlfix=1&adurl=

Requested by

Host: 67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com
URL: https://67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 15 Jan 2022 16:42:37 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe
expires: Sat, 15 Jan 2022 16:42:37 GMT

GET
H2 202 88b48cd9-e40a-4c18-8297-ecf618708ada
analyticssystems.net/api/v2/ad/impression/ Frame 881A 0
658 B 179ms
164ms Image
text/plain 2606:4700:3032::ac43:cb69
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://analyticssystems.net/api/v2/ad/impression/88b48cd9-e40a-4c18-8297-ecf618708ada?rand=533870
Requested by: Host: 67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com
URL: https://67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3032::ac43:cb69 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 16:42:37 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8NXPzslRkpp%2FxirdJDUp37Db37dKSY0E0rektcDDvPLTRixo4W%2Bej8axQ2xqHUDHwx9PoA%2BVLAniSEAWf%2FZzbh5F41mOFsigelhsVxn8iwrL7%2BIkng0pRiZ4srbvG28%2FV%2FVY6djKsnSDQwN2fFnzeMCRzQ%3D%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin: *
access-control-expose-headers
cache-control: max-age=0, private, must-revalidate
access-control-allow-credentials: true
cf-ray: 6ce08ef25ea33751-MXP
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 0
x-request-id: Fsp_RzKgSLywbwMDXO5B

GET
BLOB 200
OK 12ce2a8a-5860-4422-a748-1586fddba9f0
https://67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com/ Frame 881A 789 B
0 Other
application/javascript

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com/12ce2a8a-5860-4422-a748-1586fddba9f0
Requested by: Host: 67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com
URL: https://67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 9bf39525e3f021f8ee678d293c118f8cd7bd2459d505ed31782655f907533fc1

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Content-Length: 789
Content-Type: application/javascript

GET
H3 200 container.html Show response
67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 9DDA 6 KB
3 KB 7ms
7ms Document
text/html 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 15 Jan 2022 16:42:37 GMT
expires: Sun, 15 Jan 2023 16:42:37 GMT
cache-control: public, immutable, max-age=31536000
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
content-type: text/html
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 pubads_impl_2022011002.js Show response
securepubads.g.doubleclick.net/gpt/ Frame 15A2 352 KB
118 KB 7ms
6ms Script
text/javascript 142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

sffe /

Resource Hash

e87e542e34fc3af7847f53ae5c258f82ff2d8739646ed8d249c9a54ede9f7128

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 16:33:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 555
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 121009
x-xss-protection: 0
last-modified: Mon, 10 Jan 2022 21:10:00 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Sun, 15 Jan 2023 16:33:22 GMT

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 881A 0
0 42ms
42ms Fetch
image/gif 142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsun3P3fqvH4TWUE2GsZpr6hU6myArGtmvkEorqxlIcVyT1JfG6FroYi3Jrdob5boTehw3-3iX4zHJjCXM069DGnuR0PDEo4V5N1f3uuJs7B2J9GMHvtPHImCHhGhpUTizxjLlPAAFK2sSHEPjq7fjNlojJHe5cPCi6qH3L0OYYzH4HJiLPnqX7vncZYfYN6zOm-0vQz2zuSmWEpx0Cls4-ZG4ZIrexmnS3hoUO3gnU_FSwxiJPifY1MDJfhKPQZraLIiCixya8oNHw5ljkGyPaGeiSuS1fjh_Ek_ZI2QaVnRKFTNPzpGg&sai=AMfl-YS9_3MdxVn-lxT0cogZPedQQIVrh2cSolSyMJtBH4UyS3Lib3gtvKD9g0tgAkbQB76kGbEkIkekZjApXxsxrUD5IC0Ui_Fvt0d3r1IQ80PqSs8nzny5aPMXrtb2vAUO&sig=Cg0ArKJSzEa8CclqBoT9EAE&uach_m=[UACH]&urlfix=1&adurl=

Requested by

Host: 67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com
URL: https://67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 15 Jan 2022 16:42:37 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H2 200 88b48cd9-e40a-4c18-8297-ecf618708ada.js Show response
d3plfjw9uod7ab.cloudfront.net/ad/ Frame B0BD 110 KB
28 KB 11ms
10ms Script
application/javascript 2600:9000:224a:800:13:a391:88c0:21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d3plfjw9uod7ab.cloudfront.net/ad/88b48cd9-e40a-4c18-8297-ecf618708ada.js
Requested by: Host: 67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com
URL: https://67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:224a:800:13:a391:88c0:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 9a2f12de85cc2a2e68c9d341d85fbdb2baf94877b985f32ab8694218d6cc548f

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

x-amz-version-id: PIIOv2xieGBoNLT19H7cXReef4nzgGIf
content-encoding: br
last-modified: Fri, 14 Jan 2022 16:23:10 GMT
server: AmazonS3
age: 5004
etag: W/"7f03b76e1ed076cb7b21811f1160deb2"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 b85afd3a476827aadec8c79e8673c564.cloudfront.net (CloudFront)
cache-control: max-age=7200, public
date: Sat, 15 Jan 2022 15:19:14 GMT
x-amz-cf-pop: DUS51-P1
x-amz-cf-id: ca00VrGM1-QUHXX8ji393qahzQLGDQuGlditJkAU2aYZ7b_h_F8lKA==

GET
H3 200 ext.js Show response
tpc.googlesyndication.com/safeframe/1-0-38/js/ Frame B0BD 22 KB
7 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/safeframe/1-0-38/js/ext.js

Requested by

Host: 67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com
URL: https://67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0bcac89d72d5f0b2bef20f815406384ff05489e4294acee57409060c2eccffc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 13 Jan 2022 00:35:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 230824
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7022
x-xss-protection: 0
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Fri, 13 Jan 2023 00:35:33 GMT

GET
H3 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ Frame B0BD 78 KB
26 KB 23ms
23ms Script
text/javascript 142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: 67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com
URL: https://67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

sffe /

Resource Hash

bab39e757583b275d7b8f5c70923178250696242da16781f91cad86d538f246d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 16:42:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 26974
x-xss-protection: 0
server: sffe
etag: "1102 / 24 of 1000 / last-modified: 1642206167"
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Sat, 15 Jan 2022 16:42:37 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame B0BD 121 KB
37 KB 32ms
17ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com
URL: https://67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

83a9ab434109bc8045cf6ccdd0365b0e53b6acf155438de7370ce67fd0facc79

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 16:42:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37895
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1641990413359145"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Sat, 15 Jan 2022 16:42:37 GMT

GET
H3 200 pubads_impl_2022011002.js Show response
securepubads.g.doubleclick.net/gpt/ Frame 881A 352 KB
118 KB 9ms
7ms Script
text/javascript 142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

sffe /

Resource Hash

e87e542e34fc3af7847f53ae5c258f82ff2d8739646ed8d249c9a54ede9f7128

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 16:33:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 555
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 121009
x-xss-protection: 0
last-modified: Mon, 10 Jan 2022 21:10:00 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Sun, 15 Jan 2023 16:33:22 GMT

GET
H2 200 skeleton.gif
static.adsafeprotected.com/ 43 B
481 B 52ms
9ms Image
image/gif 2600:9000:224a:dc00:8:48e:53c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.adsafeprotected.com/skeleton.gif
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=???+Buy+Hydroxychloroquine+Over+the+Counter:+??+www.HealsPills.store+??+Uses,+Dosage+???Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:224a:dc00:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 42b976597a2d977d0e300f6d06bc903db389e5c112d33c1c8c249690a522d9f2

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 16:14:35 GMT
via: 1.1 cca0e030e1fac6fb27702d182fb6a74a.cloudfront.net (CloudFront)
age: 13998483
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
content-length: 43
last-modified: Mon, 17 Aug 2020 23:55:15 GMT
server: AmazonS3
etag: "45cf913e5d9d3c9b2058033056d3dd23"
x-amz-version-id: iiN8XkcmZQdDIQeKkzAiegPwcD.5WPja
cache-control: max-age=315360000
x-amz-cf-pop: DUS51-P1
accept-ranges: bytes
content-type: image/gif
x-amz-cf-id: -ZBImyB59TRIRbrTuAigojt-ssOMC7BoqmHeylXYowI_ADaKRGOT9A==

GET
DATA 200
OK truncated
/ Frame 881A 213 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 2b37e3167f752ec100d1b6284328228ef8638d8d0f1df85aab1e83f6b5046260

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame 15A2 215 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 1c67f799e68309b579825109f0200208637eebed4d156b5539801e0ffc56330c

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 container.html Show response
67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 19AD 6 KB
3 KB 7ms
6ms Document
text/html 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 15 Jan 2022 16:42:37 GMT
expires: Sun, 15 Jan 2023 16:42:37 GMT
cache-control: public, immutable, max-age=31536000
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
content-type: text/html
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 202 88b48cd9-e40a-4c18-8297-ecf618708ada
analyticssystems.net/api/v2/ad/impression/ Frame B0BD 0
314 B 165ms
163ms Image
text/plain 2606:4700:3032::ac43:cb69
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://analyticssystems.net/api/v2/ad/impression/88b48cd9-e40a-4c18-8297-ecf618708ada?rand=440328
Requested by: Host: 67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com
URL: https://67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3032::ac43:cb69 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 16:42:38 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=B3A9wqpEzEUuFgzA3xDDjwjI5nKecpxT37tsiJ%2Fja4dYKXzeejtNExK%2BSERgiDzCEn4fnjw5iJKEsyYJ5R1WxzIHDg81dCx7J1%2FujutxVjd5Ndp0KzAYYFPMZsxgsXKxuCTj129GikuhWSPVGnRiLXFbfA%3D%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin: *
access-control-expose-headers
cache-control: max-age=0, private, must-revalidate
access-control-allow-credentials: true
cf-ray: 6ce08ef358c53751-MXP
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 0
x-request-id: Fsp_Rzxh-Nibs9cAbcWR

GET
H3 200 integrator.js Show response
adservice.google.de/adsid/ Frame 15A2 107 B
122 B 34ms
18ms Script
application/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 15 Jan 2022 16:42:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ Frame 15A2 107 B
122 B 34ms
19ms Script
application/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 15 Jan 2022 16:42:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame 15A2 18 KB
8 KB 231ms
230ms XHR
text/plain 142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=3583619120050620&correlator=1223083881704052&output=ldjh&impl=fif&eid=31061814&vrg=2022011002&ptt=17&sc=1&sfv=1-0-38&ecs=20220115&iu_parts=8095840%3A1024221%2C.2_7335.4_kusports.com_tier1&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250&cdm=67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com&bc=23&abxe=1&lmt=1614716223&dt=1642264957921&dlt=1642264957656&idt=251&ea=0&frm=24&biw=-12245933&bih=-12245933&isw=300&ish=250&oid=2&adxs=0&adys=0&adks=1055926600&ucis=gwvdzyy6nqsd&ifi=1&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&nhd=1&url=https%3A%2F%2F67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-38%2Fhtml%2Fcontainer.html&ref=http%3A%2F%2Fwww2.kusports.com%2F&top=http%3A%2F%2Fwww2.kusports.com%2F&vis=1&scr_x=-12245933&scr_y=-12245933&psz=0x0&msz=300x0&ga_vid=1525895432.1642264958&ga_sid=1642264958&ga_hid=889506177&ga_fc=false&fws=256&ohw=0&nvt=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

cafe /

Resource Hash

1d24f3c36ec0c8bc4e2b9dedb0e9b4bed7c559c79620c4283573975dbaa74a24

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 16:42:38 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8447
x-xss-protection: 0
google-lineitem-id: 4482203489
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138216200384
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
d447947e5223a193934f4964357ce0ce.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 0897 6 KB
3 KB 42ms
15ms Document
text/html 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://d447947e5223a193934f4964357ce0ce.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
date: Sat, 15 Jan 2022 16:42:37 GMT
expires: Sun, 15 Jan 2023 16:42:37 GMT
cache-control: public, immutable, max-age=31536000
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 88b48cd9-e40a-4c18-8297-ecf618708ada.js Show response
d3plfjw9uod7ab.cloudfront.net/ad/ Frame 9DDA 110 KB
28 KB 11ms
9ms Script
application/javascript 2600:9000:224a:800:13:a391:88c0:21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d3plfjw9uod7ab.cloudfront.net/ad/88b48cd9-e40a-4c18-8297-ecf618708ada.js
Requested by: Host: 67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com
URL: https://67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:224a:800:13:a391:88c0:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 9a2f12de85cc2a2e68c9d341d85fbdb2baf94877b985f32ab8694218d6cc548f

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

x-amz-version-id: PIIOv2xieGBoNLT19H7cXReef4nzgGIf
content-encoding: br
last-modified: Fri, 14 Jan 2022 16:23:10 GMT
server: AmazonS3
age: 5004
etag: W/"7f03b76e1ed076cb7b21811f1160deb2"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 b85afd3a476827aadec8c79e8673c564.cloudfront.net (CloudFront)
cache-control: max-age=7200, public
date: Sat, 15 Jan 2022 15:19:14 GMT
x-amz-cf-pop: DUS51-P1
x-amz-cf-id: dKz6RQhCg5Eh9TLB9xC4pM3oidrlhTqHSz-LwyGYO9EyI3cQ9iBzhA==

GET
H3 200 ext.js Show response
tpc.googlesyndication.com/safeframe/1-0-38/js/ Frame 9DDA 22 KB
7 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/safeframe/1-0-38/js/ext.js

Requested by

Host: 67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com
URL: https://67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0bcac89d72d5f0b2bef20f815406384ff05489e4294acee57409060c2eccffc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 13 Jan 2022 00:35:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 230824
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7022
x-xss-protection: 0
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Fri, 13 Jan 2023 00:35:33 GMT

GET
H3 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ Frame 9DDA 78 KB
26 KB 20ms
20ms Script
text/javascript 142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: 67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com
URL: https://67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

sffe /

Resource Hash

37ffaf519d628423e1ea7147364a8d2af10c3b63f3ec5a9b598f989aeaafd74c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 16:42:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 26979
x-xss-protection: 0
server: sffe
etag: "1102 / 632 of 1000 / last-modified: 1642206167"
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Sat, 15 Jan 2022 16:42:38 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 9DDA 121 KB
37 KB 20ms
20ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com
URL: https://67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

83a9ab434109bc8045cf6ccdd0365b0e53b6acf155438de7370ce67fd0facc79

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 16:42:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37895
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1641990413359145"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Sat, 15 Jan 2022 16:42:37 GMT

GET
BLOB 200
OK 438ba155-7cb9-4ff9-b0b1-4b2d4f6988cf
https://67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com/ Frame B0BD 789 B
0 Other
application/javascript

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com/438ba155-7cb9-4ff9-b0b1-4b2d4f6988cf
Requested by: Host: 67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com
URL: https://67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 9bf39525e3f021f8ee678d293c118f8cd7bd2459d505ed31782655f907533fc1

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Content-Length: 789
Content-Type: application/javascript

GET
H3 200 container.html Show response
67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame D91B 6 KB
3 KB 7ms
7ms Document
text/html 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 15 Jan 2022 16:42:37 GMT
expires: Sun, 15 Jan 2023 16:42:37 GMT
cache-control: public, immutable, max-age=31536000
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
content-type: text/html
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 integrator.js Show response
adservice.google.de/adsid/ Frame 881A 107 B
122 B 19ms
19ms Script
application/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 15 Jan 2022 16:42:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ Frame 881A 107 B
122 B 18ms
18ms Script
application/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 15 Jan 2022 16:42:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame 881A 18 KB
8 KB 208ms
207ms XHR
text/plain 142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=2521070408998936&correlator=2495018873809661&output=ldjh&impl=fif&vrg=2022011002&ptt=17&sc=1&sfv=1-0-38&ecs=20220115&iu_parts=8095840%3A1024221%2C.2_7337.4_kusports.com_tier1&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250&cdm=67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com&bc=23&abxe=1&lmt=1614716223&dt=1642264957959&dlt=1642264957605&idt=346&ea=0&frm=24&biw=-12245933&bih=-12245933&isw=300&ish=250&oid=2&adxs=0&adys=0&adks=2302396440&ucis=lgfwrseubrr6&ifi=1&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&nhd=1&url=https%3A%2F%2F67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-38%2Fhtml%2Fcontainer.html&ref=http%3A%2F%2Fwww2.kusports.com%2F&top=http%3A%2F%2Fwww2.kusports.com%2F&vis=1&scr_x=-12245933&scr_y=-12245933&psz=0x0&msz=300x0&ga_vid=917376687.1642264958&ga_sid=1642264958&ga_hid=1035804885&ga_fc=false&fws=256&ohw=0&nvt=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

cafe /

Resource Hash

8237826dc3b4e9c62f50774dd95319fee704a3c0fb5c8360fe1dab882102cfab

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 16:42:38 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8440
x-xss-protection: 0
google-lineitem-id: 4482205340
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138216220965
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
1ff0d7ce146b4c1d840a5528702b361e.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 9557 6 KB
3 KB 47ms
14ms Document
text/html 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://1ff0d7ce146b4c1d840a5528702b361e.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
date: Sat, 15 Jan 2022 16:42:38 GMT
expires: Sun, 15 Jan 2023 16:42:38 GMT
cache-control: public, immutable, max-age=31536000
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame B0BD 0
0 47ms
46ms Fetch
image/gif 142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsuj5En5Msj3WJlRCk2Vizs1bdSK_QzB5nVMFzDrmYqpCU-WLyA-uuKHMO39ZXzibaNVX766ao6jiw41_k9-LboD-U005Prerb9juS-mehN0wZCfkRPsIQuxt2vsJpDWe1JGm_C3Fl0GgbQU0eCLEXN9c0Fg5Obds03ZMoDVQeYLStfvXCdR3e8lkkwLJ_49xcorvvDjai24N8nA_0soVt6TMzEmLHfEeWJFX-dXxb6taQEobGobU0-mJrMR_QQtQETQ2jrROBoOi8n3n0nIh1y4eb-AZ-P-JL0W9WsBkC6k-vlb&sai=AMfl-YSCtZM-YYy1y1E9eR9GS0_bQ_-AEQ_FoX7f0Q7paK5syEeyjUHSckCM87bnXqDc-ZFrw9ez-w_GEIQvO00MjmbFTva09lQGqDSdwSr6rEjRnVnhK8sVfU-gsrN8ceg&sig=Cg0ArKJSzONq0vnqPmXHEAE&uach_m=[UACH]&urlfix=1&adurl=

Requested by

Host: 67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com
URL: https://67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 15 Jan 2022 16:42:37 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
DATA 200
OK truncated
/ Frame B0BD 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 4330c4d56bc82ca7f7f1817a4b2da3ca8638a5204c34e907c16c945b9360b6d9

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 container.html Show response
67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame ED57 6 KB
3 KB 6ms
6ms Document
text/html 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 15 Jan 2022 16:42:37 GMT
expires: Sun, 15 Jan 2023 16:42:37 GMT
cache-control: public, immutable, max-age=31536000
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
content-type: text/html
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 88b48cd9-e40a-4c18-8297-ecf618708ada.js Show response
d3plfjw9uod7ab.cloudfront.net/ad/ Frame 19AD 110 KB
28 KB 10ms
10ms Script
application/javascript 2600:9000:224a:800:13:a391:88c0:21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d3plfjw9uod7ab.cloudfront.net/ad/88b48cd9-e40a-4c18-8297-ecf618708ada.js
Requested by: Host: 67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com
URL: https://67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:224a:800:13:a391:88c0:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 9a2f12de85cc2a2e68c9d341d85fbdb2baf94877b985f32ab8694218d6cc548f

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

x-amz-version-id: PIIOv2xieGBoNLT19H7cXReef4nzgGIf
content-encoding: br
last-modified: Fri, 14 Jan 2022 16:23:10 GMT
server: AmazonS3
age: 5005
etag: W/"7f03b76e1ed076cb7b21811f1160deb2"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 b85afd3a476827aadec8c79e8673c564.cloudfront.net (CloudFront)
cache-control: max-age=7200, public
date: Sat, 15 Jan 2022 15:19:14 GMT
x-amz-cf-pop: DUS51-P1
x-amz-cf-id: lcsViOY6cbBxMtcDFIFrwRVTp23M2r_L5mcUkn-PuBNC-RuXw1ZoQg==

GET
H3 200 ext.js Show response
tpc.googlesyndication.com/safeframe/1-0-38/js/ Frame 19AD 22 KB
7 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/safeframe/1-0-38/js/ext.js

Requested by

Host: 67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com
URL: https://67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0bcac89d72d5f0b2bef20f815406384ff05489e4294acee57409060c2eccffc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 13 Jan 2022 00:35:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 230825
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7022
x-xss-protection: 0
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Fri, 13 Jan 2023 00:35:33 GMT

GET
H3 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ Frame 19AD 78 KB
26 KB 19ms
19ms Script
text/javascript 142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: 67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com
URL: https://67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

sffe /

Resource Hash

37ffaf519d628423e1ea7147364a8d2af10c3b63f3ec5a9b598f989aeaafd74c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 16:42:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 26979
x-xss-protection: 0
server: sffe
etag: "1102 / 586 of 1000 / last-modified: 1642206167"
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Sat, 15 Jan 2022 16:42:38 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 19AD 121 KB
37 KB 48ms
48ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com
URL: https://67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

83a9ab434109bc8045cf6ccdd0365b0e53b6acf155438de7370ce67fd0facc79

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 16:42:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37895
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1641990413359145"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Sat, 15 Jan 2022 16:42:38 GMT

GET
H3 200 /
www.facebook.com/tr/ 44 B
91 B 21ms
13ms Image
image/gif 2a03:2880:f12d:181:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=226738544330346&ev=Microdata&dl=http%3A%2F%2Fwww2.kusports.com%2Fsearch%2Fvertical%2Fphotogalleries.gallery%2F%3Fq%3D%3F%3F%3F%2BBuy%2BHydroxychloroquine%2BOver%2Bthe%2BCounter%3A%2B%3F%3F%2Bwww.HealsPills.store%2B%3F%3F%2BUses%2C%2BDosage%2B%3F%3F%3FBuy%2BHydroxychloroquine%2BSulfate%2BBuy%2BHydroxychloroquine&rl=&if=false&ts=1642264958021&cd[DataLayer]=%5B%5D&cd[Meta]=%7B%22title%22%3A%22%5C%22%3F%3F%3F%20Buy%20Hydroxychloroquine%20Over%20the%20Counter%3A%20%3F%3F%20www.HealsPills.store%20%3F%3F%20Uses%2C%20Dosage%20%3F%3F%3FBuy%20Hydroxychloroquine%20Sulfate%20Buy%20Hydroxychloroquine%5C%22%20%7C%20Search%20%7C%20KUsports.com%22%7D&cd[OpenGraph]=%7B%22og%3Aimage%22%3A%22http%3A%2F%2Fworldonline.media.clients.ellingtoncms.com%2Fstatic%2Fkusports.com%2Fimages%2Fkusports-1200.jpg%22%7D&cd[Schema.org]=%5B%5D&cd[JSON-LD]=%5B%5D&sw=1600&sh=1200&v=2.9.48&r=stable&ec=1&o=30&fbp=fb.1.1642264957489.941843378&it=1642264957312&coo=false&es=automatic&tm=3&exp=p1&rqm=GET

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f12d:181:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 16:42:38 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
cache-control: no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
content-length: 44
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600
priority: u=3,i
expires: Sat, 15 Jan 2022 16:42:38 GMT

GET
H3 202 88b48cd9-e40a-4c18-8297-ecf618708ada
analyticssystems.net/api/v2/ad/impression/ Frame 9DDA 0
624 B 196ms
155ms Image
text/plain 2606:4700:3032::ac43:cb69
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://analyticssystems.net/api/v2/ad/impression/88b48cd9-e40a-4c18-8297-ecf618708ada?rand=933816
Requested by: Host: 67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com
URL: https://67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3032::ac43:cb69 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 16:42:38 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=er0fgF%2FL2w45TzYOs0FZ8rxyblHWFkbjBXbfn%2BOQZZ3NqOfDoXb5GSS8r9ouMzTjflq8FuhX7Ea4MSvglC5o7Ywc29OIoJrbpcv1rccqQVwNA%2Fyt0hneuv5qCfPZpJr9e1FDGDT9sJGm2vUhLgIK2XMUJw%3D%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin: *
access-control-expose-headers
cache-control: max-age=0, private, must-revalidate
access-control-allow-credentials: true
cf-ray: 6ce08ef42a5759ef-MXP
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 0
x-request-id: Fsp_R0L1Z2-CvN0AmDIx

GET
H3 200 pubads_impl_2022011002.js Show response
securepubads.g.doubleclick.net/gpt/ Frame B0BD 352 KB
118 KB 7ms
6ms Script
text/javascript 142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

sffe /

Resource Hash

e87e542e34fc3af7847f53ae5c258f82ff2d8739646ed8d249c9a54ede9f7128

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 16:33:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 556
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 121009
x-xss-protection: 0
last-modified: Mon, 10 Jan 2022 21:10:00 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Sun, 15 Jan 2023 16:33:22 GMT

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 9DDA 0
0 43ms
43ms Fetch
image/gif 142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsuwjIy2yktDpNU-aACLF1UmcaeR0efY5vYtF5en7AEq5PHHEP6Fp6P9iT7CDYOFL1eihHzgxA2F2Sqg6QelTZNd7EWwJpNIiuU_mJiSfrsU-abIMc2XAGqmLiQisca6BdrbDTdBf2sNDayiBYaHb-qr_6EpUxukQyzE6NlKb-DtnD7Ee9zLlm4jfAYVu682U7l7TZH8umUhWbFAZtTDMWX-SASoVoC5MDARkzYRAFMhLfOh49KBHTSxfTaADLQafU91MQ21UvW8v1ISciRB3dG308gylF_sWVD7a5xJYAcvbwm3WY-qLw&sai=AMfl-YQvp2VzMmqXkzz60aUmJJLtPigpweVwjHvS1hX0aBDYOesIQxZxCgFx303vBPwe4k3Y5VmTUYyoxFnjXDLkuTLM7bkpYAHSGHL5jvk-HqFmZNcX9sH42686OwD2y3f1&sig=Cg0ArKJSzJ1tIv7qaGahEAE&uach_m=[UACH]&urlfix=1&adurl=

Requested by

Host: 67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com
URL: https://67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 15 Jan 2022 16:42:38 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
DATA 200
OK truncated
/ Frame 9DDA 213 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: c26e44b1774250fe7872540952ee5f355404ce22f48648d01152ac520cf8aad3

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 88b48cd9-e40a-4c18-8297-ecf618708ada.js Show response
d3plfjw9uod7ab.cloudfront.net/ad/ Frame D91B 110 KB
28 KB 10ms
10ms Script
application/javascript 2600:9000:224a:800:13:a391:88c0:21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d3plfjw9uod7ab.cloudfront.net/ad/88b48cd9-e40a-4c18-8297-ecf618708ada.js
Requested by: Host: 67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com
URL: https://67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:224a:800:13:a391:88c0:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 9a2f12de85cc2a2e68c9d341d85fbdb2baf94877b985f32ab8694218d6cc548f

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

x-amz-version-id: PIIOv2xieGBoNLT19H7cXReef4nzgGIf
content-encoding: br
last-modified: Fri, 14 Jan 2022 16:23:10 GMT
server: AmazonS3
age: 5005
etag: W/"7f03b76e1ed076cb7b21811f1160deb2"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 b85afd3a476827aadec8c79e8673c564.cloudfront.net (CloudFront)
cache-control: max-age=7200, public
date: Sat, 15 Jan 2022 15:19:14 GMT
x-amz-cf-pop: DUS51-P1
x-amz-cf-id: sHaGuFFtbcyxx3JhrqKwE5xIEhmHa03C5HHEi38apeEFn_whbCgxNg==

GET
H3 200 ext.js Show response
tpc.googlesyndication.com/safeframe/1-0-38/js/ Frame D91B 22 KB
7 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/safeframe/1-0-38/js/ext.js

Requested by

Host: 67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com
URL: https://67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0bcac89d72d5f0b2bef20f815406384ff05489e4294acee57409060c2eccffc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 13 Jan 2022 00:35:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 230825
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7022
x-xss-protection: 0
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Fri, 13 Jan 2023 00:35:33 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame D91B 121 KB
37 KB 17ms
17ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com
URL: https://67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

83a9ab434109bc8045cf6ccdd0365b0e53b6acf155438de7370ce67fd0facc79

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 16:42:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37895
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1641990413359145"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Sat, 15 Jan 2022 16:42:38 GMT

GET
H3 202 88b48cd9-e40a-4c18-8297-ecf618708ada
analyticssystems.net/api/v2/ad/impression/ Frame 19AD 0
595 B 159ms
159ms Image
text/plain 2606:4700:3032::ac43:cb69
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://analyticssystems.net/api/v2/ad/impression/88b48cd9-e40a-4c18-8297-ecf618708ada?rand=333118
Requested by: Host: 67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com
URL: https://67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3032::ac43:cb69 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 16:42:38 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wV%2BQXUQ9dP%2Bwr8nomcUPMindMbf9TtDaqAFJCjUrG2QVm31Q7rw1mk%2BxZ5I0ZHHv7FV8UrDDHY1D5mKmHL0vcyEe8khWyqXZZbZVkL9pzvZe%2FmIfyb8%2BFwDlxn0khNWWylGnc1FHxkf8irvYxpC%2FNXYsQw%3D%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin: *
access-control-expose-headers
cache-control: max-age=0, private, must-revalidate
access-control-allow-credentials: true
cf-ray: 6ce08ef43a7459ef-MXP
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 0
x-request-id: Fsp_R0P4v-LyG-IAeErx

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 19AD 0
0 43ms
43ms Fetch
image/gif 142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsvRJ83Ts9c-92LBo4sy4e-KMXjWbj5wBApQIbKBefz62fEGSH43OO1HFk81zchw1z6pKXqn98NnGf35-HkFnujTXvS4t-yrXiMPpqw7zlcCMTTG63IdoZoihWiYqUVHlbaXGP73f4U3b_krV2BKs-IuoYNEzEQTexjWL1LGaBp2AKDhFzKHUeJu63DZZ9u29xUiXPYS_FBeubXUV-Ty7T_aAg83WCiEoPHGlDUP22KazsMB4boU-MN9v9OuBjiqdSVZGGCXILRwZ_l2BPDGYTQHrFHJyeco09LNw1kKSuQgo8Mb&sai=AMfl-YThlL_P2P9oGrXN0W8sUkbO1cFR9xCHdOP2HL8ylFG6p7a8D42G_ytzbEk-0_NRfkzJtaUz7L_t5lJLQ7M96mofyAkS-zKwqQwNYzRjqnlgGsr7KtRROJPFvXXeoJ8&sig=Cg0ArKJSzBPv9ryu6X5AEAE&uach_m=[UACH]&urlfix=1&adurl=

Requested by

Host: 67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com
URL: https://67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 15 Jan 2022 16:42:38 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 15A2 0
0 64ms
47ms Fetch
image/gif 142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsuHMsSTuvdEtR0FLfJ1Co9P3lJWJmXTBVDrQAhAGyDdQ_QoG0CA-igaJ3awyzpCpVZPFWeCYMRBOAgW3c_mZRQzIB32wE8Zml9h0Pe-xO8fi1_B3kHWgbFbxdEi53tJ2Y8x4meaQHunotAjN_IRtQr3Uzs9pqwZumhMq5YqW7a9ATOW9JF3dgVul43e57DUwFOQwjBHzxRD3c6OHkbM93vwj5CCDgftWW9KWRO1su1JeMmQlyzxipH98QhU5olwSqLY_M-iaq5BlvyEJMU4z1jP1jSwHDE-ujl9quH0KlrtB8KaxkQJfmEz&sai=AMfl-YRPNBnhDMPIF0XJ8lvqXrKr28qdsA68GjhpLPcd9cEkoMDdiD3Jy63pt8GQreJA-sdeJrWGJBJHA9tqyvcS8z2TdpzE0BrgVNWg8ebKtA6VHs-1itmDIutDTzxpkPcy&sig=Cg0ArKJSzPycn76GfIbQEAE&uach_m=[UACH]&urlfix=1&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 15 Jan 2022 16:42:38 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe
expires: Sat, 15 Jan 2022 16:42:38 GMT

GET
H2 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 15A2 11 KB
9 KB 83ms
32ms XHR
application/json 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2022011002&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7b3b1b2e5130bee5a2e1d2eb4652ebea48d99b194e03c1ccee4347cf123dc6a0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 15 Jan 2022 16:42:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8652
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame 19AD 215 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 89bd7d41bab0554166d1eebc5ffb67e84d65ee7cccbf832499a1a5df6c827f6a

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Content-Type: image/png

GET
BLOB 200
OK a681b32b-1c95-43aa-a9b2-c5edd0e984fe
https://67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com/ Frame 9DDA 789 B
0 Other
application/javascript

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com/a681b32b-1c95-43aa-a9b2-c5edd0e984fe
Requested by: Host: 67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com
URL: https://67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 9bf39525e3f021f8ee678d293c118f8cd7bd2459d505ed31782655f907533fc1

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Content-Length: 789
Content-Type: application/javascript

GET
BLOB 200
OK 166d01e4-07c2-498f-8daf-2671f7154095
https://67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com/ Frame 19AD 789 B
0 Other
application/javascript

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com/166d01e4-07c2-498f-8daf-2671f7154095
Requested by: Host: 67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com
URL: https://67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 9bf39525e3f021f8ee678d293c118f8cd7bd2459d505ed31782655f907533fc1

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Content-Length: 789
Content-Type: application/javascript

GET
H3 202 88b48cd9-e40a-4c18-8297-ecf618708ada
analyticssystems.net/api/v2/ad/impression/ Frame D91B 0
586 B 153ms
152ms Image
text/plain 2606:4700:3032::ac43:cb69
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://analyticssystems.net/api/v2/ad/impression/88b48cd9-e40a-4c18-8297-ecf618708ada?rand=865443
Requested by: Host: 67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com
URL: https://67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3032::ac43:cb69 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 16:42:38 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Ia4ipv0Q22C5lxuEMkvw2UW9OfNf1dFaQapzh99mEQSOJe9fjxGqTRHs5pke3HA652zfC5bngx4ZFdQq6UaNFQyShxPEoEDNqc7dEFdATfSGZD2Pk4JweXJxNsAG6CeZoOU4%2FTt2nWrgMg0I07Vob0RIyw%3D%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin: *
access-control-expose-headers
cache-control: max-age=0, private, must-revalidate
access-control-allow-credentials: true
cf-ray: 6ce08ef4cc3959ef-MXP
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 0
x-request-id: Fsp_R0mCD-oKkZkAWBHh

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 470B 0
0 46ms
46ms Fetch
image/gif 142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsty2cqfA1I_JuRweeUy2AHKX5cl10KPcEIO-xsbPiSJyPluvpJwOE0lZZn0pFapgKNl5taeOj68EyAqNOvM_tikp-med_esQLiN9axftXnu7c7CkKSGDi9tY_GApQ8QCCUd-L4CIUrJ9yon5Th73hITRPIvjvTpwCLJoUzUo98PQyYPymyIqJxC4FhKyGNiQpLmUmWkAa0c3VAQkVXJdqYbrlD6Cc-d0TU5RWKwEa97sc-FP6oGkfMy2QTay1dRON1ykkevi2k0nds5uVhIIbxoGHvX8LjfEauQXtvkRjJvZbzdrwC8bQRil81AkuV6vX8DHA5hBVfv3LGpm9SA6dKB9XO9jGbOnA&sig=Cg0ArKJSzGISl54Xf9r3EAE&uach_m=[UACH]&urlfix=1&adurl=

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 15 Jan 2022 16:42:38 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET pq
media.adfrontiers.com/ Frame 470B 0
0

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 470B 121 KB
37 KB 21ms
21ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

83a9ab434109bc8045cf6ccdd0365b0e53b6acf155438de7370ce67fd0facc79

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 16:42:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37895
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1641990413359145"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Sat, 15 Jan 2022 16:42:38 GMT

GET
BLOB 200
OK 79a72a47-74fc-4a9c-abd2-38757cb35e06
https://67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com/ Frame D91B 789 B
0 Other
application/javascript

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com/79a72a47-74fc-4a9c-abd2-38757cb35e06
Requested by: Host: 67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com
URL: https://67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 9bf39525e3f021f8ee678d293c118f8cd7bd2459d505ed31782655f907533fc1

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Content-Length: 789
Content-Type: application/javascript

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame ADB9 0
0 42ms
42ms Fetch
image/gif 142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstBs7eyqiVQzDjEqOGXnMmab3kQxDoJnTMylT3bPtx22Kog7AAgq_fMm2nvveJhezZLoQqa2ybv71D1cUtuES9JIA046Cb6wYGM50J3cDapXICk8ztxFo68LMfkh0AudgTrKgeMMzGhZSfFH_GdvdO8rT586deehIULn2N8U4_gsBms4dRjij4ydPM0W-01OfLy4Dnt7JM9htLiBunouQECph9q_8tJlXMJexCWCfitB4WiYLugUlTrth7GG1gKUJQoVRC4k5wtQNuODpOTeLqbHiI93Y6v8EEy1_G-qL7WGfgjkzYYGWelg2f2Pl-0EgTias9bUvwJcRsrVIyncAvO3Ij85PYevw&sig=Cg0ArKJSzHOcCGk57b1uEAE&uach_m=[UACH]&urlfix=1&adurl=

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 15 Jan 2022 16:42:38 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H2 200 jstag Show response
us-ads.openx.net/w/1.0/ Frame ADB9 49 KB
18 KB 94ms
19ms Script
text/javascript 35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://us-ads.openx.net/w/1.0/jstag
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/17.0.0 /
Resource Hash: 90ed2a642e0efcad0fa5dcd6b2d1212d5ef2279ec15c5a362f3d2a50703d6705

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 16:42:38 GMT
content-encoding: gzip
server: OXGW/17.0.0
vary: Accept-Encoding
p3p: CP="CUR ADM OUR NOR STA NID"
via: 1.1 google
cache-control: max-age=3600
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 18037
expires: Sat, 15 Jan 2022 17:42:38 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame ADB9 121 KB
37 KB 28ms
28ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

83a9ab434109bc8045cf6ccdd0365b0e53b6acf155438de7370ce67fd0facc79

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 16:42:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37895
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1641990413359145"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Sat, 15 Jan 2022 16:42:38 GMT

GET
H3 200 pubads_impl_2022011002.js Show response
securepubads.g.doubleclick.net/gpt/ Frame 9DDA 352 KB
118 KB 8ms
8ms Script
text/javascript 142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

sffe /

Resource Hash

e87e542e34fc3af7847f53ae5c258f82ff2d8739646ed8d249c9a54ede9f7128

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 16:33:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 556
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 121009
x-xss-protection: 0
last-modified: Mon, 10 Jan 2022 21:10:00 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Sun, 15 Jan 2023 16:33:22 GMT

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame D91B 0
0 44ms
43ms Fetch
image/gif 142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsu1VUzYrZ39REt1FqCLT9RNXY-eWYiX-UKl6Bg3KaSq4lB_MI77d7Y2D09EuDGtzExrI0VeBI2nfavB4zKmCthZN1xCyKw5s3MjfMPI3iXq7vCTRQPRbRnPLBGMjXflrT4oKEaQjGaMiIr4rgAeF0TF7WrwV18vJmajfKq83PYjZRC0EDc_VpQi6hReD-HIRfwqUoyoanzbPVzxFROfvi7Xj1XFfYfBUV-2xeCo7GG2H8l_n0HEdd0PmcEgfEvy1io779Fb04rcoSS5aKJR0RCLqJQ3TcMrRqmzNpBTvcPdtZuDK6zw_g&sai=AMfl-YR0bUWmRdWi8pyA7-nuYM0MWlm7idqOzS1vhtndCeBfyFdwiud5z4ADzzjeactLPQHM87iuwNIX-2uCGH02Jf4es0YLZ5YzaOuMqntNrkBqF6VMAy2s8_zb8XQX2VFo&sig=Cg0ArKJSzM4WQ1nrKWcBEAE&uach_m=[UACH]&urlfix=1&adurl=

Requested by

Host: 67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com
URL: https://67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 15 Jan 2022 16:42:38 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H2 200 app.js Show response
servedbyadbutler.com/ Frame D91B 55 KB
11 KB 71ms
8ms Script
application/javascript 116.202.46.88
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://servedbyadbutler.com/app.js
Requested by: Host: 67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com
URL: https://67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 116.202.46.88 Grunwald, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.88.46.202.116.clients.your-server.de
Software: nginx /
Resource Hash: cd3699476d188453684876ad11b8813508e578f49a02f4639fed3b3ce8a74a58

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 16:42:38 GMT
content-encoding: gzip
last-modified: Tue, 07 Dec 2021 18:28:59 GMT
server: nginx
etag: W/"61afa7eb-da59"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=1800
expires: Sat, 15 Jan 2022 17:12:38 GMT

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 15A2 17 KB
6 KB 20ms
19ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 16:42:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Sat, 15 Jan 2022 16:42:38 GMT

GET
H3 200 integrator.js Show response
adservice.google.de/adsid/ Frame B0BD 107 B
122 B 21ms
21ms Script
application/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 15 Jan 2022 16:42:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ Frame B0BD 107 B
122 B 17ms
16ms Script
application/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 15 Jan 2022 16:42:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame B0BD 21 KB
11 KB 213ms
213ms XHR
text/plain 142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=4023687952600743&correlator=1056680204925699&output=ldjh&impl=fif&eid=31064029%2C44757100&vrg=2022011002&ptt=17&sc=1&sfv=1-0-38&ecs=20220115&iu_parts=8095840%3A1024221%2C.2_7333.3_kusports.com_tier1&enc_prev_ius=%2F0%2F1&prev_iu_szs=728x90&cdm=67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com&bc=23&abxe=1&lmt=1614716223&dt=1642264958243&dlt=1642264957750&idt=470&ea=0&frm=24&biw=-12245933&bih=-12245933&isw=728&ish=90&oid=2&adxs=0&adys=0&adks=3357008152&ucis=6so6279rr0b4&ifi=1&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&nhd=1&url=https%3A%2F%2F67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-38%2Fhtml%2Fcontainer.html&ref=http%3A%2F%2Fwww2.kusports.com%2F&top=http%3A%2F%2Fwww2.kusports.com%2F&vis=1&scr_x=-12245933&scr_y=-12245933&psz=0x0&msz=728x0&ga_vid=968045111.1642264958&ga_sid=1642264958&ga_hid=1157109012&ga_fc=false&fws=256&ohw=0&nvt=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

cafe /

Resource Hash

a3abca0dca7d6be1b0d5b93787c9159041fccfbc5b4e79906e524bfc86c20b3c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 16:42:38 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10987
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
25dcde5c459e907cdba546ad0f24cb2c.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame B264 6 KB
3 KB 47ms
15ms Document
text/html 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://25dcde5c459e907cdba546ad0f24cb2c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
date: Sat, 15 Jan 2022 16:42:38 GMT
expires: Sun, 15 Jan 2023 16:42:38 GMT
cache-control: public, immutable, max-age=31536000
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 88b48cd9-e40a-4c18-8297-ecf618708ada.js Show response
d3plfjw9uod7ab.cloudfront.net/ad/ Frame ED57 110 KB
28 KB 17ms
11ms Script
application/javascript 2600:9000:224a:800:13:a391:88c0:21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d3plfjw9uod7ab.cloudfront.net/ad/88b48cd9-e40a-4c18-8297-ecf618708ada.js
Requested by: Host: 67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com
URL: https://67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:224a:800:13:a391:88c0:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 9a2f12de85cc2a2e68c9d341d85fbdb2baf94877b985f32ab8694218d6cc548f

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

x-amz-version-id: PIIOv2xieGBoNLT19H7cXReef4nzgGIf
content-encoding: br
last-modified: Fri, 14 Jan 2022 16:23:10 GMT
server: AmazonS3
age: 5005
etag: W/"7f03b76e1ed076cb7b21811f1160deb2"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 b85afd3a476827aadec8c79e8673c564.cloudfront.net (CloudFront)
cache-control: max-age=7200, public
date: Sat, 15 Jan 2022 15:19:14 GMT
x-amz-cf-pop: DUS51-P1
x-amz-cf-id: zRNc0e0Mp7Yv-OIG5bLsP_vENrqb2E2KIi4ZvNSC_0lZy3W60uVqgA==

GET
H3 200 ext.js Show response
tpc.googlesyndication.com/safeframe/1-0-38/js/ Frame ED57 22 KB
7 KB 17ms
13ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/safeframe/1-0-38/js/ext.js

Requested by

Host: 67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com
URL: https://67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0bcac89d72d5f0b2bef20f815406384ff05489e4294acee57409060c2eccffc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 13 Jan 2022 00:35:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 230825
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7022
x-xss-protection: 0
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Fri, 13 Jan 2023 00:35:33 GMT

