mspfa.com Open in urlscan Pro
2606:4700:3036::ac43:b916 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://sburbtas.mspfa.com/
Effective URL:
https://mspfa.com/?s=37955
Submission: On January 06 via api (January 6th 2024, 8:57:20 pm UTC) from US — Scanned from DE

Summary HTTP 118 Redirects Links 5 Behaviour Indicators

Summary

This website contacted 19 IPs in 3 countries across 12 domains to perform 118 HTTP transactions. The main IP is 2606:4700:3036::ac43:b916, located in United States and belongs to CLOUDFLARENET, US. The main domain is mspfa.com.
TLS certificate: Issued by E1 on January 6th 2024. Valid for: 3 months.

This is the only time mspfa.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 14	2606:4700:303... 2606:4700:3035::6815:407c	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 5	2606:4700:303... 2606:4700:3036::ac43:b916	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:4001:831::200a	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:828::2008	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:81c::200e	15169 (GOOGLE) (GOOGLE)
1	2001:4860:480... 2001:4860:4802:34::36	15169 (GOOGLE) (GOOGLE)
42	2a00:1450:400... 2a00:1450:4001:812::2002	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:400c:c09::54	15169 (GOOGLE) (GOOGLE)
1 13	2a00:1450:400... 2a00:1450:4001:810::2002	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:831::2003	15169 (GOOGLE) (GOOGLE)
3	2a06:98c1:312... 2a06:98c1:3120::3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:4001:813::2003	15169 (GOOGLE) (GOOGLE)
20	2a00:1450:400... 2a00:1450:4001:827::2001	15169 (GOOGLE) (GOOGLE)
5	2a00:1450:400... 2a00:1450:4001:80f::2004	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:82b::2002	15169 (GOOGLE) (GOOGLE)
2	142.250.186.98 142.250.186.98	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:82f::2006	15169 (GOOGLE) (GOOGLE)
2	172.217.16.130 172.217.16.130	15169 (GOOGLE) (GOOGLE)
118	19

14 2606:4700:3035::6815:407c (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

sburbtas.mspfa.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
mspfa.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2606:4700:3036::ac43:b916 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

sburbtas.mspfa.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
mspfa.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:831::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:828::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:81c::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

apis.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4860:4802:34::36 (United States)

ASN15169 (GOOGLE, US)

region1.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

42 2a00:1450:4001:812::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:400c:c09::54 (Brussels, Belgium)

ASN15169 (GOOGLE, US)

accounts.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 2a00:1450:4001:810::2002 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:831::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a06:98c1:3120::3 (United States)

ASN13335 (CLOUDFLARENET, US)

file.garden	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:813::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

20 2a00:1450:4001:827::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:80f::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:82b::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.186.98 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s06-in-f2.1e100.net

googleads4.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:82f::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

s0.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 172.217.16.130 (United States)

ASN15169 (GOOGLE, US)
PTR: zrh04s06-in-f130.1e100.net

www.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
62	googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 140 tpc.googlesyndication.com — Cisco Umbrella Rank: 185	1016 KB
19	mspfa.com 2 redirects sburbtas.mspfa.com mspfa.com	198 KB
15	doubleclick.net 1 redirects googleads.g.doubleclick.net — Cisco Umbrella Rank: 68 googleads4.g.doubleclick.net — Cisco Umbrella Rank: 677	88 KB
9	google.com apis.google.com — Cisco Umbrella Rank: 255 accounts.google.com — Cisco Umbrella Rank: 65 www.google.com — Cisco Umbrella Rank: 6	67 KB
4	gstatic.com www.gstatic.com fonts.gstatic.com	64 KB
3	file.garden file.garden — Cisco Umbrella Rank: 848709	147 KB
2	googleadservices.com www.googleadservices.com — Cisco Umbrella Rank: 173
2	2mdn.net s0.2mdn.net — Cisco Umbrella Rank: 407	981 KB
2	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 271	129 KB
1	google-analytics.com region1.google-analytics.com — Cisco Umbrella Rank: 1695	249 B
1	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 114	75 KB
1	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 115	912 B
118	12

	Domain	Requested by
42	pagead2.googlesyndication.com	mspfa.com pagead2.googlesyndication.com tpc.googlesyndication.com googleads.g.doubleclick.net www.googletagservices.com
20	tpc.googlesyndication.com	pagead2.googlesyndication.com tpc.googlesyndication.com googleads.g.doubleclick.net mspfa.com
17	mspfa.com	mspfa.com
13	googleads.g.doubleclick.net	1 redirects pagead2.googlesyndication.com googleads.g.doubleclick.net mspfa.com
5	www.google.com	tpc.googlesyndication.com googleads.g.doubleclick.net
3	file.garden	mspfa.com
3	www.gstatic.com	accounts.google.com googleads.g.doubleclick.net
2	www.googleadservices.com
2	s0.2mdn.net	googleads.g.doubleclick.net
2	googleads4.g.doubleclick.net	googleads.g.doubleclick.net
2	www.googletagservices.com	googleads.g.doubleclick.net
2	accounts.google.com	apis.google.com www.gstatic.com
2	apis.google.com	mspfa.com apis.google.com
2	sburbtas.mspfa.com	2 redirects
1	fonts.gstatic.com	fonts.googleapis.com
1	region1.google-analytics.com	www.googletagmanager.com
1	www.googletagmanager.com	mspfa.com
1	fonts.googleapis.com	mspfa.com
118	18

This site contains links to these domains. Also see Links.

Domain
www.mspaintadventures.com
docs.google.com
tasvideos.org
twitter.com
www.youtube.com

Subject Issuer	Validity	Valid
mspfa.com E1	`2024-01-06` - `2024-04-05`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh
*.apis.google.com GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh
accounts.google.com GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh
file.garden GTS CA 1P5	`2023-11-16` - `2024-02-14`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh
www.google.com GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh
*.doubleclick.net GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh
*.google.com GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh
www.googleadservices.com GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh

This page contains 26 frames:

Primary Page: https://mspfa.com/?s=37955
Frame ID: E4429D1EDD65AAA2374F75B20DDCC9AC
Requests: 22 HTTP requests in this frame

Frame: https://mspfa.com/um/top.njs
Frame ID: BAA6AE5C4B926AC71DAB2F31CC8B1ECE
Requests: 8 HTTP requests in this frame

Frame: https://mspfa.com/um/side.njs
Frame ID: 2C29CF43CF7E7236F08C5D9708A47DB9
Requests: 8 HTTP requests in this frame

Frame: https://mspfa.com/um/bottom.njs
Frame ID: CC452A0B4347644D84A4041BA06AFFF1
Requests: 7 HTTP requests in this frame

Frame: https://accounts.google.com/o/oauth2/iframe
Frame ID: E4939E7144F0AFED8DE51B772754A931
Requests: 3 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20240103/r20190131/zrt_lookup_fy2021.html
Frame ID: D5205071F22EB6B1995C532EC0A5FC3D
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2923503486893931&output=html&adk=1812271804&adf=2373185777&plaf=1%3A2%2C2%3A2%2C7%3A2&plat=1%3A128%2C2%3A128%2C3%3A128%2C4%3A128%2C8%3A128%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&plas=500x675_l%7C120x1080_r&format=0x0&url=https%3A%2F%2Fmspfa.com%2F%3Fs%3D37955&ea=0&pra=5&wgl=1&easpi=0&asro=0&asiscm=1&aslmt=0.4&asamt=-1&asedf=0&asefa=1&aseiel=1~2~4~6&aslcwct=150&asacwct=25&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1704574635508&bpp=3&bdt=182&idt=243&shv=r20240103&mjsv=m202401020101&ptt=9&saldr=aa&nras=1&correlator=159799387172&frm=23&ife=1&pv=2&ga_vid=1518204706.1704574635&ga_sid=1704574636&ga_hid=1171949028&ga_fc=1&nhd=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&isw=728&ish=102&ifk=1917663710&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31080144%2C44785293%2C95320868&oid=2&pvsid=1404744877791781&tmod=1122081814&uas=0&nvt=1&fsapi=1&fc=1664&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C728%2C102&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32772&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=1&uci=1.yjk0b951k840&fsb=1&dtd=256
Frame ID: F65DC0672A4661E12840942A855CB797
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2923503486893931&output=html&h=90&slotname=8040678331&adk=3450505846&adf=3279755397&pi=t.ma~as.8040678331&w=728&format=728x90&url=https%3A%2F%2Fmspfa.com%2F%3Fs%3D37955&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1704574635511&bpp=1&bdt=185&idt=260&shv=r20240103&mjsv=m202401020101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=159799387172&frm=23&ife=1&pv=1&ga_vid=1518204706.1704574635&ga_sid=1704574636&ga_hid=1171949028&ga_fc=1&nhd=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=542&ady=0&biw=1600&bih=1200&isw=728&ish=102&ifk=1917663710&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31080144%2C44785293%2C95320868&oid=2&pvsid=1404744877791781&tmod=1122081814&uas=0&nvt=1&fc=1664&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C728%2C102&vis=1&rsz=%7C%7CoeE%7C&abl=CS&pfx=0&fu=4&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=2.iux8n7mzler&fsb=1&dtd=263
Frame ID: 517F76785A63C2D2ACF6FD1C7195CBD5
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2923503486893931&output=html&adk=1812271804&adf=2373185778&plaf=1%3A2%2C2%3A2%2C7%3A2&plat=1%3A128%2C2%3A128%2C3%3A128%2C4%3A128%2C8%3A128%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&plas=500x675_l%7C120x1080_r&format=0x0&url=https%3A%2F%2Fmspfa.com%2F%3Fs%3D37955&ea=0&pra=5&wgl=1&easpi=0&asro=0&asiscm=1&aslmt=0.4&asamt=-1&asedf=0&asefa=1&aseiel=1~2~3~4~6&aslcwct=150&asacwct=25&aslmct=0.6&asamct=0.6&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1704574635590&bpp=1&bdt=263&idt=189&shv=r20240103&mjsv=m202401030101&ptt=9&saldr=aa&nras=1&correlator=159799387172&frm=23&ife=1&pv=1&ga_vid=1518204706.1704574635&ga_sid=1704574636&ga_hid=1332797025&ga_fc=1&nhd=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&isw=160&ish=612&ifk=962192301&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31079437%2C42531705%2C42532523%2C44798934%2C31080235%2C95320376%2C95320891&oid=2&pvsid=3872663414102045&tmod=397696625&uas=0&nvt=1&fsapi=1&fc=1664&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C160%2C612&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32772&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=1&uci=1.espseou9ugez&fsb=1&dtd=201
Frame ID: 49D0001BD85460302552C54633803F3E
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2923503486893931&output=html&h=600&slotname=9137734637&adk=2787914377&adf=3279755396&pi=t.ma~as.9137734637&w=160&format=160x600&url=https%3A%2F%2Fmspfa.com%2F%3Fs%3D37955&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1704574635592&bpp=1&bdt=264&idt=202&shv=r20240103&mjsv=m202401030101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=159799387172&frm=23&ife=1&pv=1&ga_vid=1518204706.1704574635&ga_sid=1704574636&ga_hid=1332797025&ga_fc=1&nhd=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1310&ady=102&biw=1600&bih=1200&isw=160&ish=612&ifk=962192301&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31079437%2C42531705%2C42532523%2C44798934%2C31080235%2C95320376%2C95320891&oid=2&pvsid=3872663414102045&tmod=397696625&uas=0&nvt=1&fc=1664&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C160%2C612&vis=1&rsz=%7C%7CoeE%7C&abl=CS&pfx=0&fu=4&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=2.erzoajndnq5g&fsb=1&dtd=205
Frame ID: AAED8BB24726A86BFAE13FC910F89A6B
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2923503486893931&output=html&adk=1812271804&adf=2373185779&plaf=1%3A2%2C2%3A2%2C7%3A2&plat=1%3A128%2C2%3A128%2C3%3A128%2C4%3A128%2C8%3A128%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&plas=500x675_l%7C120x1080_r&format=0x0&url=https%3A%2F%2Fmspfa.com%2F%3Fs%3D37955&ea=0&pra=5&wgl=1&easpi=0&asro=0&asiscm=1&aslmt=0.4&asamt=-1&asedf=0&asefa=1&aseiel=1~2~4~6&aslcwct=150&asacwct=25&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1704574635546&bpp=3&bdt=201&idt=257&shv=r20240103&mjsv=m202401020101&ptt=9&saldr=aa&nras=1&correlator=159799387172&frm=23&ife=1&pv=1&ga_vid=1518204706.1704574635&ga_sid=1704574636&ga_hid=856400704&ga_fc=1&nhd=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&isw=728&ish=102&ifk=1332694701&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C95320238%2C21065724&oid=2&pvsid=1902452695317795&tmod=244406631&uas=0&nvt=1&fsapi=1&fc=1664&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C728%2C102&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32772&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=1&uci=1.leegygiy5xlh&fsb=1&dtd=265
Frame ID: CB03EAC11883A02E8112FA02CFFEB6ED
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2923503486893931&output=html&h=90&slotname=9248610348&adk=2983442208&adf=3279755399&pi=t.ma~as.9248610348&w=728&format=728x90&url=https%3A%2F%2Fmspfa.com%2F%3Fs%3D37955&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1704574635549&bpp=1&bdt=203&idt=264&shv=r20240103&mjsv=m202401020101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=159799387172&frm=23&ife=1&pv=1&ga_vid=1518204706.1704574635&ga_sid=1704574636&ga_hid=856400704&ga_fc=1&nhd=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=542&ady=278&biw=1600&bih=1200&isw=728&ish=102&ifk=1332694701&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C95320238%2C21065724&oid=2&pvsid=1902452695317795&tmod=244406631&uas=0&nvt=1&fc=1664&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C728%2C102&vis=1&rsz=%7C%7CoeE%7C&abl=CS&pfx=0&fu=4&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=2.1hfpvs3vg9s4&fsb=1&dtd=266
Frame ID: 18A0DFCD6AB8649B3BC65F87087735A2
Requests: 1 HTTP requests in this frame

Frame: https://mspfa.com/um/matched.njs
Frame ID: 69980BCB6B08B0B3D98F8F82FAE3F3E2
Requests: 8 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 3EF6BBA3F9D237EAA1E10898EACBF376
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 4CA986F73EA31F2E6EDCF8F92CFCF8B3
Requests: 2 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=COGKFRCp6RsYn-n4xgEwAQ&v=APEucNWQ0BM6ggY0gfLIYNMZL2RV1vZJmMZfF0iZhtGa74zog3n0CSm1y4QN9Lj3Nzn4t3Bi51hpjrnyFFLoAU9m_6E3SMs6vQ
Frame ID: D80E8DC89A067EAFEABA7AA19278D219
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/js/dv3.js
Frame ID: 751AB575D60A4D86AD88B09CE26EAFC6
Requests: 17 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: EF6FEFDDB0F01CA71AD269A30D2CF958
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: E1FEFE8E682060826319C99EB32A273F
Requests: 2 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/62bHydCX.html
Frame ID: BF8B0C9CFA375928AF88B2BF022BFA2F
Requests: 3 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2923503486893931&output=html&adk=1812271804&adf=2373185789&plaf=1%3A2%2C2%3A2%2C7%3A2&plat=1%3A128%2C2%3A128%2C3%3A128%2C4%3A128%2C8%3A128%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&plas=500x675_l%7C120x1080_r&format=0x0&url=https%3A%2F%2Fmspfa.com%2F%3Fs%3D37955&ea=0&pra=5&wgl=1&easpi=1&asro=0&asiscm=1&aslmt=0.4&asamt=-1&asedf=0&asefa=1&aseiel=1~2~4~6&aslcwct=150&asacwct=25&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1704574636434&bpp=3&bdt=135&idt=245&shv=r20240103&mjsv=m202401020101&ptt=9&saldr=aa&cookie=ID%3D8cbb09de74ed5ef1%3AT%3D1704574635%3ART%3D1704574635%3AS%3DALNI_MaEsg9b3ZhMRoN6bDv6GJ1NS6xpBg&gpic=UID%3D00000cf10375084b%3AT%3D1704574635%3ART%3D1704574635%3AS%3DALNI_MZLymbtnuwVfYIdBXYmjqG1T3SUkg&nras=1&correlator=159799387172&frm=23&ife=1&pv=1&ga_vid=1518204706.1704574635&ga_sid=1704574637&ga_hid=406294277&ga_fc=1&nhd=1&u_tz=60&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&isw=650&ish=402&ifk=4023565609&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31079759%2C31080145%2C95320869&oid=2&pvsid=3650528201294292&tmod=1208974737&uas=0&nvt=1&fsapi=1&top=https%3A%2F%2Fmspfa.com%2F%3Fs%3D37955%26p%3D1&fc=1664&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C650%2C402&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32772&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=1&uci=1.lru092ec568v&fsb=1&dtd=253
Frame ID: 917CE2935EF296B3353973ABFE9D8581
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2923503486893931&output=html&h=300&slotname=4362772295&adk=966170585&adf=3279755401&pi=t.ma~as.4362772295&w=650&format=650x300&url=https%3A%2F%2Fmspfa.com%2F%3Fs%3D37955&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1704574636437&bpp=1&bdt=138&idt=251&shv=r20240103&mjsv=m202401020101&ptt=9&saldr=aa&cookie=ID%3D8cbb09de74ed5ef1%3AT%3D1704574635%3ART%3D1704574635%3AS%3DALNI_MaEsg9b3ZhMRoN6bDv6GJ1NS6xpBg&gpic=UID%3D00000cf10375084b%3AT%3D1704574635%3ART%3D1704574635%3AS%3DALNI_MZLymbtnuwVfYIdBXYmjqG1T3SUkg&prev_fmts=0x0&nras=1&correlator=159799387172&frm=23&ife=1&pv=1&ga_vid=1518204706.1704574635&ga_sid=1704574637&ga_hid=406294277&ga_fc=1&nhd=1&u_tz=60&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=475&ady=866&biw=1600&bih=1200&isw=650&ish=402&ifk=4023565609&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31079759%2C31080145%2C95320869&oid=2&pvsid=3650528201294292&tmod=1208974737&uas=0&nvt=1&top=https%3A%2F%2Fmspfa.com%2F%3Fs%3D37955%26p%3D1&fc=1664&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C650%2C402&vis=1&rsz=%7C%7CoeE%7C&abl=CS&pfx=0&fu=4&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=2.3evvo7anqhxu&fsb=1&dtd=253
Frame ID: 018453FEE00AA4DCA11211342A16F1AB
Requests: 14 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: D36F6BB4A460876B7496144B8726E10B
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 616734D4E9E6045FBC0796ADC77FACD6
Requests: 2 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 81E4A557C0A74E2332E045BE06125151
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: B4C2888ADB2E0C69AE34523E32CC773D
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

SBURB TAS in 8:41:53.06

Page URL History Show full URLs

http://sburbtas.mspfa.com/ HTTP 301
https://sburbtas.mspfa.com/ HTTP 302
https://mspfa.com/?s=37955 Page URL

Detected technologies

Google Sign-in (Social logins) Expand

Overall confidence: 100%
Detected patterns

<meta[^>]*google-signin-client_id
<iframe[^>]*accounts\.google\.com/o/oauth2
apis\.google\.com/js/platform\.js

DoubleClick Campaign Manager (DCM) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

2mdn\.net

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/
2mdn\.net

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Google Plus (Widgets) Expand

Overall confidence: 100%
Detected patterns

apis\.google\.com/js/[a-z]*\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtag/js

Page Statistics

118
Requests

99 %
HTTPS

89 %
IPv6

12
Domains

18
Subdomains

19
IPs

3
Countries

2765 kB
Transfer

5735 kB
Size

11
Cookies

5 Outgoing links

These are links going to different origins than the main page.

URL: http://www.mspaintadventures.com/
Title: MSPA

Search URL Search Domain Scan URL

URL: https://docs.google.com/forms/d/e/1FAIpQLSfINX3g7WdtZgS9tlu-kgApUU_SRywZuBibyZ8OO-QIf7rNrA/viewform?usp=pp_url&entry.129859826=https://mspfa.com/?s%3D37955%26p%3D1&entry.1115524505=SBURB%20TAS%20in%208%3A41%3A53.06
Title: submit it here

Search URL Search Domain Scan URL

URL: http://tasvideos.org/
Title: TASVideos.org

Search URL Search Domain Scan URL

URL: https://twitter.com/BoogsNStuff
Title: Boogs

Search URL Search Domain Scan URL

URL: https://www.youtube.com/watch?v=PjxV0jMpS34
Title: |

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://sburbtas.mspfa.com/ HTTP 301
https://sburbtas.mspfa.com/ HTTP 302
https://mspfa.com/?s=37955 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 104

https://googleads.g.doubleclick.net/pagead/adview?ai=CH158rL6ZZZKELK-D1fAPlai0-Ayl0fL6dITa_qDDEmQQASChlfMoYJWCgICYB6ABvL3SmQPIAQaoAwGqBPABT9AHIw5CT1uTPaYuoXaxTVwpxXqFN60EBA1vlH5WVtWXujZVuK5EL7yaEyqfQvwvTsIYTLgsFsebtxLpd56zw4MZJQSHyjH0FLFD4nq0eiajKhpxeEWE0LAspjgzpVgveMLQ51qFR_YdyOWGGhpra0PEQRdCNekWPz3pSU_Qmp6oX50ikOUUBNoAjknqlgE_xUDk2IX0o8O4L7e28IBx3sMALH_TPgJociryji1Ne5IwZaeeaMzlRUAGGdgNw7a0ITqdP1M8eb4XkmLN-IlDsuUQmalR9Z94JX2mL8tVLmRKaJnLyBL4OIxOmClwNXZCwASq3pWrzgTgBAOIBcKWiahNkgUGCBsQAhgBkgUKCCIQAxgBSPfPD5IFBggdEAQYAZIFBggdEAEYAZIFBggeEAEYAZAGAaAGN4AHrMKtZqgH2baxAqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB9XJG6gHpr4b2AcB8gcKELLbDhihz4XyAdIIHwiA4YBwEAEYHzIC6wI6AoBASL39wTpYpu3brdPJgwOaCZgBaHR0cHM6Ly93d3cuZmV3by1kaXJla3QuZGU_YnJhbmRjaWQ9dnJiby5vbGEuMTImdXRtX2NhbXBhaWduPWZld286cHJvZzpkZXUtZGU6dDpnOnh4eDppcm9hcyZ1dG1fbWVkaXVtPWRpc3BsYXkmdXRtX3NvdXJjZT1kYm0mdXRtX2NvbnRlbnQ9cHJvJnV0bV90ZXJtPTCACgHICwGiDAgqBgoEu7uxArATt9iJFsgTo66kB9ATANgTC4gUBtgUAdAVAZgWAYAXAbIXHAoaCAASFHB1Yi0yOTIzNTAzNDg2ODkzOTMxGAA&sigh=MUpP8GIncjk&uach_m=%5BUACH%5D&ase=2&nis=4&cid=CAQSPAAvHhf_q4ekePIFhtjUjAvcBIoM_qKGwCPUw19Ihu2FakzC0wdn2gR2MlU_KK_g_xVv6gaNDlRdsVYFvRgB&template_id=509&vt=10&cbvp=2&vis=1 HTTP 302
https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%2212903717613665221267%22,%22debug_reporting%22:true,%22destination%22:%22https://fewo-direkt.de%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%22859086524%22],%2222%22:[%22true%22],%224%22:[%2201-06%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%2211764514632417322353%22}&andc=true

118 HTTP transactions
2 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
mspfa.com/
Redirect Chain

http://sburbtas.mspfa.com/
https://sburbtas.mspfa.com/
https://mspfa.com/?s=37955

7 KB
2 KB

724ms
702ms

Document
text/html

2606:4700:3036::ac43:b916
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://mspfa.com/?s=37955
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3036::ac43:b916 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 24c36d2e65f8fd6fb1aec8297e898dc610161e7cd7b812e49491c30d60ea0d61

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 8416df46fd871e95-AMS
content-encoding: br
content-type: text/html; charset=utf-8
date: Sat, 06 Jan 2024 20:57:14 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DTCxkrozoYudazJ9gRCZ5G7J5%2F6i7oHN7LctzUNsKS0oz2d0vRFYZecSVOZ7IQxaHthLp20l%2B%2FYZWh1%2FyZqxUGyyj67ZP3psGA3cu3VDgbayaQ06atAAb1PQBBGBeBqxb3zsACEviIU%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
x-magic: real

Redirect headers

access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 8416df2178fe1e95-AMS
content-type: text/html; charset=utf-8
date: Sat, 06 Jan 2024 20:57:14 GMT
location: https://mspfa.com/?s=37955
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=z2TKPljVs6sCNMNUz0XC1wAuaW%2BqasCnHsh5W8Yf8jotccsQVZaQet4sCW3Z%2Fyn0du4EhqtAnk6MZOw%2FbkuPzxXbQyBy%2BEYM%2B3Iigj8MOsepqxF9bbZh5TRfgTeOhFLjSO39IsXOnQOFnsixQACdIEU%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept, Accept-Encoding
x-magic: real

GET
H2 200 css
fonts.googleapis.com/ 2 KB
912 B 87ms
34ms Stylesheet
text/css 2a00:1450:4001:831::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Press+Start+2P

Requested by

Host: mspfa.com
URL: https://mspfa.com/?s=37955

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

6494e5d57e95e616a57e1b8461002b1dd6ecdfffb63d846673cb245d75f3be38

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mspfa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Sat, 06 Jan 2024 20:57:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Sat, 06 Jan 2024 20:57:14 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sat, 06 Jan 2024 20:57:14 GMT

GET
H2 200 mspfa.css
mspfa.com/css/ 11 KB
3 KB 299ms
298ms Stylesheet
text/css 2606:4700:3036::ac43:b916
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://mspfa.com/css/mspfa.css?cb=6
Requested by: Host: mspfa.com
URL: https://mspfa.com/?s=37955
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3036::ac43:b916 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d76831690bb50ba96a984e8b154765598b9fe118a1ea5482737f0d5aef2deb02

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mspfa.com/?s=37955
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Sat, 06 Jan 2024 20:57:15 GMT
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"2b7d-lc9FY02bqaJFNKK/NBsoGntxaOE"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=poOUrTKoK6ZTWG%2FKKL1RU0oc1q5nypL03oAvEq3pGQ%2BeYkAvh3A25qw%2BeHhFpjiv2MHl6eaSEx6FaPyHzmHSGrdY%2F%2F5I4OJn2v1h4fe5yJFJN%2BY7AQarBAKn4UcTZsZRkyoS%2FPUyvtQ%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=2592000
cf-ray: 8416df4b69031e95-AMS
alt-svc: h3=":443"; ma=86400
x-magic: real

GET
H2 200 extra.css
mspfa.com/css/ 0
352 B 298ms
297ms Stylesheet
text/css 2606:4700:3036::ac43:b916
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://mspfa.com/css/extra.css?cb=3
Requested by: Host: mspfa.com
URL: https://mspfa.com/?s=37955
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3036::ac43:b916 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mspfa.com/?s=37955
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Sat, 06 Jan 2024 20:57:15 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"0-2jmj7l5rSw0yVb/vlWAYkK/YBwk"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LK0AMB9GZESfF%2Fzvbxtcg5jILR7uACsIppojxYnMlNT9h1EcltV8LmymQq45ViI%2FW%2BARJwBD5GVnyKgNJXRJNPqw0sbl7Lrz%2B3vHniK6nGKeCJ3fx3DPZwFOszFAxX9jTF6xPE0N%2Bgc%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=2592000
cf-ray: 8416df4b69051e95-AMS
alt-svc: h3=":443"; ma=86400
content-length: 0
x-magic: real

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 205 KB
75 KB 90ms
39ms Script
application/javascript 2a00:1450:4001:828::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-1PXKHYX2CY

Requested by

Host: mspfa.com
URL: https://mspfa.com/?s=37955

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

0c27e371fef7b6b3bcb5befc6f8e9bd249fd76f45cca171bb646cc86f784dcca

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mspfa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Sat, 06 Jan 2024 20:57:15 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 76308
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Sat, 06 Jan 2024 20:57:15 GMT

GET
H2 200 platform.js Show response
apis.google.com/js/ 56 KB
22 KB 91ms
39ms Script
text/javascript 2a00:1450:4001:81c::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://apis.google.com/js/platform.js

Requested by

Host: mspfa.com
URL: https://mspfa.com/?s=37955

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5d6761121e36dada7b2cb2088e9749ddc66c64da9a262386e1e358c8dbbeeeeb

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/gapi-team
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mspfa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

content-security-policy: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/gapi-team
content-encoding: gzip
x-content-type-options: nosniff
date: Sat, 06 Jan 2024 20:57:15 GMT
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 21932
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="gapi-team"
etag: "744e1fa93653e48f"
vary: Accept-Encoding
report-to: {"group":"gapi-team","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gapi-team"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: private, max-age=1800, stale-while-revalidate=1800
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 06 Jan 2024 20:57:15 GMT

GET
H2 200 mspfa.js Show response
mspfa.com/js/ 186 KB
37 KB 301ms
300ms Script
application/javascript 2606:4700:3036::ac43:b916
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://mspfa.com/js/mspfa.js?cb=67
Requested by: Host: mspfa.com
URL: https://mspfa.com/?s=37955
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3036::ac43:b916 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 13968c344791e8cb48bccfdf3559b83b8a42b722cabcbc7161ab8ef3ba102d27

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mspfa.com/?s=37955
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Sat, 06 Jan 2024 20:57:15 GMT
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"2e95d-qfFgjLP3i1yxSbdJNC4b8jZM7yU"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Ts4aqr0LA76w%2Fj0MO3oaKi8RgsnmF66s46ms2CHEO%2BVv8sXh0msE9HjW79na2qh7SyCikIVwyQlxiXovOcdM8QYZWttFQHkvukZ88%2FWOT%2FdSeLngnu5VJHqboR39KVjct3BbLSZOu9U%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=2592000
cf-ray: 8416df4b69081e95-AMS
alt-svc: h3=":443"; ma=86400
x-magic: real

GET
H3 200 top.njs Show response
mspfa.com/um/ Frame BAA6 859 B
860 B 252ms
252ms Document
text/html 2606:4700:3035::6815:407c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://mspfa.com/um/top.njs
Requested by: Host: mspfa.com
URL: https://mspfa.com/?s=37955
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3035::6815:407c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 749fe22e0680f2d4d77b7741910e9740767a97865fa3dc0c5361627db2de7e58

Request headers

Referer: https://mspfa.com/?s=37955
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 8416df4d4ea1b770-AMS
content-encoding: br
content-type: text/html; charset=utf-8
date: Sat, 06 Jan 2024 20:57:15 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lLfOl2DAQx58GVhkbVlUT5UpCC0tQVHjZ11ky%2Fz1XYZnJh3DJuzASJ92ba5NDBi8V6GCVYwcDceiyG4kW4SmxI3KThRr1AzFOINwFhDdt6aQv75t2PygNCejGaGBVb7C0gN3YF8cKiQ%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
x-magic: real

GET
H3 200 side.njs Show response
mspfa.com/um/ Frame 2C29 861 B
867 B 253ms
253ms Document
text/html 2606:4700:3035::6815:407c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://mspfa.com/um/side.njs
Requested by: Host: mspfa.com
URL: https://mspfa.com/?s=37955
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3035::6815:407c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: badde797653a016bb5572385cd34e57a0774625f0ed2569f075ce7b961ccaac3