GET
H3 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ Frame ED57 78 KB
26 KB 17ms
17ms Script
text/javascript 142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: 67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com
URL: https://67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

sffe /

Resource Hash

37ffaf519d628423e1ea7147364a8d2af10c3b63f3ec5a9b598f989aeaafd74c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 16:42:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 26979
x-xss-protection: 0
server: sffe
etag: "1102 / 708 of 1000 / last-modified: 1642206167"
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Sat, 15 Jan 2022 16:42:38 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame ED57 121 KB
37 KB 21ms
18ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com
URL: https://67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

83a9ab434109bc8045cf6ccdd0365b0e53b6acf155438de7370ce67fd0facc79

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 16:42:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37895
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1641990413359145"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Sat, 15 Jan 2022 16:42:38 GMT

GET
DATA 200
OK truncated
/ Frame D91B 213 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 0355efd1a34716545018779a7d13066a7ca7a182f76bfd520524238c0b967250

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 pubads_impl_2022011002.js Show response
securepubads.g.doubleclick.net/gpt/ Frame 19AD 352 KB
118 KB 8ms
7ms Script
text/javascript 142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

sffe /

Resource Hash

e87e542e34fc3af7847f53ae5c258f82ff2d8739646ed8d249c9a54ede9f7128

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 16:33:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 556
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 121009
x-xss-protection: 0
last-modified: Mon, 10 Jan 2022 21:10:00 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Sun, 15 Jan 2023 16:33:22 GMT

POST
H2 200 v2lvyuMZRYYsbz9eMbWfM2lGv8gxS372GWlHFhh1JCfvaTlIy8VMOOKeBg6ybS4GLLqC0Udag Show response
butterbulb.com/ 209 B
626 B 59ms
15ms Fetch
application/json 35.201.98.64
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://butterbulb.com/v2lvyuMZRYYsbz9eMbWfM2lGv8gxS372GWlHFhh1JCfvaTlIy8VMOOKeBg6ybS4GLLqC0Udag

Requested by

Host: quizzicalzephyr.com
URL: https://quizzicalzephyr.com/v2/0/toeMSvHmP_4fPO2bOZYY87iEN82c5Cz4OimLjg_YbLj670aB-v2iE843QETaIw-2wkW6Lth0vCX

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

35.201.98.64 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

64.98.201.35.bc.googleusercontent.com

Software

Resource Hash

10564425d840a36774b48e412d28180c56c9898a97ee1a0b5331bf1509e0f886

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; preload

Request headers

Referer: http://www2.kusports.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

strict-transport-security: max-age=15724800; preload
x-datacenter: gce-europe-west1
date: Sat, 15 Jan 2022 16:42:38 GMT
vary: Accept-Encoding, Origin
access-control-allow-methods: POST, OPTIONS
content-type: application/json; charset=utf-8
access-control-allow-origin: http://www2.kusports.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
x-hostname: fen-hoothoot-europe-west1-spot-d6q6
timing-allow-origin: *
access-control-allow-headers: DNT,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Cookie
content-length: 209
expires: Sat, 15 Jan 2022 16:42:37 GMT

GET
DATA 200
OK truncated
/ Frame 470B 212 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 1b6c17a3b927bad3498791c9741218e6d396ae8b1428ecd120ce21a54713bcf3

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 470B 0
0 42ms
41ms Fetch
image/gif 142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsuA9bxCWBRoKHwsVGcM-6a-yCPV42KC1mhmLGP36TsizhsIt0QogHfd55AY6sVWlqDs5xY3g832VMjhI8XE_m_648NcbtZMATipS2JAAsXyPk69PXevwqGuAgeiFcr3hpVk4Opr5u6-yXBKzvJAnXwpndlgve2AUqIIcwAAjr_W3SE875F2q5UvS0eaTJNvYe0AxTOgtqWRkTWWnL3EP0jCMRaUM22n7QK_iO9jLsj5utUy2tAoXUK_R18zwGOfZpEzffR2nyar78awpiO_IV0ZXqa3Ke1-Ep-v9nsLmU5a71tVn679sFf1X64wsNeR405oU3lYeUL4SaJkzTa_DPEi_yknxPdEGEI2&sig=Cg0ArKJSzG2ns4P2LqgsEAE&uach_m=[UACH]&urlfix=1&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 15 Jan 2022 16:42:38 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe
expires: Sat, 15 Jan 2022 16:42:38 GMT

GET
H3 200 integrator.js Show response
adservice.google.de/adsid/ Frame 9DDA 107 B
122 B 16ms
16ms Script
application/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 15 Jan 2022 16:42:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ Frame 9DDA 107 B
122 B 18ms
18ms Script
application/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 15 Jan 2022 16:42:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame 9DDA 18 KB
8 KB 314ms
313ms XHR
text/plain 142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=2825284009084563&correlator=256235489686911&output=ldjh&impl=fif&eid=21065724&vrg=2022011002&ptt=17&sc=1&sfv=1-0-38&ecs=20220115&iu_parts=8095840%3A1024221%2C.2_7336.4_kusports.com_tier1&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250&cdm=67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com&bc=23&abxe=1&lmt=1614716223&dt=1642264958353&dlt=1642264957794&idt=548&ea=0&frm=24&biw=-12245933&bih=-12245933&isw=300&ish=250&oid=2&adxs=0&adys=0&adks=1124330804&ucis=3hpf9wwufgka&ifi=1&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&nhd=1&url=https%3A%2F%2F67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-38%2Fhtml%2Fcontainer.html&ref=http%3A%2F%2Fwww2.kusports.com%2F&top=http%3A%2F%2Fwww2.kusports.com%2F&vis=1&scr_x=-12245933&scr_y=-12245933&psz=0x0&msz=300x0&ga_vid=1088878913.1642264958&ga_sid=1642264958&ga_hid=164682198&ga_fc=false&fws=256&ohw=0&nvt=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

cafe /

Resource Hash

8af6ac0e2b73706e19979bc1d6cdfa67c2e034432f4836b00f4fa641647441f9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 16:42:38 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8450
x-xss-protection: 0
google-lineitem-id: 4481581642
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138216220617
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
cfe830dcf8ef79dded614f38a7af9ab6.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame D81A 6 KB
3 KB 55ms
14ms Document
text/html 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cfe830dcf8ef79dded614f38a7af9ab6.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
date: Sat, 15 Jan 2022 16:42:38 GMT
expires: Sun, 15 Jan 2023 16:42:38 GMT
cache-control: public, immutable, max-age=31536000
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 202 88b48cd9-e40a-4c18-8297-ecf618708ada
analyticssystems.net/api/v2/ad/impression/ Frame ED57 0
585 B 147ms
146ms Image
text/plain 2606:4700:3032::ac43:cb69
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://analyticssystems.net/api/v2/ad/impression/88b48cd9-e40a-4c18-8297-ecf618708ada?rand=1051073
Requested by: Host: 67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com
URL: https://67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3032::ac43:cb69 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 16:42:38 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uvcqJK35Xj15x7lUHJ7u7g6trR8RfTwjw7Vd7QpqqjkyNBrpjAaa6Xd566XsOGfDDU9OcpJP0WriLO8euHIGddOSyNSKpcCJuggTujHeCA79KfOgIzNV0i5lBP9LIaQhDWmTkkBmGc2qH449IOwWnLmNvA%3D%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin: *
access-control-expose-headers
cache-control: max-age=0, private, must-revalidate
access-control-allow-credentials: true
cf-ray: 6ce08ef6183b59ef-MXP
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 0
x-request-id: Fsp_R1WbVofgvusAGnmS

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame FA7E 13 KB
5 KB 6ms
6ms Document
text/html 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-length: 5046
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 15 Jan 2022 15:58:07 GMT
expires: Sun, 15 Jan 2023 15:58:07 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
content-type: text/html
age: 2671
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 6E92 783 B
536 B 33ms
16ms Document
text/html 2a00:1450:4001:803::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

e1087102c327a7988a27261dc3224e2f495e504a4cb816e368d4b1ad5cc95e40

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-4JwEfUfX2viW0ROJNO6mSg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com/

Response headers

cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
expires: Sat, 15 Jan 2022 16:42:38 GMT
date: Sat, 15 Jan 2022 16:42:38 GMT
cache-control: private, max-age=300
content-type: text/html; charset=utf-8
content-security-policy: script-src 'report-sample' 'nonce-4JwEfUfX2viW0ROJNO6mSg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 514
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 acj Show response
us-ads.openx.net/w/1.0/ Frame ADB9 313 B
296 B 44ms
35ms Script
application/json 35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://us-ads.openx.net/w/1.0/acj?ai=9734695c-8184-4188-af3e-5fe7871f1d87&o=9161797242&callback=OX_9161797242&ju=https%3A//www2.kusports.com/&jr=http%3A//www2.kusports.com/&auid=537971111&dims=&adxy=&res=1600x1200x24&plg=pm&ch=UTF-8&tz=0&ws=300x250&ifr=1&mt=1
Requested by: Host: us-ads.openx.net
URL: https://us-ads.openx.net/w/1.0/jstag
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/17.0.0 /
Resource Hash: 31ff835e7ac68109c15d2d2082fb6009b3913df71bbd6c36b583a2bf2d47d5d5

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 15 Jan 2022 16:42:38 GMT
content-encoding: gzip
server: OXGW/17.0.0
vary: Accept, Accept-Encoding
p3p: CP="CUR ADM OUR NOR STA NID"
via: 1.1 google
cache-control: private, max-age=0, no-cache
content-type: application/json
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 276
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
DATA 200
OK truncated
/ Frame ADB9 216 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 84bdadf9f56d32a5c4ffaafe965d87c4b0eea9bc8a3f88eabc5b355ec7ee8001

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Content-Type: image/png

GET
BLOB 200
OK 613df2df-7460-4875-ab53-a4e5a556c1f8
https://67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com/ Frame ED57 789 B
0 Other
application/javascript

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com/613df2df-7460-4875-ab53-a4e5a556c1f8
Requested by: Host: 67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com
URL: https://67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 9bf39525e3f021f8ee678d293c118f8cd7bd2459d505ed31782655f907533fc1

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Content-Length: 789
Content-Type: application/javascript

GET
H2 200 ;ID=171437;size=300x250;setID=319770;type=async;domid=placement_319770_0;place=0;pid=595241;sw=1600;sh=1200;spr=1;rnd=595241;referrer=http%3A%2F%2Fwww2.kusports.com%2F;click=CLICK_MACRO_PLACEHOLDER Show response
servedbyadbutler.com/adserve/ Frame D91B 145 B
400 B 22ms
21ms Script
text/html 116.202.46.88
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://servedbyadbutler.com/adserve/;ID=171437;size=300x250;setID=319770;type=async;domid=placement_319770_0;place=0;pid=595241;sw=1600;sh=1200;spr=1;rnd=595241;referrer=http%3A%2F%2Fwww2.kusports.com%2F;click=CLICK_MACRO_PLACEHOLDER
Requested by: Host: servedbyadbutler.com
URL: https://servedbyadbutler.com/app.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 116.202.46.88 Grunwald, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.88.46.202.116.clients.your-server.de
Software: nginx /
Resource Hash: d1aec0f91475a9d3eefd64516c068aff487a6790a76ff4b8ac14a52e7a367ceb

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 15 Jan 2022 16:42:38 GMT
content-encoding: gzip
server: nginx
vary: Accept-Encoding
p3p: CP="ALL DSP COR CUR ADMi DEVi CONi TELi OUR BUS UNI PRE"
access-control-allow-origin: *
cache-control: post-check=0, pre-check=0
access-control-allow-credentials: true
content-type: text/html;charset=UTF-8
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H3 200 integrator.js Show response
adservice.google.de/adsid/ Frame 19AD 107 B
122 B 16ms
15ms Script
application/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 15 Jan 2022 16:42:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ Frame 19AD 107 B
122 B 16ms
16ms Script
application/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 15 Jan 2022 16:42:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame 19AD 17 KB
9 KB 260ms
260ms XHR
text/plain 142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=3517838423081183&correlator=2225305107585325&output=ldjh&impl=fif&vrg=2022011002&ptt=17&sc=1&sfv=1-0-38&ecs=20220115&iu_parts=8095840%3A1024221%2C.2_7332.3_kusports.com_tier1&enc_prev_ius=%2F0%2F1&prev_iu_szs=728x90&cdm=67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com&bc=23&abxe=1&lmt=1614716223&dt=1642264958421&dlt=1642264957929&idt=486&ea=0&frm=24&biw=-12245933&bih=-12245933&isw=728&ish=90&oid=2&adxs=0&adys=0&adks=3055526604&ucis=3svmcfoopff6&ifi=1&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&nhd=1&url=https%3A%2F%2F67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-38%2Fhtml%2Fcontainer.html&ref=http%3A%2F%2Fwww2.kusports.com%2F&top=http%3A%2F%2Fwww2.kusports.com%2F&vis=1&scr_x=-12245933&scr_y=-12245933&psz=0x0&msz=728x0&ga_vid=1235510795.1642264958&ga_sid=1642264958&ga_hid=1118697231&ga_fc=false&fws=256&ohw=0&nvt=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

cafe /

Resource Hash

9007b6344429eaef3ad7f86f9e1cfda5ba9030ab41e0ddf85c156ea1fcb81ea8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 16:42:38 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9198
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
33ecd2ec6bae0c8c308958ffacaf82e2.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 4546 6 KB
3 KB 62ms
12ms Document
text/html 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://33ecd2ec6bae0c8c308958ffacaf82e2.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
date: Sat, 15 Jan 2022 16:42:38 GMT
expires: Sun, 15 Jan 2023 16:42:38 GMT
cache-control: public, immutable, max-age=31536000
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame ED57 0
0 46ms
46ms Fetch
image/gif 142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsvJ4tSmVyCjcnX2fp0c_KuFUpMGMg6PkZDYo98U-Bkb9NLAa-wacQjPVYm13ERRGdedBxuCRU-0EAKY-6L2Fd1QFDdfuVS7Sc7IYJAat2c8e6Z6zd8nDCc6QhuY5TomK9v98jXUewfY3WTNLfI2E2KUvGWicgq2QeethfMIXOB106R7AYECpk3yjc0eCDruA7L4YbkJiqCvPjGGd5XrmXnI8VLzlk3v2riPt6OXD_yrqtAhS7OSHIqZeE2_wjFyfjjR5Esyg6vLoKAileU64jUaTXsPPoLvynqLpXbMeO5hMPKtl1VxNZhzjiw&sai=AMfl-YRnwpee0Dfudc_B1N3btF9fGmrRzYkGLS7yPeLQw2YErPWYWX6kS127FbHXi0dbHLES06yhMWecTv2DiAbJZUq-9M9NzCAZJ_Z5C3Hf5U7Z0_G5uRPRSo2JE3qfup8&sig=Cg0ArKJSzHEkSXApm_huEAE&uach_m=[UACH]&urlfix=1&adurl=

Requested by

Host: 67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com
URL: https://67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 15 Jan 2022 16:42:38 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
DATA 200
OK truncated
/ Frame ED57 215 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: df69dac4052804978b6814d0bd987cec839c9dc7394ae2060ed839aa6a52d118

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Content-Type: image/png

POST
H2 200 v2hry6U_RylcKZZwnyPj_eEEfgmD9PDeg3GnCP-DqQTmfjlYARqJKLSVdpbMEpMZkGMj6pLkH Show response
butterbulb.com/ 3 B
36 B 122ms
122ms Fetch
application/json 35.201.98.64
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://butterbulb.com/v2hry6U_RylcKZZwnyPj_eEEfgmD9PDeg3GnCP-DqQTmfjlYARqJKLSVdpbMEpMZkGMj6pLkH

Requested by

Host: quizzicalzephyr.com
URL: https://quizzicalzephyr.com/v2/0/toeMSvHmP_4fPO2bOZYY87iEN82c5Cz4OimLjg_YbLj670aB-v2iE843QETaIw-2wkW6Lth0vCX

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

35.201.98.64 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

64.98.201.35.bc.googleusercontent.com

Software

Resource Hash

ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; preload

Request headers

Referer: http://www2.kusports.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

strict-transport-security: max-age=15724800; preload
x-datacenter: gce-europe-west1
date: Sat, 15 Jan 2022 16:42:38 GMT
vary: Accept-Encoding, Origin
access-control-allow-methods: POST, OPTIONS
content-type: application/json; charset=utf-8
access-control-allow-origin: http://www2.kusports.com
access-control-allow-credentials: true
x-hostname: fen-hoothoot-europe-west1-spot-d6q6
timing-allow-origin: *
access-control-allow-headers: DNT,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Cookie
content-length: 3

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame B0BD 0
0 42ms
41ms Fetch
image/gif 142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsurWwZAh1MfZ6Pmyt6LBfqwhXnFoTSXGGfOAtQoftG-Jh7CZKcuRtKh_VZN9Yt5BRAYGdH_E5M8jnc4ZGJsIALw6viT8BKydnTDPqjdmud6xOA_5cLB3ap6-msZElsl-6yt3TB8WVSrY_upOQxIJmIyOMdjPslLv8QIHmJg4ShXVqh-oUxzxLagKsfDmlj6p_ZQ_kTeGBqY5Prkz8JJdB-yIB2KNY_0pcn-RQBFeHPplnWw9zahRe5susdGh0P8GH9ZUEaUY6KYC8dPo_yAGAEvrsq44D8XyrKEi0hLI7jN8Gb_YkU&sai=AMfl-YRy0M_00HxddUBaXqO6Qv9Ur88lpQe1dPSYcoxAgPwHiXlGf4xvZ-_p0drw_5mqIchACy19yWrEHQv_hjpawBuu7WLA7cJJwg1tIcROsDl3sUUpztkzczCSzSI40wo&sig=Cg0ArKJSzG8gRCqigAv3EAE&uach_m=[UACH]&urlfix=1&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 15 Jan 2022 16:42:38 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe
expires: Sat, 15 Jan 2022 16:42:38 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame B0BD 11 KB
9 KB 36ms
22ms XHR
application/json 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2022011002&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3d2b3fffa5b1fe3b03a587635e48da39e26cd768ebf5f5dece072eb5b5d19e88

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 15 Jan 2022 16:42:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8707
x-xss-protection: 0

GET
H3 200 pubads_impl_2022011002.js Show response
securepubads.g.doubleclick.net/gpt/ Frame ED57 352 KB
118 KB 6ms
6ms Script
text/javascript 142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

sffe /

Resource Hash

e87e542e34fc3af7847f53ae5c258f82ff2d8739646ed8d249c9a54ede9f7128

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 16:33:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 556
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 121009
x-xss-protection: 0
last-modified: Mon, 10 Jan 2022 21:10:00 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Sun, 15 Jan 2023 16:33:22 GMT

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame ADB9 0
0 43ms
43ms Fetch
image/gif 142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstqBhWvjxgnmPEGNyy1fPdihKxuKgkS3cJsKCIKtY7-q1fD8DY9kceSdDyEDKPeBfck1fM8xP_bmHG-tiu5n5UY0m1yvTWue7rOLPz0y17Dt1EmzrXK6p1k4GsvVdLl5MFyG8IQ_ZdgAHAD6SaxYXAGPGrm40qQ299oHa7cbS5Z7uctMwtAYXccbav3pjrCs2zvTDIgfNLDTJorQ8o9u-Dv6OoW74d22uUJhrkp3A6iWUb8kXficRAFIE1d71AVo1UvviTvSqsV7Oam2-a1oPCs2jxporvg7H1B0HPT6meHeOGgI2FwHDJXdfaiwIWaZDvmCjkLzvmxU63evd_YtF9vm4n-sI9JuDVm&sig=Cg0ArKJSzGctl-G__vpbEAE&uach_m=[UACH]&urlfix=1&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 15 Jan 2022 16:42:38 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe
expires: Sat, 15 Jan 2022 16:42:38 GMT

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 881A 0
0 48ms
45ms Fetch
image/gif 142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjssU0TOoi9LnBDeb9tCUDdMjbLHLV_6W5QeJgLuuve57O9DLCevn-M780_JKGaOLX1CQHsGo8-RR_pbT6z93JJdXvouHcq05bgj2No1SXK4TR5mrIJGq1EeaT2C_QfmpUBc4tUqxjWRxCsLuW1G_Uftqcr6LY9dGTz21pPLI7bmuFgxy4a0sWWpRFVocUMc96BmmlelTrXXkUf_aFeETDY4tYFWQ78MLk7iFC7hyPMPpmYJrRdOOPl-iEh7IpJNwo2TIy7-KeiwwoGgoJzsv_kTspMlu0uh3OrmjeUoSTbSTTTTYQqevWXEd&sai=AMfl-YQuviY-devKYhOqDUZ_ocPY39Ri2P0_F-MSVF6J_rHFneDmOVIMSEj97yF1j0swX-BAkwhoWsrefWUsKSwcVEWhDp-Js2EXSKZBGR4mR_tFkOpDGCH0vakEfIn9wCUw&sig=Cg0ArKJSzFh4FHgwSWGCEAE&uach_m=[UACH]&urlfix=1&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 15 Jan 2022 16:42:38 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe
expires: Sat, 15 Jan 2022 16:42:38 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 881A 11 KB
9 KB 26ms
23ms XHR
application/json 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2022011002&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d2f127ffead84f297d77d3a2de78b71caedf1d75deded6c5a2d070e8f6f00349

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 15 Jan 2022 16:42:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8686
x-xss-protection: 0

GET
H3 200 container.html Show response
25dcde5c459e907cdba546ad0f24cb2c.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 21ED 6 KB
3 KB 7ms
7ms Document
text/html 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://25dcde5c459e907cdba546ad0f24cb2c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 15 Jan 2022 16:42:38 GMT
expires: Sun, 15 Jan 2023 16:42:38 GMT
cache-control: public, immutable, max-age=31536000
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
content-type: text/html
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame D91B 0
0 42ms
42ms Fetch
image/gif 142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstKkHAFbcyT240asTEpbK2rqQlruAnwTgoucvWHy3wbYe-JLbGheduxkM4JxAqNvHxaCeriu91fm2ARt9c6KDX1r0H0SiiQDpBlYwUHivNiG_zQJr69kovvYbxY0y-psPjFwjeb_6fFnIUFAirYI6UIjnAyy4fxLIx8-k7tnau4c9B1ef-iT91eGdyAXV4Yrtbe3hWt_Y09PNs9Y4iXY9VL0NHWQ9a7zZyCgZBdz8Ri-apqvjEOF2ZRlEW_Hj18xgEKb6QT00jcK_INBlJ4zzqkENu9F4AB73Q9CCkPWUuyPzIMuzSGcj-E&sai=AMfl-YSAjVxgghtpcA8v7Hgigafe4JaSZ2YUzK1rZ8-h6v52WOgRdnrKPm_VmVkkgaH9B_5TVn7g0qTAZ7skiGVAzMqjGtC-icjJGUc1nDSSXp7axp_1m02bg2XFs9NDZWsH&sig=Cg0ArKJSzK2XGhq1U21LEAE&uach_m=[UACH]&urlfix=1&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 15 Jan 2022 16:42:38 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe
expires: Sat, 15 Jan 2022 16:42:38 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 6E92 0
0 121ms
104ms Image
text/html 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_2022011002&jk=3583619120050620&rc=
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=???+Buy+Hydroxychloroquine+Over+the+Counter:+??+www.HealsPills.store+??+Uses,+Dosage+???Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 9DDA 0
0 41ms
41ms Fetch
image/gif 142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsumlS1yVUetjZFsfdM5mTblEr-FaSlqLXXrPTKT9ouq5x-bGWUrvp-jD_UvCQJ8paAENBMkZn-jY7JoRkp6R4E7YLqgXqQ4Pr1g_BZqfXPITetQwutT-KNLguSU1akDcwTBL13PbaUj4nqTQrXyIiYMQa4RAJEmdHVMVKaLFoO5g6NKkyO4FNO3RQzCLnuqZhI_9BOG7YiGaoZc4a3omvcxzmRaWTfZI03aFwc3lxE7l82H4AJUJ7JCUJ_-RSE5b0sWvqX8NXVwViWnyKli8KZ-4-CcwemEn3wUm2XabuEPw3bSC87VaBYw&sai=AMfl-YSX6yCG2_AoQjLzNYNR1DIggh7_gb_hYfhIDoZkXl2aKS-43MzTWGs4OqWREH6UW9lwWWRGSbpXWg-sVxOzKTHIOLfBsm_v7VawEDH3hkWSyx_sn5WhjonUyUJe7FKq&sig=Cg0ArKJSzHJIsT9159VAEAE&uach_m=[UACH]&urlfix=1&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 15 Jan 2022 16:42:38 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe
expires: Sat, 15 Jan 2022 16:42:38 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 9DDA 11 KB
8 KB 21ms
20ms XHR
application/json 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2022011002&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

6cd8d9c2759fe62dbaaab15f39ccbb7e2a9d4bdefd3d47c023688d1e37127b8f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 15 Jan 2022 16:42:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8647
x-xss-protection: 0

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame B0BD 17 KB
6 KB 24ms
23ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 16:42:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Sat, 15 Jan 2022 16:42:38 GMT

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 881A 17 KB
6 KB 48ms
47ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 16:42:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Sat, 15 Jan 2022 16:42:38 GMT

GET
H3 200 u1NYxsmA8ZVAu2sVzPZBh4qj2FMOPiJd8uWeqwBcPdE.js Show response
pagead2.googlesyndication.com/bg/ Frame FA7E 35 KB
13 KB 8ms
8ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/u1NYxsmA8ZVAu2sVzPZBh4qj2FMOPiJd8uWeqwBcPdE.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bb5358c6c980f19540bb6b15ccf641878aa3d8530e3e225df2e59eab005c3dd1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 13:59:20 GMT
content-encoding: br
x-content-type-options: nosniff
age: 9798
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13653
x-xss-protection: 0
last-modified: Thu, 06 Jan 2022 13:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sun, 15 Jan 2023 13:59:20 GMT

GET
H3 200 integrator.js Show response
adservice.google.de/adsid/ Frame ED57 107 B
122 B 15ms
15ms Script
application/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 15 Jan 2022 16:42:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ Frame ED57 107 B
122 B 16ms
16ms Script
application/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 15 Jan 2022 16:42:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame ED57 18 KB
10 KB 230ms
229ms XHR
text/plain 142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=3265979252748335&correlator=211074029487094&output=ldjh&impl=fif&eid=31061815%2C31062930&vrg=2022011002&ptt=17&sc=1&sfv=1-0-38&ecs=20220115&iu_parts=8095840%3A1024221%2C.2_7334.7_kusports.com_tier1&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x600&cdm=67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com&bc=23&abxe=1&lmt=1614716223&dt=1642264958525&dlt=1642264958035&idt=483&ea=0&frm=24&biw=-12245933&bih=-12245933&isw=300&ish=600&oid=2&adxs=0&adys=0&adks=880606352&ucis=902c3yrajiwy&ifi=1&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&nhd=1&url=https%3A%2F%2F67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-38%2Fhtml%2Fcontainer.html&ref=http%3A%2F%2Fwww2.kusports.com%2F&top=http%3A%2F%2Fwww2.kusports.com%2F&vis=1&scr_x=-12245933&scr_y=-12245933&psz=0x0&msz=300x0&ga_vid=1027342796.1642264959&ga_sid=1642264959&ga_hid=2122855147&ga_fc=false&fws=256&ohw=0&nvt=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

cafe /

Resource Hash

1b7cc87e90c723b2e33c3af49b4efc516f4b56515324e5753b1d9990d19e313c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 16:42:38 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10070
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
d8d1f6c6b5c9aafb9667b3c0a66b013c.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame B51D 6 KB
3 KB 31ms
16ms Document
text/html 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://d8d1f6c6b5c9aafb9667b3c0a66b013c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
date: Sat, 15 Jan 2022 16:42:38 GMT
expires: Sun, 15 Jan 2023 16:42:38 GMT
cache-control: public, immutable, max-age=31536000
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame B896 624 B
657 B 19ms
17ms Document
text/html 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhCn9EsYvNLFlQEwAQ&v=APEucNVCOgKm39xxnmCSXP24_j3K-TiJMkoWWdq35T8a63jrUhHTkChgAhawkLq6IaiOWVarnhBnobSxUP2QYY8R9EvtaZtSked3uGlotURz00lwgrPo0mL9ZJjeBlbzTObJOz4-4_yQ0I_V_Hr1pwx1AtNOiZHlWxtgXmIosEwBRkqw213WzrLIHBYtjC7EMA14sp4so7IDrxUKb6a-W1oBRTtokxPk1g

Requested by

Host: 25dcde5c459e907cdba546ad0f24cb2c.safeframe.googlesyndication.com
URL: https://25dcde5c459e907cdba546ad0f24cb2c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://25dcde5c459e907cdba546ad0f24cb2c.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Sat, 15 Jan 2022 16:42:38 GMT
server: cafe
cache-control: private
content-length: 276
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Sat, 15 Jan 2022 16:42:38 GMT

GET
H2 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 21ED 23 KB
14 KB 40ms
38ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-BdNk5dzYiQMfwWtt7IgYZVVRK5VaP_Sa7mOogWJhz4Cw7TUz5XiHdMTqc9KsrQJ9aT2Nl9SxlpDW42VvgEX6e_oM4qgR_0wdo8C3RLmktkZxr50qhVuSe0nLNgbD9LcHBTCoF7cy0Lnsp4WlTTRwUlk1-hAg&cry=1&dbm_d=AKAmf-BAuNGFKz-d5xxa7OOPI__d5TrFfla2-5qXitapUFCemOM-JJr8tAlz1ILTNdF1OjtwLE6cY-PQHmZE0MxozZPR5W09gVSNTFbKCXYvo6s8Brk8rG4078NzBhccbo56Tp-vDa9CSjZQ1GJoKbhunAZRAFWaTg6PhIJ0XBBDOi4dyEanhMyI5cHd9RbTWBG46wjsYvnIYfomVyRI1iDrTnV94a19KqmaCPYeI2x29n2WgkCZPZgu860Q1VmAh6JiZUSJwoTbE0jGwle2cabaKoIGfC1sOWIAV4Y5Bnfd5ppwutbcSfjtgZ8HEXvwGrajGAqYKpQIXFoRrfAtQvey7oohnEvCSVWr-WglkuIHGhh9r0YHYFHY8Pwyhx_2kUGW6QQW8povwgcb89NZJqnANoni4QnsjLU9gL6E47PpUibhwQ0449uYSLmZQWf0tjS__6h3Ld0ByIenA2dnbQKAeh-VZ6bjNprBA_oUbo2E2Xc8kO3E1phuPung1qhWr0Cf-0z9PCs03pe3x63IcJ_iHRLs51ebE7GrfeBP7LaayVfj6xyElVJrBxrWrpl1CT8JAk9_q4An-uIWcOMb2BlS3Z0Q02C9f-HUc4OAwuMmVcQD6j5MXS4bUUJ1sA0rtOxDEkPPEVniPVNPRAON4w8V43_whlncGJ2Ayh8iFyibR1FvycQDmDXZwooiHZb86hd8aBUGvVBTqPyEHtPNGq9E55QgU2aP3WArFMv10zPWm5IXp-h7CNepQKFVN9tidMBinlexCfDlQV_8KokKpxE4rO0nvQWZcNjz7FwfIukg0bRYBM09VdeJToQgedxqKwbwOE52qU-seMedtJm1vZl4wGVTGpuUKAsHOaRycS9jsDHpLgqwKFXix8rfkQGG9vXJfVNFf2uuJuUq5YzzgR89LNRrsFuPUROc0W-J5YpqaLVvS58HoiqEL3W9TjDaHoVyWK5MW-YadGf3FdI8WFkGge-2Y8EElPhHPIL_KdvGayQxeJ55eEfExcXJy_x4mvmOHSSlg8vvdvT1R2MdZgEBjlBy4nHEluFNXFjDsGg31jklD3i1wGV_YhD-ZNB8KSCwwlgBJ0acWjJDibeO0we2cm2jTRavFqpKMWSdwzrEimJK1MNR7xvunxYswGFYr5OIVQQxqP61iD2aRrf10e38M_ENjYZqZmC5FDpf1Ppys6Vm_hfxCaBsIy1e_l8Q7I7KUrcP7cUvoyX7uUt6cfWH-IewLH9mFSx33wnHIrnJfcZ-N_N37hIrmmofHMtSVHv48WOIGHeqNhaKIH3e_dowdpkcmZMCxF7fSeiRTAPNMR9esJLqLXNdXCwHWRIUKuzyF_OKpS5HI5veXu4BQxSfNQy8ILVX9oMshr2irsUHFmFnRSPUxySjA9IFFjd46tiy6j0tWqPWgZs3h3NC_-vQm3DHd9H12lryZOwSFt7KMu8biCHGDRYPxe4vlx679xOUnYYiBxO5IHthGRV19XHk88a5tiG4UK_Y1Zeq7F1TgISVllMmMaW5duqyt4XcdLFJoXbAMDlj3gCbc-Z0O_k1GWVx5uAeLm9iKMn-T0qkvuWwlYaawbq-xkuW-GVrE-tphmmbpvCZCV-xCDIOnltJjvgkmsSqZCxRNZpSwZJOB3Kp1fEaY_iWHLVdKfWDreH9HyKkAPlXWucQ2tvqMJTKoVlFIKMJRBTHskR0wneqsX3uSQa_jCcGSGqZkMwwTAW7KvJM6c9GtkYV19jEHHsOUzpLGFUPWB5F-nZTySALD034EqR6qA1phsKUoso1PvaqNFuhPTqUVH3_dhVEDztPYdYsXovZrYm2b6XmmIupqrHBXTMWLRKAFEXWAUhqhvR-ZBT235xjSfBOOMKKDQygAGRBj3HtVF-21l2M5yklGSKE3FPfbojzU2XMi96QdZDuaL0IEzWo8xZ9F2FuZwy1sjvPx3JrMUf9Yl0x7snLzyqTNs7wNSMVtsaGwdhecl5qCvx3RIWcKck606S0sd8tye1wCFB3lYPGCwb_D2O8a5NyDF2sZGwpTHZ0WHmmGftb55UmKAEZaCxCn2YYN_4B8C-zoTS3TZa2RKVekF9i1LT7wsJVHhl3w6-yFWQf886ONFW3iUO-C3AI5q4fh7DCuEXPQjRGNNVf8_YxfP25WfElsdU1h6-EwCAlKc42blOIp2MWIuKGUVuA9pydWe8aZwLS0xyH5MFrMqx75TJPz1Xv3OE6Q6zeAzR6CETiZLfIX5h8OYVxAzis1Rpjcy6UX44iK8PaQaLSHAtW1HX4cgtO08OxTqWPedMDcNrDfrUYxD6AA6wBh9aNZWjGjh8xpxCRIqM7N7Ru61wdqBh9R6lRCYRlgwgSSLIaAycoQZN1UjDQcf_SR2JA4LN2hm8ppB2k5am-r3i369u8xQCiyS-lexLx7ysBBqXLCakwohGrtRqFYjf9GQNUnSCfK8Ng63DIqJnAOp_8ywL82ntN4t9CD-uw863IU4TOCsNOmih5QF9eXUwulRq2NbhgI09kO9eMbUXDIEIezMbu8ZRbgsObChFdhJzzkn8_FuhwXKTNVqKshhWKuB5K2qnDFmoGDMrm_w0j-fjnlOUyTFFb2k64nos4MQliLRSIbs-4KWtlXkz3t3o8KFFWSS1MQSRvFDMyFMbZTGHDdE00gtZgBGUPUPwIMdnCZy1QZCbkUbBSUmoxvKr-a8-gEAXqcXTrTLoUVPtBqG6TTPxc3KO3WmOy-SCURyci8KQu6artQcBrtb8GncatLkxjhHb4Xk9V_BerBw2hmnD5a6SejtTtOB7Kyv0TcbZrPLEUXzR8JN2woNpuEjHAwvIq2I3gvZyorAu9dWtjpLZL7cxP8E8PCyf-GsWOd-fSwkjZVgHmLRTFjOqpbtlYcGIDiuWm-6GCdOV-v1vMSWM5V1zSYo3FqNxDUCKnrJ9m3ydH2Nov2I0k-9RHENuXN7-M70VNu8VHUoC3JKZ1ZOKlh8kKE2YAKv0m7hS6tEsIiDL6qhJeidLNJmkmp1tGPSBmPsHdmkRB4yThjCFq6b_V2PMZY5UvhvWjZpevIdvSjWOZv_z6qOl8JXCyrz3lNaf1a9nAJPP0l9qWcP3hpyzHRY7mwAnhet_9nvZF5tScMqqOElD8CVSpmtB-gu-r&cid=CAASEuRo4fpBlHM-kwKl-AYOM9_ubg&rfl=2%2Chttp%253A%252F%252Fwww2.kusports.com%242%2Chttps%253A%252F%252F67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com%252F%240

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f2b63a1dea6d4c784a4a74fa9329dfb432ab0bbf894806a1ed222f288dc2bb74

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://25dcde5c459e907cdba546ad0f24cb2c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 15 Jan 2022 16:42:38 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14012
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 21ED 42 B
63 B 42ms
41ms Image
image/gif 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-CV5T-EX2nPGd2Jdqg2Usk5_2dXhaHxaSIPGnb6I1PjJGCQicUAXFwtA2z0dQZ2du2WkMPmtRTIeu2A9MSJRVc0jUdaoODUTCy-O9YJgxjf2pZRlaY

Requested by

Host: 25dcde5c459e907cdba546ad0f24cb2c.safeframe.googlesyndication.com
URL: https://25dcde5c459e907cdba546ad0f24cb2c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://25dcde5c459e907cdba546ad0f24cb2c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 15 Jan 2022 16:42:38 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220112/r20110914/client/ Frame 21ED 2 KB
1 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220112/r20110914/client/window_focus_fy2019.js

Requested by

Host: 25dcde5c459e907cdba546ad0f24cb2c.safeframe.googlesyndication.com
URL: https://25dcde5c459e907cdba546ad0f24cb2c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

144822a1b5316a4e9a06ffbf5802b8c1cbbc0a3f230d81b98f362f7fe4c128c8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://25dcde5c459e907cdba546ad0f24cb2c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 16:40:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 150
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1205
x-xss-protection: 0
server: cafe
etag: 18074202747124231361
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 29 Jan 2022 16:40:08 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 21ED 121 KB
37 KB 22ms
21ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 25dcde5c459e907cdba546ad0f24cb2c.safeframe.googlesyndication.com
URL: https://25dcde5c459e907cdba546ad0f24cb2c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

83a9ab434109bc8045cf6ccdd0365b0e53b6acf155438de7370ce67fd0facc79

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://25dcde5c459e907cdba546ad0f24cb2c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 16:42:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37895
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1641990413359145"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Sat, 15 Jan 2022 16:42:38 GMT

GET
H3 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220112/r20110914/client/ Frame 21ED 15 KB
6 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220112/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: 25dcde5c459e907cdba546ad0f24cb2c.safeframe.googlesyndication.com
URL: https://25dcde5c459e907cdba546ad0f24cb2c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

043cafc63f50b2ba976044bc7dfba6ccb1a1878d527f883cb81984c5585cd9da

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://25dcde5c459e907cdba546ad0f24cb2c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 16:41:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 60
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6473
x-xss-protection: 0
server: cafe
etag: 5124071950003790117
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 29 Jan 2022 16:41:38 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame 21ED 0
0 15ms
14ms Image
text/html 2a00:1450:4001:803::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaSPbycRm7fqOX61jd0U55rTdzmR76s4uww7FXeJYpKwtzVt_H2QXbCBFb3fBqrZTl2s74Qsce6lBkzzhTOtTqVPBNLxBw
Requested by: Host: 25dcde5c459e907cdba546ad0f24cb2c.safeframe.googlesyndication.com
URL: https://25dcde5c459e907cdba546ad0f24cb2c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:803::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://25dcde5c459e907cdba546ad0f24cb2c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 9DDA 17 KB
6 KB 20ms
20ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 16:42:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Sat, 15 Jan 2022 16:42:38 GMT

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 19AD 0
0 42ms
41ms Fetch
image/gif 142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsuUFEDmK9maCmyKw1zVFA0Z4H4MvQ8_x6g5lUemFkWvfmWM43cLleeUtXbp4MwMpXsY9btccRNzqFezOZCAXBu7EKdG22Kz4eVf6nXIOzjZD-paSngzveVfFvJltGbBhOYlthmfbnVr_S01B09NRpolNvbnoN_cnESdsD7vjWhuqZcBGXrU-deV5nSkYHiZl_NyVQYo4fUFC9wm3DnkxZGuE_2YXV3_JWHRjyhO1HN2I0vcqARuG-XFeJby_emOP-2RpE1pKI1nZ00FIpyRIzyhgFPgDJEIdMubM6-PaVDqpFWUij0&sai=AMfl-YQe5V7f6NzEJtzsXMNlSdhSR9qQTkr0q3O21jQ9ybNdkJUiv6aYD0WFLRfHRxPleODXVDsGGTp7J5rvhcAx9mvD1qdLJ2QUgRm0u5FLiz4ecrLDZXsT7el3el34KEM&sig=Cg0ArKJSzMBYGIff_AP2EAE&uach_m=[UACH]&urlfix=1&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 15 Jan 2022 16:42:38 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe
expires: Sat, 15 Jan 2022 16:42:38 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 19AD 11 KB
9 KB 23ms
23ms XHR
application/json 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2022011002&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

42ce94d58edb33b89bfdcd8ba702b888811a5865ef1291fb559a3008e40e764f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 15 Jan 2022 16:42:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8692
x-xss-protection: 0

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 8FCA 13 KB
5 KB 8ms
7ms Document
text/html 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-length: 5046
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 15 Jan 2022 15:58:07 GMT
expires: Sun, 15 Jan 2023 15:58:07 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
content-type: text/html
age: 2671
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 57E1 783 B
535 B 16ms
16ms Document
text/html 2a00:1450:4001:803::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

2e3e1801402e8d430bc4b31a4514fb490acb2f6cfa6e02922f3e32b91cf65702

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-92jSfzs8mWSAEAidbPkMIQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com/

Response headers

cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
expires: Sat, 15 Jan 2022 16:42:38 GMT
date: Sat, 15 Jan 2022 16:42:38 GMT
cache-control: private, max-age=300
content-type: text/html; charset=utf-8
content-security-policy: script-src 'report-sample' 'nonce-92jSfzs8mWSAEAidbPkMIQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 513
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 19AD 17 KB
6 KB 26ms
26ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 16:42:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Sat, 15 Jan 2022 16:42:38 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame B896
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESENq-HCGYG357z2xFeouTTD4&google_cver=1
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESENq-HCGYG357z2xFeouTTD4&google_cver=1&C=1

43 B
894 B

26ms
24ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESENq-HCGYG357z2xFeouTTD4&google_cver=1&C=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhCn9EsYvNLFlQEwAQ&v=APEucNVCOgKm39xxnmCSXP24_j3K-TiJMkoWWdq35T8a63jrUhHTkChgAhawkLq6IaiOWVarnhBnobSxUP2QYY8R9EvtaZtSked3uGlotURz00lwgrPo0mL9ZJjeBlbzTObJOz4-4_yQ0I_V_Hr1pwx1AtNOiZHlWxtgXmIosEwBRkqw213WzrLIHBYtjC7EMA14sp4so7IDrxUKb6a-W1oBRTtokxPk1g
Protocol: HTTP/1.1
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 15 Jan 2022 16:42:38 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Sat, 15 Jan 2022 16:42:38 GMT

Redirect headers

Pragma: no-cache
Date: Sat, 15 Jan 2022 16:42:38 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESENq-HCGYG357z2xFeouTTD4&google_cver=1&C=1
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: text/html; charset=iso-8859-1
Content-Length: 308
Expires: Sat, 15 Jan 2022 16:42:38 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame B896
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YeL5flf2Q4Nzqfisvhje4wAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESENq-HCGYG357z2xFeouTTD4&google_cver=1

43 B
894 B

26ms
23ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESENq-HCGYG357z2xFeouTTD4&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhCn9EsYvNLFlQEwAQ&v=APEucNVCOgKm39xxnmCSXP24_j3K-TiJMkoWWdq35T8a63jrUhHTkChgAhawkLq6IaiOWVarnhBnobSxUP2QYY8R9EvtaZtSked3uGlotURz00lwgrPo0mL9ZJjeBlbzTObJOz4-4_yQ0I_V_Hr1pwx1AtNOiZHlWxtgXmIosEwBRkqw213WzrLIHBYtjC7EMA14sp4so7IDrxUKb6a-W1oBRTtokxPk1g
Protocol: HTTP/1.1
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 15 Jan 2022 16:42:38 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Sat, 15 Jan 2022 16:42:38 GMT

Redirect headers

pragma: no-cache
date: Sat, 15 Jan 2022 16:42:38 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESENq-HCGYG357z2xFeouTTD4&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

bounce
ib.adnxs.com/ Frame B896
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEMHl2iuBw0w06iZdnAuE6g8&google_cver=1
https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEMHl2iuBw0w06iZdnAuE6g8%26google_cver%3D1