Request headers

Referer: https://mspfa.com/?s=37955
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 8416df4d4ea4b770-AMS
content-encoding: br
content-type: text/html; charset=utf-8
date: Sat, 06 Jan 2024 20:57:15 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0qAywfSnMu3RmMPn46ro3GWt49LSCiUxzvLBeUFuQ1l2xljKLq2a80n5L%2FPeINEvzHHX7Q%2BPqwG6wjsliX%2Fl4vgYadA%2FVT6r8dfaJlFNPdo7FBu88iVwXXDHcLsM9VxxfoJ%2F1ONzxWo%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
x-magic: real

GET
H3 200 bottom.njs Show response
mspfa.com/um/ Frame CC45 862 B
864 B 254ms
254ms Document
text/html 2606:4700:3035::6815:407c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://mspfa.com/um/bottom.njs
Requested by: Host: mspfa.com
URL: https://mspfa.com/?s=37955
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3035::6815:407c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1af155dbabd3d3d99fe75644c67d72212968c01ff1343344e20636969cf84771

Request headers

Referer: https://mspfa.com/?s=37955
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 8416df4d4eadb770-AMS
content-encoding: br
content-type: text/html; charset=utf-8
date: Sat, 06 Jan 2024 20:57:15 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0YtSQcF3xJaayRgLkduACH5sdiS4lOIqlAL4sBazt%2FJR%2BmAHj6puFgGLYopvQLfcu1%2Bi416aZGYuIeP%2BP1LwlKIkBuRZnpBB1XjOYYqitri2qDiou%2Barr7hZ6oIdZKgp3e%2BIHE27kbc%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
x-magic: real

GET
H3 200 VorkedLarfleeze.gif
mspfa.com/images/ 2 KB
2 KB 223ms
223ms Image
image/gif 2606:4700:3035::6815:407c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mspfa.com/images/VorkedLarfleeze.gif
Requested by: Host: mspfa.com
URL: https://mspfa.com/css/mspfa.css?cb=6
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3035::6815:407c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7b65fd93b3b357a91df9268bc0012fcc0f58d8b902491ce2bc3c8c10e0bac154

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mspfa.com/css/mspfa.css?cb=6
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Sat, 06 Jan 2024 20:57:15 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"610-VAha3eHJEYTsuXnVBcshNC8r7m0"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Wlq9iisEraH6Nh3P7blJ2gQArDesuvTBLPmScIU%2BG6GUWzbwz9wGYhhCCdvic4sXsuUso3QNLduOknVL3d4qAHmjI5uxP%2BXO5QPCnYUKXd4PbXUV0sZUbGJgp1MIC9klH3pTPWrK194%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
access-control-allow-origin: *
cache-control: public, max-age=2592000
cf-ray: 8416df4d4eb2b770-AMS
alt-svc: h3=":443"; ma=86400
content-length: 1552
x-magic: real

GET
H3 200 candyheart.png
mspfa.com/images/ 226 B
732 B 221ms
221ms Image
image/png 2606:4700:3035::6815:407c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mspfa.com/images/candyheart.png
Requested by: Host: mspfa.com
URL: https://mspfa.com/css/mspfa.css?cb=6
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3035::6815:407c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1a7ac6fa21c4046373f22832ba6ce9c1fd0b067f9a854bbe3949699bc144ba9f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mspfa.com/css/mspfa.css?cb=6
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Sat, 06 Jan 2024 20:57:15 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"e2-luBRtAjYAu47p4IUMmfAkPgHD0w"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IGFYEaSIgTpfLfAYeNx%2BdidSWgmjfTJDV5YS%2BbXYMlBkCZJoOD%2FyS7MFeGf8FG7gX9U%2BjZ3loOywVA20e7yPEnH3cXLugCnw%2Fkn%2B1F1C4mMYIv1nNtuSpHciFjY87ib7QpOo%2FGpvuVg%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=2592000
cf-ray: 8416df4d4eb3b770-AMS
alt-svc: h3=":443"; ma=86400
content-length: 226
x-magic: real

GET
H3 200 loading.gif
mspfa.com/images/ 9 KB
9 KB 222ms
222ms Image
image/gif 2606:4700:3035::6815:407c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mspfa.com/images/loading.gif
Requested by: Host: mspfa.com
URL: https://mspfa.com/css/mspfa.css?cb=6
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3035::6815:407c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a951eefcb9be697e43611ba4eca19aff74594f051a4fd60dd6c3eededfd852c1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mspfa.com/css/mspfa.css?cb=6
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Sat, 06 Jan 2024 20:57:15 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"22a9-PiySYNVKPUjRuGyMBHnSDFXIb6g"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IuUftxpdUA1%2BpIY%2Bal%2BZuRiuphGSZrx7U%2Bp9haqZ%2BlmeFRY0XfB0O1uL9NFBpZkaLY553Qz6i8bbm%2B5rOY1f5i7LEULZL0q6kT7b66%2BhECtjueBSCv01NxTaG8UmhUdkfQzZu5UyvKU%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
access-control-allow-origin: *
cache-control: public, max-age=2592000
cf-ray: 8416df4d4eb5b770-AMS
alt-svc: h3=":443"; ma=86400
content-length: 8873
x-magic: real

POST
H2 204 collect
region1.google-analytics.com/g/ 0
249 B 79ms
28ms Ping
text/plain 2001:4860:4802:34::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-1PXKHYX2CY&gtm=45je4130v870192338&_p=1704574635072&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&cid=1518204706.1704574635&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=1&sid=1704574635&sct=1&seg=0&dl=https%3A%2F%2Fmspfa.com%2F%3Fs%3D37955&dt=SBURB%20TAS%20in%208%3A41%3A53.06&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1&tfd=7380
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-1PXKHYX2CY
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mspfa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 06 Jan 2024 20:57:15 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://mspfa.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame BAA6 147 KB
51 KB 133ms
81ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-2923503486893931

Requested by

Host: mspfa.com
URL: https://mspfa.com/um/top.njs

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b2b23f5654a02f82252e56b125b59be14f91d5ee952f710e1964c7e2f459ab63

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://mspfa.com/
Origin: https://mspfa.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Sat, 06 Jan 2024 20:57:15 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 51366
x-xss-protection: 0
server: cafe
etag: 12991392881853321895
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Sat, 06 Jan 2024 20:57:15 GMT

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame 2C29 146 KB
50 KB 237ms
185ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-2923503486893931

Requested by

Host: mspfa.com
URL: https://mspfa.com/um/side.njs

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

55996ca93c2c9fadd593b22c02a818a1f70ca07791779092d1fc3259989316f3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://mspfa.com/
Origin: https://mspfa.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Sat, 06 Jan 2024 20:57:15 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 51111
x-xss-protection: 0
server: cafe
etag: 12118696816833561149
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Sat, 06 Jan 2024 20:57:15 GMT

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame CC45 147 KB
50 KB 166ms
133ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-2923503486893931

Requested by

Host: mspfa.com
URL: https://mspfa.com/um/bottom.njs

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d33c6b78c22e775802b68c6a3df3856ea0ed6da3eb444e45ab84c5f217941f3d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://mspfa.com/
Origin: https://mspfa.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Sat, 06 Jan 2024 20:57:15 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 51372
x-xss-protection: 0
server: cafe
etag: 13969348502512359532
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Sat, 06 Jan 2024 20:57:15 GMT

GET
H2 200 cb=gapi.loaded_0 Show response
apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.de.Vfl3xXWFLmk.O/m=auth2/rt=j/sv=1/d=1/ed=1/rs=AHpOoo86I-Lz9xExGf4hsd4WDA5L6jMrIA/ 119 KB
40 KB 23ms
23ms Script
text/javascript 2a00:1450:4001:81c::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.de.Vfl3xXWFLmk.O/m=auth2/rt=j/sv=1/d=1/ed=1/rs=AHpOoo86I-Lz9xExGf4hsd4WDA5L6jMrIA/cb=gapi.loaded_0?le=scs

Requested by

Host: apis.google.com
URL: https://apis.google.com/js/platform.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d85f21be5db07a2ea03381f9ba5f984d5fd971f4ceb3174957e8cb6f28949aa9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mspfa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Wed, 03 Jan 2024 21:15:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 258097
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/social-frontend-mpm-access
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 40961
x-xss-protection: 0
last-modified: Wed, 06 Dec 2023 19:05:16 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="social-frontend-mpm-access"
vary: Accept-Encoding
report-to: {"group":"social-frontend-mpm-access","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/social-frontend-mpm-access"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 02 Jan 2025 21:15:38 GMT

POST
H3 200 / Show response
mspfa.com/ 351 KB
117 KB 222ms
221ms XHR
application/json 2606:4700:3035::6815:407c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://mspfa.com/
Requested by: Host: mspfa.com
URL: https://mspfa.com/js/mspfa.js?cb=67
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3035::6815:407c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ed00b5e1f578f3bc8d525f1e3e37eca032b703b7dea53ce5b312a2024cb24c0b

Request headers

Accept: application/json
Referer: https://mspfa.com/?s=37955
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Sat, 06 Jan 2024 20:57:15 GMT
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"57b9f-PV5TDRa+kdUFidIRxpXaqxLprfY"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BZzb7Mf%2BESrPfg6KPi5EVXbDAe%2F%2FltFTT4bFqiQp6sal2cV2G5uVehq%2F3NTudLir0E8uGaDeW45u7cy0pRPuSFq2ktkzplgMnQoN7oveBMLDTGToEIS%2F0xyJsJ4bLjv%2FDG%2Bimn%2BEzU0%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/json; charset=utf-8
access-control-allow-origin: *
cf-ray: 8416df4f08d9b770-AMS
alt-svc: h3=":443"; ma=86400
x-magic: real

GET
H3 200 pages.png
mspfa.com/images/ 210 B
677 B 127ms
127ms Image
image/png 2606:4700:3035::6815:407c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mspfa.com/images/pages.png
Requested by: Host: mspfa.com
URL: https://mspfa.com/?s=37955
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3035::6815:407c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1eb9ba34e4307d0579566b2c1010d569cafae392e7c53f38c1d975376e7070a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mspfa.com/?s=37955
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Sat, 06 Jan 2024 20:57:15 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"d2-+oDX13gGQJqlCa3McHcBsmgEo/Y"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=viKh5S9vKvrY0Uaq99mVa5B0FFpduZ%2FFXcGBqEvpwnXAzsrM%2FoYfg5py723wer5fPys0cmY3vG%2F9cenJ0GmQFmRLKwDhgBaNx%2BmjvlbH4lYtL4b4Ufzg%2Bo%2BoMwraMns22BNqugmJzGM%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=2592000
cf-ray: 8416df4f08dbb770-AMS
alt-svc: h3=":443"; ma=86400
content-length: 210
x-magic: real

GET
H3 200 heart.png
mspfa.com/images/ 306 B
771 B 233ms
232ms Image
image/png 2606:4700:3035::6815:407c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mspfa.com/images/heart.png
Requested by: Host: mspfa.com
URL: https://mspfa.com/?s=37955
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3035::6815:407c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c4f8aa197bc4c7d9f715c6e432942b7094c34266ff2a57a55c820f15e6259441

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mspfa.com/?s=37955
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Sat, 06 Jan 2024 20:57:15 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"132-fgFePWLpF3mASzESnFu01/fyis8"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BT9ip1RFcnauPoXEpHgMQ61oJW9LjyHYNqjGRGFRK2Rt1vCg%2F9XHkI3dxyHhmt2uQOa8l4StrbaXx9UYC908W1QbhI0Ry7sIUfJ%2BrBjjwRF1XBxLGiA2a6VRUf6ilRqe3Lj8JqAbZLQ%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=2592000
cf-ray: 8416df4f08ddb770-AMS
alt-svc: h3=":443"; ma=86400
content-length: 306
x-magic: real

GET
H2 200 iframe Show response
accounts.google.com/o/oauth2/ Frame E493 286 B
1 KB 103ms
43ms Document
text/html 2a00:1450:400c:c09::54
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://accounts.google.com/o/oauth2/iframe

Requested by

Host: apis.google.com
URL: https://apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.de.Vfl3xXWFLmk.O/m=auth2/rt=j/sv=1/d=1/ed=1/rs=AHpOoo86I-Lz9xExGf4hsd4WDA5L6jMrIA/cb=gapi.loaded_0?le=scs

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c09::54 Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

304c04bdeeef0f2b062a1c77da2f98c8df7c3abbde560237ae3f29853a98caad

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/IdpIFrameHttp/cspreport script-src 'report-sample' 'nonce-ElDTM8_gJVif9jXQTSvxFA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/IdpIFrameHttp/cspreport;worker-src 'self' script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/IdpIFrameHttp/cspreport/allowlist
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://mspfa.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-encoding: gzip
content-security-policy: require-trusted-types-for 'script';report-uri /_/IdpIFrameHttp/cspreport script-src 'report-sample' 'nonce-ElDTM8_gJVif9jXQTSvxFA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/IdpIFrameHttp/cspreport;worker-src 'self' script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/IdpIFrameHttp/cspreport/allowlist
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: cross-origin
date: Sat, 06 Jan 2024 20:57:15 GMT
expires: Mon, 01 Jan 1990 00:00:00 GMT
origin-trial: Anx7P+ykxPk2cvb3pmDcFJrtthuvm2pPqF/N9DW2XnD4tw+GvaXWaUhemhtJeK2OiYYjgVfcdmEkym+Al84WUQEAAABReyJvcmlnaW4iOiJodHRwczovL2FjY291bnRzLmdvb2dsZS5jb206NDQzIiwiZmVhdHVyZSI6IlRwY2QiLCJleHBpcnkiOjE3MzUzNDM5OTl9
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
pragma: no-cache
server: ESF
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 show_ads_impl_with_ama_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202401020101/ Frame BAA6 403 KB
136 KB 128ms
84ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202401020101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-2923503486893931&plah=mspfa.com

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-2923503486893931

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

1bccae4a2fa46956417b7bc20e3cbc3efe52d8aa79e6452e76668ac6e2758026

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mspfa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Sat, 06 Jan 2024 20:57:15 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 139474
x-xss-protection: 0
server: cafe
etag: 13061663694544681069
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Sat, 06 Jan 2024 20:57:15 GMT

GET
H2 200 zrt_lookup_fy2021.html Show response
googleads.g.doubleclick.net/pagead/html/r20240103/r20190131/ Frame D520 9 KB
4 KB 76ms
22ms Document
text/html 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20240103/r20190131/zrt_lookup_fy2021.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-2923503486893931

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e93b8c0ae5b5910b7107c8b455eda029935c56efa8de0be2443d8eabba207197

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://mspfa.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 18827
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4173
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sat, 06 Jan 2024 15:43:28 GMT
etag: 9219409622527106327
expires: Sat, 20 Jan 2024 15:43:28 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 m=base Show response
www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.IdpIFrameHttp.de.8_3aOHTFmpM.es5.O/am=wA/d=1/rs=AOaEmlEJHqL2HTfLGE8sRubaNaigiYAHEQ/ Frame E493 106 KB
37 KB 77ms
24ms Script
text/javascript 2a00:1450:4001:831::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.IdpIFrameHttp.de.8_3aOHTFmpM.es5.O/am=wA/d=1/rs=AOaEmlEJHqL2HTfLGE8sRubaNaigiYAHEQ/m=base

Requested by

Host: accounts.google.com
URL: https://accounts.google.com/o/oauth2/iframe

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3f96f090d1b4a1c2b0bb3cfe24c4e7b0d4732d9ca9df479c862aa0eb10e42147

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://accounts.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Tue, 02 Jan 2024 21:13:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 344612
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/boq-infra/identity-boq-js-css-signers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 37375
x-xss-protection: 0
last-modified: Fri, 29 Dec 2023 05:43:51 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="boq-infra/identity-boq-js-css-signers"
vary: Accept-Encoding, Origin
report-to: {"group":"boq-infra/identity-boq-js-css-signers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/boq-infra/identity-boq-js-css-signers"}]}
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
expires: Wed, 01 Jan 2025 21:13:43 GMT

GET
H3 200 show_ads_impl_with_ama_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202401020101/ Frame CC45 403 KB
136 KB 171ms
165ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202401020101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-2923503486893931&plah=mspfa.com

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-2923503486893931

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7a68e85969b392991fd8b13baefd6c794308912bfc25a044b1d3b9ac7537374d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mspfa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Sat, 06 Jan 2024 20:57:15 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 139479
x-xss-protection: 0
server: cafe
etag: 2680821108904750103
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Sat, 06 Jan 2024 20:57:15 GMT

GET
H3 200 show_ads_impl_with_ama_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202401030101/ Frame 2C29 401 KB
136 KB 91ms
91ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202401030101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-2923503486893931&plah=mspfa.com&bust=31080235

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-2923503486893931

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3eff02f8fd885f648241e70f9b2507e13f26b9a253073cb49980fa701c84b629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mspfa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Sat, 06 Jan 2024 20:57:15 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 139175
x-xss-protection: 0
server: cafe
etag: 15628646971467784768
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Sat, 06 Jan 2024 20:57:15 GMT

GET
H2 200 iframerpc Show response
accounts.google.com/o/oauth2/ Frame E493 49 B
376 B 46ms
45ms XHR
application/json 2a00:1450:400c:c09::54
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://accounts.google.com/o/oauth2/iframerpc?action=checkOrigin&origin=https%3A%2F%2Fmspfa.com&client_id=594715327455-oqsr0f4u9g0tv70mnqd9srmkgqh3ffc2.apps.googleusercontent.com

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.IdpIFrameHttp.de.8_3aOHTFmpM.es5.O/am=wA/d=1/rs=AOaEmlEJHqL2HTfLGE8sRubaNaigiYAHEQ/m=base

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c09::54 Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

4836b6031bc4af96767f0121fa458714583340054aea6338ef99a1bc4011f43b

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/IdpIFrameHttp/cspreport, script-src 'report-sample' 'nonce-XeFSm1sLE5_Sev5MBEO6NA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/IdpIFrameHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/IdpIFrameHttp/cspreport/allowlist
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://accounts.google.com/o/oauth2/iframe
X-Requested-With: XmlHttpRequest
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Sat, 06 Jan 2024 20:57:15 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
content-security-policy: require-trusted-types-for 'script';report-uri /_/IdpIFrameHttp/cspreport, script-src 'report-sample' 'nonce-XeFSm1sLE5_Sev5MBEO6NA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/IdpIFrameHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/IdpIFrameHttp/cspreport/allowlist
content-encoding: gzip
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: same-site
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site, Origin
content-type: application/json; charset=utf-8
cache-control: public, max-age=3600
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
expires: Sat, 06 Jan 2024 21:57:15 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame BAA6 0
20 B 55ms
55ms Image
image/gif 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=adsense_fc_has_namespace_but_no_iframes&publisherId=ca-pub-2923503486893931&eid=44759876%2C44759927%2C44759837%2C31080144%2C44785293

Requested by

Host: mspfa.com
URL: https://mspfa.com/um/top.njs

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mspfa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 06 Jan 2024 20:57:15 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame F65D 3 KB
714 B 231ms
230ms Document
text/html 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2923503486893931&output=html&adk=1812271804&adf=2373185777&plaf=1%3A2%2C2%3A2%2C7%3A2&plat=1%3A128%2C2%3A128%2C3%3A128%2C4%3A128%2C8%3A128%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&plas=500x675_l%7C120x1080_r&format=0x0&url=https%3A%2F%2Fmspfa.com%2F%3Fs%3D37955&ea=0&pra=5&wgl=1&easpi=0&asro=0&asiscm=1&aslmt=0.4&asamt=-1&asedf=0&asefa=1&aseiel=1~2~4~6&aslcwct=150&asacwct=25&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1704574635508&bpp=3&bdt=182&idt=243&shv=r20240103&mjsv=m202401020101&ptt=9&saldr=aa&nras=1&correlator=159799387172&frm=23&ife=1&pv=2&ga_vid=1518204706.1704574635&ga_sid=1704574636&ga_hid=1171949028&ga_fc=1&nhd=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&isw=728&ish=102&ifk=1917663710&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31080144%2C44785293%2C95320868&oid=2&pvsid=1404744877791781&tmod=1122081814&uas=0&nvt=1&fsapi=1&fc=1664&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C728%2C102&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32772&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=1&uci=1.yjk0b951k840&fsb=1&dtd=256

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202401020101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-2923503486893931&plah=mspfa.com

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

1dcb5b2d771ba0f6f2d5fd5e4b892d8c3a09399958c2d18d76fcbdc62ab56247

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://mspfa.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 514
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sat, 06 Jan 2024 20:57:15 GMT
expires: Sat, 06 Jan 2024 20:57:15 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame BAA6 0
20 B 55ms
55ms Image
image/gif 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=adsense_fc_has_namespace_but_no_iframes&publisherId=ca-pub-2923503486893931&eid=44759876%2C44759927%2C44759837%2C31080144%2C44785293%2C95320868

Requested by

Host: mspfa.com
URL: https://mspfa.com/um/top.njs

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mspfa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 06 Jan 2024 20:57:15 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 517F 713 B
549 B 250ms
250ms Document
text/html 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2923503486893931&output=html&h=90&slotname=8040678331&adk=3450505846&adf=3279755397&pi=t.ma~as.8040678331&w=728&format=728x90&url=https%3A%2F%2Fmspfa.com%2F%3Fs%3D37955&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1704574635511&bpp=1&bdt=185&idt=260&shv=r20240103&mjsv=m202401020101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=159799387172&frm=23&ife=1&pv=1&ga_vid=1518204706.1704574635&ga_sid=1704574636&ga_hid=1171949028&ga_fc=1&nhd=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=542&ady=0&biw=1600&bih=1200&isw=728&ish=102&ifk=1917663710&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31080144%2C44785293%2C95320868&oid=2&pvsid=1404744877791781&tmod=1122081814&uas=0&nvt=1&fc=1664&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C728%2C102&vis=1&rsz=%7C%7CoeE%7C&abl=CS&pfx=0&fu=4&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=2.iux8n7mzler&fsb=1&dtd=263

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a1767312a5516d196a3683b83931a24a9a87669b63d5ec294fe19f479c7e5a7f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://mspfa.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 355
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sat, 06 Jan 2024 20:57:16 GMT
expires: Sat, 06 Jan 2024 20:57:16 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 2C29 0
20 B 56ms
56ms Image
image/gif 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=adsense_fc_has_namespace_but_no_iframes&publisherId=ca-pub-2923503486893931&eid=44759875%2C44759926%2C44759837%2C31079437%2C42531705%2C42532523%2C44798934%2C31080235%2C95320376

Requested by

Host: mspfa.com
URL: https://mspfa.com/um/side.njs

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mspfa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 06 Jan 2024 20:57:15 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 49D0 3 KB
680 B 242ms
242ms Document
text/html 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2923503486893931&output=html&adk=1812271804&adf=2373185778&plaf=1%3A2%2C2%3A2%2C7%3A2&plat=1%3A128%2C2%3A128%2C3%3A128%2C4%3A128%2C8%3A128%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&plas=500x675_l%7C120x1080_r&format=0x0&url=https%3A%2F%2Fmspfa.com%2F%3Fs%3D37955&ea=0&pra=5&wgl=1&easpi=0&asro=0&asiscm=1&aslmt=0.4&asamt=-1&asedf=0&asefa=1&aseiel=1~2~3~4~6&aslcwct=150&asacwct=25&aslmct=0.6&asamct=0.6&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1704574635590&bpp=1&bdt=263&idt=189&shv=r20240103&mjsv=m202401030101&ptt=9&saldr=aa&nras=1&correlator=159799387172&frm=23&ife=1&pv=1&ga_vid=1518204706.1704574635&ga_sid=1704574636&ga_hid=1332797025&ga_fc=1&nhd=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&isw=160&ish=612&ifk=962192301&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31079437%2C42531705%2C42532523%2C44798934%2C31080235%2C95320376%2C95320891&oid=2&pvsid=3872663414102045&tmod=397696625&uas=0&nvt=1&fsapi=1&fc=1664&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C160%2C612&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32772&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=1&uci=1.espseou9ugez&fsb=1&dtd=201

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202401030101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-2923503486893931&plah=mspfa.com&bust=31080235

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

dad25abb90eb83a73f494561cba807f987e4ab852bd011ec77de33961723589a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://mspfa.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 513
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sat, 06 Jan 2024 20:57:16 GMT
expires: Sat, 06 Jan 2024 20:57:16 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 2C29 0
20 B 57ms
57ms Image
image/gif 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

Requested by

Host: mspfa.com
URL: https://mspfa.com/um/side.njs

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mspfa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 06 Jan 2024 20:57:15 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame AAED 25 KB
10 KB 503ms
503ms Document
text/html 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2923503486893931&output=html&h=600&slotname=9137734637&adk=2787914377&adf=3279755396&pi=t.ma~as.9137734637&w=160&format=160x600&url=https%3A%2F%2Fmspfa.com%2F%3Fs%3D37955&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1704574635592&bpp=1&bdt=264&idt=202&shv=r20240103&mjsv=m202401030101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=159799387172&frm=23&ife=1&pv=1&ga_vid=1518204706.1704574635&ga_sid=1704574636&ga_hid=1332797025&ga_fc=1&nhd=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1310&ady=102&biw=1600&bih=1200&isw=160&ish=612&ifk=962192301&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31079437%2C42531705%2C42532523%2C44798934%2C31080235%2C95320376%2C95320891&oid=2&pvsid=3872663414102045&tmod=397696625&uas=0&nvt=1&fc=1664&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C160%2C612&vis=1&rsz=%7C%7CoeE%7C&abl=CS&pfx=0&fu=4&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=2.erzoajndnq5g&fsb=1&dtd=205

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

434480c2427c3ffff4d720876f92373caf624c5e469aafcd06a316bd75205ecf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://mspfa.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 10468
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sat, 06 Jan 2024 20:57:16 GMT
expires: Sat, 06 Jan 2024 20:57:16 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame CC45 0
20 B 56ms
56ms Image
image/gif 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=adsense_fc_has_namespace_but_no_iframes&publisherId=ca-pub-2923503486893931&eid=44759875%2C44759926%2C44759837%2C95320238%2C21065724

Requested by

Host: mspfa.com
URL: https://mspfa.com/um/bottom.njs

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mspfa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 06 Jan 2024 20:57:15 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame CB03 3 KB
684 B 217ms
217ms Document
text/html 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2923503486893931&output=html&adk=1812271804&adf=2373185779&plaf=1%3A2%2C2%3A2%2C7%3A2&plat=1%3A128%2C2%3A128%2C3%3A128%2C4%3A128%2C8%3A128%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&plas=500x675_l%7C120x1080_r&format=0x0&url=https%3A%2F%2Fmspfa.com%2F%3Fs%3D37955&ea=0&pra=5&wgl=1&easpi=0&asro=0&asiscm=1&aslmt=0.4&asamt=-1&asedf=0&asefa=1&aseiel=1~2~4~6&aslcwct=150&asacwct=25&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1704574635546&bpp=3&bdt=201&idt=257&shv=r20240103&mjsv=m202401020101&ptt=9&saldr=aa&nras=1&correlator=159799387172&frm=23&ife=1&pv=1&ga_vid=1518204706.1704574635&ga_sid=1704574636&ga_hid=856400704&ga_fc=1&nhd=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&isw=728&ish=102&ifk=1332694701&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C95320238%2C21065724&oid=2&pvsid=1902452695317795&tmod=244406631&uas=0&nvt=1&fsapi=1&fc=1664&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C728%2C102&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32772&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=1&uci=1.leegygiy5xlh&fsb=1&dtd=265

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

dad25abb90eb83a73f494561cba807f987e4ab852bd011ec77de33961723589a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://mspfa.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 513
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sat, 06 Jan 2024 20:57:16 GMT
expires: Sat, 06 Jan 2024 20:57:16 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 18A0 713 B
376 B 483ms
483ms Document
text/html 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2923503486893931&output=html&h=90&slotname=9248610348&adk=2983442208&adf=3279755399&pi=t.ma~as.9248610348&w=728&format=728x90&url=https%3A%2F%2Fmspfa.com%2F%3Fs%3D37955&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1704574635549&bpp=1&bdt=203&idt=264&shv=r20240103&mjsv=m202401020101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=159799387172&frm=23&ife=1&pv=1&ga_vid=1518204706.1704574635&ga_sid=1704574636&ga_hid=856400704&ga_fc=1&nhd=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=542&ady=278&biw=1600&bih=1200&isw=728&ish=102&ifk=1332694701&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C95320238%2C21065724&oid=2&pvsid=1902452695317795&tmod=244406631&uas=0&nvt=1&fc=1664&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C728%2C102&vis=1&rsz=%7C%7CoeE%7C&abl=CS&pfx=0&fu=4&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=2.1hfpvs3vg9s4&fsb=1&dtd=266

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a7c6950b33f948e84bc45b44317e0fdb675246283882b3f8a9db0efceab591ee

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://mspfa.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 353
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sat, 06 Jan 2024 20:57:16 GMT
expires: Sat, 06 Jan 2024 20:57:16 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

POST
H3 200 / Show response
mspfa.com/ 2 KB
2 KB 124ms
123ms XHR
application/json 2606:4700:3035::6815:407c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://mspfa.com/
Requested by: Host: mspfa.com
URL: https://mspfa.com/js/mspfa.js?cb=67
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3035::6815:407c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d5ecd572c0e63a7ed72ecac9fb0bac666353399088c0be7aec69b81742651a21

Request headers

Accept: application/json
Referer: https://mspfa.com/?s=37955
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Sat, 06 Jan 2024 20:57:16 GMT
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"889-V42IAbb+caxu7xQGc5fbjqx0W6o"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JOdjT3fdaTIIXP3S0MmhB1pe3beRwh4Mfwu9thxTIJaCaHPdtxrbDf%2BMAi1q3FhgmaQgRJQgpXnOngMlZnudyMSTQwxh7ZEjuGQZsomEDT%2BGMvWXdmH14XamRV0vuoeETOLMD2KnU5c%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/json; charset=utf-8
access-control-allow-origin: *
cf-ray: 8416df52bca8b770-AMS
alt-svc: h3=":443"; ma=86400
x-magic: real

GET
H2 200 candycorn.gif
file.garden/XtkXmt0HKkSMoz2L/Scraps/ 1 KB
2 KB 252ms
153ms Image
image/gif 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://file.garden/XtkXmt0HKkSMoz2L/Scraps/candycorn.gif

Requested by

Host: mspfa.com
URL: https://mspfa.com/?s=37955

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Express

Resource Hash

449d7aa963c2aa74d7793df0b01cd7034e42084a62df5943714f8f38d8af061e

Security Headers

Name	Value
Content-Security-Policy	default-src file.garden linkh.at data: mediastream: blob: 'unsafe-inline' 'unsafe-eval'

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mspfa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Sat, 06 Jan 2024 20:57:16 GMT
content-security-policy: default-src file.garden linkh.at data: mediastream: blob: 'unsafe-inline' 'unsafe-eval'
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-powered-by: Express
alt-svc: h3=":443"; ma=86400
content-length: 1197
last-modified: Thu, 07 Oct 2021 18:01:24 GMT
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xcJMudBMvN%2ByxANmjD3GhFIzoaTEK2ST0B2wRCEfwgl9SCOMgdltJPfpaz3voq9pS40FGibYMdHed%2BqElIgOTkFhn18sVpc4l1hWOoVDzoO%2F3cUvnLxF0Hl0BRSYuhNhuksK7yqxPkNPRg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
access-control-allow-origin: *
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 8416df5359226693-AMS