43 B
1 KB

26ms
26ms

Image
image/gif

37.252.173.22
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEMHl2iuBw0w06iZdnAuE6g8%26google_cver%3D1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhCn9EsYvNLFlQEwAQ&v=APEucNVCOgKm39xxnmCSXP24_j3K-TiJMkoWWdq35T8a63jrUhHTkChgAhawkLq6IaiOWVarnhBnobSxUP2QYY8R9EvtaZtSked3uGlotURz00lwgrPo0mL9ZJjeBlbzTObJOz4-4_yQ0I_V_Hr1pwx1AtNOiZHlWxtgXmIosEwBRkqw213WzrLIHBYtjC7EMA14sp4so7IDrxUKb6a-W1oBRTtokxPk1g

Protocol

HTTP/1.1

Server

37.252.173.22 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

536.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 15 Jan 2022 16:42:38 GMT
X-Proxy-Origin: 217.64.151.10; 217.64.151.10; 536.bm-nginx-loadbalancer.mgmt.fra1; adnxs.com
AN-X-Request-Uuid: 3b94b776-908e-4917-9aaa-536e27e456ca
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Sat, 15 Jan 2022 16:42:38 GMT
X-Proxy-Origin: 217.64.151.10; 217.64.151.10; 536.bm-nginx-loadbalancer.mgmt.fra1; adnxs.com
AN-X-Request-Uuid: b8a53bd0-b8d1-4436-856c-222e9c2f387f
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEMHl2iuBw0w06iZdnAuE6g8%26google_cver%3D1
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame B896
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MTg3ODcxNTY5OTIxMzU3OTcwMg%3D%3D

170 B
188 B

34ms
18ms

Image
image/png

142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MTg3ODcxNTY5OTIxMzU3OTcwMg%3D%3D

Requested by

Protocol

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 15 Jan 2022 16:42:38 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Sat, 15 Jan 2022 16:42:38 GMT
X-Proxy-Origin: 217.64.151.10; 217.64.151.10; 536.bm-nginx-loadbalancer.mgmt.fra1; adnxs.com
AN-X-Request-Uuid: 1c3047cf-65ca-480b-ad4d-086e44d01a82
Server: nginx/1.17.9
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MTg3ODcxNTY5OTIxMzU3OTcwMg%3D%3D
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 6979 13 KB
5 KB 7ms
6ms Document
text/html 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-length: 5046
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 15 Jan 2022 15:58:07 GMT
expires: Sun, 15 Jan 2023 15:58:07 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
content-type: text/html
age: 2671
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 80CB 783 B
535 B 18ms
18ms Document
text/html 2a00:1450:4001:803::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

6d8ae9e0e062c9946e6ce5d393c62cfbfd8387fea278cb791c542859da49db53

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-e9Ji2IkGeFaCPIqW3XmJkg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com/

Response headers

cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
expires: Sat, 15 Jan 2022 16:42:38 GMT
date: Sat, 15 Jan 2022 16:42:38 GMT
cache-control: private, max-age=300
content-type: text/html; charset=utf-8
content-security-policy: script-src 'report-sample' 'nonce-e9Ji2IkGeFaCPIqW3XmJkg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 513
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame FCF7 13 KB
5 KB 6ms
6ms Document
text/html 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-length: 5046
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 15 Jan 2022 15:58:07 GMT
expires: Sun, 15 Jan 2023 15:58:07 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
content-type: text/html
age: 2671
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 4786 783 B
535 B 18ms
17ms Document
text/html 2a00:1450:4001:803::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

cc88a459c96b55c389c733b8ebcc53547e29de93f6a06e67e895c03557da5b17

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-1GNyI3+dNUW4e6+NrpU5lA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com/

Response headers

cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
expires: Sat, 15 Jan 2022 16:42:38 GMT
date: Sat, 15 Jan 2022 16:42:38 GMT
cache-control: private, max-age=300
content-type: text/html; charset=utf-8
content-security-policy: script-src 'report-sample' 'nonce-1GNyI3+dNUW4e6+NrpU5lA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 513
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20220112/r20110914/ Frame 21ED 24 KB
9 KB 10ms
9ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20220112/r20110914/abg_lite.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-BdNk5dzYiQMfwWtt7IgYZVVRK5VaP_Sa7mOogWJhz4Cw7TUz5XiHdMTqc9KsrQJ9aT2Nl9SxlpDW42VvgEX6e_oM4qgR_0wdo8C3RLmktkZxr50qhVuSe0nLNgbD9LcHBTCoF7cy0Lnsp4WlTTRwUlk1-hAg&cry=1&dbm_d=AKAmf-BAuNGFKz-d5xxa7OOPI__d5TrFfla2-5qXitapUFCemOM-JJr8tAlz1ILTNdF1OjtwLE6cY-PQHmZE0MxozZPR5W09gVSNTFbKCXYvo6s8Brk8rG4078NzBhccbo56Tp-vDa9CSjZQ1GJoKbhunAZRAFWaTg6PhIJ0XBBDOi4dyEanhMyI5cHd9RbTWBG46wjsYvnIYfomVyRI1iDrTnV94a19KqmaCPYeI2x29n2WgkCZPZgu860Q1VmAh6JiZUSJwoTbE0jGwle2cabaKoIGfC1sOWIAV4Y5Bnfd5ppwutbcSfjtgZ8HEXvwGrajGAqYKpQIXFoRrfAtQvey7oohnEvCSVWr-WglkuIHGhh9r0YHYFHY8Pwyhx_2kUGW6QQW8povwgcb89NZJqnANoni4QnsjLU9gL6E47PpUibhwQ0449uYSLmZQWf0tjS__6h3Ld0ByIenA2dnbQKAeh-VZ6bjNprBA_oUbo2E2Xc8kO3E1phuPung1qhWr0Cf-0z9PCs03pe3x63IcJ_iHRLs51ebE7GrfeBP7LaayVfj6xyElVJrBxrWrpl1CT8JAk9_q4An-uIWcOMb2BlS3Z0Q02C9f-HUc4OAwuMmVcQD6j5MXS4bUUJ1sA0rtOxDEkPPEVniPVNPRAON4w8V43_whlncGJ2Ayh8iFyibR1FvycQDmDXZwooiHZb86hd8aBUGvVBTqPyEHtPNGq9E55QgU2aP3WArFMv10zPWm5IXp-h7CNepQKFVN9tidMBinlexCfDlQV_8KokKpxE4rO0nvQWZcNjz7FwfIukg0bRYBM09VdeJToQgedxqKwbwOE52qU-seMedtJm1vZl4wGVTGpuUKAsHOaRycS9jsDHpLgqwKFXix8rfkQGG9vXJfVNFf2uuJuUq5YzzgR89LNRrsFuPUROc0W-J5YpqaLVvS58HoiqEL3W9TjDaHoVyWK5MW-YadGf3FdI8WFkGge-2Y8EElPhHPIL_KdvGayQxeJ55eEfExcXJy_x4mvmOHSSlg8vvdvT1R2MdZgEBjlBy4nHEluFNXFjDsGg31jklD3i1wGV_YhD-ZNB8KSCwwlgBJ0acWjJDibeO0we2cm2jTRavFqpKMWSdwzrEimJK1MNR7xvunxYswGFYr5OIVQQxqP61iD2aRrf10e38M_ENjYZqZmC5FDpf1Ppys6Vm_hfxCaBsIy1e_l8Q7I7KUrcP7cUvoyX7uUt6cfWH-IewLH9mFSx33wnHIrnJfcZ-N_N37hIrmmofHMtSVHv48WOIGHeqNhaKIH3e_dowdpkcmZMCxF7fSeiRTAPNMR9esJLqLXNdXCwHWRIUKuzyF_OKpS5HI5veXu4BQxSfNQy8ILVX9oMshr2irsUHFmFnRSPUxySjA9IFFjd46tiy6j0tWqPWgZs3h3NC_-vQm3DHd9H12lryZOwSFt7KMu8biCHGDRYPxe4vlx679xOUnYYiBxO5IHthGRV19XHk88a5tiG4UK_Y1Zeq7F1TgISVllMmMaW5duqyt4XcdLFJoXbAMDlj3gCbc-Z0O_k1GWVx5uAeLm9iKMn-T0qkvuWwlYaawbq-xkuW-GVrE-tphmmbpvCZCV-xCDIOnltJjvgkmsSqZCxRNZpSwZJOB3Kp1fEaY_iWHLVdKfWDreH9HyKkAPlXWucQ2tvqMJTKoVlFIKMJRBTHskR0wneqsX3uSQa_jCcGSGqZkMwwTAW7KvJM6c9GtkYV19jEHHsOUzpLGFUPWB5F-nZTySALD034EqR6qA1phsKUoso1PvaqNFuhPTqUVH3_dhVEDztPYdYsXovZrYm2b6XmmIupqrHBXTMWLRKAFEXWAUhqhvR-ZBT235xjSfBOOMKKDQygAGRBj3HtVF-21l2M5yklGSKE3FPfbojzU2XMi96QdZDuaL0IEzWo8xZ9F2FuZwy1sjvPx3JrMUf9Yl0x7snLzyqTNs7wNSMVtsaGwdhecl5qCvx3RIWcKck606S0sd8tye1wCFB3lYPGCwb_D2O8a5NyDF2sZGwpTHZ0WHmmGftb55UmKAEZaCxCn2YYN_4B8C-zoTS3TZa2RKVekF9i1LT7wsJVHhl3w6-yFWQf886ONFW3iUO-C3AI5q4fh7DCuEXPQjRGNNVf8_YxfP25WfElsdU1h6-EwCAlKc42blOIp2MWIuKGUVuA9pydWe8aZwLS0xyH5MFrMqx75TJPz1Xv3OE6Q6zeAzR6CETiZLfIX5h8OYVxAzis1Rpjcy6UX44iK8PaQaLSHAtW1HX4cgtO08OxTqWPedMDcNrDfrUYxD6AA6wBh9aNZWjGjh8xpxCRIqM7N7Ru61wdqBh9R6lRCYRlgwgSSLIaAycoQZN1UjDQcf_SR2JA4LN2hm8ppB2k5am-r3i369u8xQCiyS-lexLx7ysBBqXLCakwohGrtRqFYjf9GQNUnSCfK8Ng63DIqJnAOp_8ywL82ntN4t9CD-uw863IU4TOCsNOmih5QF9eXUwulRq2NbhgI09kO9eMbUXDIEIezMbu8ZRbgsObChFdhJzzkn8_FuhwXKTNVqKshhWKuB5K2qnDFmoGDMrm_w0j-fjnlOUyTFFb2k64nos4MQliLRSIbs-4KWtlXkz3t3o8KFFWSS1MQSRvFDMyFMbZTGHDdE00gtZgBGUPUPwIMdnCZy1QZCbkUbBSUmoxvKr-a8-gEAXqcXTrTLoUVPtBqG6TTPxc3KO3WmOy-SCURyci8KQu6artQcBrtb8GncatLkxjhHb4Xk9V_BerBw2hmnD5a6SejtTtOB7Kyv0TcbZrPLEUXzR8JN2woNpuEjHAwvIq2I3gvZyorAu9dWtjpLZL7cxP8E8PCyf-GsWOd-fSwkjZVgHmLRTFjOqpbtlYcGIDiuWm-6GCdOV-v1vMSWM5V1zSYo3FqNxDUCKnrJ9m3ydH2Nov2I0k-9RHENuXN7-M70VNu8VHUoC3JKZ1ZOKlh8kKE2YAKv0m7hS6tEsIiDL6qhJeidLNJmkmp1tGPSBmPsHdmkRB4yThjCFq6b_V2PMZY5UvhvWjZpevIdvSjWOZv_z6qOl8JXCyrz3lNaf1a9nAJPP0l9qWcP3hpyzHRY7mwAnhet_9nvZF5tScMqqOElD8CVSpmtB-gu-r&cid=CAASEuRo4fpBlHM-kwKl-AYOM9_ubg&rfl=2%2Chttp%253A%252F%252Fwww2.kusports.com%242%2Chttps%253A%252F%252F67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com%252F%240

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b7c55617f84818daf4c70cc10ada26ddd5b582b1d1c2c2829b3220487a6db477

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://25dcde5c459e907cdba546ad0f24cb2c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 16:41:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 50
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9544
x-xss-protection: 0
server: cafe
etag: 6261108306223674270
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 29 Jan 2022 16:41:48 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 21ED 41 KB
15 KB 10ms
10ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://25dcde5c459e907cdba546ad0f24cb2c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 13 Jan 2022 08:14:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 203316
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 13 Jan 2023 08:14:02 GMT

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame ED57 0
0 46ms
43ms Fetch
image/gif 142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsvxHXIkqEuxQUJBiFgOYmw9XapuKCjI-Oz0s-WPrBAWhjUa-g3SRsKK5jixMHwRzxB1LIclXhr3KiNyp8VkWxXWCCYEHt2STXIqBOcCmAwJ2Lie1nBxivaB7GG0uIPNOiXBnpQfoY6dhgUds3UBVWvmuTLIPfZRIPtHGwPuVKCCffaW9vzK_aMw9txs9QVBEeF6IAfjZFj2uCBqDH8_2CZR3gZSs-6q63sxQlSAIV48IEmuUu3EtKnVVuC5g5GTU3AQ9Q1fI_tnFxkCSxJfDsdIVsOqLnti7YsKqKwayCpGiMFK1XVFzysBTF0tfA&sai=AMfl-YRdsyLksQV8n4Kd5OuZZ00U7G1GCK23jUrAguaNe8bKKKXCuYqnqchM5A_pr8Op-jd2n76y1_T8D0Yy94ekj3jC9wz8pjc4O2aLfokaF2HqBBAnRmq1fey9FP8blgM&sig=Cg0ArKJSzO4bI-X65Bn3EAE&uach_m=[UACH]&urlfix=1&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 15 Jan 2022 16:42:38 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe
expires: Sat, 15 Jan 2022 16:42:38 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame ED57 11 KB
9 KB 25ms
23ms XHR
application/json 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2022011002&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

38fe7bc179411a21e7b887aa40936b9a91c2d7c4b2fbe96123eb2d74b1aac550

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 15 Jan 2022 16:42:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8731
x-xss-protection: 0

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame B1E5 13 KB
5 KB 9ms
7ms Document
text/html 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-length: 5046
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 15 Jan 2022 15:58:07 GMT
expires: Sun, 15 Jan 2023 15:58:07 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
content-type: text/html
age: 2671
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 77DA 783 B
535 B 20ms
18ms Document
text/html 2a00:1450:4001:803::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

52efe93557a8da45c0507f11779762e3e1c465841b260ef9a52f00fdcc2fdac5

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-DSWaX8WM4W7RCr68gMDhow' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com/

Response headers

cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
expires: Sat, 15 Jan 2022 16:42:38 GMT
date: Sat, 15 Jan 2022 16:42:38 GMT
cache-control: private, max-age=300
content-type: text/html; charset=utf-8
content-security-policy: script-src 'report-sample' 'nonce-DSWaX8WM4W7RCr68gMDhow' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 513
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame BCA9 0
0 47ms
46ms Fetch
image/gif 142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsuzjX4Y5vOcQy_-xOdVl_SkhPcPrEHGKyZufZRKeVLMM9BsF72mhn4sMxlAU7mONuVPu1Cy6sf1H5X0TUKgf3Y-LPlSe5GveuVRpvdFHG6WcgOrfrhapHNoQtrXOaZU3BY1uqbunWr_bJVfvn5YDncjVdktkE830eqKpNPJA3f66RlTtiyi12rhTxwOdl0KTv6rD_7JC9b-SGvfYl0KEAkVrZPfnia7uY463nnQd1hhxcb9vadOVOL2dcGEWLeycGX-rXiUPh5Mkh07ipGyDP1Xo_1gNx1l9iC-r4uKIW4F3oQB00udhbSKghUC8jPe1a-2fKx0Tk4vKYGGKw0aPEVI9zZnw1AzWg&sig=Cg0ArKJSzOIwSTvOjFoJEAE&uach_m=[UACH]&urlfix=1&adurl=

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 15 Jan 2022 16:42:38 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3 200 jstag Show response
us-ads.openx.net/w/1.0/ Frame BCA9 49 KB
18 KB 21ms
20ms Script
text/javascript 35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://us-ads.openx.net/w/1.0/jstag
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/17.0.0 /
Resource Hash: 40cfc91f88c05869fd54ee57f3c6ef55ed2abc39e82acf3c0deecc2b84753cf7

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 16:42:38 GMT
content-encoding: gzip
server: OXGW/17.0.0
vary: Accept-Encoding
p3p: CP="CUR ADM OUR NOR STA NID"
via: 1.1 google
cache-control: max-age=3600
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 18039
expires: Sat, 15 Jan 2022 17:42:38 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame BCA9 121 KB
37 KB 23ms
22ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

83a9ab434109bc8045cf6ccdd0365b0e53b6acf155438de7370ce67fd0facc79

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 16:42:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37895
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1641990413359145"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Sat, 15 Jan 2022 16:42:38 GMT

GET
H/1.1 200
OK 4727t6qteyti Show response
hal9000.redintelligence.net/zone/ Frame 21ED 11 KB
4 KB 50ms
13ms Script
text/html 46.4.10.49
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal9000.redintelligence.net/zone/4727t6qteyti?subid=&gdpr=-1&gdpr_consent=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DC3zjGfvniYeeWEoiP9u8PwvuXyAi1zfmDV_zYuavlDPAuEAEgiIC_FGCV6vuBlAfIAQmpAjTwtOc1J7M-qAMBqgT6AU_Qj_89smv0J7N2OZGKrqiyt9sK_9gnoEo5n-Qr9R4PieVduJsuQDNN77VEDAbKwz22UabW1bypBKQhQOpc5kaXBo4XFIvbkrtVAJYsAzdAwODIaJrylUl0Og7rxklKMtypuxwOxBGj_MUP2KY1ndSMf2iC7v5obDrHJobf_qrwiOpKDGaw6hG8Tu4_otktcT3RqVe6EuI1fPcWLtw3mgnVh4q3hLrN17O3cSo3vmXnRvbJx2X8DetPYVfS74I6wltheiW9OGxlpXgg0l5Eg3IzktBA3ouqvNI9gVn8f1-Su60D_M8lSNET5V5TWqjwN7p1drAE84cQPLTABKqd_L7PAeAEA5AGAaAGTYAH6-foXqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB9XJG6gHpr4bqAfz0RuoB5bYG6gHqpuxAqgH35-xAtgHANIICQiA4YAQEAEYHYAKA5gLAcgLAYAMAbAT3JnrDdATANgTA9gUAdAVAYAXAQ%26ae%3D1%26num%3D1%26cid%3DCAASEuRo4fpBlHM-kwKl-AYOM9_ubg%26sig%3DAOD64_2jTtixKpOXgzvDlOZlRkMD3LQaWA%26client%3Dca-pub-6163857992956964%26dbm_c%3DAKAmf-D1rHP1GoDNaOZvi_55aI1I3PjJcr79Eb-J9hN8ALP0g2O2xDlpFSVTK-rwwXz1nkdXQOl7WdwtA9_i0fz5Oq803isQGnyfGI3P1lYAjhG-mq0ZOIdY94sy9BwGJD1eH4QhtX0Kl9-KPTiKJ9TV-Y4ap0C15A%26cry%3D1%26dbm_d%3DAKAmf-AK-PW1n0j3kO1NxlIc9usmcV5NA6a9vmuEMhKy0hvsuE7WklQ0HQl48y-h9exGVsBr14AQBp3xk3LTEig-t-FJrtkDChdVcHOlboG-JvZ6AHIEp7Mi2KPnZHHO_VV236L69tpg8i7EHU3eZcOoBR-3n5hXrDWckHgxUKtXoksvVy93NfYfVF34w1nsyKxnhThpgRNUF4crh1c8umR73oLl7_4mwHyNkYcN1A6RXQQ3ljR3XtZRI265ndBZsw8mdstzFyso2QZesCWisAGgou5D-VX2E1xmbWeGGzxBgdlZ1E5JVFj6exAjT_i3UVbXBnGswm1WpoaraZ-LMhVZj4q3i0BWDKvF88RKpOMHxN8QFwwE-uVw5htzmJYw9ekGScL9vryrfwQQBJpzERv7ZWEUIMe-Rw%26adurl%3D
Requested by: Host: 25dcde5c459e907cdba546ad0f24cb2c.safeframe.googlesyndication.com
URL: https://25dcde5c459e907cdba546ad0f24cb2c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 46.4.10.49 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.49.10.4.46.clients.your-server.de
Software: Apache /
Resource Hash: 3028694a780e57d324928a57c538b6efe26d9e19bb51aa92b0e5972d772d41ad

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://25dcde5c459e907cdba546ad0f24cb2c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Sat, 15 Jan 2022 16:42:38 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 3867
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8

GET
H3 200 container.html Show response
33ecd2ec6bae0c8c308958ffacaf82e2.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame EDF7 6 KB
3 KB 8ms
8ms Document
text/html 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://33ecd2ec6bae0c8c308958ffacaf82e2.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 15 Jan 2022 16:42:38 GMT
expires: Sun, 15 Jan 2023 16:42:38 GMT
cache-control: public, immutable, max-age=31536000
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
content-type: text/html
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 57E1 0
0 41ms
41ms Image
text/html 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_2022011002&jk=4023687952600743&rc=
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=???+Buy+Hydroxychloroquine+Over+the+Counter:+??+www.HealsPills.store+??+Uses,+Dosage+???Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 1458 22 KB
8 KB 8ms
6ms Document
text/html 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://25dcde5c459e907cdba546ad0f24cb2c.safeframe.googlesyndication.com/

Response headers

cross-origin-resource-policy: cross-origin
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
timing-allow-origin: *
content-length: 8395
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 13 Jan 2022 08:14:03 GMT
expires: Fri, 13 Jan 2023 08:14:03 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
content-type: text/html
age: 203315
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame ED57 17 KB
6 KB 18ms
17ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 16:42:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Sat, 15 Jan 2022 16:42:38 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 80CB 0
0 46ms
42ms Image
text/html 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_2022011002&jk=2521070408998936&rc=
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=???+Buy+Hydroxychloroquine+Over+the+Counter:+??+www.HealsPills.store+??+Uses,+Dosage+???Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 4786 0
0 45ms
43ms Image
text/html 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_2022011002&jk=2825284009084563&rc=
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=???+Buy+Hydroxychloroquine+Over+the+Counter:+??+www.HealsPills.store+??+Uses,+Dosage+???Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

GET
H3 200 acj Show response
us-ads.openx.net/w/1.0/ Frame BCA9 283 B
263 B 20ms
19ms Script
application/json 35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://us-ads.openx.net/w/1.0/acj?ai=3b4f33d9-3f17-4206-b139-90401a7c0566&o=6216849199&callback=OX_6216849199&ju=https%3A//www2.kusports.com/&jr=http%3A//www2.kusports.com/&auid=537971110&dims=&adxy=&res=1600x1200x24&plg=pm&ch=UTF-8&tz=0&ws=300x250&ifr=1&mt=1&nl=32&ul=69
Requested by: Host: us-ads.openx.net
URL: https://us-ads.openx.net/w/1.0/jstag
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/17.0.0 /
Resource Hash: c3da9a49e6aedd09313f7ab8713f3d4759ca1f4cf3bd07c61c4bce4032425195

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 15 Jan 2022 16:42:38 GMT
content-encoding: gzip
server: OXGW/17.0.0
vary: Accept, Accept-Encoding
p3p: CP="CUR ADM OUR NOR STA NID"
via: 1.1 google
cache-control: private, max-age=0, no-cache
content-type: application/json
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 243
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H3 200 u1NYxsmA8ZVAu2sVzPZBh4qj2FMOPiJd8uWeqwBcPdE.js Show response
pagead2.googlesyndication.com/bg/ Frame 8FCA 35 KB
13 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/u1NYxsmA8ZVAu2sVzPZBh4qj2FMOPiJd8uWeqwBcPdE.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bb5358c6c980f19540bb6b15ccf641878aa3d8530e3e225df2e59eab005c3dd1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 13:59:20 GMT
content-encoding: br
x-content-type-options: nosniff
age: 9798
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13653
x-xss-protection: 0
last-modified: Thu, 06 Jan 2022 13:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sun, 15 Jan 2023 13:59:20 GMT

GET
DATA 200
OK truncated
/ Frame BCA9 207 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 15a08671da62aefdbb2aa984e3d43bb9ab6928171eea0b54a1d9f2921f7ea3be

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 container.html Show response
d8d1f6c6b5c9aafb9667b3c0a66b013c.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 0406 6 KB
3 KB 8ms
7ms Document
text/html 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://d8d1f6c6b5c9aafb9667b3c0a66b013c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 15 Jan 2022 16:42:38 GMT
expires: Sun, 15 Jan 2023 16:42:38 GMT
cache-control: public, immutable, max-age=31536000
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
content-type: text/html
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H/1.1

200
OK

request.php Show response
hal90006.redintelligence.net/ Frame 21ED
Redirect Chain

https://hal90006.redintelligence.net/request.php?zone=4727t6qteyti&nw=20&renderingType=javascript&namespace=564d890d5a&subid=&uid=6c45d125ad12aa03&screenSize=1600x1200&screenSizeAvail=1600x1200&cli...
https://hal90006.redintelligence.net/request.php?zone=4727t6qteyti&nw=20&renderingType=javascript&namespace=564d890d5a&subid=&uid=6c45d125ad12aa03&screenSize=1600x1200&screenSizeAvail=1600x1200&cli...

2 KB
1 KB

128ms
107ms

Script
application/x-javascript

138.201.63.164
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal90006.redintelligence.net/request.php?zone=4727t6qteyti&nw=20&renderingType=javascript&namespace=564d890d5a&subid=&uid=6c45d125ad12aa03&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DC3zjGfvniYeeWEoiP9u8PwvuXyAi1zfmDV_zYuavlDPAuEAEgiIC_FGCV6vuBlAfIAQmpAjTwtOc1J7M-qAMBqgT6AU_Qj_89smv0J7N2OZGKrqiyt9sK_9gnoEo5n-Qr9R4PieVduJsuQDNN77VEDAbKwz22UabW1bypBKQhQOpc5kaXBo4XFIvbkrtVAJYsAzdAwODIaJrylUl0Og7rxklKMtypuxwOxBGj_MUP2KY1ndSMf2iC7v5obDrHJobf_qrwiOpKDGaw6hG8Tu4_otktcT3RqVe6EuI1fPcWLtw3mgnVh4q3hLrN17O3cSo3vmXnRvbJx2X8DetPYVfS74I6wltheiW9OGxlpXgg0l5Eg3IzktBA3ouqvNI9gVn8f1-Su60D_M8lSNET5V5TWqjwN7p1drAE84cQPLTABKqd_L7PAeAEA5AGAaAGTYAH6-foXqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB9XJG6gHpr4bqAfz0RuoB5bYG6gHqpuxAqgH35-xAtgHANIICQiA4YAQEAEYHYAKA5gLAcgLAYAMAbAT3JnrDdATANgTA9gUAdAVAYAXAQ%26ae%3D1%26num%3D1%26cid%3DCAASEuRo4fpBlHM-kwKl-AYOM9_ubg%26sig%3DAOD64_2jTtixKpOXgzvDlOZlRkMD3LQaWA%26client%3Dca-pub-6163857992956964%26dbm_c%3DAKAmf-D1rHP1GoDNaOZvi_55aI1I3PjJcr79Eb-J9hN8ALP0g2O2xDlpFSVTK-rwwXz1nkdXQOl7WdwtA9_i0fz5Oq803isQGnyfGI3P1lYAjhG-mq0ZOIdY94sy9BwGJD1eH4QhtX0Kl9-KPTiKJ9TV-Y4ap0C15A%26cry%3D1%26dbm_d%3DAKAmf-AK-PW1n0j3kO1NxlIc9usmcV5NA6a9vmuEMhKy0hvsuE7WklQ0HQl48y-h9exGVsBr14AQBp3xk3LTEig-t-FJrtkDChdVcHOlboG-JvZ6AHIEp7Mi2KPnZHHO_VV236L69tpg8i7EHU3eZcOoBR-3n5hXrDWckHgxUKtXoksvVy93NfYfVF34w1nsyKxnhThpgRNUF4crh1c8umR73oLl7_4mwHyNkYcN1A6RXQQ3ljR3XtZRI265ndBZsw8mdstzFyso2QZesCWisAGgou5D-VX2E1xmbWeGGzxBgdlZ1E5JVFj6exAjT_i3UVbXBnGswm1WpoaraZ-LMhVZj4q3i0BWDKvF88RKpOMHxN8QFwwE-uVw5htzmJYw9ekGScL9vryrfwQQBJpzERv7ZWEUIMe-Rw%26adurl%3D&documentReferer=https%3A%2F%2F67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com%2F&ancestorOrigins=https%3A%2F%2F67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com%2Chttp%3A%2F%2Fwww2.kusports.com&random=5935810419535&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1
Requested by: Host: 25dcde5c459e907cdba546ad0f24cb2c.safeframe.googlesyndication.com
URL: https://25dcde5c459e907cdba546ad0f24cb2c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Protocol: HTTP/1.1
Server: 138.201.63.164 Hockenheim, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.164.63.201.138.clients.your-server.de
Software: Apache /
Resource Hash: 7decb91d26de912a2db195e3dde0a1620befa9a8ce0edba505c74fb4268202ff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://25dcde5c459e907cdba546ad0f24cb2c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 15 Jan 2022 16:42:38 GMT
Content-Encoding: gzip
Server: Apache
Vary: Accept-Encoding
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
X-NEORY-SubId: 12622400155036900710612011840006
Connection: close
Content-Type: application/x-javascript; charset=utf-8
Content-Length: 893
Expires: Sat, 15 Jan 2022 16:42:38 +0100

Redirect headers

Pragma: no-cache
Date: Sat, 15 Jan 2022 16:42:38 GMT
Server: Apache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Location: request.php?zone=4727t6qteyti&nw=20&renderingType=javascript&namespace=564d890d5a&subid=&uid=6c45d125ad12aa03&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DC3zjGfvniYeeWEoiP9u8PwvuXyAi1zfmDV_zYuavlDPAuEAEgiIC_FGCV6vuBlAfIAQmpAjTwtOc1J7M-qAMBqgT6AU_Qj_89smv0J7N2OZGKrqiyt9sK_9gnoEo5n-Qr9R4PieVduJsuQDNN77VEDAbKwz22UabW1bypBKQhQOpc5kaXBo4XFIvbkrtVAJYsAzdAwODIaJrylUl0Og7rxklKMtypuxwOxBGj_MUP2KY1ndSMf2iC7v5obDrHJobf_qrwiOpKDGaw6hG8Tu4_otktcT3RqVe6EuI1fPcWLtw3mgnVh4q3hLrN17O3cSo3vmXnRvbJx2X8DetPYVfS74I6wltheiW9OGxlpXgg0l5Eg3IzktBA3ouqvNI9gVn8f1-Su60D_M8lSNET5V5TWqjwN7p1drAE84cQPLTABKqd_L7PAeAEA5AGAaAGTYAH6-foXqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB9XJG6gHpr4bqAfz0RuoB5bYG6gHqpuxAqgH35-xAtgHANIICQiA4YAQEAEYHYAKA5gLAcgLAYAMAbAT3JnrDdATANgTA9gUAdAVAYAXAQ%26ae%3D1%26num%3D1%26cid%3DCAASEuRo4fpBlHM-kwKl-AYOM9_ubg%26sig%3DAOD64_2jTtixKpOXgzvDlOZlRkMD3LQaWA%26client%3Dca-pub-6163857992956964%26dbm_c%3DAKAmf-D1rHP1GoDNaOZvi_55aI1I3PjJcr79Eb-J9hN8ALP0g2O2xDlpFSVTK-rwwXz1nkdXQOl7WdwtA9_i0fz5Oq803isQGnyfGI3P1lYAjhG-mq0ZOIdY94sy9BwGJD1eH4QhtX0Kl9-KPTiKJ9TV-Y4ap0C15A%26cry%3D1%26dbm_d%3DAKAmf-AK-PW1n0j3kO1NxlIc9usmcV5NA6a9vmuEMhKy0hvsuE7WklQ0HQl48y-h9exGVsBr14AQBp3xk3LTEig-t-FJrtkDChdVcHOlboG-JvZ6AHIEp7Mi2KPnZHHO_VV236L69tpg8i7EHU3eZcOoBR-3n5hXrDWckHgxUKtXoksvVy93NfYfVF34w1nsyKxnhThpgRNUF4crh1c8umR73oLl7_4mwHyNkYcN1A6RXQQ3ljR3XtZRI265ndBZsw8mdstzFyso2QZesCWisAGgou5D-VX2E1xmbWeGGzxBgdlZ1E5JVFj6exAjT_i3UVbXBnGswm1WpoaraZ-LMhVZj4q3i0BWDKvF88RKpOMHxN8QFwwE-uVw5htzmJYw9ekGScL9vryrfwQQBJpzERv7ZWEUIMe-Rw%26adurl%3D&documentReferer=https%3A%2F%2F67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com%2F&ancestorOrigins=https%3A%2F%2F67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com%2Chttp%3A%2F%2Fwww2.kusports.com&random=5935810419535&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 0
Expires: Sat, 15 Jan 2022 16:42:38 +0100

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 80D1 640 B
316 B 19ms
18ms Document
text/html 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CPDkLxDD7WMY9P2hvQEwAQ&v=APEucNWnK_gwsbdbTYRgWPscq6Pkzpkr7gUJgC909eWtHPDpq0MBfqOFCfW9XZYrXkNrt6QjULl9H9a0ghTzbBcfw8KQWY3iWNSt_D21VRkSU-5ExXJw2K96MHQUyF5ifArr_x4a15GEWh1oxOMU-zUYTY6JRUn-Sc3K4rur08SWz0C3LbQqvPZPZW2r_psQiVwnFPWu4rXipf0f1MDrDLBXxj1A_zfh1w

Requested by

Host: 33ecd2ec6bae0c8c308958ffacaf82e2.safeframe.googlesyndication.com
URL: https://33ecd2ec6bae0c8c308958ffacaf82e2.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d0e8821e889280c3b745b859e6b3971924723a4562bac65ba8aa0fe44bfc83b2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://33ecd2ec6bae0c8c308958ffacaf82e2.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Sat, 15 Jan 2022 16:42:38 GMT
server: cafe
cache-control: private
content-length: 295
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame EDF7 71 KB
30 KB 49ms
48ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-BrlhF0WO_3XV-RzIBPCFs15RY_l7oqNRn1HKRDISD_b0PDBRGDrHispNQQYAL4Eu2gTV9qxKMns3aujCZ_J8WwspvYHm43d2iMKGRdqlLAoPvNwlBqRK_TNC64jlw7kW0euSA3RnNUj1Gc11nm_xjKjfkwmg&dbm_d=AKAmf-B03X6ZR9urZUMmEOveSEGJJRHWpo30hhouJmHWBjDKuWNNW74lnhLV4Lz0JAVS3-WTpwgdbPrOLIB1ZsiOD6jylahZNxcDWZqd0-Y_YVL0VLLmPac37-bSjpf132T2qHqqLQokcrFmsiI2PBRepNGkLQm5ZQC7JooK9EMHzzjXBtd6CfQfnFA1DuDto0eGbA34rWFss65MYtuPycI3lUk6Kx7w288Z-2anNkq8d4hQ3HrJMVWCAziUc2qqhP2GpFp-i0pzDO9KuP8ljEVIVQVHDDlASYpDfa_klaCPsay5nwq4fC-b2yIw4K_plMTap9_68y3ldEF404WK09hKvxvLHu4HLG2NMqstOdpUVqzzsvYa3ZsBe4WrN3KGvuPPgFna9rKK1PVNcIP0f_4X2JWeEY5dMDp9VwnECQHIQ-q4Cj0_iagfHnI40zUP0kROsEH2lEvFncjaUBK830SZScYhy04YpEieupId0EPKOyviH1U7of6NfpY_nt--wR7B7buujUQl7zee2b5sn1_1T_Izofy3_qOerdun0Up1mVx4ZdJliqnXCucme-2lj8u6QzyG6065SMTTda8lfqjLUZ9ub7b8TncwC1ZU6ZUnXQz_vtyi-RhG0eg4ZPck70KDWY_5rt7K03Clrx904IaN5QbO-usszolnJlMB62jdnbBPxbtrz7I_SpyKH-Nppn7L5R1HEFyxvNKkYlhTmcRjLCpb1qlTjVxr7mOgKB96VIzFleGHoX_gAfQVLKUk8Vcxg72mKAYwQn6BgVZPnwzbnr4PtBKcjfOW7OaYoMPQRnxpFDFGd4nNhYQBtzXn9ihD5vVM1Eap2OHaOEphEFgAy3LpnBwgTRIjD5iDEF0hU_YzADCoQdDHJ5xoeXL14YOraHR9_yHQeWGmq642nJqzLoWJ4QD4s_Fgsh-0RJ876iBTHldK9Q7tdFJ3MH2RX9VLwckbrmj2flOxeI_yWPrl2I-sTpMXWxmxNxbncwEWoUTPYefg2hz2t4wSettA5a2luKz7eiGm-XYlf0bOKlV27gSJsmSsncYrzzsgsMMA9lAdCQDz5LJm9JxX3I-oOAjUAyTBa8g8LnVQb-Q8QUfw7yA_-GUCGtGXJYfrxtHUvnBFrJ4Or6dq6VsLuK-oGVD0DWGWEDUyqk9wxHS5S-LMTVi94aYqKjUPJkIAtKBRHM71cXyeqjBXIevIZ0yV4uBK99HLAqhrYwjD6XzBFQ5j0XoyPCi8-H4jgn1CwpJihyHPtv3y7AWa4LWFwqoJYsYD2h_7GHNwllIY-lcjH0omhEIp0S5bm11Sy29boTuHvS_zdXUmk4Y9lkWm8oHw2b_9u_GqRqRseydsMgu71dUPnZfi17mypcccdYvAmKYICEJNRB1labWLMwKrndjZ-vLkgW8WDXRIJBiywv17NlIA9jIk7djNwQH9pw4c9BitrbutEsSrKsTzSdcwxLHoJnSiOkvQMqE59446bJEkSS31tNBOtC88qMfYNa-ZQhmdiV1-BAPkXvTw66Klro6dnf55J48jmrJo-YIkA1cZQmBbfWUAtqAnV2g8FbqIeUKyvvIM37OxtEgnmA6TRr-O82PpGOZkF5eMc-iAMi1ObwZVm6WxJAqx6mi0lQ2zZkzlt8VWuN0uY2mEQ88_oHF75LkKJFPMKdrP1Z4uDmnWevj7cWXg34uiFq2sKNmR2ivV67Esys-Tv0UZS5KfyFjCz509lzn4yRYoSK-Mq1LQhgOtCimoUXu89zfYgBdwH1ZQqFLwztvmC1WaR-k37v2D1u2bUjzkZKhEGPSsR2YOpculLFhC0-SdvZh9j4O-B3lIKrDe9FFe28qWT5Y9jo9owdXGvfDVCLUlSG6oOKwUzpcd73TyFu7gSkE0d3v4rAIykIVwMIRTpHgIpZgb_ppv-zC2smHcmLRoxamXQ0s1rAateKr1G1WrqzpvcjvQ6bGAF4cDoCxKc-UKO_VwrMtwMzUvJXjl-H2Ck3d_YkKu3HM1FHnApNmwVeY6lxlnm1Rh2ZqWIYIt5KXcwopFRzKwpoR1VDLAJfxIfPZEBMSSpxAfu8Am2S4yH52QmntcyBDVQQ4FWRmeHfrkIw-WJ6UaabW73oN-m7BipIy4uIveWJhInunCXpj4NSbQhGZQAQky2VnurUjshsEmYK3APtfliuqGSOT37sBdWZGLX8U43HMMpvwh4gpzMFEx1fxQMW2YfDBrjJSWXTLItCfeeeBr-wS9CJhXBukwIu68bkgD_tv9GuUDv4LAM_7gXAamZ5iXPwQFnp1ttWskEWMS3U1gP-BLhsR9pzwLXPJ3bRKoejYNnzWzmMXiADg82P5hHkXqNZnC3uWRKq8ndrq0t4nqE92O7VPN5HJkthEBZvFOp3My0S0xDO9Y6x3TvTkauKBwCchI-9BEqHfQNYJIUq7meWdCKagZ00y4jnMgSeRSexfNLlYld38z3etNb3uGHAE3RrguQUs2klKn0SKAd0dxTHinr25FE7pytv62OgEdVWXQGxjdsORyI9XRyDFThH03ETLDmoEgcJtTp-EaVipO2vnapILt8K18NqTQ9M-tqFVWknZ_xzesOWE3so0z0Cdkqau4dt4VGyymAnI9pO_7wQ_2KIOkAbMXPIz_waDciMDyeBNUmHSns4Ec8DKhxOGHZjv0EjuL13MvD1Y1phN-TbMvR9FoQJplrlSRP6UtHZE6ODR4tNanK3_MQTMeqtCEHk-ca6Eim8CGz7DncxwGE4vtVJD9L7rwh8zjEZVwl2XPwK0AvAhWHjDSaKtsRBbaiVrd7_Q5ZpoY8SC5Huy4ZtlOnDQqyvCqLaJnFVh1oIpY7c6ogdiqzQ&cid=CAASEuRoPXfKjF25-xKRYq7juFNFHg&rfl=2%2Chttp%253A%252F%252Fwww2.kusports.com%242%2Chttps%253A%252F%252F67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com%252F%240

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a79ec53bc4d656c86e538b7a6878917f3dd010c37986381c43e92355614dfc61

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://33ecd2ec6bae0c8c308958ffacaf82e2.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 15 Jan 2022 16:42:38 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 30332
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame EDF7 42 B
63 B 41ms
40ms Image
image/gif 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-DsHiQq5frjBBYN2PnSJ7yBEYgpBa1nD7AoBdGNB3Dff_TsFloH1jVbSG1-bAXfeshriYpJ-LwfLPFQl8irtQzLcNBrIqw55YcqKXu4u4lP9vwblqE

Requested by

Host: 33ecd2ec6bae0c8c308958ffacaf82e2.safeframe.googlesyndication.com
URL: https://33ecd2ec6bae0c8c308958ffacaf82e2.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://33ecd2ec6bae0c8c308958ffacaf82e2.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 15 Jan 2022 16:42:38 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220112/r20110914/client/ Frame EDF7 2 KB
1 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220112/r20110914/client/window_focus_fy2019.js

Requested by

Host: 33ecd2ec6bae0c8c308958ffacaf82e2.safeframe.googlesyndication.com
URL: https://33ecd2ec6bae0c8c308958ffacaf82e2.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

144822a1b5316a4e9a06ffbf5802b8c1cbbc0a3f230d81b98f362f7fe4c128c8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://33ecd2ec6bae0c8c308958ffacaf82e2.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 16:40:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 150
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1205
x-xss-protection: 0
server: cafe
etag: 18074202747124231361
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 29 Jan 2022 16:40:08 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame EDF7 121 KB
37 KB 24ms
23ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 33ecd2ec6bae0c8c308958ffacaf82e2.safeframe.googlesyndication.com
URL: https://33ecd2ec6bae0c8c308958ffacaf82e2.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

83a9ab434109bc8045cf6ccdd0365b0e53b6acf155438de7370ce67fd0facc79

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://33ecd2ec6bae0c8c308958ffacaf82e2.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 16:42:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37895
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1641990413359145"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Sat, 15 Jan 2022 16:42:38 GMT

GET
H3 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220112/r20110914/client/ Frame EDF7 15 KB
6 KB 8ms
6ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220112/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: 33ecd2ec6bae0c8c308958ffacaf82e2.safeframe.googlesyndication.com
URL: https://33ecd2ec6bae0c8c308958ffacaf82e2.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

043cafc63f50b2ba976044bc7dfba6ccb1a1878d527f883cb81984c5585cd9da

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://33ecd2ec6bae0c8c308958ffacaf82e2.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 16:41:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 60
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6473
x-xss-protection: 0
server: cafe
etag: 5124071950003790117
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 29 Jan 2022 16:41:38 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame EDF7 0
0 15ms
14ms Image
text/html 2a00:1450:4001:803::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaRumwJlVehiynW49LYnKWkLV9dvldEI8DEw3NerO9Mr8PfsKPVwcV9O7MpwM034mH955WbiLI0yMmdoGgJXvmUWXa9Sgw
Requested by: Host: 33ecd2ec6bae0c8c308958ffacaf82e2.safeframe.googlesyndication.com
URL: https://33ecd2ec6bae0c8c308958ffacaf82e2.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:803::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://33ecd2ec6bae0c8c308958ffacaf82e2.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame FA7E 0
9 B 6ms
6ms Image
text/plain 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?SEotQg
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=???+Buy+Hydroxychloroquine+Over+the+Counter:+??+www.HealsPills.store+??+Uses,+Dosage+???Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 16:42:38 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0

GET
H3 200 u1NYxsmA8ZVAu2sVzPZBh4qj2FMOPiJd8uWeqwBcPdE.js Show response
pagead2.googlesyndication.com/bg/ Frame 6979 35 KB
13 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/u1NYxsmA8ZVAu2sVzPZBh4qj2FMOPiJd8uWeqwBcPdE.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bb5358c6c980f19540bb6b15ccf641878aa3d8530e3e225df2e59eab005c3dd1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 13:59:20 GMT
content-encoding: br
x-content-type-options: nosniff
age: 9798
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13653
x-xss-protection: 0
last-modified: Thu, 06 Jan 2022 13:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sun, 15 Jan 2023 13:59:20 GMT

GET
H3 200 u1NYxsmA8ZVAu2sVzPZBh4qj2FMOPiJd8uWeqwBcPdE.js Show response
pagead2.googlesyndication.com/bg/ Frame FCF7 35 KB
13 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/u1NYxsmA8ZVAu2sVzPZBh4qj2FMOPiJd8uWeqwBcPdE.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bb5358c6c980f19540bb6b15ccf641878aa3d8530e3e225df2e59eab005c3dd1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 13:59:20 GMT
content-encoding: br
x-content-type-options: nosniff
age: 9798
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13653
x-xss-protection: 0
last-modified: Thu, 06 Jan 2022 13:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sun, 15 Jan 2023 13:59:20 GMT

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 5192 13 KB
5 KB 7ms
7ms Document
text/html 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-length: 5046
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 15 Jan 2022 15:58:07 GMT
expires: Sun, 15 Jan 2023 15:58:07 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
content-type: text/html
age: 2671
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame E203 783 B
535 B 17ms
17ms Document
text/html 2a00:1450:4001:803::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

872c1e44a56a9b8ed3508cb194c44c08986a7e02d264cf6034036a24f5035b8d

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-yUQpkULpEPktbDFKxgWWDw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com/

Response headers

cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
expires: Sat, 15 Jan 2022 16:42:38 GMT
date: Sat, 15 Jan 2022 16:42:38 GMT
cache-control: private, max-age=300
content-type: text/html; charset=utf-8
content-security-policy: script-src 'report-sample' 'nonce-yUQpkULpEPktbDFKxgWWDw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 513
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 77DA 0
0 71ms
71ms Image
text/html 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_2022011002&jk=3517838423081183&rc=
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=???+Buy+Hydroxychloroquine+Over+the+Counter:+??+www.HealsPills.store+??+Uses,+Dosage+???Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame BCA9 0
0 42ms
42ms Fetch
image/gif 142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjss-upQm3Smmgh3nFxjEgLr93EKaoLprsg652fnl7HOjSVEdWCNO2dMgTRBdQoNP__rs5TjX12ZmOzV1HboZgDvAyeOxQpTdllvTijOZ9qpzPhiqGsiS80znZQwnXKP7s19ovfVT784k54AG6LZIBtdR9Anu0VnUvIej7inqYq5GjGm70ySP_HUs4WrLb1jRE4-W5l7DJ2ElgPbOIfajvZ-9rxlX7ehFOQOQJYOJJNBrJ-g6SJLNvmv7-YZUU7fX9kiSa5fzr8J33ZEaW7TJRxDTmkt-C7v9ksAWJ8-T3Xw1CjZH2estRbxT9l3nnuSwKm8LXiNynDJC3etpNpW7dXqDM9w-m5i7rsrk&sig=Cg0ArKJSzPh2KMKnh7W8EAE&uach_m=[UACH]&urlfix=1&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 15 Jan 2022 16:42:38 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe
expires: Sat, 15 Jan 2022 16:42:38 GMT

GET
H3 200 u1NYxsmA8ZVAu2sVzPZBh4qj2FMOPiJd8uWeqwBcPdE.js Show response
pagead2.googlesyndication.com/bg/ Frame 1458 35 KB
13 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/u1NYxsmA8ZVAu2sVzPZBh4qj2FMOPiJd8uWeqwBcPdE.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bb5358c6c980f19540bb6b15ccf641878aa3d8530e3e225df2e59eab005c3dd1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 13:59:20 GMT
content-encoding: br
x-content-type-options: nosniff
age: 9798
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13653
x-xss-protection: 0
last-modified: Thu, 06 Jan 2022 13:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sun, 15 Jan 2023 13:59:20 GMT

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 83BC 499 B
334 B 21ms
20ms Document
text/html 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhCn9EsY9P6pXTAB&v=APEucNX0q9VASQsVlFCefCxMeijhdT047SYv5cecdBsRTcwCJnKboHWSMYurLhSCVzrUY4ZaVPdmLr6DMzqGZX_l1-TwWfCURW-uMA7oHl9I_9_eCoD1rQn_zKOJaQl_6ZJKzyFE_4valcuUCqgki-UqZkoJgFlxRrexpDVmcLO9xCXcKDYcgV11_57EJJ9GnKEFoU1gRXlzsoQAi8_-5fy3FZHQNvWKrg

Requested by

Host: d8d1f6c6b5c9aafb9667b3c0a66b013c.safeframe.googlesyndication.com
URL: https://d8d1f6c6b5c9aafb9667b3c0a66b013c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

583eda12fed77c078f7391866e53eedd80aec5b9b178a3537a3c4c3b09575485

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://d8d1f6c6b5c9aafb9667b3c0a66b013c.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Sat, 15 Jan 2022 16:42:38 GMT
server: cafe
cache-control: private
content-length: 313
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 0406 24 KB
14 KB 45ms
45ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-B_0CqS2TcEIkr_MimKtHzYSSY-7We2aLZjZyblwqM9gUIZ-xSmYB1QGUi2T50_OqIsF6bwFNjrIuSAGC4XBua7z7gqgMH1GuKH16D-QeUNjM_ArQmEnM-Bvw-Inkl9Ckugwp2kYSJfJxwIXGEmBisRsCQ2ag&cry=1&dbm_d=AKAmf-BRJqCFtt6bBzCNSL0ulUAMf0veEerUd3_1hGz3fiYOYXNOaookfkDdsHyy21fRDb3IUa1W7ScqQ2om97iiWp3qmqDy_ReJDEXNoPFe3hEdYKsHkGPJLcp1lfM5AUpiWIiG0UY6qjBC4YcZu9Sk9tuZ_hmJXfDM8fJrtvDD93N4MMUAnenfbncfUa61V0C4Es-tBVTNqLCIv8B7YIHl7RIqlA2ZvAk5sgR6y_GghZqB1YqVR9jOA-UJFdj6XVfnr6L7Gti0nt6MWksw_qB5M_iDEEXBAduxzQuqWE5T2e4LKQjWS0bDmAYdLVizHjeZx2KMyxfx75rnWIfy13mH_EaXgZ6C0IlHI9pWNJisxaoDI0v2SKiXFAiRQMhncea7CJ4ZEcZ-2Wayu6wjNOx07TQOCBQlAMNPvCtwjelClO8hUZKNSk6-Fqxlk9r4mQf--feFftnPX_IXCM2qQtJmMB7BmmEttJU5rV-RXdV2rQP96QQpEYbdve7NRXc6f9opQIQgkEmXbzI7-ltcPuxsGn-YtoJOqcMSRRNjtl3nQBmQk7f0O3cGQm5HRv3mStfRLGWxo2I2L3LBRD2ODLNa5izzq5qD-Ixf1ComwHxw4adKs4s6LnxxYuc4UGv9Ep8IIeumh-hsr3c_QMWQaV5vs45D5CCFfP5liplvssO68kYIsgLydP_IPuLEX46x31-rFcy1MdFPwTPVWI-zeFFBCoKsUikUdfa-x5AuLXFJFYZNrpBKyFiRaDt742Q52-Rpqe3l1Qx5LAIhD8QxjF9crGAKp4L_t6HWU7lLTrPGwvuuaxgEn6eLad7mGGqW53eW1Kzxu7TnzbTLmTf9DhmYJgSd4Tsmbw6or0OK32wN88rz22qnMNoUwt86qfkmkK7P_Ow03PcKYVzAePNQwvyr3vSYDqeyFtBnaHqSQd65UpXPD7mg9oujuF5rRIegd_4R2GANhUE-liNtV4EkUEd0fxyig-NCobrcFJEsuv9i1HgLXDg312JgNVHyA8u3MuO6eJXK50JbH6ItYWjMXOWANHkp14TbK2UAvLC1B86b4BRn6Bt5aO38kubTCcsWF6XQq3xW6KWgJMMbADOhouoLfY9fLgZu2wgi06WA1hKi4tb-HYNIZsjQn7oRwdsitlTaNzbKZC-T-wXFHMiRULx1eaJ-B2gbGoru1vm-ga1GKbZ3Z0w8FKPPtqY0JuFCeRBNb3jvDXJzIDoLrUoOm8vYV8qPtgmT_qEOAKtpVEdtOMn7fYjyHYjX7vr_hja-S8c1qBIqL19NJfFU764AnJlfPTjK0tlu4bDG3GFC5Tpm3CmpEyKKkt7WAUKa1z_UdgkGwQmFtPG2PUL89E35LqtjJIiMqXXRN8uQO3DD5RSyP0465EpFntDbsf5XD45wi_RMh7goXPC2Ej-aVm929qkUHIY1hpzjo1tVwMCZyN_S4EN1NRRMq3SVAprReEvA0so9Zdfg3CtO7idJ0ogo9BMKvSBzAPVVbIkiSc69G5hNFjEhTVgxKajrvTNpfRbpDkwSNJU9RquW6vPXQrWpug0xdhP0LXVuVCTU0n7FDauwsWGIAnk1-rfP22R_5k2RoFpM6Xg0lmL3fv12tiwbu5wY9Db073_Nn_5FJK4QkZlW-72fflmMDdWBQqWNMkOZLcv5m6j9IZvuUtQukJPNUt87hojcbF8_k0YGBcAXv8z8Jbp7drF-JKdnfYoE9KsuY_NbhA8lVoMgFgygTuxPelLrfytK58ZxaWErVKj9qyt-gZmir8gCug56ac9xX0I5XKj6C6oNRdAJTwxaKc8djYtf5uTyYJuF3WCM_xIyNxqB-ja_T-phN-Nkp8o9ZTawFEBVAjcr77brcZWlkVelEPTU_XKmrCID9Kg8JvFtYRZTk_UCW2HkuOv_93Pql9Fyd4v3eD2LbsTRqPUxHtDVuxCN0hbE8KxNWWXffYCbby4y3o0i1iOBrCngGU5twVsqWKuKxr_7WbfAKuh0UJ8Sz8QDShcU3cgT3H6AkHvzQrHDvCfmAJT271Hdu80VtLdvfidEUfPtTRIavpz-3rHW_Ofmpui2YmGbN4zLR_Y_SWjvK7AOijAgXdrdn6qgiiSvBJBWEAfDK17J9Wu4d5qUZ9NPIYnEvsdFIR1NM4z3JwwXZ3YzSz1mtLAns0CrVIBgF6EabhdR_Upt0jYAqsegHJfmgPaxt71hpwosGV9HdCLvQo9QwxPEXNK2Icq3kTCe3NwB1EoU4p6Z1vvYRpwGdHX4jikSAcGN0xrdqN4UR0ZxTOBT62ZJFwn39A2BSapmO752zQbLg4nTPnIU69DqD2YmKQN9Nv2V8weewvTEXnZxmhcSHT6TEzY1p9eQdoJ4LBe84AuDWrVDryYMrCDqm-OBQSGX4AZXUNMQUU-cp5yAqQKfS1-HXDtXuZmRXXdJ34KSJuUxaLpGCZjI3DCbjp1tgTr_u-lsruFnWJLXbi7biVy1_EWyyw47CIsDC_7mp2hoTtpU8d9QLdyVd5cYuLtudBQmTZ_yQgCfL9YIu3JoTvGFPbUwkSIUmo0JWNbVs7vF7gGxgPSECv2xOq4RW6SGfQhzl59SrEgbxvTgyC5s837t5g5j2R7sBvMWQIQOhnqyUHZDjgcvr39umDyKzsxVLgSL7iMIUnxKsmdbJctnSYx0rExTcMOjzSbKbh_2CE8xxMDo_g1mzaa4CeGaVT3xUFvX1aOH7Ls_EhLY3QAwcPEwPYbYYpaPCnPsM86fLZDE1-SHXJ0CJXy5bUf9rQejen7zrYBjJkcZn8BRxL7agWCvNplSVEj-7tygVVHCWOQBwGmijOoyJ8zEoy_kwo8o9KdSX8CdDuXTuDM8WVV2HJpm83pDLHORGXL6NLomS6sHmO_65uO97ToD1d9sIhzKQw9r3_4pVXXEBw6ZP4EVz77wXTYs-5doI7rnYthwB9ia7vBH02BLTfR5c_WEHAIhjJhX8Tren7xnsyUQlvZC9h61x6Cup8gM-9ozP-cE5NfrxcljV0W52POMGGhXZfhELz4kQnjcBXuo-5Qu6GGMsDmkxe0KfKFffeFSz2y-Jp8QCFykHREQ8fQyPZnDvVFqAdDOZ_yCU_m_U41TGbnXQOv_IL2ecYpWCMgq_P8zDOFq1I8FiGCc&cid=CAASEuRoxRr7Z00dGkqMck9aq5OcqA&rfl=2%2Chttp%253A%252F%252Fwww2.kusports.com%242%2Chttps%253A%252F%252F67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com%252F%240

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

2016267bbc5e18e811af1ee7b820ee3c4504d822adceaf393edaf6137ff0a4b8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://d8d1f6c6b5c9aafb9667b3c0a66b013c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 15 Jan 2022 16:42:38 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14158
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 0406 42 B
63 B 39ms
39ms Image
image/gif 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-BDRRs6GrAlaBsvfQpEgSiIDT7OoZcuIHfn_ay6G628hI8tO4h7aCp44UObSC3K8r4WE56rR2LFadvG0m22VTEgXLfyfCrq5VOYvSfgWRj7bsqfnjU

Requested by

Host: d8d1f6c6b5c9aafb9667b3c0a66b013c.safeframe.googlesyndication.com
URL: https://d8d1f6c6b5c9aafb9667b3c0a66b013c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://d8d1f6c6b5c9aafb9667b3c0a66b013c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 15 Jan 2022 16:42:38 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220112/r20110914/client/ Frame 0406 2 KB
1 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220112/r20110914/client/window_focus_fy2019.js

Requested by

Host: d8d1f6c6b5c9aafb9667b3c0a66b013c.safeframe.googlesyndication.com
URL: https://d8d1f6c6b5c9aafb9667b3c0a66b013c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

144822a1b5316a4e9a06ffbf5802b8c1cbbc0a3f230d81b98f362f7fe4c128c8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://d8d1f6c6b5c9aafb9667b3c0a66b013c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 16:40:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 150
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1205
x-xss-protection: 0
server: cafe
etag: 18074202747124231361
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 29 Jan 2022 16:40:08 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 0406 121 KB
37 KB 40ms
39ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: d8d1f6c6b5c9aafb9667b3c0a66b013c.safeframe.googlesyndication.com
URL: https://d8d1f6c6b5c9aafb9667b3c0a66b013c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

83a9ab434109bc8045cf6ccdd0365b0e53b6acf155438de7370ce67fd0facc79

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://d8d1f6c6b5c9aafb9667b3c0a66b013c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 16:42:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37895
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1641990413359145"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Sat, 15 Jan 2022 16:42:38 GMT

GET
H3 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220112/r20110914/client/ Frame 0406 15 KB
6 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220112/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: d8d1f6c6b5c9aafb9667b3c0a66b013c.safeframe.googlesyndication.com
URL: https://d8d1f6c6b5c9aafb9667b3c0a66b013c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

043cafc63f50b2ba976044bc7dfba6ccb1a1878d527f883cb81984c5585cd9da

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://d8d1f6c6b5c9aafb9667b3c0a66b013c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 16:41:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 60
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6473
x-xss-protection: 0
server: cafe
etag: 5124071950003790117
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 29 Jan 2022 16:41:38 GMT

GET
H3 200 u1NYxsmA8ZVAu2sVzPZBh4qj2FMOPiJd8uWeqwBcPdE.js Show response
pagead2.googlesyndication.com/bg/ Frame B1E5 35 KB
13 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/u1NYxsmA8ZVAu2sVzPZBh4qj2FMOPiJd8uWeqwBcPdE.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bb5358c6c980f19540bb6b15ccf641878aa3d8530e3e225df2e59eab005c3dd1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 13:59:20 GMT
content-encoding: br
x-content-type-options: nosniff
age: 9798
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13653
x-xss-protection: 0
last-modified: Thu, 06 Jan 2022 13:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sun, 15 Jan 2023 13:59:20 GMT

GET
H2 200 express_html_inpage_rendering_lib_200_275.js Show response
s0.2mdn.net/879366/ Frame EDF7 106 KB
38 KB 58ms
6ms Script
text/javascript 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_275.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a23e44d9d02a2a9641a9bd3b47693656054c00b71890aed2fa7fc90151750f73

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://33ecd2ec6bae0c8c308958ffacaf82e2.safeframe.googlesyndication.com/
Origin: https://33ecd2ec6bae0c8c308958ffacaf82e2.safeframe.googlesyndication.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Fri, 14 Jan 2022 20:53:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 71368
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37892
x-xss-protection: 0
last-modified: Mon, 27 Sep 2021 18:44:52 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 15 Jan 2022 20:53:10 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20220112/r20110914/elements/html/ Frame EDF7 8 KB
3 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20220112/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-BrlhF0WO_3XV-RzIBPCFs15RY_l7oqNRn1HKRDISD_b0PDBRGDrHispNQQYAL4Eu2gTV9qxKMns3aujCZ_J8WwspvYHm43d2iMKGRdqlLAoPvNwlBqRK_TNC64jlw7kW0euSA3RnNUj1Gc11nm_xjKjfkwmg&dbm_d=AKAmf-B03X6ZR9urZUMmEOveSEGJJRHWpo30hhouJmHWBjDKuWNNW74lnhLV4Lz0JAVS3-WTpwgdbPrOLIB1ZsiOD6jylahZNxcDWZqd0-Y_YVL0VLLmPac37-bSjpf132T2qHqqLQokcrFmsiI2PBRepNGkLQm5ZQC7JooK9EMHzzjXBtd6CfQfnFA1DuDto0eGbA34rWFss65MYtuPycI3lUk6Kx7w288Z-2anNkq8d4hQ3HrJMVWCAziUc2qqhP2GpFp-i0pzDO9KuP8ljEVIVQVHDDlASYpDfa_klaCPsay5nwq4fC-b2yIw4K_plMTap9_68y3ldEF404WK09hKvxvLHu4HLG2NMqstOdpUVqzzsvYa3ZsBe4WrN3KGvuPPgFna9rKK1PVNcIP0f_4X2JWeEY5dMDp9VwnECQHIQ-q4Cj0_iagfHnI40zUP0kROsEH2lEvFncjaUBK830SZScYhy04YpEieupId0EPKOyviH1U7of6NfpY_nt--wR7B7buujUQl7zee2b5sn1_1T_Izofy3_qOerdun0Up1mVx4ZdJliqnXCucme-2lj8u6QzyG6065SMTTda8lfqjLUZ9ub7b8TncwC1ZU6ZUnXQz_vtyi-RhG0eg4ZPck70KDWY_5rt7K03Clrx904IaN5QbO-usszolnJlMB62jdnbBPxbtrz7I_SpyKH-Nppn7L5R1HEFyxvNKkYlhTmcRjLCpb1qlTjVxr7mOgKB96VIzFleGHoX_gAfQVLKUk8Vcxg72mKAYwQn6BgVZPnwzbnr4PtBKcjfOW7OaYoMPQRnxpFDFGd4nNhYQBtzXn9ihD5vVM1Eap2OHaOEphEFgAy3LpnBwgTRIjD5iDEF0hU_YzADCoQdDHJ5xoeXL14YOraHR9_yHQeWGmq642nJqzLoWJ4QD4s_Fgsh-0RJ876iBTHldK9Q7tdFJ3MH2RX9VLwckbrmj2flOxeI_yWPrl2I-sTpMXWxmxNxbncwEWoUTPYefg2hz2t4wSettA5a2luKz7eiGm-XYlf0bOKlV27gSJsmSsncYrzzsgsMMA9lAdCQDz5LJm9JxX3I-oOAjUAyTBa8g8LnVQb-Q8QUfw7yA_-GUCGtGXJYfrxtHUvnBFrJ4Or6dq6VsLuK-oGVD0DWGWEDUyqk9wxHS5S-LMTVi94aYqKjUPJkIAtKBRHM71cXyeqjBXIevIZ0yV4uBK99HLAqhrYwjD6XzBFQ5j0XoyPCi8-H4jgn1CwpJihyHPtv3y7AWa4LWFwqoJYsYD2h_7GHNwllIY-lcjH0omhEIp0S5bm11Sy29boTuHvS_zdXUmk4Y9lkWm8oHw2b_9u_GqRqRseydsMgu71dUPnZfi17mypcccdYvAmKYICEJNRB1labWLMwKrndjZ-vLkgW8WDXRIJBiywv17NlIA9jIk7djNwQH9pw4c9BitrbutEsSrKsTzSdcwxLHoJnSiOkvQMqE59446bJEkSS31tNBOtC88qMfYNa-ZQhmdiV1-BAPkXvTw66Klro6dnf55J48jmrJo-YIkA1cZQmBbfWUAtqAnV2g8FbqIeUKyvvIM37OxtEgnmA6TRr-O82PpGOZkF5eMc-iAMi1ObwZVm6WxJAqx6mi0lQ2zZkzlt8VWuN0uY2mEQ88_oHF75LkKJFPMKdrP1Z4uDmnWevj7cWXg34uiFq2sKNmR2ivV67Esys-Tv0UZS5KfyFjCz509lzn4yRYoSK-Mq1LQhgOtCimoUXu89zfYgBdwH1ZQqFLwztvmC1WaR-k37v2D1u2bUjzkZKhEGPSsR2YOpculLFhC0-SdvZh9j4O-B3lIKrDe9FFe28qWT5Y9jo9owdXGvfDVCLUlSG6oOKwUzpcd73TyFu7gSkE0d3v4rAIykIVwMIRTpHgIpZgb_ppv-zC2smHcmLRoxamXQ0s1rAateKr1G1WrqzpvcjvQ6bGAF4cDoCxKc-UKO_VwrMtwMzUvJXjl-H2Ck3d_YkKu3HM1FHnApNmwVeY6lxlnm1Rh2ZqWIYIt5KXcwopFRzKwpoR1VDLAJfxIfPZEBMSSpxAfu8Am2S4yH52QmntcyBDVQQ4FWRmeHfrkIw-WJ6UaabW73oN-m7BipIy4uIveWJhInunCXpj4NSbQhGZQAQky2VnurUjshsEmYK3APtfliuqGSOT37sBdWZGLX8U43HMMpvwh4gpzMFEx1fxQMW2YfDBrjJSWXTLItCfeeeBr-wS9CJhXBukwIu68bkgD_tv9GuUDv4LAM_7gXAamZ5iXPwQFnp1ttWskEWMS3U1gP-BLhsR9pzwLXPJ3bRKoejYNnzWzmMXiADg82P5hHkXqNZnC3uWRKq8ndrq0t4nqE92O7VPN5HJkthEBZvFOp3My0S0xDO9Y6x3TvTkauKBwCchI-9BEqHfQNYJIUq7meWdCKagZ00y4jnMgSeRSexfNLlYld38z3etNb3uGHAE3RrguQUs2klKn0SKAd0dxTHinr25FE7pytv62OgEdVWXQGxjdsORyI9XRyDFThH03ETLDmoEgcJtTp-EaVipO2vnapILt8K18NqTQ9M-tqFVWknZ_xzesOWE3so0z0Cdkqau4dt4VGyymAnI9pO_7wQ_2KIOkAbMXPIz_waDciMDyeBNUmHSns4Ec8DKhxOGHZjv0EjuL13MvD1Y1phN-TbMvR9FoQJplrlSRP6UtHZE6ODR4tNanK3_MQTMeqtCEHk-ca6Eim8CGz7DncxwGE4vtVJD9L7rwh8zjEZVwl2XPwK0AvAhWHjDSaKtsRBbaiVrd7_Q5ZpoY8SC5Huy4ZtlOnDQqyvCqLaJnFVh1oIpY7c6ogdiqzQ&cid=CAASEuRoPXfKjF25-xKRYq7juFNFHg&rfl=2%2Chttp%253A%252F%252Fwww2.kusports.com%242%2Chttps%253A%252F%252F67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com%252F%240

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

28f18d39406a4b70dfa6cd479fe03f7ed918ca5c05cee26b87d9e1626cea1ed9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://33ecd2ec6bae0c8c308958ffacaf82e2.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 16:37:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 329
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3159
x-xss-protection: 0
server: cafe
etag: 1394524276809619753
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 29 Jan 2022 16:37:09 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20220112/r20110914/ Frame EDF7 24 KB
9 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20220112/r20110914/abg_lite.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b7c55617f84818daf4c70cc10ada26ddd5b582b1d1c2c2829b3220487a6db477

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://33ecd2ec6bae0c8c308958ffacaf82e2.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 16:41:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 50
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9544
x-xss-protection: 0
server: cafe
etag: 6261108306223674270
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 29 Jan 2022 16:41:48 GMT

GET
H3

200

sd
us-u.openx.net/w/1.0/ Frame 80D1
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_dbm
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEE-8OyXzAQCPIyNfsjZgDGY&google_cver=1

43 B
61 B

18ms
18ms

Image
image/gif

35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEE-8OyXzAQCPIyNfsjZgDGY&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPDkLxDD7WMY9P2hvQEwAQ&v=APEucNWnK_gwsbdbTYRgWPscq6Pkzpkr7gUJgC909eWtHPDpq0MBfqOFCfW9XZYrXkNrt6QjULl9H9a0ghTzbBcfw8KQWY3iWNSt_D21VRkSU-5ExXJw2K96MHQUyF5ifArr_x4a15GEWh1oxOMU-zUYTY6JRUn-Sc3K4rur08SWz0C3LbQqvPZPZW2r_psQiVwnFPWu4rXipf0f1MDrDLBXxj1A_zfh1w
Protocol: H3
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/17.0.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 15 Jan 2022 16:42:38 GMT
via: 1.1 google
server: OXGW/17.0.0
vary: Accept
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma: no-cache
date: Sat, 15 Jan 2022 16:42:38 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEE-8OyXzAQCPIyNfsjZgDGY&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 295
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 cm
us-u.openx.net/w/1.0/ Frame 80D1 43 B
207 B 24ms
17ms Image
image/gif 35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/cm?id=9ca165a9-d9fe-2ff6-d83d-d145a80b0d37&r=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dopenx%26google_hm%3D%7Bopenx_uuid_base64%7D
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPDkLxDD7WMY9P2hvQEwAQ&v=APEucNWnK_gwsbdbTYRgWPscq6Pkzpkr7gUJgC909eWtHPDpq0MBfqOFCfW9XZYrXkNrt6QjULl9H9a0ghTzbBcfw8KQWY3iWNSt_D21VRkSU-5ExXJw2K96MHQUyF5ifArr_x4a15GEWh1oxOMU-zUYTY6JRUn-Sc3K4rur08SWz0C3LbQqvPZPZW2r_psQiVwnFPWu4rXipf0f1MDrDLBXxj1A_zfh1w
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/17.0.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 15 Jan 2022 16:42:38 GMT
content-encoding: gzip
server: OXGW/17.0.0
vary: Accept, Accept-Encoding
p3p: CP="CUR ADM OUR NOR STA NID"
via: 1.1 google
cache-control: private, max-age=0, no-cache
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 56
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2

200

um
sync.teads.tv/ Frame 80D1
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_cm&google_dbm
https://sync.teads.tv/um?eid=3&uid=CAESEMChXitWymKko4qJHPqGEp0&google_cver=1

23 B
172 B

119ms
48ms

Image
image/gif

104.111.242.245
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.teads.tv/um?eid=3&uid=CAESEMChXitWymKko4qJHPqGEp0&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPDkLxDD7WMY9P2hvQEwAQ&v=APEucNWnK_gwsbdbTYRgWPscq6Pkzpkr7gUJgC909eWtHPDpq0MBfqOFCfW9XZYrXkNrt6QjULl9H9a0ghTzbBcfw8KQWY3iWNSt_D21VRkSU-5ExXJw2K96MHQUyF5ifArr_x4a15GEWh1oxOMU-zUYTY6JRUn-Sc3K4rur08SWz0C3LbQqvPZPZW2r_psQiVwnFPWu4rXipf0f1MDrDLBXxj1A_zfh1w
Protocol: H2
Server: 104.111.242.245 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-111-242-245.deploy.static.akamaitechnologies.com
Software: akka-http/10.2.7 /
Resource Hash: 328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 15 Jan 2022 16:42:39 GMT
cache-control: max-age=0, no-cache, no-store
expires: Sat, 15 Jan 2022 16:42:39 GMT
server: akka-http/10.2.7
content-length: 23
content-type: image/gif

Redirect headers

pragma: no-cache
date: Sat, 15 Jan 2022 16:42:38 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://sync.teads.tv/um?eid=3&uid=CAESEMChXitWymKko4qJHPqGEp0&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 281
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 um
sync.teads.tv/ Frame 80D1 23 B
172 B 174ms
49ms Image
image/gif 104.111.242.245
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.teads.tv/um?eid=3&uid=&fb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dteadstv_dbm%26google_hm%3D%5BVID_B64%5D
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPDkLxDD7WMY9P2hvQEwAQ&v=APEucNWnK_gwsbdbTYRgWPscq6Pkzpkr7gUJgC909eWtHPDpq0MBfqOFCfW9XZYrXkNrt6QjULl9H9a0ghTzbBcfw8KQWY3iWNSt_D21VRkSU-5ExXJw2K96MHQUyF5ifArr_x4a15GEWh1oxOMU-zUYTY6JRUn-Sc3K4rur08SWz0C3LbQqvPZPZW2r_psQiVwnFPWu4rXipf0f1MDrDLBXxj1A_zfh1w
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.111.242.245 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-111-242-245.deploy.static.akamaitechnologies.com
Software: akka-http/10.2.7 /
Resource Hash: 328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 15 Jan 2022 16:42:39 GMT
cache-control: max-age=0, no-cache, no-store
expires: Sat, 15 Jan 2022 16:42:39 GMT
server: akka-http/10.2.7
content-length: 23
content-type: image/gif

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 15A2 0
20 B 44ms
43ms Image
image/gif 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=225&t=2&li=gpt_2022011002&jk=3583619120050620&bg=!PD-lP3vNAAaocxMpqHM7ACkAdvg8WiSrXT7WIbB2SpcKTkEjvd3rPWt2Fy3Zr7dtDlOthOeJ_vOgzAIAAAEtUgAAAAJoAQcKABHxjzy1GPp095iR3hdAKgrTwJkDHrskKeb2npxjAQHnPJwDtKykkxdSUlpXMuHE-pj2OC43NKiEz93Noc1e-xO_faodCCP4-xrP_0p4YGaaSfkMhA0yv9GhvDzyGN2Myzr9B5o4qwHvzYP0qiDG7jtHfjYgHaEJTonQSAFMPqJGllq8lb40EUl7QmNX15D-Ip_jrT2mRpYO9sm3MkK1y1mz-QoMpxgSqTKMvnWyABTaKLV8R4lvbsvFxK10sET8-O0RsX3kW2Y1iKNzse4b6en2fi1Mh7351WUm7erEH4OvoulP1m7rJXIY8qWLD9RsX6M8G0bvXJAawfcYzfH0Vu5ED24X3dX9PugaOUCVVG9TlxHPuJM1WY9P7Dl78eZbiwUzR94iXvEtai4hRXZvUFIwM23Do5h1VF-LVGK2FoDpHYtW3cOAQRvjYidDzBbAHIjNRPVWFw6HCDX_pM7H7--TcwLOJ1WWpG55ZYZ7q8cnLfJFbSamflAnoeM_QphcwclRDzYpvlt5klNaEbHZnPNte-8NJ0vkR89HQmNuxqCOiatQRjqmIgz02wddX_qTQmOEviQ-6MlXX9PP5DjodcD9tm8rRiNczlZyNdh3Ioo8ru2NJxiHkqmiAF5QqgTu4It6euEhoF5O27c6c81cDMBUAZZHTzhaZLgLs1uThQjbT_6wWjNZL6iUEJwm14iI0Y0uBT5iRnCCvB8_wJkc1YWu7G4_TMhxQn8VJLSzVu1nbKiH7cEiJgPyZ75V8yv7-_zH-IyHfaQXu4U3jQpdDvNJ2kMUnwcHw2rWFPfwJ6pVk7rstsFboJp1pmkBt1M4g-Ky2LtMcpQpyb-_qOJOYqSru5pD54qFK35Cxhi1bAMGpVa6UhQ7NXaeUvRpyAbWrex9mXT7oByoD6eyk7W7rcvpXkAX3gVaMJAl3Bgj2Jp9-4k-9h1J4XtMTu_Irb5HEPnycfUVAfgtFic_uF3OZXJ8Iu3P7J1vgRNLJKokZLBuUBBncndlB1UFVpT9GESWaso14oXuPEWk5NmS5rDy_5--RUgWrWbThUZEP_y884nH4-w2jQ3depR2F4xBFJfP3j7tYQ

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 15 Jan 2022 16:42:38 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame E203 0
0 48ms
48ms Image
text/html 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_2022011002&jk=3265979252748335&rc=
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=???+Buy+Hydroxychloroquine+Over+the+Counter:+??+www.HealsPills.store+??+Uses,+Dosage+???Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20220112/r20110914/ Frame 0406 24 KB
9 KB 8ms
6ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20220112/r20110914/abg_lite.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-B_0CqS2TcEIkr_MimKtHzYSSY-7We2aLZjZyblwqM9gUIZ-xSmYB1QGUi2T50_OqIsF6bwFNjrIuSAGC4XBua7z7gqgMH1GuKH16D-QeUNjM_ArQmEnM-Bvw-Inkl9Ckugwp2kYSJfJxwIXGEmBisRsCQ2ag&cry=1&dbm_d=AKAmf-BRJqCFtt6bBzCNSL0ulUAMf0veEerUd3_1hGz3fiYOYXNOaookfkDdsHyy21fRDb3IUa1W7ScqQ2om97iiWp3qmqDy_ReJDEXNoPFe3hEdYKsHkGPJLcp1lfM5AUpiWIiG0UY6qjBC4YcZu9Sk9tuZ_hmJXfDM8fJrtvDD93N4MMUAnenfbncfUa61V0C4Es-tBVTNqLCIv8B7YIHl7RIqlA2ZvAk5sgR6y_GghZqB1YqVR9jOA-UJFdj6XVfnr6L7Gti0nt6MWksw_qB5M_iDEEXBAduxzQuqWE5T2e4LKQjWS0bDmAYdLVizHjeZx2KMyxfx75rnWIfy13mH_EaXgZ6C0IlHI9pWNJisxaoDI0v2SKiXFAiRQMhncea7CJ4ZEcZ-2Wayu6wjNOx07TQOCBQlAMNPvCtwjelClO8hUZKNSk6-Fqxlk9r4mQf--feFftnPX_IXCM2qQtJmMB7BmmEttJU5rV-RXdV2rQP96QQpEYbdve7NRXc6f9opQIQgkEmXbzI7-ltcPuxsGn-YtoJOqcMSRRNjtl3nQBmQk7f0O3cGQm5HRv3mStfRLGWxo2I2L3LBRD2ODLNa5izzq5qD-Ixf1ComwHxw4adKs4s6LnxxYuc4UGv9Ep8IIeumh-hsr3c_QMWQaV5vs45D5CCFfP5liplvssO68kYIsgLydP_IPuLEX46x31-rFcy1MdFPwTPVWI-zeFFBCoKsUikUdfa-x5AuLXFJFYZNrpBKyFiRaDt742Q52-Rpqe3l1Qx5LAIhD8QxjF9crGAKp4L_t6HWU7lLTrPGwvuuaxgEn6eLad7mGGqW53eW1Kzxu7TnzbTLmTf9DhmYJgSd4Tsmbw6or0OK32wN88rz22qnMNoUwt86qfkmkK7P_Ow03PcKYVzAePNQwvyr3vSYDqeyFtBnaHqSQd65UpXPD7mg9oujuF5rRIegd_4R2GANhUE-liNtV4EkUEd0fxyig-NCobrcFJEsuv9i1HgLXDg312JgNVHyA8u3MuO6eJXK50JbH6ItYWjMXOWANHkp14TbK2UAvLC1B86b4BRn6Bt5aO38kubTCcsWF6XQq3xW6KWgJMMbADOhouoLfY9fLgZu2wgi06WA1hKi4tb-HYNIZsjQn7oRwdsitlTaNzbKZC-T-wXFHMiRULx1eaJ-B2gbGoru1vm-ga1GKbZ3Z0w8FKPPtqY0JuFCeRBNb3jvDXJzIDoLrUoOm8vYV8qPtgmT_qEOAKtpVEdtOMn7fYjyHYjX7vr_hja-S8c1qBIqL19NJfFU764AnJlfPTjK0tlu4bDG3GFC5Tpm3CmpEyKKkt7WAUKa1z_UdgkGwQmFtPG2PUL89E35LqtjJIiMqXXRN8uQO3DD5RSyP0465EpFntDbsf5XD45wi_RMh7goXPC2Ej-aVm929qkUHIY1hpzjo1tVwMCZyN_S4EN1NRRMq3SVAprReEvA0so9Zdfg3CtO7idJ0ogo9BMKvSBzAPVVbIkiSc69G5hNFjEhTVgxKajrvTNpfRbpDkwSNJU9RquW6vPXQrWpug0xdhP0LXVuVCTU0n7FDauwsWGIAnk1-rfP22R_5k2RoFpM6Xg0lmL3fv12tiwbu5wY9Db073_Nn_5FJK4QkZlW-72fflmMDdWBQqWNMkOZLcv5m6j9IZvuUtQukJPNUt87hojcbF8_k0YGBcAXv8z8Jbp7drF-JKdnfYoE9KsuY_NbhA8lVoMgFgygTuxPelLrfytK58ZxaWErVKj9qyt-gZmir8gCug56ac9xX0I5XKj6C6oNRdAJTwxaKc8djYtf5uTyYJuF3WCM_xIyNxqB-ja_T-phN-Nkp8o9ZTawFEBVAjcr77brcZWlkVelEPTU_XKmrCID9Kg8JvFtYRZTk_UCW2HkuOv_93Pql9Fyd4v3eD2LbsTRqPUxHtDVuxCN0hbE8KxNWWXffYCbby4y3o0i1iOBrCngGU5twVsqWKuKxr_7WbfAKuh0UJ8Sz8QDShcU3cgT3H6AkHvzQrHDvCfmAJT271Hdu80VtLdvfidEUfPtTRIavpz-3rHW_Ofmpui2YmGbN4zLR_Y_SWjvK7AOijAgXdrdn6qgiiSvBJBWEAfDK17J9Wu4d5qUZ9NPIYnEvsdFIR1NM4z3JwwXZ3YzSz1mtLAns0CrVIBgF6EabhdR_Upt0jYAqsegHJfmgPaxt71hpwosGV9HdCLvQo9QwxPEXNK2Icq3kTCe3NwB1EoU4p6Z1vvYRpwGdHX4jikSAcGN0xrdqN4UR0ZxTOBT62ZJFwn39A2BSapmO752zQbLg4nTPnIU69DqD2YmKQN9Nv2V8weewvTEXnZxmhcSHT6TEzY1p9eQdoJ4LBe84AuDWrVDryYMrCDqm-OBQSGX4AZXUNMQUU-cp5yAqQKfS1-HXDtXuZmRXXdJ34KSJuUxaLpGCZjI3DCbjp1tgTr_u-lsruFnWJLXbi7biVy1_EWyyw47CIsDC_7mp2hoTtpU8d9QLdyVd5cYuLtudBQmTZ_yQgCfL9YIu3JoTvGFPbUwkSIUmo0JWNbVs7vF7gGxgPSECv2xOq4RW6SGfQhzl59SrEgbxvTgyC5s837t5g5j2R7sBvMWQIQOhnqyUHZDjgcvr39umDyKzsxVLgSL7iMIUnxKsmdbJctnSYx0rExTcMOjzSbKbh_2CE8xxMDo_g1mzaa4CeGaVT3xUFvX1aOH7Ls_EhLY3QAwcPEwPYbYYpaPCnPsM86fLZDE1-SHXJ0CJXy5bUf9rQejen7zrYBjJkcZn8BRxL7agWCvNplSVEj-7tygVVHCWOQBwGmijOoyJ8zEoy_kwo8o9KdSX8CdDuXTuDM8WVV2HJpm83pDLHORGXL6NLomS6sHmO_65uO97ToD1d9sIhzKQw9r3_4pVXXEBw6ZP4EVz77wXTYs-5doI7rnYthwB9ia7vBH02BLTfR5c_WEHAIhjJhX8Tren7xnsyUQlvZC9h61x6Cup8gM-9ozP-cE5NfrxcljV0W52POMGGhXZfhELz4kQnjcBXuo-5Qu6GGMsDmkxe0KfKFffeFSz2y-Jp8QCFykHREQ8fQyPZnDvVFqAdDOZ_yCU_m_U41TGbnXQOv_IL2ecYpWCMgq_P8zDOFq1I8FiGCc&cid=CAASEuRoxRr7Z00dGkqMck9aq5OcqA&rfl=2%2Chttp%253A%252F%252Fwww2.kusports.com%242%2Chttps%253A%252F%252F67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com%252F%240

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b7c55617f84818daf4c70cc10ada26ddd5b582b1d1c2c2829b3220487a6db477

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://d8d1f6c6b5c9aafb9667b3c0a66b013c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 16:41:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 51
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9544
x-xss-protection: 0
server: cafe
etag: 6261108306223674270
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 29 Jan 2022 16:41:48 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 0406 41 KB
15 KB 11ms
10ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://d8d1f6c6b5c9aafb9667b3c0a66b013c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 13 Jan 2022 08:14:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 203317
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 13 Jan 2023 08:14:02 GMT

GET
H/1.1

200

partner
sync.search.spotxchange.com/ Frame 83BC
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=spotxchange_dbm&google_cm&google_dbm
https://sync.search.spotxchange.com/partner?adv_id=7025&uid=CAESEJp0Rbl-kFBn4dg8J7aizzI&google_cver=1
https://sync.search.spotxchange.com/partner?adv_id=7025&uid=CAESEJp0Rbl-kFBn4dg8J7aizzI&google_cver=1&__user_check__=1&sync_id=26af5590-7622-11ec-aba2-1e5bf6c20106

43 B
549 B

19ms
19ms

Image
image/gif

185.94.180.126
SPOTX-AMS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.search.spotxchange.com/partner?adv_id=7025&uid=CAESEJp0Rbl-kFBn4dg8J7aizzI&google_cver=1&__user_check__=1&sync_id=26af5590-7622-11ec-aba2-1e5bf6c20106
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhCn9EsY9P6pXTAB&v=APEucNX0q9VASQsVlFCefCxMeijhdT047SYv5cecdBsRTcwCJnKboHWSMYurLhSCVzrUY4ZaVPdmLr6DMzqGZX_l1-TwWfCURW-uMA7oHl9I_9_eCoD1rQn_zKOJaQl_6ZJKzyFE_4valcuUCqgki-UqZkoJgFlxRrexpDVmcLO9xCXcKDYcgV11_57EJJ9GnKEFoU1gRXlzsoQAi8_-5fy3FZHQNvWKrg
Protocol: HTTP/1.1
Server: 185.94.180.126 Amsterdam, Netherlands, ASN35220 (SPOTX-AMS, US),
Reverse DNS
Software: nginx /
Resource Hash: e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Sat, 15 Jan 2022 16:42:39 GMT
Server: nginx
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: image/gif
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
Access-Control-Allow-Credentials: false
X-fe: 110
Connection: keep-alive
Content-Length: 43

Redirect headers

Date: Sat, 15 Jan 2022 16:42:39 GMT
Server: nginx
Location: /partner?adv_id=7025&uid=CAESEJp0Rbl-kFBn4dg8J7aizzI&google_cver=1&__user_check__=1&sync_id=26af5590-7622-11ec-aba2-1e5bf6c20106
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: text/plain
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
Access-Control-Allow-Credentials: false
X-fe: 68
Connection: keep-alive
Content-Length: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 83BC
Redirect Chain

https://sync.search.spotxchange.com/partner?adv_id=7025&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dspotxchange_dbm%26google_hm%3D%24SPOTX_BASE64_USER_ID
https://sync.search.spotxchange.com/partner?adv_id=7025&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dspotxchange_dbm%26google_hm%3D%24SPOTX_BASE64_USER_ID&__user_check__=1&sync_i...
https://cm.g.doubleclick.net/pixel?google_nid=spotxchange_dbm&google_hm=MjZhZjU1M2QtNzYyMi0xMWVjLWFiYTItMWU1YmY2YzIwMTA2

170 B
188 B

33ms
32ms

Image
image/png

142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=spotxchange_dbm&google_hm=MjZhZjU1M2QtNzYyMi0xMWVjLWFiYTItMWU1YmY2YzIwMTA2

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhCn9EsY9P6pXTAB&v=APEucNX0q9VASQsVlFCefCxMeijhdT047SYv5cecdBsRTcwCJnKboHWSMYurLhSCVzrUY4ZaVPdmLr6DMzqGZX_l1-TwWfCURW-uMA7oHl9I_9_eCoD1rQn_zKOJaQl_6ZJKzyFE_4valcuUCqgki-UqZkoJgFlxRrexpDVmcLO9xCXcKDYcgV11_57EJJ9GnKEFoU1gRXlzsoQAi8_-5fy3FZHQNvWKrg

Protocol

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 15 Jan 2022 16:42:39 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Sat, 15 Jan 2022 16:42:39 GMT
Server: nginx
Location: https://cm.g.doubleclick.net/pixel?google_nid=spotxchange_dbm&google_hm=MjZhZjU1M2QtNzYyMi0xMWVjLWFiYTItMWU1YmY2YzIwMTA2
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: text/plain
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
Access-Control-Allow-Credentials: false
X-fe: 26
Connection: keep-alive
Content-Length: 0

GET
H2 204 v1
ads.yahoo.com/cms/ Frame 83BC 0
447 B 103ms
32ms Image
text/plain 2a00:1288:80:800::7001
YAHOO-DEB

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ads.yahoo.com/cms/v1?esig=1~b04e41039133c73fafd60e0ed8cb49a70ecfb061&nwid=10000483131&sigv=1

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1288:80:800::7001 , United Kingdom, ASN203220 (YAHOO-DEB, GB),

Reverse DNS

Software

ATS /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 16:42:39 GMT
cache-control: no-store
x-content-type-options: nosniff
server: ATS
strict-transport-security: max-age=15552000
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-xss-protection: 1; mode=block

GET
H3

200

activityi;dc_pre=CM-Oj9yZtPUCFYemGwodXxsK9A;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=3813178367164.5938 Show response
8019191.fls.doubleclick.net/ Frame E1CB
Redirect Chain

https://8019191.fls.doubleclick.net/activityi;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=3813178367164.5938?
https://8019191.fls.doubleclick.net/activityi;dc_pre=CM-Oj9yZtPUCFYemGwodXxsK9A;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=3813178367164.5938?