GET
H3 200 grayheart.png
mspfa.com/images/ 296 B
762 B 354ms
354ms Image
image/png 2606:4700:3035::6815:407c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mspfa.com/images/grayheart.png
Requested by: Host: mspfa.com
URL: https://mspfa.com/css/mspfa.css?cb=6
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3035::6815:407c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 53c7b752ee3f76701e2468242f45402ee1947f269c5e73ed34f1799a89006622

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mspfa.com/css/mspfa.css?cb=6
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Sat, 06 Jan 2024 20:57:16 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"128-uRQC18kLgFKr//jasDB437318Dc"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7DF0%2B0BN%2FjAfkuZZaDdaSVqICDFXgn3g2oadY8n5TSraqGZjrP7mvW%2FyECcoZYVsW9UFQLXFNVzmzpPigKkHxIR1eyzhasY8N%2FMCJd1Npox6fdqxw2aC0rHbCYSajT8cf5ihpiHUdpU%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=2592000
cf-ray: 8416df52bcaab770-AMS
alt-svc: h3=":443"; ma=86400
content-length: 296
x-magic: real

GET
H3 200 rss.png
mspfa.com/images/ 18 KB
18 KB 355ms
355ms Image
image/png 2606:4700:3035::6815:407c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mspfa.com/images/rss.png
Requested by: Host: mspfa.com
URL: https://mspfa.com/css/mspfa.css?cb=6
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3035::6815:407c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 03a67d4a890d4eabc03ef0fb43984b9ad3d511c49c5678fc482c7097a349556d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mspfa.com/css/mspfa.css?cb=6
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Sat, 06 Jan 2024 20:57:16 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"4655-87oUeFFxOFek4LGKChPPtH+NNbU"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Bu58UkIKDPnwVpi16Pk7LA4mKhegXLKzZJPqKMLvRl0pdO6nK1nyS1wbwzGX0slDM1xfu4Wli4m4A%2FXwmGWjqw04zGa0u%2B09P0m%2BLzVRgSG2%2FhCCm2syPKz6CdZcjBBjQumP2s0mnLQ%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=2592000
cf-ray: 8416df52bcabb770-AMS
alt-svc: h3=":443"; ma=86400
content-length: 18005
x-magic: real

GET
H2 200 e3t4euO8T-267oIAQAu6jDQyK3nVivM.woff2
fonts.gstatic.com/s/pressstart2p/v15/ 12 KB
13 KB 76ms
23ms Font
font/woff2 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/pressstart2p/v15/e3t4euO8T-267oIAQAu6jDQyK3nVivM.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Press+Start+2P

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5bd44fee71c38c481d5b546bf29a65b6a6e69dd4ab89acd8de2d49baeebb8317

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://mspfa.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Thu, 04 Jan 2024 03:04:06 GMT
x-content-type-options: nosniff
age: 237190
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12480
x-xss-protection: 0
last-modified: Tue, 02 May 2023 15:30:42 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 03 Jan 2025 03:04:06 GMT

GET
H3 200 matched.njs Show response
mspfa.com/um/ Frame 6998 845 B
855 B 342ms
342ms Document
text/html 2606:4700:3035::6815:407c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://mspfa.com/um/matched.njs
Requested by: Host: mspfa.com
URL: https://mspfa.com/js/mspfa.js?cb=67
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3035::6815:407c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2911aeced0cbb569265fb9721d83e5c7dd2da4010e12fb694c645b3e7948dc14

Request headers

Referer: https://mspfa.com/?s=37955
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 8416df52ccb4b770-AMS
content-encoding: br
content-type: text/html; charset=utf-8
date: Sat, 06 Jan 2024 20:57:16 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0RzCKvL91nyGKBSYjjYskDwIGzNlw4MotzN%2BzCUwu7sV10Sg4g4OfQKfJycbb%2BsR%2B1OYFklInXf%2BhCeGVVCDidE%2FAUBLACt6JbPlStWLBPE63Y%2F1hCeYhLUejhqAZZ35mhvlvNOdg98%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
x-magic: real

GET
H2 200 AdventureIcon.gif
file.garden/XtkXmt0HKkSMoz2L/ 32 KB
32 KB 266ms
176ms Image
image/gif 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://file.garden/XtkXmt0HKkSMoz2L/AdventureIcon.gif

Requested by

Host: mspfa.com
URL: https://mspfa.com/?s=37955&p=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Express

Resource Hash

fc7913c5659d63128af93916d16b92eef984a6d4159fa24867ff4225a4e4c2d8

Security Headers

Name	Value
Content-Security-Policy	default-src file.garden linkh.at data: mediastream: blob: 'unsafe-inline' 'unsafe-eval'

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mspfa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Sat, 06 Jan 2024 20:57:16 GMT
content-security-policy: default-src file.garden linkh.at data: mediastream: blob: 'unsafe-inline' 'unsafe-eval'
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-powered-by: Express
alt-svc: h3=":443"; ma=86400
content-length: 32824
last-modified: Fri, 23 Oct 2020 05:34:43 GMT
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BsiiGR%2F7u%2FlkMLiKM%2BIOw3hGGgjHJsH%2F%2B5i2rmZhM1nCoCbyjYQ5KwXfd540wJpuFGrJrBeEZNOherQhlt5L4ZWbO%2FXmLdwGBViBwdjEUD3Zl%2BlQVZC2BkPaZBBSNCdT6corJzjVb2cjsA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
access-control-allow-origin: *
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 8416df5359296693-AMS

GET
H2 200 0001.gif
file.garden/XtkXmt0HKkSMoz2L/Act1/ 112 KB
112 KB 348ms
258ms Image
image/gif 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://file.garden/XtkXmt0HKkSMoz2L/Act1/0001.gif

Requested by

Host: mspfa.com
URL: https://mspfa.com/?s=37955&p=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Express

Resource Hash

2ada976efd79d16709fc8c3c036bde9b7a9ce1fbae0519d4e5161984f3e7e5b5

Security Headers

Name	Value
Content-Security-Policy	default-src file.garden linkh.at data: mediastream: blob: 'unsafe-inline' 'unsafe-eval'

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mspfa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Sat, 06 Jan 2024 20:57:16 GMT
content-security-policy: default-src file.garden linkh.at data: mediastream: blob: 'unsafe-inline' 'unsafe-eval'
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-powered-by: Express
alt-svc: h3=":443"; ma=86400
content-length: 114645
last-modified: Wed, 23 Jun 2021 19:55:56 GMT
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=k42GrGtq7OPLxE5%2FLN56RcWPSJQwaw9kL8RH%2FFCfkWDT74YRaw0VKznGHSRTkUYSWYSFArlSQ8tppCAG%2Fpu8S7owA%2FH6GS9lMkJgqT%2FPfMbeO%2FjOOFUfgL%2F6uyOm5XFIeldZLPSty8quRA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
access-control-allow-origin: *
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 8416df5359286693-AMS

GET
H2 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame BAA6 16 KB
12 KB 72ms
72ms XHR
application/json 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20240103&st=env

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a1cb6fdfa1996b75cee2eb24a93a0e3b5e859719c93f45010bbbef5e1da63118

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mspfa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Sat, 06 Jan 2024 20:57:16 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12307
x-xss-protection: 0

GET
H2 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame BAA6 17 KB
7 KB 131ms
73ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mspfa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Sat, 06 Jan 2024 20:57:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Sat, 06 Jan 2024 20:57:16 GMT

GET
H2 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 3EF6 13 KB
5 KB 23ms
22ms Document
text/html 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://mspfa.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 6033
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Sat, 06 Jan 2024 19:16:43 GMT
expires: Sun, 05 Jan 2025 19:16:43 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 4CA9 829 B
1 KB 108ms
34ms Document
text/html 2a00:1450:4001:80f::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

8e7d7594bc11d6f7617a0c3f02479a1a17a1315928ba25a38c50a657fb6aaea1

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-MDQF5_pM4X3K2EIEy-Bx7w' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://mspfa.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=300
content-encoding: gzip
content-security-policy: script-src 'report-sample' 'nonce-MDQF5_pM4X3K2EIEy-Bx7w' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Sat, 06 Jan 2024 20:57:16 GMT
expires: Sat, 06 Jan 2024 20:57:16 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame 6998 147 KB
50 KB 73ms
69ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-2923503486893931

Requested by

Host: mspfa.com
URL: https://mspfa.com/um/matched.njs

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef28a1c128e0933d998989c7ed4f07b73877cbddffc828161ba7256bf37fee89

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://mspfa.com/
Origin: https://mspfa.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Sat, 06 Jan 2024 20:57:16 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 51368
x-xss-protection: 0
server: cafe
etag: 3766856087663790392
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Sat, 06 Jan 2024 20:57:16 GMT

GET
H3 200 Dtt_-LR3WxpzwV0Gscftq1A_D1owstvxoTnWWhwY4Ow.js Show response
pagead2.googlesyndication.com/bg/ Frame 3EF6 39 KB
15 KB 22ms
22ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/Dtt_-LR3WxpzwV0Gscftq1A_D1owstvxoTnWWhwY4Ow.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0edb7ff8b4775b1a73c15d06b1c7edab503f0f5a30b2dbf1a139d65a1c18e0ec

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Sat, 06 Jan 2024 20:40:44 GMT
content-encoding: br
x-content-type-options: nosniff
age: 992
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15165
x-xss-protection: 0
last-modified: Tue, 28 Nov 2023 18:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sun, 05 Jan 2025 20:40:44 GMT

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame D80E 0
20 B 67ms
66ms Document
text/html 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=COGKFRCp6RsYn-n4xgEwAQ&v=APEucNWQ0BM6ggY0gfLIYNMZL2RV1vZJmMZfF0iZhtGa74zog3n0CSm1y4QN9Lj3Nzn4t3Bi51hpjrnyFFLoAU9m_6E3SMs6vQ

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2923503486893931&output=html&h=600&slotname=9137734637&adk=2787914377&adf=3279755396&pi=t.ma~as.9137734637&w=160&format=160x600&url=https%3A%2F%2Fmspfa.com%2F%3Fs%3D37955&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1704574635592&bpp=1&bdt=264&idt=202&shv=r20240103&mjsv=m202401030101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=159799387172&frm=23&ife=1&pv=1&ga_vid=1518204706.1704574635&ga_sid=1704574636&ga_hid=1332797025&ga_fc=1&nhd=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1310&ady=102&biw=1600&bih=1200&isw=160&ish=612&ifk=962192301&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31079437%2C42531705%2C42532523%2C44798934%2C31080235%2C95320376%2C95320891&oid=2&pvsid=3872663414102045&tmod=397696625&uas=0&nvt=1&fc=1664&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C160%2C612&vis=1&rsz=%7C%7CoeE%7C&abl=CS&pfx=0&fu=4&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=2.erzoajndnq5g&fsb=1&dtd=205

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2923503486893931&output=html&h=600&slotname=9137734637&adk=2787914377&adf=3279755396&pi=t.ma~as.9137734637&w=160&format=160x600&url=https%3A%2F%2Fmspfa.com%2F%3Fs%3D37955&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1704574635592&bpp=1&bdt=264&idt=202&shv=r20240103&mjsv=m202401030101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=159799387172&frm=23&ife=1&pv=1&ga_vid=1518204706.1704574635&ga_sid=1704574636&ga_hid=1332797025&ga_fc=1&nhd=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1310&ady=102&biw=1600&bih=1200&isw=160&ish=612&ifk=962192301&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31079437%2C42531705%2C42532523%2C44798934%2C31080235%2C95320376%2C95320891&oid=2&pvsid=3872663414102045&tmod=397696625&uas=0&nvt=1&fc=1664&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C160%2C612&vis=1&rsz=%7C%7CoeE%7C&abl=CS&pfx=0&fu=4&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=2.erzoajndnq5g&fsb=1&dtd=205
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sat, 06 Jan 2024 20:57:16 GMT
expires: Sat, 06 Jan 2024 20:57:16 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame 751A 89 KB
31 KB 150ms
150ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

38eb0379c855f10a0e69073af6b54582216fa37b7e2b1563a1246bbf1ef49642

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Sat, 06 Jan 2024 20:57:16 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 31485
x-xss-protection: 0
server: cafe
etag: 7119415641918660631
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Sat, 06 Jan 2024 20:57:16 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240103/r20110914/client/ Frame 751A 3 KB
1 KB 23ms
22ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240103/r20110914/client/window_focus_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Sat, 06 Jan 2024 14:36:45 GMT
content-encoding: br
x-content-type-options: nosniff
age: 22831
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 20 Jan 2024 14:36:45 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240103/r20110914/client/ Frame 751A 20 KB
8 KB 24ms
23ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240103/r20110914/client/qs_click_protection_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

2f764c969a82705ba7838239087f5ff9b33e978b6bae2657e299b6b14c30ad7f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Sat, 06 Jan 2024 14:36:43 GMT
content-encoding: br
x-content-type-options: nosniff
age: 22833
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8523
x-xss-protection: 0
server: cafe
etag: 16500369019378894752
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 20 Jan 2024 14:36:43 GMT

GET
H2 200 ufs_web_display.js Show response
www.googletagservices.com/activeview/js/current/ Frame 751A 204 KB
65 KB 106ms
54ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8941597d26275d5e8775ac804bffb1d86f749d0cfe471777800a4543e4b65603

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Sat, 06 Jan 2024 20:57:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 65775
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1704286440049996"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 06 Jan 2024 20:57:16 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 751A 42 B
63 B 55ms
55ms Image
image/gif 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-AsWIxXSlzF7aJzuP1e-QRXlFCVgHYRrMqEcSWgxak3ObYa__t84RqNUESuWlRpIGQfJD5bezIXJRVoCYicZ_MYTLYvQdU-e5W6RcuFAI2CyIfamvg

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 06 Jan 2024 20:57:16 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame CC45 16 KB
12 KB 74ms
74ms XHR
application/json 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20240103&st=env

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

499dcc54d1e629c084c673c0a56591bfa188b62d387158dacc7c685e8eed2e25

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mspfa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Sat, 06 Jan 2024 20:57:16 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12296
x-xss-protection: 0

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame CC45 17 KB
6 KB 46ms
46ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mspfa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Sat, 06 Jan 2024 20:57:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Sat, 06 Jan 2024 20:57:16 GMT

GET
H3 200 show_ads_impl_with_ama_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202401020101/ Frame 6998 403 KB
136 KB 82ms
82ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202401020101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-2923503486893931&plah=mspfa.com

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-2923503486893931

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3881a5531bbc84d9d1ffe230b557c65f019948cc7b23eb0bffec9f4beb3f0237

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mspfa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Sat, 06 Jan 2024 20:57:16 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 139475
x-xss-protection: 0
server: cafe
etag: 5026321300880674563
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Sat, 06 Jan 2024 20:57:16 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 4CA9 0
0 55ms
55ms Image
text/html 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20240103&jk=1404744877791781&rc=
Requested by: Host: mspfa.com
URL: https://mspfa.com/?s=37955&p=1
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame 3EF6 0
10 B 22ms
22ms Image
text/plain 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?XlRQkw
Requested by: Host: mspfa.com
URL: https://mspfa.com/?s=37955&p=1
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Sat, 06 Jan 2024 20:57:16 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame EF6F 13 KB
5 KB 23ms
22ms Document
text/html 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://mspfa.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 6033
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Sat, 06 Jan 2024 19:16:43 GMT
expires: Sun, 05 Jan 2025 19:16:43 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 aframe Show response
www.google.com/recaptcha/api2/ Frame E1FE 829 B
770 B 33ms
33ms Document
text/html 2a00:1450:4001:80f::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

b3ec702ce294cd56e8d910fbc991947d94de6d1406b84cf11efd03ee9e5e8a74

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-y1zmKgxeSj7sZP7UwFIfNw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://mspfa.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=300
content-encoding: gzip
content-security-policy: script-src 'report-sample' 'nonce-y1zmKgxeSj7sZP7UwFIfNw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Sat, 06 Jan 2024 20:57:16 GMT
expires: Sat, 06 Jan 2024 20:57:16 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 751A 0
20 B 56ms
56ms Ping
image/gif 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=3566778489424&version=m202309260101

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 06 Jan 2024 20:57:16 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 751A 0
20 B 55ms
55ms Ping
image/gif 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=3566778489424&version=m202309260101&ct=76&x=1&cor=18030935117909440000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 06 Jan 2024 20:57:16 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 751A 82 KB
37 KB 66ms
65ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-CowfbFZPGwdfeBUH4CFAuMi5grL2wxGhdaf2IHJllpgVWDz20dFNq-XDA9FrAZTvjlXrqLhSxRKc0fV-uy11V1RpFQrbEZ7EDPx3YkSzW4eqzLiCNOWqM6mj82dwFRoMxmdVtsCmj5GzCPaTNS-EvAyXv9MmXIJAlaCexlJV6-BaTH1qc&dbm_d=AKAmf-DkXda3zj5uKFU1ez1-AN2mY5phNFXLzWcVIWZRWR9UksaJm8yq8xGpwWt73GI0LICut0zSWGIxS3F41TqofnRBjHV4pg7XfUmbRB94d9x7jV2QlRDR3B0s0RS8YQInJ5gl3rsmwMhiWaucVxN1rKrFJACTnv5oJJketcdP6KmSLtfBSBYQkofTKmuSh0JPP11aYNtuzlDReD_-20JUWkt5zNlmtVir3AhjUf1iRpWG7exwzkntb8Z5MEfJ4vF-eLpEce2oQro0t7mRFbSJzNoabzCGuPWXJ9D_nL_LJEpY5R9cfxShIqBhF_AfbyeEW_IychiQLGqg20IUFJYEsmd-eEKzeefZMBB5mn3CchxJEgzj52WehtEahyZ5fFWr_Dhkyavg6FqE2LzTcm9OrtsPf_r7YaP8VG7gDyvWMNuTHhTU5Qj2kSM7BhIHigqY6m_DhJYypUdP76E4WpZGzTaJV1swdwCg9Sorr2xH3JvR3gY3Y2gsLOqma3gq6lHnHpiO95yL-fAghgyR8sHVw6ZmH1C4SO7Iy62OlMF4cfICKGXoau109R3slFNHxgIV3uXqYpk_fTRzLmH0BwKOkmbAyVf77sl0zREpPIXqz35bedLPabuLPv4f_PIiUvltjEpOdtBttsLUCuDVfyMz5AHa1hHcvAC9XgGjAf5VEovGmMWa0aurfionIn2f_rC9gGpRjRbtGXiDhJRkB8MekhK7Ydxs5o4-muGwHkj3PMLKb2g-wczqIQtCrPvu-80EaSMD5ISkmmTcBf3ymuj4ZDaxFyNSyqFGxtIazxmDYEoekWvPIOrFL13AdzHkp9gz-4EFrs7kylt8Sl1NFaYKMAhNuTOcDxxNAQTXgdMgIADT_2cgRGAt-fyKoK1QfUeJ5w9fBL0jBaX6vt-eyv0GD_QSblnczHOAHtm7I2zevJfuybe52dhLJaX8dR3mBJvemwZcMb5QHwmTShJj4UOZ1YSkcC6-0O3TWdSjyGbfbywp-tRqs_JOhDFGI-hz_rPEd2NauQDpwj7eLPfBa-Xh3vrsl3A7GA5yEJfuC10buDlQh7ILTa9YRg7JhmOeMjhuPk7HQW5TZNh6aaNN1-1LF_u-2Vhv2bsNRD4fkjCJhpiEPYRYft1EUBx37GCpXcXbx8uY9Ypi0Hlpe8MjzSkJIhBhSR3Y0uIbRejrekiodg3qvPG5jrxLHqZjoGjqDL5AQxg8Zf9S41iYA_y5IhiZQNcH1U87utW2DluxJePIiBzcjusJZYQ2YxBfiHqRru79yb8rdgM4VmOW1DgMQxuDOt47asrCTDH-va8llQPwqEIflbPp9KHR33x2lSNcNyigfnNMtrQLbzVXtXeKLZYQuup7rSJGe2N7BcVT-a14kDe2LPmaymvkppwqeXsnpVKWOpMON0476hZ-S3cu5C5P0DUq8AJyoBrIMs4RQdFHljHWj_GypDpfyzbbxlhVnj5cZKYEmd6VY62hemCl4yRjB51sZMpRrC3goy8LmhbNsMhYBs9HoraGeFU6tKiztTeBWriY7ehOfH_l1CwozU9EAIBctVr5VEZSV0sEmLNwdve7Yr1XiLazwT83exo9C4Ysxuj--OFaBdnJnqGAPSO7EhnzQKCBz1NpDoo3oOeLdxZZLiX3YPkjSI1OIaLLeXpm4ldqKTnxAt6j-uTqSMR-W-bXW0UARWxGcwpXEFEJFqCpo1D1J9GeJvAw7JS6xg8aeh93fMFvyg5QXWXPY5WcoF-nN3-1VV5s7J9x64ARdKJIlKlC6O9FxltjCnVPagVnsO-TG_Mzk2LjVZjLx9Yus7DNYwg8TkpAVBh08wxbpmN8oRl3MnqhjqVVs572tYzHpY34VGvpNeXJhSDQPMmlehZ81CCD80c5q9s8sTvI8v0_49j7UduLXmD2AHyFg4DeKuw8UXBrhtyxBqUT303QxwnTmghZoSfKt6WK-_fqHhSMKTxCBQzItaiDghGWAVKDpPLAK6PhGEmJWmY0-NulVy3B40TNYC3Xft9NBMpkF8E7XsxOBltrQCj0LqoPhTpesbBOdM5odQbyxEsTRDdRKaXRFxliQwJPl9czqEXuQalBgQcTwPecgKA4jCgyMWn8PFQEYAFYxeWph1anelC4zO70_hHIfpZyuOOF1zJnFP2APaDtwlc86ZCpLrYmZ1JNlukIR8VHMGbDMWUg5Yn02_cMUuAdv_ltzMpku7XwKLr1zgahAxNAo2U0G6Zr_h9Y8keASxrkBe5lJXJP_I-TrU1Tx1Npd0dJXzjy7KKT8ntS6jX0zUsmzVz0slFp3uE-9zASLN-sm0XZPoK5F0xyDrrN4DC3O5KumZy6mzUClX5hlThK4p_JuICRlEK9fZ1syx1qdOQ6JopjAdXSdlLS6Y5ErRT3D2QYJfuAB0Eu6QUiu4kCvO04jpg8-g_PMn85VbB7kbkJd4bBaHHFmf2A1RStB9WVWGtwcYYAPvahwbjBDomkBH20UTEm72vu_JCE-M9TRL5KpWZgwjaeh_9-PVQZBxinEe-oU2VIqs2DTTjoIw91lFbqR5HqWaXJR6urAdkEXTcw-3wPDnhw2qVbRRxLYb21aHZg7LhtPLMj2BM2lyRIImeUiJ-_vx-02-WyxN2RLSsq8jwZNNvBKE8BPsVACl3N7UoYUYf8I0_WQ2GUSj6dJRh-JwGzvgTZYHeVRezTkQYmtv2xqNXPjARD0e3vlDW9eCfJClc0fowizT0tCSIOJyT4_vfWeeIIFfjkjqwjDeVGSyNFr_7pyfu2gJph2GCA9nT-Ikq-9I6XlH3YGlM1SZNhb0SW6J7_cbbC8ehJUdajowL4s3fqIFcv4ZG8FNw61QDUCqJ2-h6758o40YRqcIXTpc0yxW1J0NnF8nVvh6GEigvbiGrGP73gPvFhILoedLATc6nDrLYppT8r2en7DaHjb6PqMomiSO8-IGE1J5I5eqdoUcE0cdR5u5gZh1e6g-_Wa527Es2M8_dwh39QF5J7AmOhGSgcOl7kPKgTU70bZ9baP9cGNL1kJUHf3Dm-F-9OnN9X4UAi4MwYq-qywpCFl0-AhAZopecIWEAF3a2w9B_Qde_H3nO8VOssvKq4324c-XP6LydW0zriGssaJ8QSSHvTys5gWCkgYCa7u-B0rg2sFMfLTw1pjBpZ0ICi60pRh84Yw0lweDcdbWWRVC70nx7OOW0qTaWiiDB0W7PgYBv7VtEorTQ2akU5elyxIloidcwT4UkmaeRx-ycGsgbBrrPjzFccYdmrX0s2jhs5p0LDlOPhTEMnM4S0w6P_qrwlKMSAuuHT9q_TlnCKaVzcJ_iSztOIhceq3VrdoP5g8t2fNP48X_7H4oGkEewz59jJJKyq82WRASCZ39tt7fQry1eyxEyuZJvq9Kaeoqf8yyqq0wBgRY7Qs1QtG-qxRGdHpoKzDb5k7pSuQwtxqZP6yUC7HVzF5574g0N4XDo6pzbg7La9Mzt6lTdVXBzBSJRxibFX_gdBToamR721kup2gclw3uY--_EHWji_osAHtVNPgEJh1BRgeJDAYqlfV5g5UfNoGhKoG8ovLhp91NM&cid=CAQSTwAvHhf_zsXWJK4YDsumC4xnNlhzL37puWbRqJpXF8x9WhXjxTi_GNwD5v8KlnTY75ZyH4guP8FkjLDSLZoeoskxqxOwv5cUFBbsEngKc3IYAQ&dv3_ver=m202309260101&rfl=https%3A%2F%2Fmspfa.com&ds=l&xdt=1&iif=1&cor=18030935117909440000&adk=2924174887&idt=155&cac=0&dtd=8

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0abf9b4eac3c073ae6ec7e87f3c2f9794c30ed5103530aa69513146af5e57cc9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2923503486893931&output=html&h=600&slotname=9137734637&adk=2787914377&adf=3279755396&pi=t.ma~as.9137734637&w=160&format=160x600&url=https%3A%2F%2Fmspfa.com%2F%3Fs%3D37955&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1704574635592&bpp=1&bdt=264&idt=202&shv=r20240103&mjsv=m202401030101&ptt=9&saldr=aa&prev_fmts=0x0&nras=1&correlator=159799387172&frm=23&ife=1&pv=1&ga_vid=1518204706.1704574635&ga_sid=1704574636&ga_hid=1332797025&ga_fc=1&nhd=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1310&ady=102&biw=1600&bih=1200&isw=160&ish=612&ifk=962192301&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31079437%2C42531705%2C42532523%2C44798934%2C31080235%2C95320376%2C95320891&oid=2&pvsid=3872663414102045&tmod=397696625&uas=0&nvt=1&fc=1664&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C160%2C612&vis=1&rsz=%7C%7CoeE%7C&abl=CS&pfx=0&fu=4&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=2.erzoajndnq5g&fsb=1&dtd=205
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 06 Jan 2024 20:57:16 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 38045
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 Dtt_-LR3WxpzwV0Gscftq1A_D1owstvxoTnWWhwY4Ow.js Show response
pagead2.googlesyndication.com/bg/ Frame EF6F 39 KB
15 KB 21ms
21ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/Dtt_-LR3WxpzwV0Gscftq1A_D1owstvxoTnWWhwY4Ow.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0edb7ff8b4775b1a73c15d06b1c7edab503f0f5a30b2dbf1a139d65a1c18e0ec