392 B
348 B

39ms
25ms

Document
text/html

142.250.186.38
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://8019191.fls.doubleclick.net/activityi;dc_pre=CM-Oj9yZtPUCFYemGwodXxsK9A;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=3813178367164.5938?

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.38 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f6.1e100.net

Software

cafe /

Resource Hash

480363165c357839ed265e8dab7837125e1c7e396a014cba15b5488c264ef0c1

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://25dcde5c459e907cdba546ad0f24cb2c.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Sat, 15 Jan 2022 16:42:39 GMT
expires: Sat, 15 Jan 2022 16:42:39 GMT
cache-control: private, max-age=0
strict-transport-security: max-age=21600
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 325
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

Redirect headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Sat, 15 Jan 2022 16:42:39 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
follow-only-when-prerender-shown: 1
strict-transport-security: max-age=21600
location: https://8019191.fls.doubleclick.net/activityi;dc_pre=CM-Oj9yZtPUCFYemGwodXxsK9A;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=3813178367164.5938?
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
server: cafe
content-length: 0
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H/1.1 200
OK request_content.php Show response
hal90006.redintelligence.net/ Frame 9557 7 KB
3 KB 33ms
11ms Document
text/html 138.201.63.164
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal90006.redintelligence.net/request_content.php?s=12622400155036900710612011840006&a=35602aa5
Requested by: Host: hal90006.redintelligence.net
URL: https://hal90006.redintelligence.net/request.php?zone=4727t6qteyti&nw=20&renderingType=javascript&namespace=564d890d5a&subid=&uid=6c45d125ad12aa03&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DC3zjGfvniYeeWEoiP9u8PwvuXyAi1zfmDV_zYuavlDPAuEAEgiIC_FGCV6vuBlAfIAQmpAjTwtOc1J7M-qAMBqgT6AU_Qj_89smv0J7N2OZGKrqiyt9sK_9gnoEo5n-Qr9R4PieVduJsuQDNN77VEDAbKwz22UabW1bypBKQhQOpc5kaXBo4XFIvbkrtVAJYsAzdAwODIaJrylUl0Og7rxklKMtypuxwOxBGj_MUP2KY1ndSMf2iC7v5obDrHJobf_qrwiOpKDGaw6hG8Tu4_otktcT3RqVe6EuI1fPcWLtw3mgnVh4q3hLrN17O3cSo3vmXnRvbJx2X8DetPYVfS74I6wltheiW9OGxlpXgg0l5Eg3IzktBA3ouqvNI9gVn8f1-Su60D_M8lSNET5V5TWqjwN7p1drAE84cQPLTABKqd_L7PAeAEA5AGAaAGTYAH6-foXqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB9XJG6gHpr4bqAfz0RuoB5bYG6gHqpuxAqgH35-xAtgHANIICQiA4YAQEAEYHYAKA5gLAcgLAYAMAbAT3JnrDdATANgTA9gUAdAVAYAXAQ%26ae%3D1%26num%3D1%26cid%3DCAASEuRo4fpBlHM-kwKl-AYOM9_ubg%26sig%3DAOD64_2jTtixKpOXgzvDlOZlRkMD3LQaWA%26client%3Dca-pub-6163857992956964%26dbm_c%3DAKAmf-D1rHP1GoDNaOZvi_55aI1I3PjJcr79Eb-J9hN8ALP0g2O2xDlpFSVTK-rwwXz1nkdXQOl7WdwtA9_i0fz5Oq803isQGnyfGI3P1lYAjhG-mq0ZOIdY94sy9BwGJD1eH4QhtX0Kl9-KPTiKJ9TV-Y4ap0C15A%26cry%3D1%26dbm_d%3DAKAmf-AK-PW1n0j3kO1NxlIc9usmcV5NA6a9vmuEMhKy0hvsuE7WklQ0HQl48y-h9exGVsBr14AQBp3xk3LTEig-t-FJrtkDChdVcHOlboG-JvZ6AHIEp7Mi2KPnZHHO_VV236L69tpg8i7EHU3eZcOoBR-3n5hXrDWckHgxUKtXoksvVy93NfYfVF34w1nsyKxnhThpgRNUF4crh1c8umR73oLl7_4mwHyNkYcN1A6RXQQ3ljR3XtZRI265ndBZsw8mdstzFyso2QZesCWisAGgou5D-VX2E1xmbWeGGzxBgdlZ1E5JVFj6exAjT_i3UVbXBnGswm1WpoaraZ-LMhVZj4q3i0BWDKvF88RKpOMHxN8QFwwE-uVw5htzmJYw9ekGScL9vryrfwQQBJpzERv7ZWEUIMe-Rw%26adurl%3D&documentReferer=https%3A%2F%2F67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com%2F&ancestorOrigins=https%3A%2F%2F67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com%2Chttp%3A%2F%2Fwww2.kusports.com&random=5935810419535&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.63.164 Hockenheim, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.164.63.201.138.clients.your-server.de
Software: Apache /
Resource Hash: dc448e598b09337777723ca5e7020fd9523ac8af0aad1608daad9d932e0e70f3

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://25dcde5c459e907cdba546ad0f24cb2c.safeframe.googlesyndication.com/

Response headers

Date: Sat, 15 Jan 2022 16:42:39 GMT
Server: Apache
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Expires: Sat, 15 Jan 2022 16:42:39 +0100
Pragma: no-cache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 2320
Connection: close
Content-Type: text/html; charset=utf-8

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame F63A 1 KB
749 B 7ms
6ms Document
text/html 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: 25dcde5c459e907cdba546ad0f24cb2c.safeframe.googlesyndication.com
URL: https://25dcde5c459e907cdba546ad0f24cb2c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://25dcde5c459e907cdba546ad0f24cb2c.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 724
x-xss-protection: 0
date: Sat, 15 Jan 2022 13:26:12 GMT
expires: Sun, 16 Jan 2022 13:26:12 GMT
cache-control: public, max-age=86400
age: 11787
etag: 48472445140208031
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
DATA 200
OK truncated
/ Frame 21ED 212 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 094f5116e188ca1b7d21bdf8e16e767b99aabeb385cb5ccef1a7176bd6057d0f

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 index.html Show response
s0.2mdn.net/sadbundle/10787963051330895359/ Frame 493A 86 KB
19 KB 21ms
7ms Document
text/html 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/10787963051330895359/index.html

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_275.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2c9b38f0afbad7b61e4110e947093aa9722d7b93cd2270d38a212e761f44775a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://33ecd2ec6bae0c8c308958ffacaf82e2.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-type: text/html
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
timing-allow-origin: *
date: Mon, 10 Jan 2022 14:08:04 GMT
expires: Tue, 10 Jan 2023 14:08:04 GMT
last-modified: Mon, 20 Dec 2021 08:54:42 GMT
x-content-type-options: nosniff
x-dns-prefetch-control: off
content-encoding: gzip
server: sffe
x-xss-protection: 0
content-length: 19903
age: 441275
cache-control: public, max-age=31536000
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

POST
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame EDF7 0
571 B 80ms
52ms Ping
image/gif 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsuuwvqbjgXo3YtwL9cHM_dk_hwgs9eWC0nW6AKKjuyRTKfcrKweTnfTnkA5NgDswFjj1acrzz8GYmTH8qWjo2h5MWuv1C_UnaVFnsU5708kToGpG7UvGmKJ8VOIMuBOpDFP_gLoQy1PWNZr2TdBVQX7Oy193C_WpbEhX6j4U9NpiHKgKkTsvK8S8j8AqWjnaXvacp0LIHU4OvSDIEXCKqXGwAn_ag9xwF3mxaKRM59cbICXvicp83R9BARAc7zfNKXFSQ0at7SZWhB6A7JL9qskO-2pR4UUJSYUmKNQp8mlEnoIk3W00rJkuiqvcsQfv6fQchv4ve96ifACn2oGS66fsHr__2yGW1IpCGvi-4uBwpwoHUV36yqlBPSWp2VXg2cUxjPPzEj0FHbYVpVfjnJ7HfUH1Mmh3_Ue_hK-QH627XpiUpShFUXIpCg6AKxAuiWZlFt8y0crrONDwWB8USDF8edKKNPuN00qaTAjoHDhdEmMxg6R8wlwzJzFguecpoA3YVZK80VakEgD00vv3K9gv2X_Z4_NFP8Wfx6maa_SwYiNC_LLwkpLIDARn8y3AzaVE_VOBSNHlFUsUaqzG59sWe7oDTvEjFwQyh41UoeNk5lP4qneU3IQ-WjUsYA-OM0f0CJn7CFgSLu0xVgD4DfHyLNybaKwAkZJ3wM0S_t3-1tv0k6smc1bsj-4E_zxGmkpukYmOue9fioIfwKqZscWIEZhsGUrNadRRPDibIQQ1jbxf1xkDL3qBh-iaCjskCK9BTe0Fey30D9XFEOdB7igSmKWSVAXT559lA4kX8KP-bpT0UEWcVbEvcFYhQ5TbZZWMYBkPvuEfKgW2v2-ONm68OBxbfUpC2IFep5Z0ccotY18trrBWrTMDvfigK-WzvdrJmdeeVZQuCN82OgXSLJZows9RRexSh6nPTePO96mRzuepcXP7BggBZfR740ovr5S4p6yIaZLKgasxfBGK6M-49iRtGmOVpgdf9vFYOHySxs9e_Uw1WmyHDD1O4a5xX78uovgDD8C86mKXRUyd8Rt8XR6WNDY7Q88UEL5Fmmq6P9SVBB184xrh7lX9BndnOKNSDEAUFuXGERcewZLfrIQRgw8ke9sQeaTUDajfBIRo7ocvAYjBmzn_Mu-E9_hgXZdM_3ZZixqMolhwWjA01PscgLhVA1Zenj2ikNmrBVn7ltE7rfb8LY7408H47wMzUBXQlqGZQ&sai=AMfl-YQjXorOwz5PUkAJZwqufCfHKuxt1kRVTxkMwh4dl9SIrXrjiyFWH_094kCfb5mFH6Ki2hePc60FyczVa5W1dm96t2JyXTbOx-0h18aAJcQ6b0bGsH_GqWOFO5h6k_SYNO1ULI1jUt6IDj7shmqk1YF1Mv-NOG1eO34sXBqieQdUxROutCP5&sig=Cg0ArKJSzL0FqIbKBnpvEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=181&cbvp=1&cstd=178&cisv=r20220112.43608&adurl=

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://33ecd2ec6bae0c8c308958ffacaf82e2.safeframe.googlesyndication.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
date: Sat, 15 Jan 2022 16:42:39 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3 200 u1NYxsmA8ZVAu2sVzPZBh4qj2FMOPiJd8uWeqwBcPdE.js Show response
pagead2.googlesyndication.com/bg/ Frame 5192 35 KB
13 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/u1NYxsmA8ZVAu2sVzPZBh4qj2FMOPiJd8uWeqwBcPdE.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bb5358c6c980f19540bb6b15ccf641878aa3d8530e3e225df2e59eab005c3dd1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 13:59:20 GMT
content-encoding: br
x-content-type-options: nosniff
age: 9799
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13653
x-xss-protection: 0
last-modified: Thu, 06 Jan 2022 13:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sun, 15 Jan 2023 13:59:20 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame EDF7 41 KB
15 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: 33ecd2ec6bae0c8c308958ffacaf82e2.safeframe.googlesyndication.com
URL: https://33ecd2ec6bae0c8c308958ffacaf82e2.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://33ecd2ec6bae0c8c308958ffacaf82e2.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 13 Jan 2022 08:14:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 203317
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 13 Jan 2023 08:14:02 GMT

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 3642 1 KB
749 B 7ms
6ms Document
text/html 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: 33ecd2ec6bae0c8c308958ffacaf82e2.safeframe.googlesyndication.com
URL: https://33ecd2ec6bae0c8c308958ffacaf82e2.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://33ecd2ec6bae0c8c308958ffacaf82e2.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 724
x-xss-protection: 0
date: Sat, 15 Jan 2022 13:26:12 GMT
expires: Sun, 16 Jan 2022 13:26:12 GMT
cache-control: public, max-age=86400
age: 11787
etag: 48472445140208031
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
DATA 200
OK truncated
/ Frame EDF7 211 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 681e7e632d1ff39bd6a75b677306caa5c425512a80618c07ff609728b1bd6e99

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 15A2 42 B
64 B 42ms
42ms Fetch
image/gif 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjst2JTVFKi-o-zitQS2kua0bX4CLPhoEgEXOWe84Z41XHHykmsaV5RZfxXsL1_TK-jiIMTNuiw9SCdk7BZeDzv9XdXzOVzfQB4tycoo1hp1E79ZrWeot&sig=Cg0ArKJSzM0ltfbkEBFcEAE&id=lidar2&mcvt=1040&p=845,990,1095,1290&mtos=1040,1040,1040,1040,1040&tos=1040,0,0,0,0&v=20220112&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=19&adk=2978949804&rs=4&la=0&cr=0&vs=4&r=v&rst=1642264957647&rpt=456&isd=0&lsd=0&met=ce&wmsd=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 15 Jan 2022 16:42:39 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame 8FCA 0
9 B 8ms
7ms Image
text/plain 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?3tMaZA
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=???+Buy+Hydroxychloroquine+Over+the+Counter:+??+www.HealsPills.store+??+Uses,+Dosage+???Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 16:42:39 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0

GET
H/1.1 200
OK 07kjbl94dsnm Show response
hal9000.redintelligence.net/zone/ Frame 0406 11 KB
4 KB 33ms
13ms Script
text/html 46.4.10.49
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal9000.redintelligence.net/zone/07kjbl94dsnm?subid=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCuev_fvniYZCjI_-T7_UPma-2qAXdreioYJSm-eLFCvAuEAEgiIC_FGCV6vuBlAfIAQmpAjTwtOc1J7M-qAMBqgT7AU_Q3KpKdqIpCFrxlB6GVMtSbiwsvLYP3XdMhyPLyj9FyHto7hrvy4VOs9Jm_cYL1bR4ZQwdcl5ekZTRzX0oITC3cQItUwdR_1_KigBWgwc8T5e8XaIMHLhd1C50Ngva4gQ1IsQI6zG7hOhTk9CgOvvq5nOM8SamK0HODHkSvWzZVL8jAR7i_E1vUOS-_4n6BbidXjQp_UJBDKpBcRTrlbI_SK8dnRTitQZhy6J9EUaobZmL0YK5yVycJHxxqzRk7zWPuXKjg4f9u_OS34_bO9XgvvbvcjcWdNtNXzzzomslXUSgxIfTB12uGVGVNrsoJ_gPaQjcTR0nUGhRwATOjruxlgLgBAOQBgGgBk2AB-vn6F6oB47OG6gHk9gbqAfulrECqAf-nrECqAfVyRuoB6a-G6gH89EbqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAkIgOGAEBABGB2ACgOYCwHICwGADAGwE5rN6A3QEwDYEwOIFAHYFAHQFQGAFwE%26ae%3D1%26num%3D1%26cid%3DCAASEuRoxRr7Z00dGkqMck9aq5OcqA%26sig%3DAOD64_3q_B190gVXmuwPdemNoBli9T9BcQ%26client%3Dca-pub-6163857992956964%26dbm_c%3DAKAmf-DntVXKnCpic0ypvBKuMc9RGm7Bs47l4tXIg-qLLFuWHkGoGmfYwVeK2HgcMvHdgsUyUlnEno_s5fXIjWYZzfVAG45fya0d-oaIWA6zwUdMV16bWhMEUqZikVkvX9KnqUkubNhekHbSEQYZ6jTxciOltAP7ZA%26cry%3D1%26dbm_d%3DAKAmf-D8r7e1rG90SMryNG7p8qsCArViviZiYY-3eGoZM05lmbAgpIYEbIjQBkdBtopodkFoM3AOatDevU4ZC9m5mqPmiMr17JEoRSxOj4SLN-mkRHC2-8XutdMLQi_-TTz3bBNrN3DNdGi-L0PUCJ-VAbptcOg3fNisDjoX1txnLbOBwwcRRcQcGoi9zfjfzIwinsXkQnzw6YbgI_TCQuQcMDS2TF3g-_Va2NIYG-um0_BGdDvtdrry0rB8RslYdd11vJoSb3tHNL0OAmNTiK5_tIlE5JvIheiydPigo0_iUxo-JOk41VmO-OHsbeRDF8YI-FdyMn91RymuJ2nWfsKB2E05CsxD-KEhlJrhbqU-MDSr8JVeK7M_5UpNk_-7gjFE_Q0xhrKubswqlHe7z3aHU5g4BWYtRA%26adurl%3D
Requested by: Host: d8d1f6c6b5c9aafb9667b3c0a66b013c.safeframe.googlesyndication.com
URL: https://d8d1f6c6b5c9aafb9667b3c0a66b013c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 46.4.10.49 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.49.10.4.46.clients.your-server.de
Software: Apache /
Resource Hash: fcb8fb33626bb651b3b44aa1ae7d4e8f9d17ae5db3b50295887c50404e38470a

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://d8d1f6c6b5c9aafb9667b3c0a66b013c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Sat, 15 Jan 2022 16:42:39 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 3875
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8

GET
H2 200 jquery.min.js Show response
ajax.googleapis.com/ajax/libs/jquery/1.6.2/ Frame 9557 89 KB
90 KB 31ms
8ms Script
text/javascript 2a00:1450:4001:830::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/jquery/1.6.2/jquery.min.js

Requested by

Host: hal90006.redintelligence.net
URL: https://hal90006.redintelligence.net/request_content.php?s=12622400155036900710612011840006&a=35602aa5

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d16d07a0353405fcec95f7efc50a2621bc7425f9a5e8895078396fb0dc460c4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal90006.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 13 Jan 2022 16:35:33 GMT
x-content-type-options: nosniff
age: 173226
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 91556
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
vary: Accept-Encoding
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 13 Jan 2023 16:35:33 GMT

GET
H/1.1 200
OK 728x90_OMAC_2016_Launch%20(4).jpg
cdn.contentspread.net/24i/advertiser/32995/creativesup/ Frame 9557 44 KB
44 KB 56ms
14ms Image
image/jpeg 51.75.147.170
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.contentspread.net/24i/advertiser/32995/creativesup/728x90_OMAC_2016_Launch%20(4).jpg
Requested by: Host: hal90006.redintelligence.net
URL: https://hal90006.redintelligence.net/request_content.php?s=12622400155036900710612011840006&a=35602aa5
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 51.75.147.170 , France, ASN16276 (OVH, FR),
Reverse DNS: ns3133977.ip-51-75-147.eu
Software: nginx /
Resource Hash: e8ec2a4d84f51a4860526181c3822b954b3a134dc14446ba753b37708470171d

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal90006.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Sat, 15 Jan 2022 16:42:39 GMT
Last-Modified: Mon, 20 Jun 2016 09:28:47 GMT
Server: nginx
ETag: "5767b74f-af88"
Content-Type: image/jpeg
Connection: close
Accept-Ranges: bytes
Content-Length: 44936

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame FCF7 0
9 B 7ms
6ms Image
text/plain 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?ZCJQ1Q
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=???+Buy+Hydroxychloroquine+Over+the+Counter:+??+www.HealsPills.store+??+Uses,+Dosage+???Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 16:42:39 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame E74D 22 KB
8 KB 6ms
6ms Document
text/html 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://d8d1f6c6b5c9aafb9667b3c0a66b013c.safeframe.googlesyndication.com/

Response headers

cross-origin-resource-policy: cross-origin
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
timing-allow-origin: *
content-length: 8395
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 13 Jan 2022 08:14:03 GMT
expires: Fri, 13 Jan 2023 08:14:03 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
content-type: text/html
age: 203316
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 css
fonts.googleapis.com/ Frame 493A 2 KB
794 B 17ms
15ms Stylesheet
text/css 2a00:1450:4001:830::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto:700

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/10787963051330895359/index.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

2973257313b8a6815336e3c045ab9814ece44936d58bf637175cd7047cfc9406

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Sat, 15 Jan 2022 14:45:56 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Sat, 15 Jan 2022 16:42:39 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sat, 15 Jan 2022 16:42:39 GMT

GET
H3 200 DcmEnabler_01_247.js Show response
s0.2mdn.net/879366/ Frame 493A 29 KB
10 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/DcmEnabler_01_247.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/10787963051330895359/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

467a5b06cb117035f7882e8c71d80e093f04ce586c1ac2b84e7e4adf978edb30

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/10787963051330895359/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 12:53:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 13766
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10136
x-xss-protection: 0
last-modified: Mon, 27 Sep 2021 18:45:03 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 16 Jan 2022 12:53:13 GMT

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 9116 22 KB
8 KB 7ms
6ms Document
text/html 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://33ecd2ec6bae0c8c308958ffacaf82e2.safeframe.googlesyndication.com/

Response headers

cross-origin-resource-policy: cross-origin
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
timing-allow-origin: *
content-length: 8395
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 13 Jan 2022 08:14:03 GMT
expires: Fri, 13 Jan 2023 08:14:03 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
content-type: text/html
age: 203316
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame 6979 0
9 B 6ms
6ms Image
text/plain 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?0qRmAw
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=???+Buy+Hydroxychloroquine+Over+the+Counter:+??+www.HealsPills.store+??+Uses,+Dosage+???Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 16:42:39 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0

GET
H3 200 dc_pre=CM-Oj9yZtPUCFYemGwodXxsK9A;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=3813178367164.5938
adservice.google.com/ddm/fls/z/ Frame E1CB 42 B
63 B 42ms
42ms Image
image/gif 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://adservice.google.com/ddm/fls/z/dc_pre=CM-Oj9yZtPUCFYemGwodXxsK9A;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=3813178367164.5938

Requested by

Host: 8019191.fls.doubleclick.net
URL: https://8019191.fls.doubleclick.net/activityi;dc_pre=CM-Oj9yZtPUCFYemGwodXxsK9A;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=3813178367164.5938?

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://8019191.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 15 Jan 2022 16:42:39 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame F63A
Redirect Chain

https://sync.mathtag.com/sync/img?mt_exid=4&google_gid=CAESEFkm2radO-OAXFazQ1lFaCg&google_cver=1&google_push=AYg5qPKJdFSIFskLoOdDnjsakdFGe5xqOne1SlgB3ayO39oqVIlxY3uYv0P5OdWUDXLh-rlQhvz0NFTEMANfzFlx...
https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=&google_push=AYg5qPKJdFSIFskLoOdDnjsakdFGe5xqOne1SlgB3ayO39oqVIlxY3uYv0P5OdWUDXLh-rlQhvz0NFTEMANfzFlxSavUglO_vokzqA

170 B
188 B

17ms
17ms

Image
image/png

142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=&google_push=AYg5qPKJdFSIFskLoOdDnjsakdFGe5xqOne1SlgB3ayO39oqVIlxY3uYv0P5OdWUDXLh-rlQhvz0NFTEMANfzFlxSavUglO_vokzqA

Requested by

Host: 25dcde5c459e907cdba546ad0f24cb2c.safeframe.googlesyndication.com
URL: https://25dcde5c459e907cdba546ad0f24cb2c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 15 Jan 2022 16:42:39 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Sat, 15 Jan 2022 16:42:39 GMT
Server: MT3 4133 baa842e master cdg-pixel-x27 config:1.0.0
Access-Control-Allow-Origin: *
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location: https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=&google_push=AYg5qPKJdFSIFskLoOdDnjsakdFGe5xqOne1SlgB3ayO39oqVIlxY3uYv0P5OdWUDXLh-rlQhvz0NFTEMANfzFlxSavUglO_vokzqA
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Keep-Alive: timeout=360
Content-Length: 0
Expires: Sat, 15 Jan 2022 16:42:38 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame F63A
Redirect Chain

https://d5p.de17a.com/cookies/google?google_gid=CAESEMR3InjEtHCWRIllHfCd1Qw&google_cver=1&google_push=AYg5qPKaIjTbHfV9rlq447k8hL7j1YDB82BlUgH_FtpDRFmPz3VABmtdgoZOpSGoLYXNCf3mvTrfu7t-4sTKWrOVXrd-A3s...
https://d5p.de17a.com/cookies/google;c?google_gid=CAESEMR3InjEtHCWRIllHfCd1Qw&google_cver=1&google_push=AYg5qPKaIjTbHfV9rlq447k8hL7j1YDB82BlUgH_FtpDRFmPz3VABmtdgoZOpSGoLYXNCf3mvTrfu7t-4sTKWrOVXrd-A...
https://cm.g.doubleclick.net/pixel?google_nid=delta_projects_ab&google_ula=668382&google_push=AYg5qPKaIjTbHfV9rlq447k8hL7j1YDB82BlUgH_FtpDRFmPz3VABmtdgoZOpSGoLYXNCf3mvTrfu7t-4sTKWrOVXrd-A3s6gzZkOQ

170 B
188 B

16ms
16ms

Image
image/png

142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=delta_projects_ab&google_ula=668382&google_push=AYg5qPKaIjTbHfV9rlq447k8hL7j1YDB82BlUgH_FtpDRFmPz3VABmtdgoZOpSGoLYXNCf3mvTrfu7t-4sTKWrOVXrd-A3s6gzZkOQ

Requested by

Protocol

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 15 Jan 2022 16:42:39 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=delta_projects_ab&google_ula=668382&google_push=AYg5qPKaIjTbHfV9rlq447k8hL7j1YDB82BlUgH_FtpDRFmPz3VABmtdgoZOpSGoLYXNCf3mvTrfu7t-4sTKWrOVXrd-A3s6gzZkOQ
content-length: 0
p3p: CP=NON CURa ADMa DEVa TAIa OUR STP IND UNI COM NAV

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame F63A
Redirect Chain

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEED_e3kPZ9voa4jjmFRa-IY&google_cver=1&google_push=AYg5qPJIeIIMPH7tLmxyhptImzRBYqANeDuXd3L3Gamh1aiNZEavzSOBxTQVt8Ze00UX0JAm1es...
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1lHMjVLTTAtUi02TUVL&google_push=AYg5qPJIeIIMPH7tLmxyhptImzRBYqANeDuXd3L3Gamh1aiNZEavzSOBxTQVt8Ze00UX0JAm1esBXLy_P1YBl3llDSmShJCa7Zdx

170 B
188 B

33ms
32ms

Image
image/png

142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1lHMjVLTTAtUi02TUVL&google_push=AYg5qPJIeIIMPH7tLmxyhptImzRBYqANeDuXd3L3Gamh1aiNZEavzSOBxTQVt8Ze00UX0JAm1esBXLy_P1YBl3llDSmShJCa7Zdx

Requested by

Host: 25dcde5c459e907cdba546ad0f24cb2c.safeframe.googlesyndication.com
URL: https://25dcde5c459e907cdba546ad0f24cb2c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 15 Jan 2022 16:42:39 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location: https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1lHMjVLTTAtUi02TUVL&google_push=AYg5qPJIeIIMPH7tLmxyhptImzRBYqANeDuXd3L3Gamh1aiNZEavzSOBxTQVt8Ze00UX0JAm1esBXLy_P1YBl3llDSmShJCa7Zdx
Cache-Control: no-cache,no-store,must-revalidate
Content-Type: text/html
content-length: 0
X-RPHost: 4cdacfaa68e4ab216fffbcc107c5b898
Expires: 0

GET

pixel
cm.g.doubleclick.net/ Frame F63A
Redirect Chain

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEFAjvzAKmoHvAp9hSPIAdq8&google_cver=1&googl...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YeL5flf2Q4Nzqfisvhje4wAABKAAAAIB&google_gid=CAESEFAjvzAKmoHvAp9hSPIAdq8&google_cver=1&google_push=AYg5qPKb9x9VPfi-qn24h9wxtVy1eM-c19XHa...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YeL5flf2Q4Nzqfisvhje4wAABKAAAAIB&google_gid=CAESEFAjvzAKmoHvAp9hSPIAdq8&google_cver=1&google_push=AYg5qPKb9x9VPfi-qn24h9wxtVy1eM-c19XHa...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YeL5flf2Q4Nzqfisvhje4wAABKAAAAIB&google_gid=CAESEFAjvzAKmoHvAp9hSPIAdq8&google_cver=1&google_push=AYg5qPKb9x9VPfi-qn24h9wxtVy1eM-c19XHa...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YeL5flf2Q4Nzqfisvhje4wAABKAAAAIB&google_gid=CAESEFAjvzAKmoHvAp9hSPIAdq8&google_cver=1&google_push=AYg5qPKb9x9VPfi-qn24h9wxtVy1eM-c19XHa...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YeL5flf2Q4Nzqfisvhje4wAABKAAAAIB&google_gid=CAESEFAjvzAKmoHvAp9hSPIAdq8&google_cver=1&google_push=AYg5qPKb9x9VPfi-qn24h9wxtVy1eM-c19XHa...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YeL5flf2Q4Nzqfisvhje4wAABKAAAAIB&google_gid=CAESEFAjvzAKmoHvAp9hSPIAdq8&google_cver=1&google_push=AYg5qPKb9x9VPfi-qn24h9wxtVy1eM-c19XHa...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YeL5flf2Q4Nzqfisvhje4wAABKAAAAIB&google_gid=CAESEFAjvzAKmoHvAp9hSPIAdq8&google_cver=1&google_push=AYg5qPKb9x9VPfi-qn24h9wxtVy1eM-c19XHa...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YeL5flf2Q4Nzqfisvhje4wAABKAAAAIB&google_gid=CAESEFAjvzAKmoHvAp9hSPIAdq8&google_cver=1&google_push=AYg5qPKb9x9VPfi-qn24h9wxtVy1eM-c19XHa...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YeL5flf2Q4Nzqfisvhje4wAABKAAAAIB&google_gid=CAESEFAjvzAKmoHvAp9hSPIAdq8&google_cver=1&google_push=AYg5qPKb9x9VPfi-qn24h9wxtVy1eM-c19XHa...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YeL5flf2Q4Nzqfisvhje4wAABKAAAAIB&google_gid=CAESEFAjvzAKmoHvAp9hSPIAdq8&google_cver=1&google_push=AYg5qPKb9x9VPfi-qn24h9wxtVy1eM-c19XHa...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YeL5flf2Q4Nzqfisvhje4wAABKAAAAIB&google_gid=CAESEFAjvzAKmoHvAp9hSPIAdq8&google_cver=1&google_push=AYg5qPKb9x9VPfi-qn24h9wxtVy1eM-c19XHa...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YeL5flf2Q4Nzqfisvhje4wAABKAAAAIB&google_gid=CAESEFAjvzAKmoHvAp9hSPIAdq8&google_cver=1&google_push=AYg5qPKb9x9VPfi-qn24h9wxtVy1eM-c19XHa...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YeL5flf2Q4Nzqfisvhje4wAABKAAAAIB&google_gid=CAESEFAjvzAKmoHvAp9hSPIAdq8&google_cver=1&google_push=AYg5qPKb9x9VPfi-qn24h9wxtVy1eM-c19XHa...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YeL5flf2Q4Nzqfisvhje4wAABKAAAAIB&google_gid=CAESEFAjvzAKmoHvAp9hSPIAdq8&google_cver=1&google_push=AYg5qPKb9x9VPfi-qn24h9wxtVy1eM-c19XHa...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YeL5flf2Q4Nzqfisvhje4wAABKAAAAIB&google_gid=CAESEFAjvzAKmoHvAp9hSPIAdq8&google_cver=1&google_push=AYg5qPKb9x9VPfi-qn24h9wxtVy1eM-c19XHa...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YeL5flf2Q4Nzqfisvhje4wAABKAAAAIB&google_gid=CAESEFAjvzAKmoHvAp9hSPIAdq8&google_cver=1&google_push=AYg5qPKb9x9VPfi-qn24h9wxtVy1eM-c19XHa...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YeL5flf2Q4Nzqfisvhje4wAABKAAAAIB&google_gid=CAESEFAjvzAKmoHvAp9hSPIAdq8&google_cver=1&google_push=AYg5qPKb9x9VPfi-qn24h9wxtVy1eM-c19XHa...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YeL5flf2Q4Nzqfisvhje4wAABKAAAAIB&google_gid=CAESEFAjvzAKmoHvAp9hSPIAdq8&google_cver=1&google_push=AYg5qPKb9x9VPfi-qn24h9wxtVy1eM-c19XHa...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YeL5flf2Q4Nzqfisvhje4wAABKAAAAIB&google_gid=CAESEFAjvzAKmoHvAp9hSPIAdq8&google_cver=1&google_push=AYg5qPKb9x9VPfi-qn24h9wxtVy1eM-c19XHa...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YeL5flf2Q4Nzqfisvhje4wAABKAAAAIB&google_gid=CAESEFAjvzAKmoHvAp9hSPIAdq8&google_cver=1&google_push=AYg5qPKb9x9VPfi-qn24h9wxtVy1eM-c19XHa...

0
0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame F63A
Redirect Chain

https://s.ad.smaato.net/c/n///-?adNetInit=g&google_gid=CAESEBAq6VYIqLBPd0dGLV8mgSo&google_cver=1&google_push=AYg5qPJA6NEx9toxEKdPqY5TETFTQ8vt0_MC_uEy1jSmZqraC5qZavCEQfAX8NgLS3M_VlpEAH7yrOzKxtFbFid_...
https://cm.g.doubleclick.net/pixel?google_nid=smaato&google_push=AYg5qPJA6NEx9toxEKdPqY5TETFTQ8vt0_MC_uEy1jSmZqraC5qZavCEQfAX8NgLS3M_VlpEAH7yrOzKxtFbFid_huJk8YKQavEMTA

170 B
188 B

33ms
33ms

Image
image/png

142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=smaato&google_push=AYg5qPJA6NEx9toxEKdPqY5TETFTQ8vt0_MC_uEy1jSmZqraC5qZavCEQfAX8NgLS3M_VlpEAH7yrOzKxtFbFid_huJk8YKQavEMTA

Requested by

Host: 25dcde5c459e907cdba546ad0f24cb2c.safeframe.googlesyndication.com
URL: https://25dcde5c459e907cdba546ad0f24cb2c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 15 Jan 2022 16:42:39 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Sat, 15 Jan 2022 16:42:39 GMT
via: 1.1 71b147cd3102755b55ba8b6fd34e3f4a.cloudfront.net (CloudFront)
server: CloudFront
x-amz-cf-pop: FRA6-C1
x-cache: FunctionGeneratedResponse from cloudfront
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location: https://cm.g.doubleclick.net/pixel?google_nid=smaato&google_push=AYg5qPJA6NEx9toxEKdPqY5TETFTQ8vt0_MC_uEy1jSmZqraC5qZavCEQfAX8NgLS3M_VlpEAH7yrOzKxtFbFid_huJk8YKQavEMTA
cache-control: no-cache, must-revalidate
content-length: 0
x-amz-cf-id: y2LDaXkF3PJft_AwRPZCXRF6oaIOXjHZGT9SsGxnsjLhBULvreA4zg==

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame F63A
Redirect Chain

https://cs.media.net/cksync?type=g&google_gid=CAESELfmrm9lvgVeOwlhPS40EDg&google_cver=1&google_push=AYg5qPIFNvM_ofdsg8zVwQ_Onf5bhhTT-6RwcQ5-RZs1UYRpd7X38p-jlAyfTxSP80lU7aEd0oOwKTrzz5Vymck58VZgxQJ0o...
https://cm.g.doubleclick.net/pixel?google_nid=media&google_hm=Mjg1MjY2NTU5ODg4NDIyODAwMFYxMA%3d%3d&mn_hm=Mjg1MjY2NTU5ODg4NDIyODAwMFYxMA%3d%3d&google_sc=1&google_push=AYg5qPIFNvM_ofdsg8zVwQ_Onf5bhhT...

170 B
188 B

20ms
20ms

Image
image/png

142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=media&google_hm=Mjg1MjY2NTU5ODg4NDIyODAwMFYxMA%3d%3d&mn_hm=Mjg1MjY2NTU5ODg4NDIyODAwMFYxMA%3d%3d&google_sc=1&google_push=AYg5qPIFNvM_ofdsg8zVwQ_Onf5bhhTT-6RwcQ5-RZs1UYRpd7X38p-jlAyfTxSP80lU7aEd0oOwKTrzz5Vymck58VZgxQJ0omN7kg&gdpr=&gdpr_consent=

Requested by

Host: 25dcde5c459e907cdba546ad0f24cb2c.safeframe.googlesyndication.com
URL: https://25dcde5c459e907cdba546ad0f24cb2c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 15 Jan 2022 16:42:39 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Sat, 15 Jan 2022 16:42:39 GMT
Server: Apache
P3P: CP="NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA", CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA, CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA
Location: https://cm.g.doubleclick.net/pixel?google_nid=media&google_hm=Mjg1MjY2NTU5ODg4NDIyODAwMFYxMA%3d%3d&mn_hm=Mjg1MjY2NTU5ODg4NDIyODAwMFYxMA%3d%3d&google_sc=1&google_push=AYg5qPIFNvM_ofdsg8zVwQ_Onf5bhhTT-6RwcQ5-RZs1UYRpd7X38p-jlAyfTxSP80lU7aEd0oOwKTrzz5Vymck58VZgxQJ0omN7kg&gdpr=&gdpr_consent=
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: text/html
Content-Length: 154
X-MNET-HL2: E
Expires: Sat, 15 Jan 2022 16:42:39 GMT

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame F63A 0
12 B 13ms
13ms Image
text/html 142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13Lm2bzverA4_BIQXSJD1EngqaB04JrWhO_NBADmeNsVXNnun-is39qT2g2Tez0j9w

Requested by

Host: 25dcde5c459e907cdba546ad0f24cb2c.safeframe.googlesyndication.com
URL: https://25dcde5c459e907cdba546ad0f24cb2c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 16:42:39 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H/1.1 200
OK request.php Show response
hal900030.redintelligence.net/ Frame 0406 613 B
935 B 116ms
76ms Script
application/x-javascript 136.243.149.243
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900030.redintelligence.net/request.php?zone=07kjbl94dsnm&nw=20&renderingType=javascript&namespace=d2dd425277&subid=&uid=0342901a3982ee65&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=300x600&scrollPos=0x0&extData[]=&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCuev_fvniYZCjI_-T7_UPma-2qAXdreioYJSm-eLFCvAuEAEgiIC_FGCV6vuBlAfIAQmpAjTwtOc1J7M-qAMBqgT7AU_Q3KpKdqIpCFrxlB6GVMtSbiwsvLYP3XdMhyPLyj9FyHto7hrvy4VOs9Jm_cYL1bR4ZQwdcl5ekZTRzX0oITC3cQItUwdR_1_KigBWgwc8T5e8XaIMHLhd1C50Ngva4gQ1IsQI6zG7hOhTk9CgOvvq5nOM8SamK0HODHkSvWzZVL8jAR7i_E1vUOS-_4n6BbidXjQp_UJBDKpBcRTrlbI_SK8dnRTitQZhy6J9EUaobZmL0YK5yVycJHxxqzRk7zWPuXKjg4f9u_OS34_bO9XgvvbvcjcWdNtNXzzzomslXUSgxIfTB12uGVGVNrsoJ_gPaQjcTR0nUGhRwATOjruxlgLgBAOQBgGgBk2AB-vn6F6oB47OG6gHk9gbqAfulrECqAf-nrECqAfVyRuoB6a-G6gH89EbqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAkIgOGAEBABGB2ACgOYCwHICwGADAGwE5rN6A3QEwDYEwOIFAHYFAHQFQGAFwE%26ae%3D1%26num%3D1%26cid%3DCAASEuRoxRr7Z00dGkqMck9aq5OcqA%26sig%3DAOD64_3q_B190gVXmuwPdemNoBli9T9BcQ%26client%3Dca-pub-6163857992956964%26dbm_c%3DAKAmf-DntVXKnCpic0ypvBKuMc9RGm7Bs47l4tXIg-qLLFuWHkGoGmfYwVeK2HgcMvHdgsUyUlnEno_s5fXIjWYZzfVAG45fya0d-oaIWA6zwUdMV16bWhMEUqZikVkvX9KnqUkubNhekHbSEQYZ6jTxciOltAP7ZA%26cry%3D1%26dbm_d%3DAKAmf-D8r7e1rG90SMryNG7p8qsCArViviZiYY-3eGoZM05lmbAgpIYEbIjQBkdBtopodkFoM3AOatDevU4ZC9m5mqPmiMr17JEoRSxOj4SLN-mkRHC2-8XutdMLQi_-TTz3bBNrN3DNdGi-L0PUCJ-VAbptcOg3fNisDjoX1txnLbOBwwcRRcQcGoi9zfjfzIwinsXkQnzw6YbgI_TCQuQcMDS2TF3g-_Va2NIYG-um0_BGdDvtdrry0rB8RslYdd11vJoSb3tHNL0OAmNTiK5_tIlE5JvIheiydPigo0_iUxo-JOk41VmO-OHsbeRDF8YI-FdyMn91RymuJ2nWfsKB2E05CsxD-KEhlJrhbqU-MDSr8JVeK7M_5UpNk_-7gjFE_Q0xhrKubswqlHe7z3aHU5g4BWYtRA%26adurl%3D&documentReferer=https%3A%2F%2F67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com%2F&ancestorOrigins=https%3A%2F%2F67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com%2Chttp%3A%2F%2Fwww2.kusports.com&random=4975102301566&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0
Requested by: Host: hal9000.redintelligence.net
URL: https://hal9000.redintelligence.net/zone/07kjbl94dsnm?subid=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCuev_fvniYZCjI_-T7_UPma-2qAXdreioYJSm-eLFCvAuEAEgiIC_FGCV6vuBlAfIAQmpAjTwtOc1J7M-qAMBqgT7AU_Q3KpKdqIpCFrxlB6GVMtSbiwsvLYP3XdMhyPLyj9FyHto7hrvy4VOs9Jm_cYL1bR4ZQwdcl5ekZTRzX0oITC3cQItUwdR_1_KigBWgwc8T5e8XaIMHLhd1C50Ngva4gQ1IsQI6zG7hOhTk9CgOvvq5nOM8SamK0HODHkSvWzZVL8jAR7i_E1vUOS-_4n6BbidXjQp_UJBDKpBcRTrlbI_SK8dnRTitQZhy6J9EUaobZmL0YK5yVycJHxxqzRk7zWPuXKjg4f9u_OS34_bO9XgvvbvcjcWdNtNXzzzomslXUSgxIfTB12uGVGVNrsoJ_gPaQjcTR0nUGhRwATOjruxlgLgBAOQBgGgBk2AB-vn6F6oB47OG6gHk9gbqAfulrECqAf-nrECqAfVyRuoB6a-G6gH89EbqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAkIgOGAEBABGB2ACgOYCwHICwGADAGwE5rN6A3QEwDYEwOIFAHYFAHQFQGAFwE%26ae%3D1%26num%3D1%26cid%3DCAASEuRoxRr7Z00dGkqMck9aq5OcqA%26sig%3DAOD64_3q_B190gVXmuwPdemNoBli9T9BcQ%26client%3Dca-pub-6163857992956964%26dbm_c%3DAKAmf-DntVXKnCpic0ypvBKuMc9RGm7Bs47l4tXIg-qLLFuWHkGoGmfYwVeK2HgcMvHdgsUyUlnEno_s5fXIjWYZzfVAG45fya0d-oaIWA6zwUdMV16bWhMEUqZikVkvX9KnqUkubNhekHbSEQYZ6jTxciOltAP7ZA%26cry%3D1%26dbm_d%3DAKAmf-D8r7e1rG90SMryNG7p8qsCArViviZiYY-3eGoZM05lmbAgpIYEbIjQBkdBtopodkFoM3AOatDevU4ZC9m5mqPmiMr17JEoRSxOj4SLN-mkRHC2-8XutdMLQi_-TTz3bBNrN3DNdGi-L0PUCJ-VAbptcOg3fNisDjoX1txnLbOBwwcRRcQcGoi9zfjfzIwinsXkQnzw6YbgI_TCQuQcMDS2TF3g-_Va2NIYG-um0_BGdDvtdrry0rB8RslYdd11vJoSb3tHNL0OAmNTiK5_tIlE5JvIheiydPigo0_iUxo-JOk41VmO-OHsbeRDF8YI-FdyMn91RymuJ2nWfsKB2E05CsxD-KEhlJrhbqU-MDSr8JVeK7M_5UpNk_-7gjFE_Q0xhrKubswqlHe7z3aHU5g4BWYtRA%26adurl%3D
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 136.243.149.243 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.243.149.243.136.clients.your-server.de
Software: Apache /
Resource Hash: 1eb9493e879896e0b89d91e157e49172ba191760c599f4bb33e226f54a71e3af

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://d8d1f6c6b5c9aafb9667b3c0a66b013c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 15 Jan 2022 16:42:39 GMT
Content-Encoding: gzip
Server: Apache
Vary: Accept-Encoding
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
X-NEORY-SubId: 89334900122487000757597011840030
Connection: close
Content-Type: application/x-javascript; charset=utf-8
Content-Length: 329
Expires: Sat, 15 Jan 2022 16:42:39 +0100

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 470B 42 B
64 B 40ms
39ms Fetch
image/gif 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstN0tKFLKD0srvqPAl7Q_wbet-71waga2bSI4eOfVZ8MPYxNoz8OpYNyJdF1VKIOPQYJgzjVpXDorE7W_qYyD5KHmVVl_8K8AghHvEIsQ1jDzvDcIZU&sig=Cg0ArKJSzM8S9kitkjiKEAE&id=lidar2&mcvt=1076&p=0,0,250,300&mtos=1076,1076,1076,1076,1076&tos=1076,0,0,0,0&v=20220112&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=19&adk=1055926600&rs=4&la=0&cr=0&vs=4&r=v&rst=1642264958172&rpt=136&met=ce&wmsd=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 15 Jan 2022 16:42:39 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK viewability Show response
hal90006.redintelligence.net/ Frame 9557 0
150 B 34ms
13ms Script
text/html 138.201.63.164
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal90006.redintelligence.net/viewability?s=12622400155036900710612011840006&a=2aa52d3b&vb=m
Requested by: Host: hal90006.redintelligence.net
URL: https://hal90006.redintelligence.net/request_content.php?s=12622400155036900710612011840006&a=35602aa5
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.63.164 Hockenheim, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.164.63.201.138.clients.your-server.de
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal90006.redintelligence.net/request_content.php?s=12622400155036900710612011840006&a=35602aa5
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Sat, 15 Jan 2022 16:42:39 GMT
Server: Apache
Connection: close
Content-Length: 0
Content-Type: text/html; charset=UTF-8

GET
DATA 200
OK truncated
/ Frame 9557 43 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Content-Type: image/gif

GET
H2 200 KFOlCnqEu92Fr1MmWUlfBBc4.woff2
fonts.gstatic.com/s/roboto/v29/ Frame 493A 15 KB
16 KB 44ms
17ms Font
font/woff2 2a00:1450:4001:830::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v29/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:700

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0eaeadb58e6995ba85eccb6198aaef77eeb1d4b66699e4e1f3fc10eb6adfcdb9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://s0.2mdn.net
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 12 Jan 2022 17:56:19 GMT
x-content-type-options: nosniff
age: 254780
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15828
x-xss-protection: 0
last-modified: Wed, 22 Sep 2021 16:13:28 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Thu, 12 Jan 2023 17:56:19 GMT

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame B1E5 0
9 B 7ms
6ms Image
text/plain 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?zEsPXw
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=???+Buy+Hydroxychloroquine+Over+the+Counter:+??+www.HealsPills.store+??+Uses,+Dosage+???Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 16:42:39 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0

GET
H2

200

i.match
s.tribalfusion.com/z/ Frame 3642
Redirect Chain

https://a.tribalfusion.com/i.match?p=b6&u=CAESEG0rM5Ut5kGYyZ0QyETnn2Q&google_cver=1&google_push=AYg5qPL9hijyvbZbSkqbxcbNB5g6S-kvbXnK16ITiNNy7u6CHBiqC3eudQyzwiW3app02k3ekitTPpC8xogSKsuGwukYxXAtyBV5&...
https://s.tribalfusion.com/z/i.match?p=b6&u=CAESEG0rM5Ut5kGYyZ0QyETnn2Q&google_cver=1&google_push=AYg5qPL9hijyvbZbSkqbxcbNB5g6S-kvbXnK16ITiNNy7u6CHBiqC3eudQyzwiW3app02k3ekitTPpC8xogSKsuGwukYxXAtyBV...

43 B
417 B

252ms
251ms

Image
image/gif

2606:4700::6812:c05
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s.tribalfusion.com/z/i.match?p=b6&u=CAESEG0rM5Ut5kGYyZ0QyETnn2Q&google_cver=1&google_push=AYg5qPL9hijyvbZbSkqbxcbNB5g6S-kvbXnK16ITiNNy7u6CHBiqC3eudQyzwiW3app02k3ekitTPpC8xogSKsuGwukYxXAtyBV5&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAYg5qPL9hijyvbZbSkqbxcbNB5g6S-kvbXnK16ITiNNy7u6CHBiqC3eudQyzwiW3app02k3ekitTPpC8xogSKsuGwukYxXAtyBV5%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=???+Buy+Hydroxychloroquine+Over+the+Counter:+??+www.HealsPills.store+??+Uses,+Dosage+???Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: H2
Server: 2606:4700::6812:c05 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 15 Jan 2022 16:42:39 GMT
cf-cache-status: DYNAMIC
x-function: 302
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
cf-ray: 6ce08efe49285a19-MXP
p3p: CP="NOI DEVo TAIa OUR BUS"
cache-control: no-cache, private
content-type: image/gif; charset=utf-8
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 43
expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Sat, 15 Jan 2022 16:42:39 GMT
cf-cache-status: DYNAMIC
x-function: 206
server: cloudflare
x-reuse-index: 5691
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
cf-ray: 6ce08efcfd105a19-MXP
p3p: CP="NOI DEVo TAIa OUR BUS"
location: https://s.tribalfusion.com/z/i.match?p=b6&u=CAESEG0rM5Ut5kGYyZ0QyETnn2Q&google_cver=1&google_push=AYg5qPL9hijyvbZbSkqbxcbNB5g6S-kvbXnK16ITiNNy7u6CHBiqC3eudQyzwiW3app02k3ekitTPpC8xogSKsuGwukYxXAtyBV5&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAYg5qPL9hijyvbZbSkqbxcbNB5g6S-kvbXnK16ITiNNy7u6CHBiqC3eudQyzwiW3app02k3ekitTPpC8xogSKsuGwukYxXAtyBV5%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24
cache-control: no-cache, private
content-type: text/html
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 3642
Redirect Chain

https://fksnk.com/cs/google?google_gid=CAESELbsr-sGDCR3Cs1h9X2Y6EA&google_cver=1&google_push=AYg5qPJnt4q9K8yWgnHqnlrSq3ZKKJySmZb_INg3wIQc-6AKcKGhGx9lrCSbzu_uSPqRi1EKgRUAgVJXU82rIA7kgHmaaptX2bPQ
https://cm.g.doubleclick.net/pixel?google_nid=fiksu&google_hm=NjAzMEQwOTMxODA3RjMwRQ==

170 B
188 B

17ms
16ms

Image
image/png

142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=fiksu&google_hm=NjAzMEQwOTMxODA3RjMwRQ==

Requested by

Protocol

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 15 Jan 2022 16:42:39 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=fiksu&google_hm=NjAzMEQwOTMxODA3RjMwRQ==
date: Sat, 15 Jan 2022 16:42:39 GMT
content-language: en-US
content-type: text/html;charset=ISO-8859-1

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 3642
Redirect Chain

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEED_e3kPZ9voa4jjmFRa-IY&google_cver=1&google_push=AYg5qPIyAJY3RsoPdF-mflJ7mZkIEbCJgusqv_PzaruOfvx1YPCXs6DAlUeB0fN1uJmyQYVOEcM...
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1lHMjVLTk8tMUMtOTBORA==&google_push=AYg5qPIyAJY3RsoPdF-mflJ7mZkIEbCJgusqv_PzaruOfvx1YPCXs6DAlUeB0fN1uJmyQYVOEcMTTM_cHAQqIimvictr5ugMxlca

170 B
188 B

33ms
33ms

Image
image/png

142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1lHMjVLTk8tMUMtOTBORA==&google_push=AYg5qPIyAJY3RsoPdF-mflJ7mZkIEbCJgusqv_PzaruOfvx1YPCXs6DAlUeB0fN1uJmyQYVOEcMTTM_cHAQqIimvictr5ugMxlca

Requested by

Host: 33ecd2ec6bae0c8c308958ffacaf82e2.safeframe.googlesyndication.com
URL: https://33ecd2ec6bae0c8c308958ffacaf82e2.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 15 Jan 2022 16:42:39 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location: https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1lHMjVLTk8tMUMtOTBORA==&google_push=AYg5qPIyAJY3RsoPdF-mflJ7mZkIEbCJgusqv_PzaruOfvx1YPCXs6DAlUeB0fN1uJmyQYVOEcMTTM_cHAQqIimvictr5ugMxlca
Cache-Control: no-cache,no-store,must-revalidate
Content-Type: text/html
content-length: 0
X-RPHost: 4cdacfaa68e4ab216fffbcc107c5b898
Expires: 0

GET
H/1.1 200
OK us
sync.go.sonobi.com/ Frame 3642 0
474 B 62ms
15ms Image
text/plain 178.162.133.149
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://sync.go.sonobi.com/us?loc=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dsonobi%26google_push%3DAYg5qPK0c_d186ndCMIY2I9IIAycwzwJzhFZAci7D0LYEavFTQLLRU1b3ZwOuMR1vapIqY6CYfODGqjEV0l5THiVFhXmmiaYPs1Z%26google_hm%3D%5BUID%5D&google_gid=CAESEGIBnBVXKALfUkKVPOVDbmw&google_cver=1

Requested by

Host: 33ecd2ec6bae0c8c308958ffacaf82e2.safeframe.googlesyndication.com
URL: https://33ecd2ec6bae0c8c308958ffacaf82e2.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

178.162.133.149 Rotterdam, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),

Reverse DNS

ams-1-sync.go.sonobi.com

Software

sonobi-go /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 15 Jan 2022 16:42:39 GMT
Server: sonobi-go
Vary: negotiate,Accept-Encoding
X-Go-Server: xcp-ams-1-7-9
P3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-cache, no-store, private
Tcn: Choice
Content-Type: text/plain; charset=utf8
Content-Length: 0
X-Xss-Protection: 0
Expires: Sat, 26 Jul 1997 05:00:00 GMT

GET
H2 204 exptsync
ads.yieldmo.com/ Frame 3642 0
35 B 167ms
30ms Image
text/plain 54.77.232.22
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ads.yieldmo.com/exptsync?google_gid=CAESEN81uRYavrjAv1ow-Zcwgh4&google_cver=1&google_push=AYg5qPIoP2SS47tHlpYcZiuFUYvzpRQw1sewRdD4h2FCoscwI9NsMG7cCJbLfroH_1eOwpkj-s-Q7lMFc3RvokSSsKUDbAMwt0PJ
Requested by: Host: 33ecd2ec6bae0c8c308958ffacaf82e2.safeframe.googlesyndication.com
URL: https://33ecd2ec6bae0c8c308958ffacaf82e2.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.77.232.22 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-77-232-22.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 16:42:39 GMT

GET
H2 204 pub
cs.chocolateplatform.com/ Frame 3642 0
122 B 320ms
97ms Image
text/plain 35.212.101.174
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cs.chocolateplatform.com/pub?pid=ebda&google_gid=CAESEOq90tAjHwhMpH2UtpQRYvE&google_cver=1&google_push=AYg5qPJNh9tDV-ItE3jgvQhMjvlLS5_u3aPyBZV9ekrp7iHBeMcdse0IVLjYqKcqzpZsPYZLs-WMXNOhkEAuhYvYAvx81pUKHu4
Requested by: Host: 33ecd2ec6bae0c8c308958ffacaf82e2.safeframe.googlesyndication.com
URL: https://33ecd2ec6bae0c8c308958ffacaf82e2.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.212.101.174 Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 174.101.212.35.bc.googleusercontent.com
Software: Chocolate Cookie Sync Powered by Vdopia /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 16:42:39 GMT
via: 1.1 google
server: Chocolate Cookie Sync Powered by Vdopia
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

GET
H3 200 dot.gif
s0.2mdn.net/ Frame 3642 43 B
65 B 16ms
15ms Image
image/gif 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/dot.gif?google_gid=CAESEBbrULYe2h4iA3fIID8rGJI&google_cver=1&google_push=AYg5qPJetOVzEQlftJ3SDzyPRUHYrgYTxod7CP7r7s4bO457iLY93zOJIcbTk-9tgr-Qb2ykR6aOjNOef7X9jgN00ZxbdRvMvN9Z8w

Requested by

Host: 33ecd2ec6bae0c8c308958ffacaf82e2.safeframe.googlesyndication.com
URL: https://33ecd2ec6bae0c8c308958ffacaf82e2.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 16:42:39 GMT
x-content-type-options: nosniff
last-modified: Sun, 01 Feb 2009 08:00:00 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/gif
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 43
x-xss-protection: 0
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 16 Jan 2022 16:42:39 GMT

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame 3642 0
12 B 15ms
14ms Image
text/html 142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13LdHfMf1RWI3UUDM5_99kbvgVLkluXBD6GnJwnN3wQN9fae8i2xCykWX2UtcRqCLemDmY88Ig

Requested by

Host: 33ecd2ec6bae0c8c308958ffacaf82e2.safeframe.googlesyndication.com
URL: https://33ecd2ec6bae0c8c308958ffacaf82e2.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 16:42:39 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame B0BD 0
20 B 43ms
43ms Image
image/gif 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=225&t=2&li=gpt_2022011002&jk=4023687952600743&bg=!GBulG1_NAAaocxMpqHM7ACkAdvg8WlTlzGXYb14omx2hV6CrTeT6CdfQE7cN1oaIz5vkAT2IyBjn_QIAAAHJUgAAAANoAQeZAxneew5xtSF9oDtxCBUGlMtXyHeNoZcOwl-lb5w7qxB5iGMyVoVXAg3m5UW2uHKae8E3vwaD-VWVx8LlgLQZRNQ24K14eqPz3PeatsTBSxsOOsUpRlCCPRzcx2F02DJnUMA5jFyPw_fxiTWIVaAYFWYAKQbCXYGnvJhAOvD5g1cdOKY3zGI0oAoW0PSTi7D1jIkp4jSiU4VbsKLfKXYrZeaLAq6kgftiqLEasi-CP9k4buT-s3iq93gf9qKOVxjpxVdbS6ywCLlbTbncQFRUUzUgRRZMO1MXC1OZLx6QATJpkdpPtFB-d9CBrFC8VPX_05lWzIkLTLkARVVAkTNNkpq_wO9yl80xEFSjUabiMI98vA38XNsYnLI2036-AruZ3VI_D1_khVVVSuZUkiICpUyA4eYDK6FxFTDbXIVTzMTPlw_omX49arvjhoFO_m4-MMEMq-CwSpISIHjVvADTmkffAFVxjyy2d25ID8Mg7EG5YcIK9kyzgeKXODS3bZQ3gHdyXRSAoBoBTlQIADHZH1chgozVCUfePuft-4CmZE85sMsUEZXXY56ppWQhCPkf0aFi6_MzF9s5wtm3MXQSilvrvtNFDVmAYiQn5XaalMqqqR9UsmTvuFRcva3LvBcV19tVTPRykts7uXI0OKxXKYRT-tYUVzT6v5-_O1iZtHiAjNVe3iE9dXmpWX8Tp5DUnU4QLS8PrHsvKVghpveD9PG8yMEEfnjYay-VQ_DuYlS4O2SFmQit0dFEuXWXGpCKnwVe2NMhVr4QESIXLZvd6DeIO37_K-7hal1wWj1B86RorG8yGVy_FNYv1JVrGwO52TN5VwdZSGQwTthZm1-dpp2TsAuoTBL2mOdai0qdE4awycSVCLU8tVXpZub2OSH-JZr7Z1EkgRtU98aXUjNxeLWg4vzESFdUCPHLNMGEWb1YPcDqT8sIpvWMoz_7ns6rWrrXTY9aIDw4arUyTorIBMAcGY4SGDHW0rtX-F30iBwkujGSMhptUNcoMA2SxP86ip0bhbHkEajMbGoYueaoC-UXvhmdzad5n98E

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 15 Jan 2022 16:42:39 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame EDF7 0
23 B 57ms
43ms Ping
image/gif 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://33ecd2ec6bae0c8c308958ffacaf82e2.safeframe.googlesyndication.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
date: Sat, 15 Jan 2022 16:42:39 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 881A 0
20 B 42ms
42ms Image
image/gif 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=225&t=2&li=gpt_2022011002&jk=2521070408998936&bg=!DwylDEjNAAaocxMpqHM7ACkAdvg8WjmUwW07LzmfndxcE4t7DAgYjkrzfg5qQ5gNqjfK0gLtg9KAvAIAAAHDUgAAAANoAQcKAH00nnPBdvFJkIA3Wr-SU7Gh86I23-vSX3fube4zBstxiU8o72VbMiCZ4dVTPERXfHgqTokXlRgIqsaV80bY7r3W65JoHnW5hVqtMCEIAfwXIzlDWF7UjFU-2WZDD03XOPEiV3Emqzgvtn42yMhYz3i_cjm_9nPW_JIFd9bJCpkDER7luxxBbImRLuNsTQaOTmIAVIiBbCI0LmW40MaiDaud3ze6qHyjsiu_pPkFalU0gwygAlsWO0_Zw6i_DL_bVxWiFEkadzTk7SZEvP3CcUSWH1WV6DMO8AvxOPPZrvjbARnTOC7Q4-d7zfx7Lc5EF-w1spUI00BUpi2u0_YRcLwN2OFE1M-Y0kTrgqJwIwO8OuPDC_aj2JNXjCZpVjSYTuHGUiVvY6wGMNTYUEY4B863k9fVBeBeT6t4Bzr9nvAKvXYvFBaJ-HoxELZkeXTZjGnytiQppMBHNPMOyMLzgilURpId_yPDrPULJkJLA5-SzS25NXf3FHjKG4iUYfG4jB4JAgvtGzaAkT1ZgdhD9Zf0jNDpBvSXT8zxO_V5C2VEd9easVsYo-LvoRn_ZiWqri2Tt-5GJhXaabk1iSDevMMcn_35bTs0QbVS9EcVMT8FcDme-Zn8yw-Kdde6LXAsAks8milLuDyUPcOuNtphendWMH_n_BiNyRYb7wrNo_VahwemSCFzEy4Ls00jvHqDZexy9j-pmB_0ZwgsrIhEI-iwiKqm4r2o8rZT21dFub-eTuPpLDnRSVV2H4aGHPMXxY_QtXxrzX6uyILT-_l8wHaEfIiIB_dYpl8PUbyR5OfeWOFPzXvFiDTbGGUOMXz8szcdhY_6njjBK6t4hMaPUXfo-D8PAp2kIiJJYUdbV8TgGPCQcfADntC4UHRpazne8oe5vXpl7klm1u2OGTjy0_RWDzPVtEP3F28-OM4-ofu9Iet7U3KiHi8LQriiy3yoTEHp7s5F8EoNXAOE7_4od9hdFqjePpokMNQgPPAHEPtcuvYB3o4TE-h968umcZOYTsvlHhA5kSIF6jpHz_txi9TCW0N-38nj_kWHnBH5Oj9L5MDhjYGtreLfudm7lcuR06qEI1vs2Wq05yU8zMDf1ETJo1H9a75bd2MlRBOEA4ptKqX901YsviQYT8VZudtZYscPVcVd7NOsWD7r-2poep7jKGyO95ERYD344WB5J5o3MYfIEpYsUJM8DwCcfi2P7cQe

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 15 Jan 2022 16:42:39 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 9DDA 0
20 B 42ms
42ms Image
image/gif 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=225&t=2&li=gpt_2022011002&jk=2825284009084563&bg=!JiWlJWHNAAaocxMpqHM7ACkAdvg8Wo74M0FJfRkxIT-or6LPsEWqvcgtcggPIWLX6kDCRLlWgo_rqwIAAAH2UgAAAAJoAQcKAECNpoepq_IqAoGJQSk8PZ_ZsUi3Is1D4_tPomkuKL7Yo58Jq0hAgI7wQiO9h0HwV_3RKH8SLcw8iBBXjiB4b3PBmQL7BQXNJDoPWCwBbLsUVFcVQ358oq30-x2O0J_T_jcAOX-iox5yo6t5Kb-zG7DlxHqqlGHC2qJiEdcC7bvQAiS6K7Ezt5_QeCj_Wcl2-mvoV56XSzBiiVgU314XT2ebGFN0RijndhMk0x6psuGtloyuM-XZYhXDwFQs_V5qAT6K3wJVk-w9jvXvgDh5eYwYEH7-bvNBU9NUmy3NQdO2SR3vHd2zAbyzMHS3ys1RGGnAcPzKCVQ34dw5aOyiFD4WAXUUeh-8950MrIk-6jzqpGFt4BMMtmJiWn5dxh7QULfhjK9mFYvT5nM0X7dbd6bI5KTAWjeTPkh4LSaF8waAifH9dYpVjp1ffOnEx_K3HgBV3b5gJVbTZ5p3pMvxU5SYrNFEGPAKSI69EUzMFg3W525ITfn12gju1y4s8uj7ZCvxBkwyccmocXNFLL6tl08Pj6qK9cG1ZoMScPyAUv_YE45buVv6Ea3lZrrJdhzi8Sj55Nqm8DGpnQHsKZ5KA-9nvhfY89_tyl1yr1QQF_68hiRC7PyyyruLqANMlOsrYULr8dnqWjAqfoBvTUl1M-DyKrNBqysDI970NKSXyOn9LrVha_jtW8ZcyriJJVT4hrIC1x0Pzw87X5sdkoibH5TknSgyFEDm0ZbmxTRZ-mlCh7plvdXRp_IKbe0XTlpLYTIgR6X4xp0sBrHs06UgsMddshRw96HY8evhV3FMvQmm-ZkJ1eZF-NSkn1saxmnl7esHJippK9A6cTKJwKEFQJsRHQSBYMCn5GkXhPR2amxNyCMIN07vYSenycwx9Q10CdstQwmehwCkMluHFAO2ayiwoFzPhewCPHIVaQV352Hx0CazBdkB1EFuiKgg-LNQHuX9BNKoY_icYMTU3497GcxXHKPl9g-V7q49U221X6zkQmnKhniEVBA8Pm585s0a8CQ0U2Mt6Ia-lUtbwNmi-eHoUlVjuMUpisefiuVRm4GPV9XqzKPvjIvE49zdOTaOgLYYblB4dLApPDzVyUB8cQ

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 15 Jan 2022 16:42:39 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 Logo.png
s0.2mdn.net/sadbundle/10787963051330895359/ Frame 493A 3 KB
3 KB 7ms
7ms Image
image/png 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/10787963051330895359/Logo.png

Requested by

Host: 33ecd2ec6bae0c8c308958ffacaf82e2.safeframe.googlesyndication.com
URL: https://33ecd2ec6bae0c8c308958ffacaf82e2.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

63187daf11cbad2ac77ee789e7c91a40282a7e505683b1789e7756844a0cb182

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/10787963051330895359/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 10 Jan 2022 14:08:04 GMT
x-content-type-options: nosniff
age: 441275
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2846
x-xss-protection: 0
last-modified: Mon, 20 Dec 2021 08:54:42 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 10 Jan 2023 14:08:04 GMT

GET
H3 200 Fnd_2.jpg
s0.2mdn.net/sadbundle/10787963051330895359/ Frame 493A 20 KB
20 KB 8ms
8ms Image
image/jpeg 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/10787963051330895359/Fnd_2.jpg

Requested by

Host: 33ecd2ec6bae0c8c308958ffacaf82e2.safeframe.googlesyndication.com
URL: https://33ecd2ec6bae0c8c308958ffacaf82e2.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

45b357ed0f15b5732fa0cff198d966a9ebb28615e180cf60d25c7a9d08a5731b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/10787963051330895359/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 10 Jan 2022 14:08:04 GMT
x-content-type-options: nosniff
age: 441275
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20152
x-xss-protection: 0
last-modified: Mon, 20 Dec 2021 08:54:42 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 10 Jan 2023 14:08:04 GMT

GET
H3 200 Fnd_1.jpg
s0.2mdn.net/sadbundle/10787963051330895359/ Frame 493A 22 KB
22 KB 11ms
10ms Image
image/jpeg 2a00:1450:4001:810::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/10787963051330895359/Fnd_1.jpg

Requested by

Host: 33ecd2ec6bae0c8c308958ffacaf82e2.safeframe.googlesyndication.com
URL: https://33ecd2ec6bae0c8c308958ffacaf82e2.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

eabdfad97841a4de6a5a522d81da2ed11db099bb9ae809499309c4af83e3cb4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/10787963051330895359/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 10 Jan 2022 14:08:04 GMT
x-content-type-options: nosniff
age: 441275
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 22572
x-xss-protection: 0
last-modified: Mon, 20 Dec 2021 08:54:42 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 10 Jan 2023 14:08:04 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 21ED 0
20 B 39ms
39ms Image
image/gif 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?v=3&s=pagead&action=load3pas&it=fb.242,e2e.1252,fs.234,reqs.235,ress.242,rese.242&srt=8&e=&id=csi_pagead&gqid=&qqid=COfN3duZtPUCFYiH_Qcdwv0FiQ&rt=lb.606,ol.1010

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://25dcde5c459e907cdba546ad0f24cb2c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 15 Jan 2022 16:42:39 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 u1NYxsmA8ZVAu2sVzPZBh4qj2FMOPiJd8uWeqwBcPdE.js Show response
pagead2.googlesyndication.com/bg/ Frame E74D 35 KB
13 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/u1NYxsmA8ZVAu2sVzPZBh4qj2FMOPiJd8uWeqwBcPdE.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bb5358c6c980f19540bb6b15ccf641878aa3d8530e3e225df2e59eab005c3dd1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 13:59:20 GMT
content-encoding: br
x-content-type-options: nosniff
age: 9799
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13653
x-xss-protection: 0
last-modified: Thu, 06 Jan 2022 13:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sun, 15 Jan 2023 13:59:20 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 1458 0
20 B 43ms
42ms Image
image/gif 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BJXXkfvniYcnPIZmt3gP_ppu4CgAAAAA4AeAEAg&bg=!DA-lD0vNAAaocxMpqHM7ACkAdvg8WlVUmmnsuiLU3aEX1PXiFk99vH2G6Avq82h9cN_evTnMwEYRQAIAAAHaUgAAAAJoAQeZA15N6FDo3afO_bSEiJ07sQTrytIwa2bXwFJADRD90xmjbUx4DOnHyDrxi9pTxa0H01pN8tr6KvubiZvcuSQYFZ3RbAZmbDsXABAJgEdFHZ4Py2Q9PmHKtdSeblVwC1XKT2k_oI7909etNAX7odZijMOhnHDTDquZQBjF_wofS4MojJOWYX0U4OvbvFwvsnkUH_368Kuy3SNGeiBBYGlgm2t9iUsu01MA8AAb4x6YOL9Xo6sT9Tx60OerCOTHDnKkNX_f4Brhuyv-ca90dFrkcBZDprRCUDraYSIA0qotmnw_cKKx1BJ3-vqwNCLPuOtqAx_L0nLF4VViTB1WKv-XyL3sEq17_tNbiIPOpUjSmUI-JC2IYd7dOGxG1pFhOD3p9znbu8gmyuSW6v7MnOTF1OlvEqDQdHPWEj8c-KtYvmBGoE1NzuKDokE5pttIaeXBeRzXGSX7CHkFTG9BqbnM_tWmpVjK6aCBgKz9ux9uxnTjdDPCygNF4N6PKpnDJa30w72tRYQu7OpeHlMR1FjubdHageeZK-8-A3m_ItIHuPr3FPipYCOqRQHQ3z9I-fOypa4SfzKw-Y9uaSs-QFb6zsini2dZI9IDeQmLJYxr7cmQXB_tACyagfqgkIwu5XNewBy4VyTXSmnf58XdBmoaVU__m-MnZnHm6iD_SdJz1rNHlhzEdAZIvBl3ttVD9sBqg4tY0S8eFu-HrWXyvPi0xezS2jG1qj6voh3EAZeQ2mQdLaCfI6UeBDL399SixPrsDwR6BHR_Lw0gv__iCwSR4nRSekuE6XzDzz2WTriefl2sI1WMslYH2xDVlju_EXm-asAPfwKkSSzT9gYY72-J78uC_3wA6DUNuIprTfHv96yzUnvuMwBW78ZXgEZ165P4mthyyFlRB49J16X5WrOzuzuITIFkGVg_hFjOGi9Bi4SlCEah0CxV_OROVGSlhlM8nk_A44d9i6tSuVjLNuhv-btaGQ5d6IT4scs702ig75I83dAuS-JU86tI0aOckhVpdtxhgNY7ySkX9ST3PJ75BqvK-SI4LR0HrY-biAhxPya0CeJcMsiwTLCC6bQ5xLgVlsArDTvZAZ3zPV8cdBJ-_bga-tTwz5-YcIcXTcdwtObmkKw5zCvXXrhEUlUFrCTO

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 15 Jan 2022 16:42:39 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 u1NYxsmA8ZVAu2sVzPZBh4qj2FMOPiJd8uWeqwBcPdE.js Show response
pagead2.googlesyndication.com/bg/ Frame 9116 35 KB
13 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/u1NYxsmA8ZVAu2sVzPZBh4qj2FMOPiJd8uWeqwBcPdE.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bb5358c6c980f19540bb6b15ccf641878aa3d8530e3e225df2e59eab005c3dd1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 13:59:20 GMT
content-encoding: br
x-content-type-options: nosniff
age: 9799
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13653
x-xss-protection: 0
last-modified: Thu, 06 Jan 2022 13:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sun, 15 Jan 2023 13:59:20 GMT

GET
H/1.1 200
OK request_content.php Show response
hal900030.redintelligence.net/ Frame 57B1 7 KB
3 KB 32ms
11ms Document
text/html 136.243.149.243
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900030.redintelligence.net/request_content.php?s=89334900122487000757597011840030&a=cd04553b
Requested by: Host: hal900030.redintelligence.net
URL: https://hal900030.redintelligence.net/request.php?zone=07kjbl94dsnm&nw=20&renderingType=javascript&namespace=d2dd425277&subid=&uid=0342901a3982ee65&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=300x600&scrollPos=0x0&extData[]=&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCuev_fvniYZCjI_-T7_UPma-2qAXdreioYJSm-eLFCvAuEAEgiIC_FGCV6vuBlAfIAQmpAjTwtOc1J7M-qAMBqgT7AU_Q3KpKdqIpCFrxlB6GVMtSbiwsvLYP3XdMhyPLyj9FyHto7hrvy4VOs9Jm_cYL1bR4ZQwdcl5ekZTRzX0oITC3cQItUwdR_1_KigBWgwc8T5e8XaIMHLhd1C50Ngva4gQ1IsQI6zG7hOhTk9CgOvvq5nOM8SamK0HODHkSvWzZVL8jAR7i_E1vUOS-_4n6BbidXjQp_UJBDKpBcRTrlbI_SK8dnRTitQZhy6J9EUaobZmL0YK5yVycJHxxqzRk7zWPuXKjg4f9u_OS34_bO9XgvvbvcjcWdNtNXzzzomslXUSgxIfTB12uGVGVNrsoJ_gPaQjcTR0nUGhRwATOjruxlgLgBAOQBgGgBk2AB-vn6F6oB47OG6gHk9gbqAfulrECqAf-nrECqAfVyRuoB6a-G6gH89EbqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAkIgOGAEBABGB2ACgOYCwHICwGADAGwE5rN6A3QEwDYEwOIFAHYFAHQFQGAFwE%26ae%3D1%26num%3D1%26cid%3DCAASEuRoxRr7Z00dGkqMck9aq5OcqA%26sig%3DAOD64_3q_B190gVXmuwPdemNoBli9T9BcQ%26client%3Dca-pub-6163857992956964%26dbm_c%3DAKAmf-DntVXKnCpic0ypvBKuMc9RGm7Bs47l4tXIg-qLLFuWHkGoGmfYwVeK2HgcMvHdgsUyUlnEno_s5fXIjWYZzfVAG45fya0d-oaIWA6zwUdMV16bWhMEUqZikVkvX9KnqUkubNhekHbSEQYZ6jTxciOltAP7ZA%26cry%3D1%26dbm_d%3DAKAmf-D8r7e1rG90SMryNG7p8qsCArViviZiYY-3eGoZM05lmbAgpIYEbIjQBkdBtopodkFoM3AOatDevU4ZC9m5mqPmiMr17JEoRSxOj4SLN-mkRHC2-8XutdMLQi_-TTz3bBNrN3DNdGi-L0PUCJ-VAbptcOg3fNisDjoX1txnLbOBwwcRRcQcGoi9zfjfzIwinsXkQnzw6YbgI_TCQuQcMDS2TF3g-_Va2NIYG-um0_BGdDvtdrry0rB8RslYdd11vJoSb3tHNL0OAmNTiK5_tIlE5JvIheiydPigo0_iUxo-JOk41VmO-OHsbeRDF8YI-FdyMn91RymuJ2nWfsKB2E05CsxD-KEhlJrhbqU-MDSr8JVeK7M_5UpNk_-7gjFE_Q0xhrKubswqlHe7z3aHU5g4BWYtRA%26adurl%3D&documentReferer=https%3A%2F%2F67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com%2F&ancestorOrigins=https%3A%2F%2F67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com%2Chttp%3A%2F%2Fwww2.kusports.com&random=4975102301566&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 136.243.149.243 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.243.149.243.136.clients.your-server.de
Software: Apache /
Resource Hash: be2de274e3fa7e8c1b547b857f02a72072372eb0372f76ec5073d07581698c22

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://d8d1f6c6b5c9aafb9667b3c0a66b013c.safeframe.googlesyndication.com/

Response headers

Date: Sat, 15 Jan 2022 16:42:39 GMT
Server: Apache
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Expires: Sat, 15 Jan 2022 16:42:39 +0100
Pragma: no-cache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 2310
Connection: close
Content-Type: text/html; charset=utf-8

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 3D4D 1 KB
749 B 6ms
6ms Document
text/html 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: d8d1f6c6b5c9aafb9667b3c0a66b013c.safeframe.googlesyndication.com
URL: https://d8d1f6c6b5c9aafb9667b3c0a66b013c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://d8d1f6c6b5c9aafb9667b3c0a66b013c.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 724
x-xss-protection: 0
date: Sat, 15 Jan 2022 13:26:12 GMT
expires: Sun, 16 Jan 2022 13:26:12 GMT
cache-control: public, max-age=86400
age: 11787
etag: 48472445140208031
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
DATA 200
OK truncated
/ Frame 0406 212 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: bdded80f5148434ebdda24655d3b31c0dcf87d4de621e4345ddf4868369f130d

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 19AD 0
20 B 42ms
42ms Image
image/gif 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=225&t=2&li=gpt_2022011002&jk=3517838423081183&bg=!DQ6lDkrNAAaocxMpqHM7ACkAdvg8WsqPRFOCvGIzKEG3JXhXiWni_kc3zkFOyaCEX6TzpOCPaWazRAIAAAG_UgAAAAJoAQeZAvxjzoORO3RoX2DZOYPCqtONeUFp6bHPMnZgnjvX_JvrtcVLwKxqdupnPeQq7hDKBELPQ7Sqz3NYDB3ZcrtxDDRQFTt1721brU_3asB_xNfsc_TNf_OjtzVv8wKhvHZNQmX1QSvctwsVUiKjvmGc7xreiegEtaDtjezpdNhe5iNtOWbV1EN5yq1AWMX2ClvZ-EwFE44LXLE38rizbJWPidy83hxyhuNDUx4oFqxJjh6OjFHoDIUBhMD6gmxv7XlLdNRblfhw6KqEyG4ffC1Tz7IJ9jsAp30ThYYEM0DpJKxTh6faWTAJqmuhbVLvmgWj7cnfYCQhJHgjGOKjsWvG42-Py9x2CsRi9ypkFG0O8W1QQ9d3QcBTmorc28XBg_XE5W2oi3bXMfxeLJQRbi9OCd9nKZ-3G1We2W0WThAuGa3ODYggRXx1WUYrnodhpqezvsBjPJdEf3J2zaWFJivg2WUeAbWp1LlA6KeIqeLug11Bfuyurd196-uxric2Cw6UhiIcro-uOXovf5Tyy4sKQu79FJRPEsi-Mk5y7BXtgeMXKoB5YBoCgf_uas_X9Bu0joFobF3f4tmW1VGljRZHUyReatnhiiKVhdUF550EJGiOGo4SJjTgxzhaGdPcUKYnIGxYMyv6K3FCk8-G5J-UoXNGD2gfnWJoTGCGEbYEN51jFJQ1Aag3zDCuveRCFMPcxfoc7UcqEhawdoZjXBM6oOUUm8PpFx_AuA8-GK_2YMv0enSFdm0D0HRJKHsxZ1OrZwrZJe3pi4HOlZW0uRTjGaSzTFPwtbc3XzQWNB8kWEA0ELKT1SmD7Oi_waLDjpQGiDjkuFGnwWxiPMeer3DTubM8IduIkNgHf9Bsqn8IJ4E2C3FV6Cj0L-uV1JiBYw1OE5roXlVkOSLB1HCyX3_M1mdcj1siJ_6q-vfTJ_2fVn75Nx_Nr7SWQ-bdGjD6Afbxi_SW4-69e42cgdlFGqRLZmkmrnXQ3DXFEdoTvdSFNhFNa-KVLDDJZDRBpwRprA

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 15 Jan 2022 16:42:39 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame 5192 0
9 B 6ms
6ms Image
text/plain 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?KDAh0A
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=???+Buy+Hydroxychloroquine+Over+the+Counter:+??+www.HealsPills.store+??+Uses,+Dosage+???Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 16:42:39 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 19AD 42 B
64 B 40ms
40ms Fetch
image/gif 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstgidtrRZxn_PjW31YhjM-YX2x98JhRl8uR2XwDNEz89wOLWoEk4cwQqT0SSqS5tSwpTXOma-YpeXJznkYXhIeRl4R1ojHfmXZqguSTs2Qu_ysMlGzF&sig=Cg0ArKJSzFDc3WUsthUpEAE&id=lidar2&mcvt=1042&p=90,436,180,1164&mtos=1042,1042,1042,1042,1042&tos=1042,0,0,0,0&v=20220112&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=19&adk=3960793290&rs=4&la=0&cr=0&vs=4&r=v&rst=1642264957886&rpt=655&isd=0&lsd=0&met=ce&wmsd=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 15 Jan 2022 16:42:39 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 jquery.min.js Show response
ajax.googleapis.com/ajax/libs/jquery/1.6.2/ Frame 57B1 89 KB
89 KB 24ms
9ms Script
text/javascript 2a00:1450:4001:830::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/jquery/1.6.2/jquery.min.js

Requested by

Host: hal900030.redintelligence.net
URL: https://hal900030.redintelligence.net/request_content.php?s=89334900122487000757597011840030&a=cd04553b

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d16d07a0353405fcec95f7efc50a2621bc7425f9a5e8895078396fb0dc460c4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal900030.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 13 Jan 2022 16:35:33 GMT
x-content-type-options: nosniff
age: 173226
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 91556
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
vary: Accept-Encoding
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 13 Jan 2023 16:35:33 GMT

GET
H/1.1 200
OK mircosoft-300-600%20(1).jpg
cdn.contentspread.net/24i/advertiser/32995/creativesup/ Frame 57B1 62 KB
62 KB 49ms
14ms Image
image/jpeg 51.75.147.170
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.contentspread.net/24i/advertiser/32995/creativesup/mircosoft-300-600%20(1).jpg
Requested by: Host: hal900030.redintelligence.net
URL: https://hal900030.redintelligence.net/request_content.php?s=89334900122487000757597011840030&a=cd04553b
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 51.75.147.170 , France, ASN16276 (OVH, FR),
Reverse DNS: ns3133977.ip-51-75-147.eu
Software: nginx /
Resource Hash: 5057f7beaa08450682a5418bdce93e9783bd704527406843fb019ea0a52778d4

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal900030.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Sat, 15 Jan 2022 16:42:39 GMT
Last-Modified: Mon, 20 Jun 2016 09:27:03 GMT
Server: nginx
ETag: "5767b6e7-f6a2"
Content-Type: image/jpeg
Connection: close
Accept-Ranges: bytes
Content-Length: 63138

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 3D4D
Redirect Chain

https://sync-tm.everesttech.net/upi/pid/5w3jqr4k?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dg8f47s39e399f3fe%26google_hm%3D%24%7BTM_USER_ID_BASE64ENC_URLENC%7D&google_gid=CAESE...
https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=&google_cver=1&google_gid=CAESEAdxGFXhhF1yxn27wFS3Za0&google_push=AYg5qPI3Ec01DtnIUTGHDc2clWmlb6VkfoARMMyWkdKPlU9p175KfsfMhR...

170 B
188 B

33ms
32ms

Image
image/png

142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=&google_cver=1&google_gid=CAESEAdxGFXhhF1yxn27wFS3Za0&google_push=AYg5qPI3Ec01DtnIUTGHDc2clWmlb6VkfoARMMyWkdKPlU9p175KfsfMhRZJZ5HwsUvUl4yXkzxXLUJld9iafJeM2ctdkT_ar1ye

Protocol

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 15 Jan 2022 16:42:39 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Sat, 15 Jan 2022 16:42:39 GMT
via: 1.1 varnish
server: Jetty(9.4.35.v20201120)
x-timer: S1642264960.746606,VS0,VE100
x-served-by: cache-mxp6936-MXP
x-cache: MISS
p3p: CP="NOI DSP COR LAW PSAo PSDo IVAo IVDo OUR BUS UNI DEM"
location: https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=&google_cver=1&google_gid=CAESEAdxGFXhhF1yxn27wFS3Za0&google_push=AYg5qPI3Ec01DtnIUTGHDc2clWmlb6VkfoARMMyWkdKPlU9p175KfsfMhRZJZ5HwsUvUl4yXkzxXLUJld9iafJeM2ctdkT_ar1ye
cache-control: no-cache
accept-ranges: bytes
access-control-allow-origin: *
content-length: 0
x-cache-hits: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 3D4D
Redirect Chain

https://um.simpli.fi/gp_match?google_gid=CAESEK4iHHVzzff6pBRhAmwV2OM&google_cver=1&google_push=AYg5qPI5jxx4uNR1QCDPwB0J3VW-TDzp2PI9WiLeGneexjUdSf4yBKnHE1B0AxPNnBZiOgfZgdpnlKL_J49ebtYUm5igQuoV9dsx
https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=D063CE548A7E4109BE50F299F8309B83&google_push=AYg5qPI5jxx4uNR1QCDPwB0J3VW-TDzp2PI9WiLeGneexjUdSf4yBKnHE1B0AxPNnBZiOgfZgdpnlKL_J49ebtY...