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Sat, 06 Jan 2024 20:40:44 GMT
content-encoding: br
x-content-type-options: nosniff
age: 992
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15165
x-xss-protection: 0
last-modified: Tue, 28 Nov 2023 18:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sun, 05 Jan 2025 20:40:44 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame E1FE 0
0 56ms
56ms Image
text/html 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20240103&jk=1902452695317795&rc=
Requested by: Host: mspfa.com
URL: https://mspfa.com/?s=37955&p=1
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame EF6F 0
10 B 22ms
22ms Image
text/plain 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?otso3g
Requested by: Host: mspfa.com
URL: https://mspfa.com/?s=37955&p=1
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Sat, 06 Jan 2024 20:57:16 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20240103/r20110914/ Frame 751A 31 KB
12 KB 21ms
21ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20240103/r20110914/abg_lite.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-CowfbFZPGwdfeBUH4CFAuMi5grL2wxGhdaf2IHJllpgVWDz20dFNq-XDA9FrAZTvjlXrqLhSxRKc0fV-uy11V1RpFQrbEZ7EDPx3YkSzW4eqzLiCNOWqM6mj82dwFRoMxmdVtsCmj5GzCPaTNS-EvAyXv9MmXIJAlaCexlJV6-BaTH1qc&dbm_d=AKAmf-DkXda3zj5uKFU1ez1-AN2mY5phNFXLzWcVIWZRWR9UksaJm8yq8xGpwWt73GI0LICut0zSWGIxS3F41TqofnRBjHV4pg7XfUmbRB94d9x7jV2QlRDR3B0s0RS8YQInJ5gl3rsmwMhiWaucVxN1rKrFJACTnv5oJJketcdP6KmSLtfBSBYQkofTKmuSh0JPP11aYNtuzlDReD_-20JUWkt5zNlmtVir3AhjUf1iRpWG7exwzkntb8Z5MEfJ4vF-eLpEce2oQro0t7mRFbSJzNoabzCGuPWXJ9D_nL_LJEpY5R9cfxShIqBhF_AfbyeEW_IychiQLGqg20IUFJYEsmd-eEKzeefZMBB5mn3CchxJEgzj52WehtEahyZ5fFWr_Dhkyavg6FqE2LzTcm9OrtsPf_r7YaP8VG7gDyvWMNuTHhTU5Qj2kSM7BhIHigqY6m_DhJYypUdP76E4WpZGzTaJV1swdwCg9Sorr2xH3JvR3gY3Y2gsLOqma3gq6lHnHpiO95yL-fAghgyR8sHVw6ZmH1C4SO7Iy62OlMF4cfICKGXoau109R3slFNHxgIV3uXqYpk_fTRzLmH0BwKOkmbAyVf77sl0zREpPIXqz35bedLPabuLPv4f_PIiUvltjEpOdtBttsLUCuDVfyMz5AHa1hHcvAC9XgGjAf5VEovGmMWa0aurfionIn2f_rC9gGpRjRbtGXiDhJRkB8MekhK7Ydxs5o4-muGwHkj3PMLKb2g-wczqIQtCrPvu-80EaSMD5ISkmmTcBf3ymuj4ZDaxFyNSyqFGxtIazxmDYEoekWvPIOrFL13AdzHkp9gz-4EFrs7kylt8Sl1NFaYKMAhNuTOcDxxNAQTXgdMgIADT_2cgRGAt-fyKoK1QfUeJ5w9fBL0jBaX6vt-eyv0GD_QSblnczHOAHtm7I2zevJfuybe52dhLJaX8dR3mBJvemwZcMb5QHwmTShJj4UOZ1YSkcC6-0O3TWdSjyGbfbywp-tRqs_JOhDFGI-hz_rPEd2NauQDpwj7eLPfBa-Xh3vrsl3A7GA5yEJfuC10buDlQh7ILTa9YRg7JhmOeMjhuPk7HQW5TZNh6aaNN1-1LF_u-2Vhv2bsNRD4fkjCJhpiEPYRYft1EUBx37GCpXcXbx8uY9Ypi0Hlpe8MjzSkJIhBhSR3Y0uIbRejrekiodg3qvPG5jrxLHqZjoGjqDL5AQxg8Zf9S41iYA_y5IhiZQNcH1U87utW2DluxJePIiBzcjusJZYQ2YxBfiHqRru79yb8rdgM4VmOW1DgMQxuDOt47asrCTDH-va8llQPwqEIflbPp9KHR33x2lSNcNyigfnNMtrQLbzVXtXeKLZYQuup7rSJGe2N7BcVT-a14kDe2LPmaymvkppwqeXsnpVKWOpMON0476hZ-S3cu5C5P0DUq8AJyoBrIMs4RQdFHljHWj_GypDpfyzbbxlhVnj5cZKYEmd6VY62hemCl4yRjB51sZMpRrC3goy8LmhbNsMhYBs9HoraGeFU6tKiztTeBWriY7ehOfH_l1CwozU9EAIBctVr5VEZSV0sEmLNwdve7Yr1XiLazwT83exo9C4Ysxuj--OFaBdnJnqGAPSO7EhnzQKCBz1NpDoo3oOeLdxZZLiX3YPkjSI1OIaLLeXpm4ldqKTnxAt6j-uTqSMR-W-bXW0UARWxGcwpXEFEJFqCpo1D1J9GeJvAw7JS6xg8aeh93fMFvyg5QXWXPY5WcoF-nN3-1VV5s7J9x64ARdKJIlKlC6O9FxltjCnVPagVnsO-TG_Mzk2LjVZjLx9Yus7DNYwg8TkpAVBh08wxbpmN8oRl3MnqhjqVVs572tYzHpY34VGvpNeXJhSDQPMmlehZ81CCD80c5q9s8sTvI8v0_49j7UduLXmD2AHyFg4DeKuw8UXBrhtyxBqUT303QxwnTmghZoSfKt6WK-_fqHhSMKTxCBQzItaiDghGWAVKDpPLAK6PhGEmJWmY0-NulVy3B40TNYC3Xft9NBMpkF8E7XsxOBltrQCj0LqoPhTpesbBOdM5odQbyxEsTRDdRKaXRFxliQwJPl9czqEXuQalBgQcTwPecgKA4jCgyMWn8PFQEYAFYxeWph1anelC4zO70_hHIfpZyuOOF1zJnFP2APaDtwlc86ZCpLrYmZ1JNlukIR8VHMGbDMWUg5Yn02_cMUuAdv_ltzMpku7XwKLr1zgahAxNAo2U0G6Zr_h9Y8keASxrkBe5lJXJP_I-TrU1Tx1Npd0dJXzjy7KKT8ntS6jX0zUsmzVz0slFp3uE-9zASLN-sm0XZPoK5F0xyDrrN4DC3O5KumZy6mzUClX5hlThK4p_JuICRlEK9fZ1syx1qdOQ6JopjAdXSdlLS6Y5ErRT3D2QYJfuAB0Eu6QUiu4kCvO04jpg8-g_PMn85VbB7kbkJd4bBaHHFmf2A1RStB9WVWGtwcYYAPvahwbjBDomkBH20UTEm72vu_JCE-M9TRL5KpWZgwjaeh_9-PVQZBxinEe-oU2VIqs2DTTjoIw91lFbqR5HqWaXJR6urAdkEXTcw-3wPDnhw2qVbRRxLYb21aHZg7LhtPLMj2BM2lyRIImeUiJ-_vx-02-WyxN2RLSsq8jwZNNvBKE8BPsVACl3N7UoYUYf8I0_WQ2GUSj6dJRh-JwGzvgTZYHeVRezTkQYmtv2xqNXPjARD0e3vlDW9eCfJClc0fowizT0tCSIOJyT4_vfWeeIIFfjkjqwjDeVGSyNFr_7pyfu2gJph2GCA9nT-Ikq-9I6XlH3YGlM1SZNhb0SW6J7_cbbC8ehJUdajowL4s3fqIFcv4ZG8FNw61QDUCqJ2-h6758o40YRqcIXTpc0yxW1J0NnF8nVvh6GEigvbiGrGP73gPvFhILoedLATc6nDrLYppT8r2en7DaHjb6PqMomiSO8-IGE1J5I5eqdoUcE0cdR5u5gZh1e6g-_Wa527Es2M8_dwh39QF5J7AmOhGSgcOl7kPKgTU70bZ9baP9cGNL1kJUHf3Dm-F-9OnN9X4UAi4MwYq-qywpCFl0-AhAZopecIWEAF3a2w9B_Qde_H3nO8VOssvKq4324c-XP6LydW0zriGssaJ8QSSHvTys5gWCkgYCa7u-B0rg2sFMfLTw1pjBpZ0ICi60pRh84Yw0lweDcdbWWRVC70nx7OOW0qTaWiiDB0W7PgYBv7VtEorTQ2akU5elyxIloidcwT4UkmaeRx-ycGsgbBrrPjzFccYdmrX0s2jhs5p0LDlOPhTEMnM4S0w6P_qrwlKMSAuuHT9q_TlnCKaVzcJ_iSztOIhceq3VrdoP5g8t2fNP48X_7H4oGkEewz59jJJKyq82WRASCZ39tt7fQry1eyxEyuZJvq9Kaeoqf8yyqq0wBgRY7Qs1QtG-qxRGdHpoKzDb5k7pSuQwtxqZP6yUC7HVzF5574g0N4XDo6pzbg7La9Mzt6lTdVXBzBSJRxibFX_gdBToamR721kup2gclw3uY--_EHWji_osAHtVNPgEJh1BRgeJDAYqlfV5g5UfNoGhKoG8ovLhp91NM&cid=CAQSTwAvHhf_zsXWJK4YDsumC4xnNlhzL37puWbRqJpXF8x9WhXjxTi_GNwD5v8KlnTY75ZyH4guP8FkjLDSLZoeoskxqxOwv5cUFBbsEngKc3IYAQ&dv3_ver=m202309260101&rfl=https%3A%2F%2Fmspfa.com&ds=l&xdt=1&iif=1&cor=18030935117909440000&adk=2924174887&idt=155&cac=0&dtd=8

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9dfbb8e1be036059aea6dd87bdbefa7ecada3617fb3f404ba4647ebbbf8160b1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Sat, 06 Jan 2024 14:47:36 GMT
content-encoding: br
x-content-type-options: nosniff
age: 22180
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11885
x-xss-protection: 0
server: cafe
etag: 16863283086342074828
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 20 Jan 2024 14:47:36 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20240103/r20110914/elements/html/ Frame 751A 11 KB
4 KB 23ms
23ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20240103/r20110914/elements/html/omrhp.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

712bf11a3755c81fa1ce57249e7a61f6845b843b84aea09889a11478515234ca

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Sat, 06 Jan 2024 14:45:49 GMT
content-encoding: br
x-content-type-options: nosniff
age: 22287
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4206
x-xss-protection: 0
server: cafe
etag: 14415875674906819925
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 20 Jan 2024 14:45:49 GMT

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 751A 0
0 155ms
68ms Fetch
image/gif 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjst50IGatPtvyZ0FGF2kiyxxM871Z7t7sdg9KFLIGC6uSEB-M9WccE_Dnd3mz8M6qcH_UZUmjbDda0HHvDglpWthuZnLDSulqDmMujNtVE_bajJq13u3cDOABVAi2Dt1O7IT0--EvYtiMPrXrfcbukSgTfy22fvUODIbL3v2SM1w_0p4YwBm3MQwCODkkcuj4Lm2Fnm_Q-qtkJp1j1m2lJ8a60ijkUGkmWKGgHOAsd-AR5fmM0XNEpy3pgyJudahcgbz9MwVDpRi11ezAI79gJwTElrDT8KR-fdQQQpyhKsdK80ZSyVKsjtmaBBHQ5U_EZ3Xe6Yj8WCok5Tng-EmNxMHpW3eTewM-Vo6xN_CkVJO9ALSnlZr04LLs_uE8r1Uqx-aoT9bZsV2BH5BSXCEBD8JgMKcEeF3n3Bb44_2oOCfAXYnKEW2E7TMIdT-Mv3QAd4uK0hQecZiY1gJTu04MBGJiV-1VyiFx_txSb2yBw7FNN9ZkVIsSa-2l-HraQfu9HVOVjN-cnpNceedU-jAsVexJqZSen4W9_jepA0AXO5TfqcYC40RxQUDYKZOteKMzEMthB5DWDT21JyP73dAdO2yLnDqLANQqrirt6alErRdibN1hEHcLbqWTU2fVlzt0TS5PbkgP0Qm6c_JRsnBGVkL3lXABPFE0lNBulqcfBAOZBdABiEp3GXfXs1iaupz8Ul_ano4i8bLDNvXyfeMpuJR8BdKCsACbhnADqiBPTWnMBvNmGkSoqRKG3Y_6VRXTXlHI6FpbtPBKLetWl6joHzu3oojmO7wIMjAJ8tIN_Ar3aUJO-MhrvddA2UKDeahG1_f_uYMpBUdUkxiOhcBQ4cWU8qiv_qYQqpc8ugiP4hkbAuzZWXH3Bajytnqcd3FbqcfAQgcfAeltgw6xs4jKh05ltKcRUOo-tCfYjDN5tnfre_KczIbyDZ_aHrPp3-lx3bYN7zx0aUjYAwduGhNRnZIg2dJRWnWWNMyIjXezbu7suQGqP8-bKGTMx7TazmYEb3NF3K8TYGgJWl3cQq3n2FDRlEenq4Gb6dkOkyq8Dcmzfn4HMMT37eqABjnfZOHK44Zf2JD10751bPsRBQiPR5VECFGijS2mGMJSoXa5vfhkdtQUn87EXEk_ad4yUJDHiO9Fep1Jj8mqImLswRi3w8_yEtHxrmH0rdq-qMG5orYPmeGWsssCUd_vZ0qH5GypSapqAkKSVqYvg62GCOOLLCruJN6gQ3cGkxywZSwjjY2y23gCcHtFV-zmu6gK1X1S9SPyTrb-UNVY1azhH0fkk5DAg&sai=AMfl-YQW8yToaH7MMQWg30HRwrSZRtPHpnyRu3DCjJIkmaYc6oSXyVtJxDaj89gQnUM0LsNj-Yxzr5sgCCSVTPLD0OGLUAyJC1rLXOdW1l7EQXNtONAQIEc_6oEitAGwNvPgDTMNNpJTzGWEwFkOLxJkOiv0Eh82faBu1gGflCrOfiq5HpzRz2snvEIa0mNUUHsIHYj-_usEfx2IFTInPdU9p-BIO9U37Xx2JdSynqdiA3T_3mAT9nwKJ3fan77Jkp0TbnUkj7t6onPNnarbyX9l1-BSstiVpAT375S4evw-3g&sig=Cg0ArKJSzFdTTyHna3r0EAE&uach_m=%5BUACH%5D&cry=1&fbs_aeid=%5Bgw_fbsaeid%5D&urlfix=1&omid=0&rm=1&ctpt=1&cbvp=1&cstd=0&cisv=r20240103.93606&arae=0&ftch=1&adurl=

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Sat, 06 Jan 2024 20:57:16 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
content-type: image/gif
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3 200 Q12zgMmT.js Show response
tpc.googlesyndication.com/sodar/ Frame 751A 41 KB
14 KB 23ms
23ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

435db380c9936c0970dcd3d9941eab6aec2fcf2a38c3e2b4e02d957e8e76bd1f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Tue, 02 Jan 2024 13:49:16 GMT
content-encoding: br
x-content-type-options: nosniff
age: 371280
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13937
x-xss-protection: 0
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 01 Jan 2025 13:49:16 GMT

GET
H2 200 4644954165221552858
s0.2mdn.net/simgad/ Frame 751A 92 KB
93 KB 81ms
23ms Image
image/gif 2a00:1450:4001:82f::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/simgad/4644954165221552858

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

492e753c7f204ffb42208a7f742fa7a4c5f30bbcefb15633500f38c3071acb40

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

expires: Wed, 01 Jan 2025 09:56:41 GMT
date: Tue, 02 Jan 2024 09:56:41 GMT
x-content-type-options: nosniff
age: 385235
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 94632
x-xss-protection: 0
last-modified: Mon, 10 Jul 2023 12:37:03 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/gif
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
allow-fenced-frame-automatic-beacons: true

GET
DATA 200
OK truncated
/ Frame 751A 210 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a1c8dbc47a5e324717fb82efee789fe72766111b69ebf52cee674a4444fa40a5

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 62bHydCX.html Show response
tpc.googlesyndication.com/sodar/ Frame BF8B 38 KB
13 KB 23ms
22ms Document
text/html 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/62bHydCX.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

eb66c7c9d097d5ba414230f422484c17fa6f37157d30e1ded2cc5f65a9667987

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 369397
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: br
content-length: 13045
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 02 Jan 2024 14:20:39 GMT
expires: Wed, 01 Jan 2025 14:20:39 GMT
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 Dtt_-LR3WxpzwV0Gscftq1A_D1owstvxoTnWWhwY4Ow.js Show response
pagead2.googlesyndication.com/bg/ Frame BF8B 39 KB
15 KB 22ms
21ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/Dtt_-LR3WxpzwV0Gscftq1A_D1owstvxoTnWWhwY4Ow.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/62bHydCX.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0edb7ff8b4775b1a73c15d06b1c7edab503f0f5a30b2dbf1a139d65a1c18e0ec

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Sat, 06 Jan 2024 20:40:44 GMT
content-encoding: br
x-content-type-options: nosniff
age: 992
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15165
x-xss-protection: 0
last-modified: Tue, 28 Nov 2023 18:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sun, 05 Jan 2025 20:40:44 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 6998 0
20 B 56ms
55ms Image
image/gif 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=adsense_fc_has_namespace_but_no_iframes&publisherId=ca-pub-2923503486893931&eid=44759875%2C44759926%2C44759837%2C31079759%2C31080145

Requested by

Host: mspfa.com
URL: https://mspfa.com/um/matched.njs

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mspfa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 06 Jan 2024 20:57:16 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 917C 3 KB
533 B 227ms
227ms Document
text/html 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2923503486893931&output=html&adk=1812271804&adf=2373185789&plaf=1%3A2%2C2%3A2%2C7%3A2&plat=1%3A128%2C2%3A128%2C3%3A128%2C4%3A128%2C8%3A128%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&plas=500x675_l%7C120x1080_r&format=0x0&url=https%3A%2F%2Fmspfa.com%2F%3Fs%3D37955&ea=0&pra=5&wgl=1&easpi=1&asro=0&asiscm=1&aslmt=0.4&asamt=-1&asedf=0&asefa=1&aseiel=1~2~4~6&aslcwct=150&asacwct=25&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1704574636434&bpp=3&bdt=135&idt=245&shv=r20240103&mjsv=m202401020101&ptt=9&saldr=aa&cookie=ID%3D8cbb09de74ed5ef1%3AT%3D1704574635%3ART%3D1704574635%3AS%3DALNI_MaEsg9b3ZhMRoN6bDv6GJ1NS6xpBg&gpic=UID%3D00000cf10375084b%3AT%3D1704574635%3ART%3D1704574635%3AS%3DALNI_MZLymbtnuwVfYIdBXYmjqG1T3SUkg&nras=1&correlator=159799387172&frm=23&ife=1&pv=1&ga_vid=1518204706.1704574635&ga_sid=1704574637&ga_hid=406294277&ga_fc=1&nhd=1&u_tz=60&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&isw=650&ish=402&ifk=4023565609&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31079759%2C31080145%2C95320869&oid=2&pvsid=3650528201294292&tmod=1208974737&uas=0&nvt=1&fsapi=1&top=https%3A%2F%2Fmspfa.com%2F%3Fs%3D37955%26p%3D1&fc=1664&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C650%2C402&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32772&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=1&uci=1.lru092ec568v&fsb=1&dtd=253

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

dad25abb90eb83a73f494561cba807f987e4ab852bd011ec77de33961723589a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://mspfa.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 513
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sat, 06 Jan 2024 20:57:16 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 6998 0
20 B 55ms
55ms Image
image/gif 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=adsense_fc_has_namespace_but_no_iframes&publisherId=ca-pub-2923503486893931&eid=44759875%2C44759926%2C44759837%2C31079759%2C31080145%2C95320869