170 B
188 B

18ms
17ms

Image
image/png

142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=D063CE548A7E4109BE50F299F8309B83&google_push=AYg5qPI5jxx4uNR1QCDPwB0J3VW-TDzp2PI9WiLeGneexjUdSf4yBKnHE1B0AxPNnBZiOgfZgdpnlKL_J49ebtYUm5igQuoV9dsx

Requested by

Host: d8d1f6c6b5c9aafb9667b3c0a66b013c.safeframe.googlesyndication.com
URL: https://d8d1f6c6b5c9aafb9667b3c0a66b013c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 15 Jan 2022 16:42:39 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Sat, 15 Jan 2022 16:42:39 GMT
x-content-type-options: nosniff
server: nginx
location: https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=D063CE548A7E4109BE50F299F8309B83&google_push=AYg5qPI5jxx4uNR1QCDPwB0J3VW-TDzp2PI9WiLeGneexjUdSf4yBKnHE1B0AxPNnBZiOgfZgdpnlKL_J49ebtYUm5igQuoV9dsx
strict-transport-security: max-age=63072000; includeSubdomains; preload
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/html
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length: 138
expires: Fri, 14 Jan 2022 16:42:39 GMT

GET
H2 200 google
match.adsrvr.org/track/cmf/ Frame 3D4D 70 B
264 B 38ms
36ms Image
image/gif 3.33.220.150
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/google?google_gid=CAESEJJiMtoaywBxoNC0ufEbpQw&google_cver=1&google_push=AYg5qPIY3XhFkvW9BSyzjckhXDdUMv5PSj4B23ypHMgu2yFsskMkrCO7y_ifmMlgmB-LUHUU74pa2qA-v-ZePlAC0t8drGCzrsO_
Requested by: Host: d8d1f6c6b5c9aafb9667b3c0a66b013c.safeframe.googlesyndication.com
URL: https://d8d1f6c6b5c9aafb9667b3c0a66b013c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.33.220.150 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a12b7a488abeaa9e4.awsglobalaccelerator.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 15 Jan 2022 16:42:39 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-type: image/gif
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 3D4D
Redirect Chain

https://ads.travelaudience.com/google_pixel?google_gid=CAESEJidL22Wt82Yh_7NzpPxjN0&google_cver=1&google_push=AYg5qPLqqi6m-Zz9VS5ji7KtxsnQCIuiW5s7p-TH24Ehbg13YT8I_jD75jCaUjMa1GeaYOxjHOni0bqoV14nFvNq...
https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=n93O2de7QK-CZqWVkwZw7Q2&google_push=AYg5qPLqqi6m-Zz9VS5ji7KtxsnQCIuiW5s7p-TH24Ehbg13YT8I_jD75jCaUjMa1GeaYOxjHOni0bqoV14nFvNqbJu53NRHi0KC

170 B
188 B

18ms
18ms

Image
image/png

142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=n93O2de7QK-CZqWVkwZw7Q2&google_push=AYg5qPLqqi6m-Zz9VS5ji7KtxsnQCIuiW5s7p-TH24Ehbg13YT8I_jD75jCaUjMa1GeaYOxjHOni0bqoV14nFvNqbJu53NRHi0KC

Requested by

Host: d8d1f6c6b5c9aafb9667b3c0a66b013c.safeframe.googlesyndication.com
URL: https://d8d1f6c6b5c9aafb9667b3c0a66b013c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 15 Jan 2022 16:42:39 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Sat, 15 Jan 2022 16:42:39 GMT
via: 1.1 google
x-engine-version: 0.0.0
server: nginx/1.15.12
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR LAW CUR DEV PSA PSD IVA OUR BUS UNI COM NAV INT CNT LOC"
location: https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=n93O2de7QK-CZqWVkwZw7Q2&google_push=AYg5qPLqqi6m-Zz9VS5ji7KtxsnQCIuiW5s7p-TH24Ehbg13YT8I_jD75jCaUjMa1GeaYOxjHOni0bqoV14nFvNqbJu53NRHi0KC
x-host: tde-deliveryengine-production-78c5c78457-hk7ht
alt-svc: clear
content-length: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 3D4D
Redirect Chain

https://a.c.appier.net/gcm?google_gid=CAESEG1ZOlp6IeE5ys1eZDmst7Q&google_cver=1&google_push=AYg5qPL2gDbhiC6gWi8bjfMr59GY1iG8fE6vnDDD4wqh9-zIQEKNTQYnWfABLDML1xkNH3Q-BwSEssCNjFDvW0K0IhBlUM4TaRY
https://cm.g.doubleclick.net/pixel?google_nid=appier&google_hm=NnVHX21qUXdBNldaVkh4RGdQbmlZUQ%3D%3D&google_push=AYg5qPL2gDbhiC6gWi8bjfMr59GY1iG8fE6vnDDD4wqh9-zIQEKNTQYnWfABLDML1xkNH3Q-BwSEssCNjFDvW...

170 B
188 B

38ms
38ms

Image
image/png

142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appier&google_hm=NnVHX21qUXdBNldaVkh4RGdQbmlZUQ%3D%3D&google_push=AYg5qPL2gDbhiC6gWi8bjfMr59GY1iG8fE6vnDDD4wqh9-zIQEKNTQYnWfABLDML1xkNH3Q-BwSEssCNjFDvW0K0IhBlUM4TaRY

Protocol

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 15 Jan 2022 16:42:40 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=appier&google_hm=NnVHX21qUXdBNldaVkh4RGdQbmlZUQ%3D%3D&google_push=AYg5qPL2gDbhiC6gWi8bjfMr59GY1iG8fE6vnDDD4wqh9-zIQEKNTQYnWfABLDML1xkNH3Q-BwSEssCNjFDvW0K0IhBlUM4TaRY
date: Sat, 15 Jan 2022 16:42:40 GMT
cache-control: no-store
server: nginx
content-type: text/html; charset=utf-8
content-length: 242
p3p: CP="CUR ADM DEV TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 3D4D
Redirect Chain

https://px.adhigh.net/p/gm/rub?google_gid=CAESEJyK-ap9szcAfYImiiew1Oc&google_cver=1&google_push=AYg5qPJwxcSkShlINzQvzLjnsFuUfaQj5hsTs2mPiw2m1_9kxUM6MldVJSuJRJPLzVMNp69G5xX7N8ceyQlkN9bUT8fPdrr9VM_H
https://px.adhigh.net/p/gm/rub?google_gid=CAESEJyK-ap9szcAfYImiiew1Oc&google_cver=1&google_push=AYg5qPJwxcSkShlINzQvzLjnsFuUfaQj5hsTs2mPiw2m1_9kxUM6MldVJSuJRJPLzVMNp69G5xX7N8ceyQlkN9bUT8fPdrr9VM_H&...
https://cm.g.doubleclick.net/pixel?google_nid=gint&google_push=AYg5qPJwxcSkShlINzQvzLjnsFuUfaQj5hsTs2mPiw2m1_9kxUM6MldVJSuJRJPLzVMNp69G5xX7N8ceyQlkN9bUT8fPdrr9VM_H&google_hm=kfqa09veiCcAAikABlF-Xp6...

170 B
188 B

17ms
16ms

Image
image/png

142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=gint&google_push=AYg5qPJwxcSkShlINzQvzLjnsFuUfaQj5hsTs2mPiw2m1_9kxUM6MldVJSuJRJPLzVMNp69G5xX7N8ceyQlkN9bUT8fPdrr9VM_H&google_hm=kfqa09veiCcAAikABlF-Xp6bMg%3D%3D

Protocol

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 15 Jan 2022 16:42:39 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Sat, 15 Jan 2022 16:42:39 GMT
server: nginx
access-control-allow-origin: *
x-backend-id: f1-ru
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location: https://cm.g.doubleclick.net/pixel?google_nid=gint&google_push=AYg5qPJwxcSkShlINzQvzLjnsFuUfaQj5hsTs2mPiw2m1_9kxUM6MldVJSuJRJPLzVMNp69G5xX7N8ceyQlkN9bUT8fPdrr9VM_H&google_hm=kfqa09veiCcAAikABlF-Xp6bMg%3D%3D
cache-control: no-cache, no-store
access-control-allow-credentials: true
content-length: 0
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 3D4D
Redirect Chain

https://b1sync.zemanta.com/usersync/googleadx/?google_gid=CAESEEzfblPzvwaN6YveXIKngi4&google_cver=1&google_push=AYg5qPIWz-aMWugySlPUf6smKLrFSDqPKpPz6qDc-NZjF9cOnSu01E6lnjDr19o84ATQHuY0i-fCeyGVybOKF...
https://b1sync.zemanta.com/usersync/googleadx/?google_cver=1&google_gid=CAESEEzfblPzvwaN6YveXIKngi4&google_push=AYg5qPIWz-aMWugySlPUf6smKLrFSDqPKpPz6qDc-NZjF9cOnSu01E6lnjDr19o84ATQHuY0i-fCeyGVybOKF...
https://cm.g.doubleclick.net/pixel?google_nid=zemanta&google_push=AYg5qPIWz-aMWugySlPUf6smKLrFSDqPKpPz6qDc-NZjF9cOnSu01E6lnjDr19o84ATQHuY0i-fCeyGVybOKF88-rncdgJCSMVfr&google_hm=eUxjYVhGTWZ1dmVGLUd3...

170 B
188 B

16ms
16ms

Image
image/png

142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=zemanta&google_push=AYg5qPIWz-aMWugySlPUf6smKLrFSDqPKpPz6qDc-NZjF9cOnSu01E6lnjDr19o84ATQHuY0i-fCeyGVybOKF88-rncdgJCSMVfr&google_hm=eUxjYVhGTWZ1dmVGLUd3RlhnOV8=

Protocol

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 15 Jan 2022 16:42:40 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Sat, 15 Jan 2022 16:42:40 GMT
P3p: CP="We do not support P3P header."
Location: https://cm.g.doubleclick.net/pixel?google_nid=zemanta&google_push=AYg5qPIWz-aMWugySlPUf6smKLrFSDqPKpPz6qDc-NZjF9cOnSu01E6lnjDr19o84ATQHuY0i-fCeyGVybOKF88-rncdgJCSMVfr&google_hm=eUxjYVhGTWZ1dmVGLUd3RlhnOV8=
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: text/html; charset=utf-8
Content-Length: 236
Expires: Thu, 01 Dec 1994 16:00:00 GMT

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame 3D4D 0
12 B 14ms
13ms Image
text/html 142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13KTRs6OdtxNxWDWo6iXRz86-IPU4FzMQu1gcO95gcTRB-HWpMb1m7HNn10HLYTOw2-UAhwt

Requested by

Host: d8d1f6c6b5c9aafb9667b3c0a66b013c.safeframe.googlesyndication.com
URL: https://d8d1f6c6b5c9aafb9667b3c0a66b013c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 16:42:39 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame ED57 0
20 B 42ms
42ms Image
image/gif 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=225&t=2&li=gpt_2022011002&jk=3265979252748335&bg=!gIOlg8fNAAaocxMpqHM7ACkAdvg8WnSFmWj2j5k2usyBw6LzyKQCRlA7_FpDb1q_2kFlZqJZEU-StQIAAAFJUgAAAAVoAQcKAESDRiznp0ljjs4hHecg6c12S2DDfb2jVuJJ-zmrtEALdbrJkg9b5i-v4wdERbWqJvAw3Sirx1BAGZFj9q8Kmu_gXoSy05kDEgKPNBLfqJgwJS_RioQ_QqXat2xhZLhAkmcnVYHZIYkYMCMaVs7QoSZes7zdqEdgcGVZYnb7_OFOyDcmSw_RqJZYpv0Pg-VpXxQN_xD_g8sObmzVwzwEH74ZpRg-WUAzccNh7RjJs_Mbeq5WmrLdpvigc_pRa6a586fel6U0DJ8Hc7-fLyGCbhFeGsTxN-cbZfmHRb3iPC1_K2-JTNT48GgLEWWfOPTIJcUAL22uVD3Wy0vlutJhQg-SbUmW977cmHUvW9L4TBDg-lrNQxu17_xWVvkGjnkWK6D2NquZmalPJALVoJWCX1SecDF5d4Hme8kRhot9-BG7yZZSvBtUkm459H1IW-mqc4XjYZ57-XSovQ0NzcLS8MXJHhDGqtVvCm55U0SOZe2I7pJYsJL40Szxc9DXUBNiHQr0YPEOv35BhvJH1HVVyB5L0IbZLhQyrNCxgSA6ZiTEDasTWMa7TYHTA5iXi1eNJpFks2z45L3rXsDn7yjGAbWH7vImqQNH7vSV4WynraRvAf2S4Ewr9Q_6T7hMDIU19lr2IOS23VnUWnXw9Pf45IYjzVro9a8VRbgSUJZPZFxi_M6OXWRM5Zd5kFFCT4Da-YmvZU8eGPUesMC3yi9AlJ0YdV9aFQlxwdn1aP2PkX2stk1k5mRG7a7EArT_9Nsh9BMsOHw-BRFwWKBNOhraug6eF0cdWCfrD8472MMGrs1zh5dp8B9NlsgGHi2a6qrkaae0sIUUFN9Qr-zf4SD88VkQGGV2Xu8WBtZYs70NrMAyuNM9ZNjGzs1SroB5phWt0OF9Zu8bIb46eV46-WanG3_C5TtuDJ6mRuO4WDRX8yFiO9_B64Xq4ueza_Ye5OSFfQvVBnXUhN1lfdrWiGz4kgCfcY4g1yu1kIgWROBRx1HNS6LwoK9Kn2rmvPQDcPyWURRyvDtW5iYJbadiotc29I3ik7MjLhn0HBeaorf7tC32NHnv63Dhjimt8dKdr6KNBDofCWoVW8DcXVoGxK5inkIXSgX0A9Bh8lD7bElgOt5enube7UBy-sGqsg

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 15 Jan 2022 16:42:39 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK viewability Show response
hal900030.redintelligence.net/ Frame 57B1 0
150 B 34ms
11ms Script
text/html 136.243.149.243
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900030.redintelligence.net/viewability?s=89334900122487000757597011840030&a=b8b8a06f&vb=m
Requested by: Host: hal900030.redintelligence.net
URL: https://hal900030.redintelligence.net/request_content.php?s=89334900122487000757597011840030&a=cd04553b
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 136.243.149.243 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.243.149.243.136.clients.your-server.de
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal900030.redintelligence.net/request_content.php?s=89334900122487000757597011840030&a=cd04553b
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Sat, 15 Jan 2022 16:42:39 GMT
Server: Apache
Connection: close
Content-Length: 0
Content-Type: text/html; charset=UTF-8

GET
DATA 200
OK truncated
/ Frame 57B1 43 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Content-Type: image/gif

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame ED57 42 B
64 B 41ms
39ms Fetch
image/gif 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsu11Te_zsf6oH6A-874br1mhJ35VjRjTkzNgW6qAxEuzldaNTMRnpe1WFtXblmd1mHjDal0mVQDNQWltACKwjCmtUr6rihJQEZrYgQmBch3hmgEFqf5&sig=Cg0ArKJSzKgJrz6XElhKEAE&id=lidar2&mcvt=1007&p=205,990,805,1290&mtos=1007,1007,1007,1007,1007&tos=1007,0,0,0,0&v=20220112&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=19&adk=1250131073&rs=4&la=0&cr=0&vs=4&r=v&rst=1642264958001&rpt=674&isd=0&lsd=0&met=ce&wmsd=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 15 Jan 2022 16:42:39 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK roundtrip.js Show response
a.adroll.com/j/ 46 KB
15 KB 75ms
11ms Script
text/javascript 2600:9000:2315:e200:15:90db:9f40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: http://a.adroll.com/j/roundtrip.js
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=???+Buy+Hydroxychloroquine+Over+the+Counter:+??+www.HealsPills.store+??+Uses,+Dosage+???Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: HTTP/1.1
Server: 2600:9000:2315:e200:15:90db:9f40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: d62a3b924d49cc3909d8c7e7d66c6fda8780c357fae0f927993f424928401b20

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

X-Amz-Version-Id: TrxFtQaM8s37m_Nm4h1GkMAOXYF47jUQ
Content-Encoding: gzip
Etag: W/"b8caabe626e64605e61edd5174246bf4"
Age: 355
X-Amz-Server-Side-Encryption: AES256
Transfer-Encoding: chunked
X-Cache: Hit from cloudfront
Connection: keep-alive
Vary: Accept-Encoding
Via: 1.1 67b4a3e116ddb07b50403935474117c6.cloudfront.net (CloudFront)
Last-Modified: Fri, 14 Jan 2022 00:11:04 GMT
Server: AmazonS3
Date: Sat, 15 Jan 2022 16:36:46 GMT
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET
Content-Type: text/javascript
Access-Control-Allow-Origin: *
Cache-Control: max-age=3600, must-revalidate
Access-Control-Allow-Credentials: false
X-Amz-Cf-Pop: DUS51-P2
Access-Control-Allow-Headers: *
X-Amz-Cf-Id: Y9dIBrjT3GGdh-FVsXCzjZSzX97XWBm-bv7QDfXJ0LziEWudVNDfuQ==

GET
H/1.1 200
OK chartbeat.js Show response
static.chartbeat.com/js/ 36 KB
14 KB 60ms
9ms Script
application/x-javascript 2600:9000:2315:bc00:18:1fcd:34f:cdc1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: http://static.chartbeat.com/js/chartbeat.js
Requested by: Host: www2.kusports.com
URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/?q=???+Buy+Hydroxychloroquine+Over+the+Counter:+??+www.HealsPills.store+??+Uses,+Dosage+???Buy+Hydroxychloroquine+Sulfate+Buy+Hydroxychloroquine
Protocol: HTTP/1.1
Server: 2600:9000:2315:bc00:18:1fcd:34f:cdc1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: e2c28f3e8b6a2e5170859e67cff3e8240e6b888d02005306ef3d2129f5cbd74c

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Sat, 15 Jan 2022 16:27:39 GMT
Content-Encoding: gzip
Age: 900
Transfer-Encoding: chunked
X-Cache: Hit from cloudfront
Cross-Origin-Resource-Policy: cross-origin
Connection: keep-alive
Last-Modified: Fri, 14 Jan 2022 02:25:57 GMT
Server: nginx
ETag: W/"61e0df35-8e96"
Vary: Accept-Encoding
Content-Type: application/x-javascript
Via: 1.1 b6b3463eedbd4b446fd969736178bf98.cloudfront.net (CloudFront)
Cache-Control: max-age=7200
X-Amz-Cf-Pop: DUS51-P2
X-Amz-Cf-Id: _kM5dFlQztYHOttIXgx1inht8-rvlUbzzDfFggT2YPikuu8pJOoeUA==
Expires: Sat, 15 Jan 2022 18:27:39 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 11 KB
9 KB 21ms
20ms XHR
application/json 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2022011002&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5cc957bb76df3b5acfdec7ddbfc7b76458a49442571b9906f64d128e79e2bd58

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 15 Jan 2022 16:42:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8701
x-xss-protection: 0

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 9116 0
20 B 41ms
41ms Image
image/gif 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BGBdnfvniYcyQMpj67_UP6Li2oAsAAAAAOAHgBAI&bg=!WVqlWh7NAAaocxMpqHM7ACkAdvg8WpJHkLQxxDAvu8M7m39983fvi31BNlyH1YJx06r5J-dN-ODIwQIAAACkUgAAAANoAQeZA2PZvU2bkeAfYXoXJfZ-qNtBT7d2nxcHPWbbamF94WCNklu-C5d4RqL60PtakYY0uHHXKf8H9dMtyc60bIW86UsdKTz8y9tjhPlPNqq7CJJs6GPkHgIF2GBImmcNh8nEEh9ZN3y-QXiClwZFMoFtQQlOAFYL-yp8Puzqg4-6nUUpq5CStllKz85tJ_TX-XV095tyy5EbzLCBGiLgOr8E1YT0VRLHW0ozzSIpD1Mu_axRUNa-SmJ2ml--31cBM8YPzAQ5L_hCItkoAHu5ydA-ypy9ucLM3PWii8pwJBra-VL4zynv8D6pJu3tT9cSoukQ7k6O8r4AhCtS4LHyKcjbPRFQy2RpqW9DTfwgul8oE-N6VcwBqD_68vNYdJeNhLLDz0DF6r6nme-danKC-mSI2UyuYGj43SMSWa4-agZnReiZ5uq9iWrZ0oqk3sljbv5GstlnMB8mpMo8MJkWI4SlPvdumlBjFVsS7bzdQaBc-F_g6t8h2isaLICKRyFoWSX4b1U19OMgyBFhZXbb-oRZNCJjdANqmpkXqVzeZEQrvi0crHnViNgEG4qHuaFPQXYbifDVQXqDPqMHfqOTXINN_gD_VeQvJQN_d4MjnLN2RY9wfPEVOz71-QysM6pHmD0ZmZxA43VWVhZ996Y_u-iciCJhF2kfszzwrU-gcxzwtBcUlfNcgGD6EOCPQW7i6_mv7O8rpF58nIZuN9Oia5pJ4ELlFk9l06l0HnB_w0jFPhImRsFwZvv5d9SAEh8wi_YXb71966lK1sWfE02NChiSbF093soUmvHtVUcYl0-FN0DNvyfoeDMokRU2Prh0mBqyEsXbChrlvade5kmQm9jmqHFXvSliIcoN_qTVQdzg7LDZmcaxvFWcq05-vZpL318qrG3QghjTVUf3hpyal19lMflvgLd2FvHbFmWiQ02PuFatS2wdC_gx4wRYQSsq0z7KKzBjtV5VAw0BrCfaOk3X9PLhEqFzHsNQsxbJ09YS2wE0rdYJzE2oRLf3NsURFo2eMkrORI3yqKWiaysgdk7yPuAEDSvsb_k5eIqgyo43Gsw95QzPMgJNaPlC6EuGQDain0bvI9J2Kjc_SNNYsMSSRpH8IiTFeGcQrySy3s50KHUJidVmm4lcjNlQBXj-zx_2g7Mm11U

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 15 Jan 2022 16:42:39 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
6 KB 1092ms
1092ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 16:42:40 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Sat, 15 Jan 2022 16:42:40 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame E74D 0
20 B 45ms
45ms Image
image/gif 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BX-hvfvniYe7OOYzk7gPsuYbYDQAAAAA4AeAEAg&bg=!NjWlNXHNAAaocxMpqHM7ACkAdvg8Wt8HqACJUHxdC3KU7TqGSPJH5zD3ZgRe9mn5mW5yujWYtcR15gIAAADQUgAAAAVoAQeZA0tYTZOvQ0vfZOe6HGWEIeId0arulTvmq0TRDJq4T4QSv8K9Xrls5WhWD0r9dngWGa7NwbEUS-480lc5zd7UH70-Slz9oHcR7Ex8nVLApPyadUJz7KaceinykhH7gWv-ePAiIv3JYGTx0XjRKo6d4o3Ti2zDaZYbC75MkDr9rlMy9QfKWc01piG_AP4gkny17p01-cricW_JLH7Z70a62a6n6P8HN2-9hHiyvQw-TIHG-AyL8NuNdLQsLXw9E3HTjpUNJR3o2Ybj737cR59N2y4EE8pv1cM4ruzlEWsC6jeKVnxb8actXC9hlKId_JXAqgIxmrPJT5S6HrwqQMaAih4A7jHASjcUB4FFli-IRQE8yTCd3_6AXSExcxfQLnRlIoZnPeNrwidsllg8uDQmtm7Jmu-KInjX3A9QzM71-1MxSV88kwInCp-UBHp_Pws2YTO6qKhFjxWfHnB8Ff-SYSGW1IH157sDsGPp8HZ_bZlvyP-DDfUMTuXcohct6Yfi32nIiUJWImGQg1ISPMI1eqcUY4x5KQNCguL7D70TtlFUcM8YOBQF2Z7MksOSy_GgZ30uXNOirBZtAj9XoHb7rKmPjnhs7Ob3XsEQapgNsi4CZD8pJVdwPvyDSMOxYfhQASbp-bNo7ycQITcJVD8fMqkxbS1AHOdxoYk-YJmQ-RMehXK_Wq1TBKMgC9bwlzPo3bTvyoZLXsUT6wUUq77cGhWE08QEx8YYN-UGLucOr48n2-VAd9F0HgBckNNTTfuW92bKZPZZ34sRm0_NA13WmHhVnWR-MFHR4FCLILmU986TMwkITJzhozWnKTg1ExZmc_ezAN2Uura7QpllKushCwpDFYyXQ6wpNtz2A43ZyGfMkGigfInWHpBYsPw03Y6v_ju7UZV_KloRbf5IrqEiUxQKbvRQxHel5k87DDYfFWhwfLnMA6cUGeAxYxyxa3jwy69vUU_a3TxNqKeAyRhntQRP9YAuEf0cKQ0X3uA0zGdESs5RVWOKMAIJ9FyAo8tymyR5xVhPtH0Aa-mANjDiX9u7ktN6k78PfokNBBpmvitIV_AcDqZLoSJd_kA88fi1nP36cPOGorURFRwNSkg4BT4Dd7pavZ0SkLzv18s

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 15 Jan 2022 16:42:39 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK ping
ping.chartbeat.net/ 43 B
294 B 201ms
96ms Image
image/gif 3.217.103.91
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://ping.chartbeat.net/ping?h=www2.kusports.com&p=%2Fsearch%2Fvertical%2Fphotogalleries.gallery%2F&u=VGYauBpoAC3m5Gc8&d=www2.kusports.com&g=27638&g0=No%20Section&g1=No%20Author&n=1&f=00001&c=0&x=0&m=0&y=3084&o=1600&w=1200&j=45&R=1&W=0&I=0&E=0&e=0&r=&b=4336&t=CSP426C9iSuEDuwiLNCT9HOLC2JXnE&V=129&i=%22%3F%3F%3F%20Buy%20Hydroxychloroquine%20Over%20the%20Counter%3A%20%3F%3F%20www.HealsPills.store%20%3F%3F%20Uses%2C%20Dosage%20%3F%3F%3FBuy%20Hydroxy&tz=0&sn=1&sv=CanxS3DRO0MGCgJK8dCf-GDkuW11x&sd=1&im=04030400&_
Protocol: HTTP/1.1
Server: 3.217.103.91 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-217-103-91.compute-1.amazonaws.com
Software: /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 15 Jan 2022 16:42:39 GMT
Content-Type: image/gif
Cache-Control: no-cache, no-store, must-revalidate
Cross-Origin-Resource-Policy: cross-origin
Connection: keep-alive
Content-Length: 43
Expires: 0

GET
H/1.1

200
OK

index.js Show response
s.adroll.com/j/exp/
Redirect Chain

https://s.adroll.com/j/exp/X7723AQJHJDWVHXHZOPVBN/index.js
https://s.adroll.com/j/exp/index.js

28 B
762 B

8ms
8ms

Script
application/javascript

2600:9000:225e:2000:6:9280:1080:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s.adroll.com/j/exp/index.js
Protocol: HTTP/1.1
Server: 2600:9000:225e:2000:6:9280:1080:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: f59e5f34a941183aacaed25322ac0856628493c2cfd936ded3fddc0a49510e52

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

X-Amz-Version-Id: VxC0v7SN4NsT_sJxZYoy27yA4ALlRfhC
Via: 1.1 013a54c6b9caf01f403c247789c7256c.cloudfront.net (CloudFront)
Etag: "5816cced8568d223aa09d889f300692b"
Age: 41884
X-Amz-Server-Side-Encryption: AES256
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 28
Last-Modified: Mon, 18 Oct 2021 21:07:54 GMT
Server: AmazonS3
Date: Sat, 15 Jan 2022 07:42:15 GMT
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET
Content-Type: application/javascript
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: false
X-Amz-Cf-Pop: FRA60-P4
Accept-Ranges: bytes
Access-Control-Allow-Headers: *
X-Amz-Cf-Id: _li-adpE3DKIasVqRvgveO7dRXRIrZBDloZWROrOMSNAEUKp0fma1Q==

Redirect headers

Date: Sat, 15 Jan 2022 08:33:30 GMT
Via: 1.1 013a54c6b9caf01f403c247789c7256c.cloudfront.net (CloudFront)
Age: 29349
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 0
Server: AmazonS3
Location: https://s.adroll.com/j/exp/index.js
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET
Content-Type: application/xml
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: false
X-Amz-Cf-Pop: FRA60-P4
Access-Control-Allow-Headers: *
X-Amz-Cf-Id: VnhmoMNIv3qC8jMLg2KUVB6cjNiNQoVUm1pPX6STV9PptyH4yCmgYA==

GET
H/1.1

200
OK

index.js Show response
s.adroll.com/j/pre/
Redirect Chain

https://s.adroll.com/j/pre/X7723AQJHJDWVHXHZOPVBN/XTQPGD4JMZBBLO774N2I4E/fpconsent.js
https://s.adroll.com/j/pre/index.js

0
733 B

8ms
7ms

Script
application/javascript

2600:9000:225e:2000:6:9280:1080:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s.adroll.com/j/pre/index.js
Protocol: HTTP/1.1
Server: 2600:9000:225e:2000:6:9280:1080:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

X-Amz-Version-Id: nQEe8wQ7h0ROt7P4GJfDfstto6x684Hy
Via: 1.1 7efdfc8e9ebc26758933b0151e22707e.cloudfront.net (CloudFront)
Etag: "d41d8cd98f00b204e9800998ecf8427e"
Age: 47163
X-Amz-Server-Side-Encryption: AES256
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 0
Last-Modified: Wed, 15 Jan 2020 23:54:18 GMT
Server: AmazonS3
Date: Sat, 15 Jan 2022 06:01:03 GMT
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET
Content-Type: application/javascript
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: false
X-Amz-Cf-Pop: FRA60-P4
Accept-Ranges: bytes
Access-Control-Allow-Headers: *
X-Amz-Cf-Id: ByEHQOGQEZ4qmWMoHL-KfrxEn4Rh3gpwk8RPAjJdiMbrMgeUsOL80g==

Redirect headers

Date: Sat, 15 Jan 2022 08:33:30 GMT
Via: 1.1 70d755f7200c02162c7545e4ce74649a.cloudfront.net (CloudFront)
Age: 29349
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 0
Server: AmazonS3
Location: https://s.adroll.com/j/pre/index.js
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET
Content-Type: application/xml
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: false
X-Amz-Cf-Pop: FRA60-P4
Access-Control-Allow-Headers: *
X-Amz-Cf-Id: 324H9Rbi0GiiJvW-V6ZvhN3FYQuloXNNV0PyOSMnNgkY67xwXypWmA==

GET
H/1.1 200
OK index.js Show response
s.adroll.com/j/pre/X7723AQJHJDWVHXHZOPVBN/XTQPGD4JMZBBLO774N2I4E/ 0
785 B 69ms
8ms Script
text/javascript 2600:9000:225e:2000:6:9280:1080:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s.adroll.com/j/pre/X7723AQJHJDWVHXHZOPVBN/XTQPGD4JMZBBLO774N2I4E/index.js
Requested by: Host: a.adroll.com
URL: http://a.adroll.com/j/roundtrip.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:225e:2000:6:9280:1080:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

X-Amz-Version-Id: PHYDd.jWZgmyRybOMIene6Hn8N8ueYLb
Via: 1.1 7efdfc8e9ebc26758933b0151e22707e.cloudfront.net (CloudFront)
Etag: "d41d8cd98f00b204e9800998ecf8427e"
Age: 244
X-Amz-Server-Side-Encryption: AES256
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 0
Last-Modified: Tue, 11 Jan 2022 23:24:23 GMT
Server: AmazonS3
Date: Sat, 15 Jan 2022 16:38:36 GMT
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET
Content-Type: text/javascript; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: max-age=3600, must-revalidate
Access-Control-Allow-Credentials: false
X-Amz-Cf-Pop: FRA60-P4
Accept-Ranges: bytes
Access-Control-Allow-Headers: *
X-Amz-Cf-Id: MWXmCTyiL_bLum3MTjwfDaoiyGyaWIncRXS7g0ZOtz4EEZoA0U1sWw==

GET
H2 200 X7723AQJHJDWVHXHZOPVBN Show response
d.adroll.com/consent/check/ 393 B
862 B 95ms
31ms Script
application/javascript 34.250.56.243
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d.adroll.com/consent/check/X7723AQJHJDWVHXHZOPVBN?arrfrr=http%3A%2F%2Fwww2.kusports.com%2Fsearch%2Fvertical%2Fphotogalleries.gallery%2F%3Fq%3D%3F%3F%3F%2BBuy%2BHydroxychloroquine%2BOver%2Bthe%2BCounter%3A%2B%3F%3F%2Bwww.HealsPills.store%2B%3F%3F%2BUses%2C%2BDosage%2B%3F%3F%3FBuy%2BHydroxychloroquine%2BSulfate%2BBuy%2BHydroxychloroquine&_s=1194edfc1200bddc155e70d57d3370a0&_b=2
Requested by: Host: a.adroll.com
URL: http://a.adroll.com/j/roundtrip.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.250.56.243 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-250-56-243.eu-west-1.compute.amazonaws.com
Software: nginx/1.20.0 /
Resource Hash: 2f2180e07af7d6a2d552aa4a44ad922fa0c1a77e0743585c51978db3af88aa84

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 15 Jan 2022 16:42:40 GMT
cache-control: no-store, no-cache, must-revalidate
server: nginx/1.20.0
content-type: application/javascript
content-length: 393
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"

GET
H/1.1

200
OK

NT3YRS4RBBEJXN5JBMR5A3.js Show response
s.adroll.com/pixel/X7723AQJHJDWVHXHZOPVBN/XTQPGD4JMZBBLO774N2I4E/
Redirect Chain

https://d.adroll.com/pixel/X7723AQJHJDWVHXHZOPVBN/XTQPGD4JMZBBLO774N2I4E?adroll_fpc=2f68077e95303746ba34ea6739280cb0-1642264960048&arrfrr=http%3A%2F%2Fwww2.kusports.com%2Fsearch%2Fvertical%2Fphotog...
https://s.adroll.com/pixel/X7723AQJHJDWVHXHZOPVBN/XTQPGD4JMZBBLO774N2I4E/NT3YRS4RBBEJXN5JBMR5A3.js

2 KB
2 KB

8ms
8ms

Script
text/javascript

2600:9000:225e:2000:6:9280:1080:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s.adroll.com/pixel/X7723AQJHJDWVHXHZOPVBN/XTQPGD4JMZBBLO774N2I4E/NT3YRS4RBBEJXN5JBMR5A3.js
Protocol: HTTP/1.1
Server: 2600:9000:225e:2000:6:9280:1080:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: d1d938d97331866e733f47f9ba4b748530a8b4f684ae1bf3a19c01f32854104f

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

X-Amz-Version-Id: esNmzW3uroWKwh70CFyRK9.ni.LnG9dW
Content-Encoding: gzip
Etag: W/"e2fa21a3c5e4ee334e1fbbe2e9290ca2"
Age: 244
X-Amz-Server-Side-Encryption: AES256
Transfer-Encoding: chunked
X-Cache: Hit from cloudfront
Connection: keep-alive
Vary: Accept-Encoding
Via: 1.1 013a54c6b9caf01f403c247789c7256c.cloudfront.net (CloudFront)
Last-Modified: Tue, 08 Dec 2020 23:30:33 GMT
Server: AmazonS3
Date: Sat, 15 Jan 2022 16:38:37 GMT
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET
Content-Type: text/javascript; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: max-age=3600, must-revalidate
Access-Control-Allow-Credentials: false
X-Amz-Cf-Pop: FRA60-P4
Access-Control-Allow-Headers: *
X-Amz-Cf-Id: CIDD8i8b3J3YQm_8q262024JBgO-Df0zz3_TnzL6db8s80QMYwQu_Q==

Redirect headers

pragma: no-cache
x-conversion-value: 0.00
server: nginx/1.20.0
x-rule: *
date: Sat, 15 Jan 2022 16:42:40 GMT
x-segment-eid: NT3YRS4RBBEJXN5JBMR5A3
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
location: https://s.adroll.com/pixel/X7723AQJHJDWVHXHZOPVBN/XTQPGD4JMZBBLO774N2I4E/NT3YRS4RBBEJXN5JBMR5A3.js
cache-control: no-store, no-cache, must-revalidate
x-segment-display-name: Visitors to Unsegmented Pages
x-pixel-eid: XTQPGD4JMZBBLO774N2I4E
x-segment-name: *
x-advertisable-eid: X7723AQJHJDWVHXHZOPVBN
content-length: 0
x-conversion-currency

GET
H2

204

v1
ads.yahoo.com/cms/
Redirect Chain

https://d.adroll.com/cm/r/out?adroll_fpc=2f68077e95303746ba34ea6739280cb0-1642264960048&arrfrr=http%3A%2F%2Fwww2.kusports.com%2Fsearch%2Fvertical%2Fphotogalleries.gallery%2F%3Fq%3D%3F%3F%3F%2BBuy%2...
https://ads.yahoo.com/cms/v1?esig=1~bf4e7dc4546a90c08591652d78a230d3f2ef5733&nwid=10001032567&sigv=1&gdpr=1&gdpr_consent=BOOla_OOOla_OA2ABBENAkwAAAAXyACAAyAIIA

0
293 B

34ms
33ms

Image
text/plain

2a00:1288:80:800::7001
YAHOO-DEB

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ads.yahoo.com/cms/v1?esig=1~bf4e7dc4546a90c08591652d78a230d3f2ef5733&nwid=10001032567&sigv=1&gdpr=1&gdpr_consent=BOOla_OOOla_OA2ABBENAkwAAAAXyACAAyAIIA

Protocol

Server

2a00:1288:80:800::7001 , United Kingdom, ASN203220 (YAHOO-DEB, GB),

Reverse DNS

Software

ATS /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 16:42:40 GMT
cache-control: no-store
x-content-type-options: nosniff
server: ATS
strict-transport-security: max-age=15552000
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-xss-protection: 1; mode=block

Redirect headers

location: https://ads.yahoo.com/cms/v1?esig=1~bf4e7dc4546a90c08591652d78a230d3f2ef5733&nwid=10001032567&sigv=1&gdpr=1&gdpr_consent=BOOla_OOOla_OA2ABBENAkwAAAAXyACAAyAIIA
pragma: no-cache
date: Sat, 15 Jan 2022 16:42:40 GMT
cache-control: no-store, no-cache, must-revalidate
server: nginx/1.20.0
content-length: 165
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"

GET
H/1.1

200
OK

sync
x.bidswitch.net/ul_cb/
Redirect Chain

https://d.adroll.com/cm/b/out?adroll_fpc=2f68077e95303746ba34ea6739280cb0-1642264960048&arrfrr=http%3A%2F%2Fwww2.kusports.com%2Fsearch%2Fvertical%2Fphotogalleries.gallery%2F%3Fq%3D%3F%3F%3F%2BBuy%2...
https://x.bidswitch.net/sync?dsp_id=44&user_id=MWI1ZmMyMjM2NzU4MWE1Y2RhMzUxYzRlNDc1Zjc5Nzc
https://x.bidswitch.net/ul_cb/sync?dsp_id=44&user_id=MWI1ZmMyMjM2NzU4MWE1Y2RhMzUxYzRlNDc1Zjc5Nzc

43 B
495 B

8ms
8ms

Image
image/gif

3.123.163.195
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://x.bidswitch.net/ul_cb/sync?dsp_id=44&user_id=MWI1ZmMyMjM2NzU4MWE1Y2RhMzUxYzRlNDc1Zjc5Nzc
Protocol: HTTP/1.1
Server: 3.123.163.195 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-123-163-195.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Sat, 15 Jan 2022 16:42:40 GMT
Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
Content-Length: 43
Content-Type: image/gif

Redirect headers

Location: https://x.bidswitch.net/ul_cb/sync?dsp_id=44&user_id=MWI1ZmMyMjM2NzU4MWE1Y2RhMzUxYzRlNDc1Zjc5Nzc
Date: Sat, 15 Jan 2022 16:42:40 GMT
Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
Content-Length: 0

GET
H/1.1

200
OK

setuid
ib.adnxs.com/
Redirect Chain

https://d.adroll.com/cm/x/out?adroll_fpc=2f68077e95303746ba34ea6739280cb0-1642264960048&arrfrr=http%3A%2F%2Fwww2.kusports.com%2Fsearch%2Fvertical%2Fphotogalleries.gallery%2F%3Fq%3D%3F%3F%3F%2BBuy%2...
https://ib.adnxs.com/setuid?entity=172&code=MWI1ZmMyMjM2NzU4MWE1Y2RhMzUxYzRlNDc1Zjc5Nzc

43 B
1 KB

31ms
31ms

Image
image/gif

37.252.173.22
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=172&code=MWI1ZmMyMjM2NzU4MWE1Y2RhMzUxYzRlNDc1Zjc5Nzc

Protocol

HTTP/1.1

Server

37.252.173.22 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

536.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 15 Jan 2022 16:42:40 GMT
X-Proxy-Origin: 217.64.151.10; 217.64.151.10; 536.bm-nginx-loadbalancer.mgmt.fra1; adnxs.com
AN-X-Request-Uuid: c43e12ca-e8dc-43bb-8144-fecfb634f437
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

location: https://ib.adnxs.com/setuid?entity=172&code=MWI1ZmMyMjM2NzU4MWE1Y2RhMzUxYzRlNDc1Zjc5Nzc
pragma: no-cache
date: Sat, 15 Jan 2022 16:42:40 GMT
cache-control: no-store, no-cache, must-revalidate
server: nginx/1.20.0
content-length: 93
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"

GET
H2 200 out
d.adroll.com/cm/l/ 42 B
180 B 30ms
29ms Image
image/gif 34.250.56.243
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://d.adroll.com/cm/l/out?adroll_fpc=2f68077e95303746ba34ea6739280cb0-1642264960048&arrfrr=http%3A%2F%2Fwww2.kusports.com%2Fsearch%2Fvertical%2Fphotogalleries.gallery%2F%3Fq%3D%3F%3F%3F%2BBuy%2BHydroxychloroquine%2BOver%2Bthe%2BCounter%3A%2B%3F%3F%2Bwww.HealsPills.store%2B%3F%3F%2BUses%2C%2BDosage%2B%3F%3F%3FBuy%2BHydroxychloroquine%2BSulfate%2BBuy%2BHydroxychloroquine&advertisable=X7723AQJHJDWVHXHZOPVBN
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.250.56.243 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-250-56-243.eu-west-1.compute.amazonaws.com
Software: nginx/1.20.0 /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 16:42:40 GMT
cache-control: no-transform,public,max-age=300,s-maxage=900
server: nginx/1.20.0
content-length: 42
vary: Cookie
content-type: image/gif

GET
H3

200

sd
us-u.openx.net/w/1.0/
Redirect Chain

https://d.adroll.com/cm/o/out?adroll_fpc=2f68077e95303746ba34ea6739280cb0-1642264960048&arrfrr=http%3A%2F%2Fwww2.kusports.com%2Fsearch%2Fvertical%2Fphotogalleries.gallery%2F%3Fq%3D%3F%3F%3F%2BBuy%2...
https://us-u.openx.net/w/1.0/sd?id=537103138&val=1b5fc22367581a5cda351c4e475f7977

43 B
61 B

18ms
17ms

Image
image/gif

35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?id=537103138&val=1b5fc22367581a5cda351c4e475f7977
Protocol: H3
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/17.0.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 15 Jan 2022 16:42:40 GMT
via: 1.1 google
server: OXGW/17.0.0
vary: Accept
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

location: https://us-u.openx.net/w/1.0/sd?id=537103138&val=1b5fc22367581a5cda351c4e475f7977
pragma: no-cache
date: Sat, 15 Jan 2022 16:42:40 GMT
cache-control: no-store, no-cache, must-revalidate
server: nginx/1.20.0
content-length: 87
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"

GET
H2

200

in
d.adroll.com/cm/g/
Redirect Chain

https://d.adroll.com/cm/g/out?adroll_fpc=2f68077e95303746ba34ea6739280cb0-1642264960048&arrfrr=http%3A%2F%2Fwww2.kusports.com%2Fsearch%2Fvertical%2Fphotogalleries.gallery%2F%3Fq%3D%3F%3F%3F%2BBuy%2...
https://cm.g.doubleclick.net/pixel?google_sc&google_nid=artb&google_hm=G1_CI2dYGlzaNRxOR195dw
https://d.adroll.com/cm/g/in

42 B
536 B

30ms
29ms

Image
image/gif

34.250.56.243
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://d.adroll.com/cm/g/in
Protocol: H2
Server: 34.250.56.243 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-250-56-243.eu-west-1.compute.amazonaws.com
Software: nginx/1.20.0 /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 15 Jan 2022 16:42:40 GMT
server: nginx/1.20.0
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
cache-control: no-store, no-cache, must-revalidate
content-type: image/gif
content-length: 42
x-result: g.-1.-1.-1

Redirect headers

pragma: no-cache
date: Sat, 15 Jan 2022 16:42:40 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://d.adroll.com/cm/g/in
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 225
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame EDF7 42 B
64 B 48ms
47ms Fetch
image/gif 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsu4x7KpemIol9_FM0j87DommKnDAx9iy8xUbj5scKTpooN2zSh8Uh82J7Cfd_NDImIiEH3bEwzzWuUbrwlfeW5vtn38uQwSLq7ZN-tzSzW_yqvMYoZWDA&sai=AMfl-YRgO5vuiTLIBKoX06NUKUdANs6P5TO7VTSm2SL2and_LOZW86Pq8kq8oTTycEIO_HH3CWlrJDLH1LZk5opyPoPIhpmSIoesrek&sig=Cg0ArKJSzGdrcpCI1pRfEAE&cid=CAASEuRoPXfKjF25-xKRYq7juFNFHg&id=lidar2&mcvt=1000&p=0,0,90,728&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20220112&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=20&adk=3055526604&rs=4&la=0&cr=0&vs=4&r=v&rst=1642264958704&rpt=441&met=mue&wmsd=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://33ecd2ec6bae0c8c308958ffacaf82e2.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 15 Jan 2022 16:42:40 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 0406 42 B
64 B 42ms
41ms Fetch
image/gif 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvl5iiGm2aYmJqtV-uNSvgks_YR67UkqR3MSuRzD1rfiMMfmL5G5Iy5U3KIWjnFZXRMJO8S8Ekx6rkd09awjgTN-gzQB8AWt_kVgzYe&sai=AMfl-YS4RSLYuujFZgu8w5XLIvB9q0pVHu3LDS_nVxF5AUs11HKBbyxQvHxAGv_VLCKC32uCHkLoBj5nxL7uYLHASoWW-6WKeI9-wsk&sig=Cg0ArKJSzGSGnZ3rhDiZEAE&cid=CAASEuRoxRr7Z00dGkqMck9aq5OcqA&id=lidar2&mcvt=1000&p=0,0,600,300&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20220112&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=20&adk=880606352&rs=4&la=0&cr=0&vs=4&r=v&rst=1642264958795&rpt=727&met=mue&wmsd=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://d8d1f6c6b5c9aafb9667b3c0a66b013c.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 15 Jan 2022 16:42:40 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK viewability Show response
hal900030.redintelligence.net/ Frame 57B1 0
150 B 34ms
13ms Script
text/html 136.243.149.243
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900030.redintelligence.net/viewability?s=89334900122487000757597011840030&a=b8b8a06f&vb=v
Requested by: Host: hal900030.redintelligence.net
URL: https://hal900030.redintelligence.net/request_content.php?s=89334900122487000757597011840030&a=cd04553b
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 136.243.149.243 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.243.149.243.136.clients.your-server.de
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal900030.redintelligence.net/request_content.php?s=89334900122487000757597011840030&a=cd04553b
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Sat, 15 Jan 2022 16:42:40 GMT
Server: Apache
Connection: close
Content-Length: 0
Content-Type: text/html; charset=UTF-8

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame A8CA 13 KB
5 KB 7ms
7ms Document
text/html 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-length: 5046
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 15 Jan 2022 15:58:07 GMT
expires: Sun, 15 Jan 2023 15:58:07 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
content-type: text/html
age: 2673
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame AC63 783 B
535 B 16ms
16ms Document
text/html 2a00:1450:4001:803::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

2c4dece9d980344889ba4b9ebdd0c70f07105f88d0b5325b08070251908d55d2

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-FrFr9vaI13R5T14MH2nKnA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/

Response headers

cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
expires: Sat, 15 Jan 2022 16:42:40 GMT
date: Sat, 15 Jan 2022 16:42:40 GMT
cache-control: private, max-age=300
content-type: text/html; charset=utf-8
content-security-policy: script-src 'report-sample' 'nonce-FrFr9vaI13R5T14MH2nKnA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 513
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 u1NYxsmA8ZVAu2sVzPZBh4qj2FMOPiJd8uWeqwBcPdE.js Show response
pagead2.googlesyndication.com/bg/ Frame A8CA 35 KB
13 KB 9ms
9ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/u1NYxsmA8ZVAu2sVzPZBh4qj2FMOPiJd8uWeqwBcPdE.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bb5358c6c980f19540bb6b15ccf641878aa3d8530e3e225df2e59eab005c3dd1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 13:59:20 GMT
content-encoding: br
x-content-type-options: nosniff
age: 9800
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13653
x-xss-protection: 0
last-modified: Thu, 06 Jan 2022 13:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sun, 15 Jan 2023 13:59:20 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame AC63 0
0 49ms
48ms Image
text/html 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_2022011002&jk=659603808775719&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame A8CA 0
9 B 6ms
6ms Image
text/plain 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?t81CiQ
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 15 Jan 2022 16:42:41 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
20 B 42ms
42ms Image
image/gif 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=225&t=2&li=gpt_2022011002&jk=659603808775719&bg=!TU6lTgrNAAaocxMpqHM7ACkAdvg8WgtyCDkLZsqB2HofJkqu7yARzEA-s_gJSCw8JNqDL9B0Pe2rYAIAAABbUgAAAAJoAQcKAMMFBoRdNGM1pgsd_hbZ4KQwqnEUzMnpY0PoccXRfVK4vvKAn0SZ13w0L2VaC2A4b2ooPN7ST2RPae5tnt_AssCFqG3Upxi-hZmUXha2J5TBIVMeI5Zeg5p5Q_BYYpKG7LHnvdbjKUZ4IB-x8YA1-zhoTUDPRQc5O2VaIg1El2F4l8oovgB7SFoDkm98iItcYbB-yXCM-hHfB_rReNmGxa0JeMzpIzCVIJ291yJswrHJ10LRiZm8uGouSq-rlKGx0goskqKZAr7uveP8FsZ89j6iNr-XO83uCWVRugK3Q8CzIDdzWaNvqEA_w_SFXJk6XujMTDux90bwgM_2JtWVB6lvYQLsz8OVOl8aN568hrwNdaNvvOnHsMpgCh4limhzjg6lcBLP06Mu9PT5O8uNkj0LeMoEsQ1_PwRNM6AAAIxcQ1Nxsf_rVya21pfy_b1ZujWz6cqvrX0w-GswDKFwwBcubbUcd3Oza_7zlGGj_6R7luZH4br4HmxgLEFll6RxUvtZkA_hlkWMmJystEUdSAO762cOtN29RrEWSYToxKvfB0_IPwt4jJHadGFWexccvTHvfl5W89N5nHwtnZ2nU_omPi0p3AY4hrEVvjlFZAh-WGhpCBbChXV77Ka-F7_5INFy_EiFE5NbI5s_NKBn5iGd74PZINFbeLgIJ30ukXp8Fj_dAi_TGK-Ds82uRf_HExP6ll-CdBfTw6bw8ZkDBCRysqY7GEMLgkXzION-oP8GDKfVUA1A3lXaLI7JTNxmDOnwB2_A6o7Ot17wWpo_U8WuL-3DRC4Gr-GYQgmsuXNB-vRy4cSDCDpMu9Rm14BO3p_YP_8TLWUWRzzV02QuCsrZlns89OGGNoisujBr0m92kLnoHFs74Mf3I7yKy7pdMHpI73VsKmvB5jUwlcgWxTaNUsvI-GXw36QyDqqEDlnSnASESaYLXQSuk0w9QcynfS4jzqiF-cN6Fdp5emuREGYHSpkeG4brwop_dgjgnATTyqXXqBAgWgKDBm3bIp9-LkIUMTkkCJLKfMPGLkHlP0CAXcGLuHQ5CCQhbjzNTTD052lfAOoTdC1g95HTtd0Mt_tGiu3FEozWENoHXPF9EwV18UaLmqmzbr6lrwJz9fxjGblZybBCWU5PprRj-U4W-vk28ttij1DAwlN4mjCuj_6mNm4CBRPY1hJy_0GpEUObtbdTMME

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 15 Jan 2022 16:42:41 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK common.js Show response
maps.google.com/maps-api-v3/api/js/47/5/intl/de_ALL/ 77 KB
29 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:830::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

http://maps.google.com/maps-api-v3/api/js/47/5/intl/de_ALL/common.js

Requested by

Host: maps.google.com
URL: http://maps.google.com/maps/api/js?sensor=true

Protocol

HTTP/1.1

Server

2a00:1450:4001:830::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

565a604b8d2449fcbbe6a76e51f0b8f5c6b85e912c87e81bb9aa2c7f86b8cd07

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Wed, 12 Jan 2022 19:25:01 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Age: 249460
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/maps-api-js
Cross-Origin-Resource-Policy: cross-origin
Content-Length: 28716
X-XSS-Protection: 0
Last-Modified: Tue, 11 Jan 2022 02:10:25 GMT
Server: sffe
Cross-Origin-Opener-Policy: same-origin; report-to="maps-api-js"
Vary: Accept-Encoding, Origin
Report-To: {"group":"maps-api-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/maps-api-js"}]}
Content-Type: text/javascript
Cache-Control: public, max-age=31536000
Accept-Ranges: bytes
Expires: Thu, 12 Jan 2023 19:25:01 GMT

GET
H/1.1 200
OK util.js Show response
maps.google.com/maps-api-v3/api/js/47/5/intl/de_ALL/ 298 KB
92 KB 15ms
9ms Script
text/javascript 2a00:1450:4001:830::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

http://maps.google.com/maps-api-v3/api/js/47/5/intl/de_ALL/util.js

Requested by

Host: maps.google.com
URL: http://maps.google.com/maps/api/js?sensor=true

Protocol

HTTP/1.1

Server

2a00:1450:4001:830::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1d8749b19ba5041e508d173b873b9ac49b4d2fa9bab220cd1299e654fdd0f27a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://www2.kusports.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Wed, 12 Jan 2022 19:25:01 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Age: 249460
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/maps-api-js
Cross-Origin-Resource-Policy: cross-origin
Content-Length: 93199
X-XSS-Protection: 0
Last-Modified: Tue, 11 Jan 2022 02:10:25 GMT
Server: sffe
Cross-Origin-Opener-Policy: same-origin; report-to="maps-api-js"
Vary: Accept-Encoding, Origin
Report-To: {"group":"maps-api-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/maps-api-js"}]}
Content-Type: text/javascript
Cache-Control: public, max-age=31536000
Accept-Ranges: bytes
Expires: Thu, 12 Jan 2023 19:25:01 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: media.adfrontiers.com
URL: http://media.adfrontiers.com/pq?t=j2&s=1779&ac=19&at=2&xvk=17477589.373548716

Domain: cm.g.doubleclick.net
URL: https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YeL5flf2Q4Nzqfisvhje4wAABKAAAAIB&google_gid=CAESEFAjvzAKmoHvAp9hSPIAdq8&google_cver=1&google_push=AYg5qPKb9x9VPfi-qn24h9wxtVy1eM-c19XHaitqj5Z_zZBfPsYYS6aJkcrHadra9WmpOt-tKMwIfk_HkhKREk4k2vlE7sIJHhBftg

Verdicts & Comments Add Verdict or Comment

181 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

48 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.kusports.com/	1970-01-20 17:42:16	Name: _ga Value: GA1.2.1287151075.1642264957
.kusports.com/	1970-01-20 00:12:31	Name: _gid Value: GA1.2.1402875769.1642264957
.kusports.com/	1970-01-20 00:11:05	Name: _gat_UA-381152-3 Value: 1
.kusports.com/	1970-01-20 02:20:40	Name: _fbp Value: fb.1.1642264957489.941843378
.facebook.com/	1970-01-20 02:20:40	Name: fr Value: 0Siepq8w4rdTiiQHx..Bh4vl9...1.0.Bh4vl9.
.scorecardresearch.com/	1970-01-20 17:27:52	Name: UID Value: 1TIRDHOVZFVUSCCQOZ4BIUg1642264958
.doubleclick.net/	1970-01-20 09:32:40	Name: IDE Value: AHWqTUmKykliZEkMnYVaHJ5znkxdq0QiIvXc5F_govjQ6fnrjT6ASBH8kCPZYoqwG_M
.quantserve.com/	1970-01-20 09:41:19	Name: mc Value: 61e2f97d-bfec3-1a82a-891be
.kusports.com/	1970-01-20 09:35:33	Name: __qca Value: P0-2006399965-1642264957691
.kusports.com/	1970-01-20 09:32:40	Name: __gads Value: ID=767f15b923d56158-22626bc320cd0044:T=1642264957:S=ALNI_MYhmRSz-t6C1yqiqBqL-CyEqyuXKQ
.www2.kusports.com/	1970-01-21 02:27:52	Name: _awl Value: 3.1642264958.0.5-e704b23307bfbb315a7d675d35676113-6763652d6575726f70652d7765737431-0
.casalemedia.com/	1970-01-20 02:20:40	Name: CMPS Value: 5191
.adnxs.com/	1970-01-20 02:20:40	Name: uuid2 Value: 1878715699213579702
.casalemedia.com/	1970-01-20 08:56:40	Name: CMID Value: YeL5flf2Q4Nzqfisvhje4wAA
.casalemedia.com/	1970-01-20 02:20:40	Name: CMPRO Value: 1184
.casalemedia.com/	1970-01-20 08:56:40	Name: CMRUM3 Value: 2d61e2f97e2760CAESENq-HCGYG357z2xFeouTTD4
.redintelligence.net/	1970-01-20 02:20:40	Name: 8lcfmzhxc8d6_uid Value: 03774fc40e03ee5c
.spotxchange.com/	1970-01-20 08:56:44	Name: audience Value: 26af553d-7622-11ec-aba2-1e5bf6c20106
.yahoo.com/	1970-01-20 08:57:02	Name: A3 Value: d=AQABBH_54mECEMl9RkE9WBcahjTKmT5JEz4FEgEBAQFK5GHsYQAAAAAA_eMAAA&S=AQAAAptlgRfwIlCqDjEukTfgmZI
.mathtag.com/	1970-01-20 09:37:00	Name: uuid Value: b86a61e2-f97f-4000-91c8-f1a2eb2a115f
.mathtag.com/	1970-01-20 00:54:16	Name: mt_mop Value: 4:1642264959
.de17a.com/	1970-01-20 08:49:28	Name: guid2 Value: 1.944799250289376852
.casalemedia.com/	1970-01-20 00:12:31	Name: CMST Value: YeL5fmHi+X8A
.media.net/	1970-01-20 08:56:40	Name: visitor-id Value: 2852665598884228000V10
.media.net/	1970-01-20 00:31:14	Name: data-g Value: CAESELfmrm9lvgVeOwlhPS40EDg~~3
.travelaudience.com/	1970-01-20 09:41:19	Name: _tracker Value: %7B%22UUID%22%3A%229FDDCED9-D7BB-40AF-8266-A595930670ED%22%7D
.simpli.fi/	1970-01-20 08:58:07	Name: suid Value: D063CE548A7E4109BE50F299F8309B83
fksnk.com/	1970-01-20 00:21:09	Name: AWSALBCORS Value: /Ur4E1NPsJLo3lrXR9gADVBlEyvrdpOdqUmJrmhD+93hOdNmd8VwKKE4Fv/97FXZKTnFxA+A1R91s9+WYrFf6XdCuhesyCr8FTavAVLEz/GO9/wqWjOK7n/TKzF7
.fksnk.com/	1970-01-20 02:20:40	Name: f_001 Value: 6030D0931807F30E
.fksnk.com/	1970-01-20 00:12:31	Name: g_001 Value: 1
.adhigh.net/	1970-01-20 08:56:40	Name: gi_u Value: u5sIFYqdG0kn.AikABlF-Xp6bMg
www2.kusports.com/	1970-01-20 09:39:52	Name: _cb_ls Value: 1
www2.kusports.com/	1970-01-20 09:39:52	Name: _cb Value: VGYauBpoAC3m5Gc8
www2.kusports.com/	1970-01-20 09:39:52	Name: _chartbeat2 Value: .1642264959829.1642264959829.1.CanxS3DRO0MGCgJK8dCf-GDkuW11x.1
www2.kusports.com/	1970-01-20 00:11:06	Name: _cb_svref Value: null
.everesttech.net/	1970-01-20 08:56:40	Name: everest_g_v2 Value: g_surferid~YeL5fwAFzBHAeAAF
.tribalfusion.com/	1970-01-20 02:20:40	Name: ANON_ID Value: aSnseFN3IdbSIdwFUNGL4eLUFvAVrGZbYgZb4HBKkVGosYMB5CTmuG1RySG742QYW0pODMUHyfZcoWibRBDITQh
.www2.kusports.com/	1970-01-20 08:57:02	Name: __adroll_fpc Value: 2f68077e95303746ba34ea6739280cb0-1642264960048
.zemanta.com/	1970-01-20 08:56:40	Name: zuid Value: yLcaXFMfuveF-GwFXg9_
.www2.kusports.com/	1970-01-20 08:56:40	Name: __ar_v4 Value: %7CX7723AQJHJDWVHXHZOPVBN%3A20220114%3A1%7CXTQPGD4JMZBBLO774N2I4E%3A20220114%3A1%7CNT3YRS4RBBEJXN5JBMR5A3%3A20220114%3A1
.adnxs.com/	1970-01-20 02:20:40	Name: anj Value: dTM7k!M41$CxrEQF']wIg2In8q4F9e!]taRh`eFk@:os1=2!:F4PUbA)v#1Y[h[9IjEF:_htE77RGC%__LW.N#SAPki'I=]Bp+S<]]Y8vmFK=:hoNMvMbSEv/R0?upLG!:R+KEuk@+P9woOUuum]m:Z-r<vKjlP4okQs'>K!#0y=/d!!o<1:oPB
.bidswitch.net/	1970-01-20 08:56:40	Name: tuuid Value: 96ddf083-fb90-44dc-9f7c-03fd37525ad0
.bidswitch.net/	1970-01-20 08:56:40	Name: c Value: 1642264960
.bidswitch.net/	1970-01-20 08:56:40	Name: tuuid_lu Value: 1642264960
d.adroll.com/	1970-01-20 09:39:52	Name: __adroll Value: 1b5fc22367581a5cda351c4e475f7977-g_1642264960-a_1642264960
.adroll.com/	1970-01-20 09:39:52	Name: __adroll_shared Value: 1b5fc22367581a5cda351c4e475f7977-g_1642264960-a_1642264960
.c.appier.net/	1970-01-20 08:56:40	Name: _auid Value: 6uG_mjQwA6WZVHxDgPniYQ
.c.appier.net/	1970-01-20 00:54:16	Name: _gu Value: CAESEG1ZOlp6IeE5ys1eZDmst7Q

4 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: http://maps.googleapis.com/maps/api/mapsjs/gen_204?csp_test=true Message: Failed to load resource: the server responded with a status of 403 (Forbidden)
network	error	URL: http://www2.kusports.com/search/vertical/photogalleries.gallery/_t200/?63053ce3c12ccdabb07c8a8609241a2395705911= Message: Failed to load resource: the server responded with a status of 404 (NOT FOUND)
security	error	(Line 5) Message: Mixed Content: The page at 'https://67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html' was loaded over HTTPS, but requested an insecure script 'http://media.adfrontiers.com/pq?t=j2&s=1779&ac=19&at=2&xvk=17477589.373548716'. This request has been blocked; the content must be served over HTTPS.
network	error	URL: https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YeL5flf2Q4Nzqfisvhje4wAABKAAAAIB&google_gid=CAESEFAjvzAKmoHvAp9hSPIAdq8&google_cver=1&google_push=AYg5qPKb9x9VPfi-qn24h9wxtVy1eM-c19XHaitqj5Z_zZBfPsYYS6aJkcrHadra9WmpOt-tKMwIfk_HkhKREk4k2vlE7sIJHhBftg Message: Failed to load resource: net::ERR_TOO_MANY_REDIRECTS

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
X-Frame-Options	SAMEORIGIN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

1ff0d7ce146b4c1d840a5528702b361e.safeframe.googlesyndication.com
25dcde5c459e907cdba546ad0f24cb2c.safeframe.googlesyndication.com
33ecd2ec6bae0c8c308958ffacaf82e2.safeframe.googlesyndication.com
67bf3aeaf643b6d69af71a9c04bbfc28.safeframe.googlesyndication.com
8019191.fls.doubleclick.net
a.adroll.com
a.c.appier.net
a.tribalfusion.com
ads.travelaudience.com
ads.yahoo.com
ads.yieldmo.com
adservice.google.com
adservice.google.de
ajax.googleapis.com
analyticssystems.net
b1sync.zemanta.com
butterbulb.com
cdn.contentspread.net
cdn.includemodal.com
cdn.taboola.com
cdn01.basis.net
cfe830dcf8ef79dded614f38a7af9ab6.safeframe.googlesyndication.com
cm.g.doubleclick.net
connect.facebook.net
cs.chocolateplatform.com
cs.media.net
d.adroll.com
d3plfjw9uod7ab.cloudfront.net
d447947e5223a193934f4964357ce0ce.safeframe.googlesyndication.com
d5p.de17a.com
d8d1f6c6b5c9aafb9667b3c0a66b013c.safeframe.googlesyndication.com
dsum-sec.casalemedia.com
edge.quantserve.com
fksnk.com
fonts.googleapis.com
fonts.gstatic.com
googleads.g.doubleclick.net
googleads4.g.doubleclick.net
hal9000.redintelligence.net
hal900030.redintelligence.net
hal90006.redintelligence.net
ib.adnxs.com
insight.adsrvr.org
maps.google.com
maps.googleapis.com
match.adsrvr.org
media.adfrontiers.com
ogden_images.s3.amazonaws.com
pagead2.googlesyndication.com
ping.chartbeat.net
pixel.quantserve.com
pixel.rubiconproject.com
pixel.sitescout.com
px.adhigh.net
quizzicalzephyr.com
rules.quantcount.com
s.ad.smaato.net
s.adroll.com
s.tribalfusion.com
s0.2mdn.net
sb.scorecardresearch.com
securepubads.g.doubleclick.net
servedbyadbutler.com
static.adsafeprotected.com
static.chartbeat.com
stats.g.doubleclick.net
sync-tm.everesttech.net
sync.go.sonobi.com
sync.mathtag.com
sync.search.spotxchange.com
sync.teads.tv
tpc.googlesyndication.com
um.simpli.fi
us-ads.openx.net
us-u.openx.net
worldonline.media.clients.ellingtoncms.com
www.facebook.com
www.google-analytics.com
www.google.com
www.google.de
www.googletagmanager.com
www.googletagservices.com
www2.kusports.com
x.bidswitch.net
cm.g.doubleclick.net
media.adfrontiers.com
104.108.144.24
104.111.242.245
116.202.46.88
13.35.253.75
136.243.149.243
138.201.63.164
142.250.185.226
142.250.185.66
142.250.186.130
142.250.186.38
151.101.1.44
151.101.66.133
151.101.66.49
169.50.137.182
172.104.105.5
178.162.133.149
178.79.242.181
185.29.134.244
185.94.180.126
193.232.148.140
2.18.234.21
208.91.60.6
208.91.60.7
213.155.156.185
2600:9000:2057:200:1b:5138:8a40:93a1
2600:9000:206f:ba00:6:44e3:f8c0:93a1
2600:9000:224a:800:13:a391:88c0:21
2600:9000:224a:dc00:8:48e:53c0:93a1
2600:9000:225e:2000:6:9280:1080:93a1
2600:9000:2315:bc00:18:1fcd:34f:cdc1
2600:9000:2315:e200:15:90db:9f40:93a1
2606:4700:3032::ac43:cb69
2606:4700::6812:c05
2620:116:800d:21:3175:5196:e3fd:8c1d
2620:116:800d:21:8c6e:cf2c:8d6:9fb5
2a00:1288:80:800::7001
2a00:1450:4001:803::2001
2a00:1450:4001:803::2004
2a00:1450:4001:808::2002
2a00:1450:4001:808::2003
2a00:1450:4001:809::2008
2a00:1450:4001:810::2006
2a00:1450:4001:827::200a
2a00:1450:4001:827::200e
2a00:1450:4001:82a::2002
2a00:1450:4001:82b::2001
2a00:1450:4001:82b::2002
2a00:1450:4001:830::2003
2a00:1450:4001:830::200a
2a00:1450:4001:830::200e
2a00:1450:400c:c0b::9b
2a03:2880:f02d:100:face:b00c:0:3
2a03:2880:f12d:181:face:b00c:0:25de
3.123.163.195
3.217.103.91
3.33.220.150
34.250.56.243
35.190.0.66
35.190.90.202
35.201.98.64
35.212.101.174
35.244.159.8
37.252.173.22
44.194.225.67
46.4.10.49
50.31.142.255
51.75.147.170
52.216.77.172
54.77.232.22
66.155.71.149
69.173.144.165
0355efd1a34716545018779a7d13066a7ca7a182f76bfd520524238c0b967250
03f40b2a01bbba09852e901342f46c741a9a3f8fb9450bfa29a5e13f568af04e
043cafc63f50b2ba976044bc7dfba6ccb1a1878d527f883cb81984c5585cd9da
06ea3f6c711322097aef91b87415a2b67cdacce2b8a08baf5129935fed10591e
094f5116e188ca1b7d21bdf8e16e767b99aabeb385cb5ccef1a7176bd6057d0f
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0bb5eb51c0ee0972c3b2b6ebf6bcb3b0c1cbb7c4c93b0acd442110005c1c3289
0bcac89d72d5f0b2bef20f815406384ff05489e4294acee57409060c2eccffc5
0d35142f32786296129b89d4acaee1ff5201114af38d139b384412fa38777d7a
0de9144bce06e89231efdcb0acd8d48483ca86649c44e991895fbf4dff221cf9
0e25495ffd09f6b677ce228b97bc09623d45aa81fc770413c46259a040b81fbc
0e9793afd5d57a188f900a3561b714829cb7fddbe1fc7dd454dc94f6515121ee
0eaeadb58e6995ba85eccb6198aaef77eeb1d4b66699e4e1f3fc10eb6adfcdb9
0fc0fbb7321bca17d95d35cbb2bcbc81ac7e78c61a50b2af2ed130a1fe6f1691
10564425d840a36774b48e412d28180c56c9898a97ee1a0b5331bf1509e0f886
1097c01b38cb84d60d03c6ceaba1616b06740a5bb2bbd3d82ec559ab07204035
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
144822a1b5316a4e9a06ffbf5802b8c1cbbc0a3f230d81b98f362f7fe4c128c8
15a08671da62aefdbb2aa984e3d43bb9ab6928171eea0b54a1d9f2921f7ea3be
15cd950fdf0a22946139981c83584014730ea322856de684bbb7b9a638e99330
17b91841811d67da94317ebd549a5a35e66e380be5a2ca51a34a8139f9a1415a
1979e136df73c0182593b957b1ccb3c6b659c018e3ae61b13f9db6ca3377acbd
1b0a2d32dddd0bb1af04f40b8effc735eaa2e8b8f04ebc32cd66ce4c64cf8b53
1b67d92a3588252269bc6cdeca8fbfccb5446d70e0cfcdcdaf78898d815d9c62
1b6c17a3b927bad3498791c9741218e6d396ae8b1428ecd120ce21a54713bcf3
1b7cc87e90c723b2e33c3af49b4efc516f4b56515324e5753b1d9990d19e313c
1c67f799e68309b579825109f0200208637eebed4d156b5539801e0ffc56330c
1d24f3c36ec0c8bc4e2b9dedb0e9b4bed7c559c79620c4283573975dbaa74a24
1d8749b19ba5041e508d173b873b9ac49b4d2fa9bab220cd1299e654fdd0f27a
1e6d070b6dfc55e901e9280547ca443bf3089030043408df167cf7ae5b1025c7
1eb9493e879896e0b89d91e157e49172ba191760c599f4bb33e226f54a71e3af
2016267bbc5e18e811af1ee7b820ee3c4504d822adceaf393edaf6137ff0a4b8
25049c305b208bde887cde10dc3fe87d0e39d98d7f126acaa42338f2fb51cb6a
2649d411849441560a08d65ecc699902799d2219cb10ddf8c365b9803ae66acc
26e2c6e5dcba43026ac44b78c9c73bb51d099a786ca808c9a2061c3ed81625e2
28f18d39406a4b70dfa6cd479fe03f7ed918ca5c05cee26b87d9e1626cea1ed9
2973257313b8a6815336e3c045ab9814ece44936d58bf637175cd7047cfc9406
2b37e3167f752ec100d1b6284328228ef8638d8d0f1df85aab1e83f6b5046260
2b911d51ed949642e3d9b146c0ac22914c134bcb104a0acfe8df42353d168a3e
2c4dece9d980344889ba4b9ebdd0c70f07105f88d0b5325b08070251908d55d2
2c9b38f0afbad7b61e4110e947093aa9722d7b93cd2270d38a212e761f44775a
2e3e1801402e8d430bc4b31a4514fb490acb2f6cfa6e02922f3e32b91cf65702
2e7b133667cf862ce360aec2578c08adcf317bdeffb5b5ae26f22c7928bed85f
2f2180e07af7d6a2d552aa4a44ad922fa0c1a77e0743585c51978db3af88aa84
2f86987acb8ba6f3703a815c5dbb09d282cf25c1714ae91d1c2afd9d9af7c08a
2f9c35e984c1b63a7e6b13f07d6afb5d8335a1aba0e382d7e0c66e23b049de68
3023b8c8a44629993a179f9b49e46244f8d9ec755e3068d1532bb48c0235ecd6
3028694a780e57d324928a57c538b6efe26d9e19bb51aa92b0e5972d772d41ad
31ff835e7ac68109c15d2d2082fb6009b3913df71bbd6c36b583a2bf2d47d5d5
328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7
33a7f1daa51a3d81a190b331e6ce2bdca98966dc7846894d5619c87a3ceb319e
34983bb02be1afc41c4bd28a7bf5f89d84138fc3d37b09ad61d3fbe680fc466e
35508406d42a01c3a94bd6f879455cdb9bc2b9f7a4ccfc5fd9becc811307b492
3752258f545f1cd6c4be6593f9f64ec4eb2d377b8d7e5ce52a1b908d9dcf1875
37ffaf519d628423e1ea7147364a8d2af10c3b63f3ec5a9b598f989aeaafd74c
38fe7bc179411a21e7b887aa40936b9a91c2d7c4b2fbe96123eb2d74b1aac550
3d2b3fffa5b1fe3b03a587635e48da39e26cd768ebf5f5dece072eb5b5d19e88
3d313e573148b8aa541b772ed63b36b5b05520fd0ca9e20dce848bb65916c1ce
3fde16febe487398469364de1dad7fa7640a9fb9dfe2c109c616d6df38d91ba6
40cfc91f88c05869fd54ee57f3c6ef55ed2abc39e82acf3c0deecc2b84753cf7
42b976597a2d977d0e300f6d06bc903db389e5c112d33c1c8c249690a522d9f2
42ce94d58edb33b89bfdcd8ba702b888811a5865ef1291fb559a3008e40e764f
4330c4d56bc82ca7f7f1817a4b2da3ca8638a5204c34e907c16c945b9360b6d9
45b357ed0f15b5732fa0cff198d966a9ebb28615e180cf60d25c7a9d08a5731b
467a5b06cb117035f7882e8c71d80e093f04ce586c1ac2b84e7e4adf978edb30
46f91934dfcf2858e78684bf1255b45320ef80059f80d4f376bc829446f5505c
47177d8e3e181c1a42716d167be62d74dc10a30c318f4856c56cf5cef0c71cb1
480363165c357839ed265e8dab7837125e1c7e396a014cba15b5488c264ef0c1
482c5ca644f49f87f08ea6ad0e046a21d98ca5009192127e25c3c7342bd81ba1
487fce51fd801415c362f3f9f2df43c445a4b9ba38f9b6d49dfc898dc85ede94
4af952994baa0cdd0cee4927dbb7f207a7a28f34bd4b748f4cf5ef30c9a6cde4
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4ca98a9f6e5b6b5acb8c8c474b3366e13372946d998d4c12470ce606b05df393
4d64cca2d081e3574a789840fb2d888796a38e8a6cb8c09df541c03a7c2fe627
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
5057f7beaa08450682a5418bdce93e9783bd704527406843fb019ea0a52778d4
51d53492d7322fd92bdeb78693bda92a5810de0906203c9d800f36f3650e7c58
51fafa8da3b03ac77d9ac2fdeafe93a313829891e3a922a596801146ba41444a
52efe93557a8da45c0507f11779762e3e1c465841b260ef9a52f00fdcc2fdac5
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
561efbd8ea18ac526a913da03b3f3e4557994af182ca61c586212f0aa71a634b
565a604b8d2449fcbbe6a76e51f0b8f5c6b85e912c87e81bb9aa2c7f86b8cd07
583eda12fed77c078f7391866e53eedd80aec5b9b178a3537a3c4c3b09575485
5a20f3b7959eef06cd86e480be05e0130d61df46bdefe9b8be4d240da15cc819
5bdf1120c4df8c868092d0bcb7f2540a85456fd94cd1e1a5570c9b63906b1a5b
5cc957bb76df3b5acfdec7ddbfc7b76458a49442571b9906f64d128e79e2bd58
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
61fc6b2e6ade614703f36702e86e66785c0fe8060e6da84c001cdc98611e7135
623d4350b84c3db35766c93aa589955ad02710b1cbb5bb8fe0fbfdda1bdba321
63187daf11cbad2ac77ee789e7c91a40282a7e505683b1789e7756844a0cb182
681e7e632d1ff39bd6a75b677306caa5c425512a80618c07ff609728b1bd6e99
6cd8d9c2759fe62dbaaab15f39ccbb7e2a9d4bdefd3d47c023688d1e37127b8f
6d8ae9e0e062c9946e6ce5d393c62cfbfd8387fea278cb791c542859da49db53
6dd9c52de77964061f706c1650a89766e99348f63be12b7b6467970bb34ccfbe
6ff6c41c1b3e156f7f83074f774356106087b7149eb7fa198673d2c50eaa9490
71f59d13d69d502b117d87f28fa286757c478447b06f87d4b02c44361c4a4855
728a9a5773bddf02be49c8ac1c8e4f64086c4814abe7b5e95a4d14fdaa9d7486
762f2135d7f709ed01ed2a4829ac28b051d6df007aec607df238d60950b03453
770f39534d503d9feff3bf990db12b6775bcb8bf7a06a178d326dce53d0ab5e9
777fd3cae235313f40770e1af8a7fa1c1a326e040d79014f2bd732a1f5153a51
7ac61bbd491ea91981ae5f8c99a162d2cf7f6836e80e2283448ae4c29fdf2420
7b3b1b2e5130bee5a2e1d2eb4652ebea48d99b194e03c1ccee4347cf123dc6a0
7decb91d26de912a2db195e3dde0a1620befa9a8ce0edba505c74fb4268202ff
7e2ed03bbc185372cb541663170321544300747ae296389772dc8f722551eb3c
805f8be13d321e8bb783c1e9969b6166bc3702933c4d12f2287aa0e5bf01e31a
8237826dc3b4e9c62f50774dd95319fee704a3c0fb5c8360fe1dab882102cfab
83a9ab434109bc8045cf6ccdd0365b0e53b6acf155438de7370ce67fd0facc79
84bdadf9f56d32a5c4ffaafe965d87c4b0eea9bc8a3f88eabc5b355ec7ee8001
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
858a0e23502aa2fcb9ae9e6a1f746e3b9f9e0967f383215898bae4ca797fc67c
872c1e44a56a9b8ed3508cb194c44c08986a7e02d264cf6034036a24f5035b8d
89bd7d41bab0554166d1eebc5ffb67e84d65ee7cccbf832499a1a5df6c827f6a
8a215ebe4733750286ea1780bcb0c9500c96aa14ebf1abe588193e76b7763f1e
8af6ac0e2b73706e19979bc1d6cdfa67c2e034432f4836b00f4fa641647441f9
8ca119bc1f1fc4736ccedf20d3aafcc50aead2109a92e32c89bf74af72a1e057
8cd36d44cbe77da83d36feb6eac124b88175db50d43c72fc3a95a2a3741e617a
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0
8e3c124520f136bd31f51db7504c41590e86a39c13e8ea479547e2c2cdfeb0db
8eb0885d968635a6e7a706c190c00a8a6f1d88f0b528201eec558e441395d7f8
8fda2396e315276e1fc4e8fe3a0a265fdfbfdb0e45f8005d142b78015a76503c
9007b6344429eaef3ad7f86f9e1cfda5ba9030ab41e0ddf85c156ea1fcb81ea8
904341d95fce95e7520a3a6ecb4d0b337038c2f5d277874a563e0e24fd90e709
90ed2a642e0efcad0fa5dcd6b2d1212d5ef2279ec15c5a362f3d2a50703d6705
945d81de37368bdb21409830e9bd81a52fe4eea9e698d444ad510eddc77ca1a9
95af646b01ee702570f9abad3701e98b1713487822310baba992363f92513e26
9606ce01d2a5dd012f1ed956999b35d6e2dd5ad20eca0fd8a0fcd3259dda49e8
97192cf227b40aa5c09387cc46230ef31fa177e946cc91fa98a55e89c1c436ff
9a2f12de85cc2a2e68c9d341d85fbdb2baf94877b985f32ab8694218d6cc548f
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
9bf39525e3f021f8ee678d293c118f8cd7bd2459d505ed31782655f907533fc1
9d260eb3d33f4638a5a13ea33c2ff3693fb8e25d6d02e77cac784508a58f3545
9e25ba946939ee4a3d6b5acc652b3a3d3c87f0b982d9a35b9fd19f37b3bee4ab
9f0e38142f0b67f679d1eaff046562070e44443234a81c1f313f6d0ff41e6f86
9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120
a04b971d335d737b89946f19095fd6e18c88561d3846404081729739ca81a80d
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
a224c5707e2af298f1722a4134bde6c520668f177a7a7ca9401ea7d2653ebed9
a23e44d9d02a2a9641a9bd3b47693656054c00b71890aed2fa7fc90151750f73
a256529bd5b1b8846f8d2536ce7581fb6cea4479992f222d01535903dff48d79
a3abca0dca7d6be1b0d5b93787c9159041fccfbc5b4e79906e524bfc86c20b3c
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb
a79ec53bc4d656c86e538b7a6878917f3dd010c37986381c43e92355614dfc61
a821eac48e731c18eb2ed4bce2c2804add93870078ce7a75b643357e6a98a9fe
aa5f185e7c327bc34525d29785309cdb9ecb8a470be2af0bfbef85d6317feb61
aad4f11790ae41d11a7c7bb613b9f82206f37eb4894966fe15e5f880c5d9b72a
b00dec76f7bd930c41b4b779f73fc4bce681079b8ef9d5f9abe488c6193bd096
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b23807a4c5d90afca0dc47d688c0a05302779429dab75f5e6182562dcc2970f6
b2c4af40afb1e40563e65b50bf08c21a4b1543fab3050440be96974445edf7dc
b3094bd6c20ebdde1e03ad0f9e5f271b6d56d5a9c32b0bf7d731f5bb72dfeb25
b745fbb1d74ba59b2a0166f9732c3702756a1ff6e7c7852864a2d278ecab8cac
b78362d3e11d02a90489865565e984d658e9cbc2d442ee7884fd956fb71b0159
b7c55617f84818daf4c70cc10ada26ddd5b582b1d1c2c2829b3220487a6db477
b98008ad770fed8298d565a3ee5da7d233895b23d0a9e13cae7f92c5ac15d7e9
ba17a6a569b64b5d243273cde129feedf2b7fc5180be7bca1eb297572aafb809
bab39e757583b275d7b8f5c70923178250696242da16781f91cad86d538f246d
bb5358c6c980f19540bb6b15ccf641878aa3d8530e3e225df2e59eab005c3dd1
bdded80f5148434ebdda24655d3b31c0dcf87d4de621e4345ddf4868369f130d
be18e4f5d4b03d521cd77cab0bd078809764b28e93abd36def170df9b9a93411
be2de274e3fa7e8c1b547b857f02a72072372eb0372f76ec5073d07581698c22
c26e44b1774250fe7872540952ee5f355404ce22f48648d01152ac520cf8aad3
c302efe6c47d24adb92d327f1c3a8383d9593acd29699464309e0b295700d4f5
c3da9a49e6aedd09313f7ab8713f3d4759ca1f4cf3bd07c61c4bce4032425195
c87756ba933265fe4d369e989f769efeeefb21b611598c433dc96c3bb676157d
c8bbd5afa4c30e05186b03ce140ee8bb262f7bf321d74d04042d11fa05eadfae
c94e49334083ad99ce4fe5cc543eaf92320f702c473b1a134d8e0d2751683786
ca03203fdd79bb26a6787fcaa3d8bb2d74514e04cea540daf0441d35308e0827
ca29fa98b9edf564b5abb0a0f06c7fc1658a5db5ac05759183e34f44a58db9eb
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356
cc88a459c96b55c389c733b8ebcc53547e29de93f6a06e67e895c03557da5b17
ccef7c15c0af13ab8c5f8008e24095ac3d6e6376b6d7ac86f60c5b85578855ba
cd3699476d188453684876ad11b8813508e578f49a02f4639fed3b3ce8a74a58
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
d0e8821e889280c3b745b859e6b3971924723a4562bac65ba8aa0fe44bfc83b2
d16d07a0353405fcec95f7efc50a2621bc7425f9a5e8895078396fb0dc460c4f
d1aec0f91475a9d3eefd64516c068aff487a6790a76ff4b8ac14a52e7a367ceb
d1d938d97331866e733f47f9ba4b748530a8b4f684ae1bf3a19c01f32854104f
d2f127ffead84f297d77d3a2de78b71caedf1d75deded6c5a2d070e8f6f00349
d4f8bc08ed1a374a36388cfe41f2609c5f1025de20422d698368be48f1896ce1
d62a3b924d49cc3909d8c7e7d66c6fda8780c357fae0f927993f424928401b20
d6a97846477d5f74dc49c320addd8360addfd351e22f14206c145c4a44d13bdf
d770e1a44dee6b5773b5c705b1083b2fb70e5a9ed04527555cf4bb283223e3e5
d80e5177d7cc173424caf8c3a5a3d5f260123d61ae92678b1a3e9a6bbf99ada5
da1360e9617591ce97b284615498f1a406c4b00fcdddfd59724e5356769c667c
db806ed2c313a4acf85b0d8a32dcedc441ac806ebd78419cdb1dc525f25e54f3
dc448e598b09337777723ca5e7020fd9523ac8af0aad1608daad9d932e0e70f3
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
deea56467e818b9345873eec410a3e53c1be3a1ea2f4f3486a42e8ff64534e6a
df69dac4052804978b6814d0bd987cec839c9dc7394ae2060ed839aa6a52d118
df79e61186e6f38bfe193b619c426fd6e7fb7cf732f14a2e358329a739461ef4
dffb2854fbfb6bfb95e6949a623fe55063e7cc929b3755ed7b27adf7f31b52eb
e0c5c27ad304e1d5b111c4c67d9c3aa45d64b35e6d322c2bc4c7462813b1d204
e1087102c327a7988a27261dc3224e2f495e504a4cb816e368d4b1ad5cc95e40
e2c28f3e8b6a2e5170859e67cff3e8240e6b888d02005306ef3d2129f5cbd74c
e2d3f8696617c48a1f82529015ed2050d19c0a961a7249466dbb16456fe733bc
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e
e678f057332a81514ac9719a101737d107488a36cdfa6b612799283695492545
e87e542e34fc3af7847f53ae5c258f82ff2d8739646ed8d249c9a54ede9f7128
e8ec2a4d84f51a4860526181c3822b954b3a134dc14446ba753b37708470171d
e93f3187fcfb44d155e7119c58627506ff3765fa4afe66dc87f338b6b8a13a54
eabdfad97841a4de6a5a522d81da2ed11db099bb9ae809499309c4af83e3cb4f
eb81dbb47530932dd4d6eac5041f8c4462f17c0b87c8ef699b24dbafc5a8c861
edce0f5742c946e7271ad95325d3ab2c2ad012adc0a790e52b69c04a37a6a9f7
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f0eb8a4eac4068c80d1249dfde9bcc0adbb127f197edd147ed6e2304e8d01f5c
f2023b1b62da87163faad2f2ed5d116be69bae647670048d738f3526167c2632
f2b63a1dea6d4c784a4a74fa9329dfb432ab0bbf894806a1ed222f288dc2bb74
f515ed490405435b0c8a7ede74fd2c8e7834ee45c81aa76db3736fe50dc1da87
f59e5f34a941183aacaed25322ac0856628493c2cfd936ded3fddc0a49510e52
f7059be255f87b9ee45ab619650998acb10637aa0d41a3e34f12cb563a31e824
fa1bbe501b149144f7d0195697ed240c0bbfab218313922bd1733fa02d4f3bcd
fb9234052ac419d5c2aab3ec5f16365d70ff41096426b821c2b693593a1a559a
fc98d0a05f35dbe183a65f8aa5371168f175e3f8578d7afa3dbd07e84c15f80c
fcb8fb33626bb651b3b44aa1ae7d4e8f9d17ae5db3b50295887c50404e38470a
fcf8a02102c695c381e74234f4a4bdf158f63d9c405697970f46816e572550bd
feeab718072b4a4d047a582abb7dede4ee9f8ee0b3ba36cfd6828a5afa78c572

www2.kusports.com Open in urlscan Pro 208.91.60.6 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

424 Requests

65 %HTTPS

41 %IPv6

58 Domains

84 Subdomains

60 IPs

10 Countries

4964 kBTransfer

11580 kBSize

48 Cookies

16 Outgoing links

Redirected requests

424 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 15 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

www2.kusports.com Open in urlscan Pro
208.91.60.6 Public Scan

Screenshot
Live screenshot

Full Image

424
Requests

65 %
HTTPS

41 %
IPv6

58
Domains

84
Subdomains

60
IPs

10
Countries

4964 kB
Transfer

11580 kB
Size

48
Cookies

424 HTTP transactions
15 data transactions