Requested by

Host: mspfa.com
URL: https://mspfa.com/um/matched.njs

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mspfa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 06 Jan 2024 20:57:16 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 0184 97 KB
32 KB 380ms
380ms Document
text/html 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2923503486893931&output=html&h=300&slotname=4362772295&adk=966170585&adf=3279755401&pi=t.ma~as.4362772295&w=650&format=650x300&url=https%3A%2F%2Fmspfa.com%2F%3Fs%3D37955&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1704574636437&bpp=1&bdt=138&idt=251&shv=r20240103&mjsv=m202401020101&ptt=9&saldr=aa&cookie=ID%3D8cbb09de74ed5ef1%3AT%3D1704574635%3ART%3D1704574635%3AS%3DALNI_MaEsg9b3ZhMRoN6bDv6GJ1NS6xpBg&gpic=UID%3D00000cf10375084b%3AT%3D1704574635%3ART%3D1704574635%3AS%3DALNI_MZLymbtnuwVfYIdBXYmjqG1T3SUkg&prev_fmts=0x0&nras=1&correlator=159799387172&frm=23&ife=1&pv=1&ga_vid=1518204706.1704574635&ga_sid=1704574637&ga_hid=406294277&ga_fc=1&nhd=1&u_tz=60&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=475&ady=866&biw=1600&bih=1200&isw=650&ish=402&ifk=4023565609&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31079759%2C31080145%2C95320869&oid=2&pvsid=3650528201294292&tmod=1208974737&uas=0&nvt=1&top=https%3A%2F%2Fmspfa.com%2F%3Fs%3D37955%26p%3D1&fc=1664&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C650%2C402&vis=1&rsz=%7C%7CoeE%7C&abl=CS&pfx=0&fu=4&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=2.3evvo7anqhxu&fsb=1&dtd=253

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

52ed64b6502d685f5fbc2d7c508565a51b0dff32707b36f75aa021b286c13670

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://mspfa.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 33023
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sat, 06 Jan 2024 20:57:17 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 751A 0
0 61ms
61ms Fetch
image/gif 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjst50IGatPtvyZ0FGF2kiyxxM871Z7t7sdg9KFLIGC6uSEB-M9WccE_Dnd3mz8M6qcH_UZUmjbDda0HHvDglpWthuZnLDSulqDmMujNtVE_bajJq13u3cDOABVAi2Dt1O7IT0--EvYtiMPrXrfcbukSgTfy22fvUODIbL3v2SM1w_0p4YwBm3MQwCODkkcuj4Lm2Fnm_Q-qtkJp1j1m2lJ8a60ijkUGkmWKGgHOAsd-AR5fmM0XNEpy3pgyJudahcgbz9MwVDpRi11ezAI79gJwTElrDT8KR-fdQQQpyhKsdK80ZSyVKsjtmaBBHQ5U_EZ3Xe6Yj8WCok5Tng-EmNxMHpW3eTewM-Vo6xN_CkVJO9ALSnlZr04LLs_uE8r1Uqx-aoT9bZsV2BH5BSXCEBD8JgMKcEeF3n3Bb44_2oOCfAXYnKEW2E7TMIdT-Mv3QAd4uK0hQecZiY1gJTu04MBGJiV-1VyiFx_txSb2yBw7FNN9ZkVIsSa-2l-HraQfu9HVOVjN-cnpNceedU-jAsVexJqZSen4W9_jepA0AXO5TfqcYC40RxQUDYKZOteKMzEMthB5DWDT21JyP73dAdO2yLnDqLANQqrirt6alErRdibN1hEHcLbqWTU2fVlzt0TS5PbkgP0Qm6c_JRsnBGVkL3lXABPFE0lNBulqcfBAOZBdABiEp3GXfXs1iaupz8Ul_ano4i8bLDNvXyfeMpuJR8BdKCsACbhnADqiBPTWnMBvNmGkSoqRKG3Y_6VRXTXlHI6FpbtPBKLetWl6joHzu3oojmO7wIMjAJ8tIN_Ar3aUJO-MhrvddA2UKDeahG1_f_uYMpBUdUkxiOhcBQ4cWU8qiv_qYQqpc8ugiP4hkbAuzZWXH3Bajytnqcd3FbqcfAQgcfAeltgw6xs4jKh05ltKcRUOo-tCfYjDN5tnfre_KczIbyDZ_aHrPp3-lx3bYN7zx0aUjYAwduGhNRnZIg2dJRWnWWNMyIjXezbu7suQGqP8-bKGTMx7TazmYEb3NF3K8TYGgJWl3cQq3n2FDRlEenq4Gb6dkOkyq8Dcmzfn4HMMT37eqABjnfZOHK44Zf2JD10751bPsRBQiPR5VECFGijS2mGMJSoXa5vfhkdtQUn87EXEk_ad4yUJDHiO9Fep1Jj8mqImLswRi3w8_yEtHxrmH0rdq-qMG5orYPmeGWsssCUd_vZ0qH5GypSapqAkKSVqYvg62GCOOLLCruJN6gQ3cGkxywZSwjjY2y23gCcHtFV-zmu6gK1X1S9SPyTrb-UNVY1azhH0fkk5DAg&sai=AMfl-YQW8yToaH7MMQWg30HRwrSZRtPHpnyRu3DCjJIkmaYc6oSXyVtJxDaj89gQnUM0LsNj-Yxzr5sgCCSVTPLD0OGLUAyJC1rLXOdW1l7EQXNtONAQIEc_6oEitAGwNvPgDTMNNpJTzGWEwFkOLxJkOiv0Eh82faBu1gGflCrOfiq5HpzRz2snvEIa0mNUUHsIHYj-_usEfx2IFTInPdU9p-BIO9U37Xx2JdSynqdiA3T_3mAT9nwKJ3fan77Jkp0TbnUkj7t6onPNnarbyX9l1-BSstiVpAT375S4evw-3g&sig=Cg0ArKJSzFdTTyHna3r0EAE&uach_m=%5BUACH%5D&cry=1&fbs_aeid=%5Bgw_fbsaeid%5D&urlfix=1&omid=0&rm=1&ctpt=136&vt=11&dtpt=135&dett=2&cstd=0&cisv=r20240103.93606&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&arae=0&ftch=1&adurl=

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Sat, 06 Jan 2024 20:57:16 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 2C29 16 KB
12 KB 75ms
75ms XHR
application/json 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20240103&st=env

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c26501dfd0fb7399dbc4b5845d8d339cdfbd84d32c770cf117fb781db161b546

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mspfa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Sat, 06 Jan 2024 20:57:16 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12140
x-xss-protection: 0

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame BF8B 0
20 B 58ms
58ms Image
image/gif 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=44&t=2&bgai=BIZXnrL6ZZeCPH_S-9u8PxtaPoAcAAAAAOAHgBAI&bg=!ysmlyYbNAAY3kmNgF5I7ADQBe5WfOCr7eOB7ZiEp9JDzJD4ivzSqtb7IS6AV733uASF5R4JiA2AWx5Y82iIxUPqHLjszAgAAADxSAAAAAWgBBwoAZQU6PfL37i3bfJ_06LdNcRBeQzOoI9_rmGOUDaINeqC95SrRO-aSXGc36fRDTnYGz50f7qV9gNLjj-JeHw5NHTsm3nx33xtDOW-Zz4nu6ZcZs4kgZqxIfV1ynzxIK4vPnsReS4aqmQMNKV5jbDECnRVF4rVInaKB2XJpe7g7zk05b0k6VtpBpDoBOPfd548DLZCc6dg6_aZfvhW26imxSw85NRYZ3Z9VW0Uw3huTC1PPmrzm404rs_y4XO-rDPjd1YkaStBlcJwt77vnhqC2ylnxn8e3uW87lO17XWX8eWCRplzDQ04FYgDyuwzpZGPN9X4FKFcu6w0PVeDymm_sN_sUQMcs8QZi8NbueTMH1yG8Z0vA2B6OT_zLRrLOSByQ_jYn619u1AZLPK7Fd9En8_qceEQxW3MeyMtHj_jn0R8myQq_mFykwYn-q4-47lqrULVWlxeX6LVCMGs5-KmkzHMFiBKQadl-d8TXjtz2XAmAspgwyr5aBDBd0rAbuztkbz_yQhW2elxkDn96R2j1TddNV1rDyx_Kk4_fvFvF8NXMWtxGLYCGn1k4oiggm501yG0HYeJLqoKknZOnDr3uOyhhXmMxhkWBCpGeLq4iA07jPEzvxLpMzfq_OgDPRAEEY_GHz5tuy2POKYMmyehDrYIiajAf0hpac5YibRU5dd-MdV4tBpEpfM-hFHjKT6q83blRuvV9G063r4Xro15o6zZ9ExZGSDXWoYZVRFcFaxVI5i9gMkcb9A7U8USY_TS8bXg9FfcVL93FbctvEogjDMHpkC16qe13W6aQZ8EoDXjkxvlkG-PggBEwZpUqdGrQB0JboD_yGoBxSpEk_HuXX6CNTJtPNljJiMjqPar11Mnl5qg0eaQHw8qRkkwjTF-D9ZPQBTC6ZyMwkRP4-fXXUjfJq4mGBJaKXr2_513DCXJkH7JuDh8KB__rx8afHLitd_Y-gS7wBZCac7Vl6fNRoG8okMsycqVSqZ339d84z7GKVeV4JyPeWSymGPHgdgrcsH3b6F-bsXlsew_T1A5yTTp6_0GLhgvGWIHKMxPlW55hb__loKTZMMpA67pIjILo8qu4-N8FEyfT77dRvWMG6jMSSvTe6xtG6AzsDZPfoChlku84riFeyIV-c3l_2NKspT6PEvMgBFJpr1civtCxrg1f8WLNJA

Requested by

Host: mspfa.com
URL: https://mspfa.com/?s=37955&p=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 06 Jan 2024 20:57:16 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 2C29 17 KB
6 KB 59ms
59ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mspfa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Sat, 06 Jan 2024 20:57:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Sat, 06 Jan 2024 20:57:16 GMT

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame D36F 13 KB
5 KB 23ms
23ms Document
text/html 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://mspfa.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 6033
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Sat, 06 Jan 2024 19:16:43 GMT
expires: Sun, 05 Jan 2025 19:16:43 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 6167 829 B
561 B 34ms
34ms Document
text/html 2a00:1450:4001:80f::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

966311360a0435296c58e3ada31ba53c9f2673e1d85574505085a1d0512064aa

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-9EYw9iVXBHKmo8cPRikLgA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://mspfa.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=300
content-encoding: gzip
content-security-policy: script-src 'report-sample' 'nonce-9EYw9iVXBHKmo8cPRikLgA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Sat, 06 Jan 2024 20:57:16 GMT
expires: Sat, 06 Jan 2024 20:57:16 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 200 Dtt_-LR3WxpzwV0Gscftq1A_D1owstvxoTnWWhwY4Ow.js Show response
pagead2.googlesyndication.com/bg/ Frame D36F 39 KB
15 KB 21ms
21ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/Dtt_-LR3WxpzwV0Gscftq1A_D1owstvxoTnWWhwY4Ow.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0edb7ff8b4775b1a73c15d06b1c7edab503f0f5a30b2dbf1a139d65a1c18e0ec

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Sat, 06 Jan 2024 20:40:44 GMT
content-encoding: br
x-content-type-options: nosniff
age: 992
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15165
x-xss-protection: 0
last-modified: Tue, 28 Nov 2023 18:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sun, 05 Jan 2025 20:40:44 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 6167 0
0 56ms
56ms Image
text/html 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20240103&jk=3872663414102045&rc=
Requested by: Host: mspfa.com
URL: https://mspfa.com/?s=37955&p=1
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame D36F 0
10 B 22ms
22ms Image
text/plain 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?1DOfqA
Requested by: Host: mspfa.com
URL: https://mspfa.com/?s=37955&p=1
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Sat, 06 Jan 2024 20:57:16 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame BAA6 0
0 59ms
58ms Image
text/html 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gda_r20240103&jk=1404744877791781&bg=!Pj2lPXLNAAY3kmNgF5I7ADQBe5WfOKgkYWB8J2zE1z2mU057Y_Boj0_sGe8pxQRXccGkkilUKrkYlacHoXmjPXJIDGDFAgAAAHdSAAAAAmgBB5kCwjwih3n-AZ_kvFSvoAPE0FRKO17qCyqV8jsaDqKt4JuFGSagwo9Gw7kb28J776vl3LrG2HXgnJOzq43yTm0l5wfpSMW__mZ97MOTF0hfaYskMrEDMRo7oMSmMHakRNLFMIA4Rhv9v9xvU9oObaONjl3lhvjHlIRONSt65HqnPr7dQ_HWwsTIVLyBSP8Aqx3eM9TczoxUifvAWmn58AnCxyA-hjGe1tnjFjN7OC9U0Ft9paE3s7CHWlAm_iZYynN2HFyVwzFhh-FjeRDMRXD9DuKyATlwi7cR5u_Dka1hPTNFpXefFwkQB649G0GhokUr-_EB63oNkrQGaLebNS_Pte2J15klXmgeXU-NrHkB04Vt5Uyt9Rpz3Qs51nfjGVpSeWogJqiQ66S1gj-esr12ch-LzyqpW2x5WikgWDVD2EypFblo3uGFEUQvvw8eBolFhErFjP6t5d8-95jAgmSsnKfAl7iOFsUZ0ex62i7fa4ASS6Sv8ph3XQ2kq9HK_QIis8h-8fZPNpMLn_89OVf6K14vYnBykImzAXJtChP2vKytbUqcMIHzcaH7tLgkpVgfAmpdFnSFB63wEQekngsmhXELU0uMpFiMpfWmAMVns43qi2J_2Qa0lGEKfZtns0Nx5ZQYkZJiQsqGdyTmCsdT0l-vA8OyS5z9ST1TdwzvqMBWPo1nf5XDAicfVSraQXY8W_GjtFflNSCmZGdQwcf6kMtrOvYrQh6RuuJwldfwz3RCfdfQz7GdvqtuWHLlCeuOtcB1bchJw9tXHUzIXKbw8sNJmoopryzVzICDlMzZcNmYHJcrUDGs3sYN7J_W4j3lvmJ0xLPHvVw7OrtRGHjv1y10GUW8ip2URzz4ukusgi8uedHFoQl03XUkiQYkvmqrx02v2xuK2DlirVU2us_zlAwe2t7fa26QVKH3t-SJDhKdU_8
Requested by: Host: mspfa.com
URL: https://mspfa.com/?s=37955&p=1
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mspfa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame CC45 0
0 59ms
59ms Image
text/html 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gda_r20240103&jk=1902452695317795&bg=!4eKl4q3NAAY3kmNgF5I7ADQBe5WfOFMRQ3XaetyASM1-4fv8T-0So2TJwB4qnCEG1DhPpJZxL1w6tsHhnH4KKlyCcDkoAgAAACtSAAAAAmgBB5kCzgVwCGF0e4Gmt9w5SJE0mtfBVabyD-KOJ8BuB9vhVeOAjBbgC9-WVbVxCh4xv8Pg4mBFT7PjI5CwHqdAkKaNafRv4gyPpfRnol9BX9feR80Lmka2dFv09eskI1nuQvZaVW4LTaV3IS7CRXr82rKvvh5DsTtYNO26EGOXCb3twuKzXphBi9dZgZ3gpUM0VCKCO5wixrCfa8t0fhKaVbnOpHW5-lzsKQiRvincBtdlb0_Xslu7jyD69ZJwgLxLr8CDYuCkLdikVGY_K1KxrUskfi9R6fycWDuS3ACUM5aEpGmtWYFqU57iZXgf5yFGuQBzMEdlMad26SJ_jjW_ZgNcUc09ny9fnDBQx6UxmALeLSa-mXOwaB4SY6D_BCADyyXxFjdmedZdmvqC-FLpEKauYEgzp4lUfB4Zkk1WWIl8rWa50g9XhmQf-Ru5LzTsk1h037anuBlHRHswKPMbbfj88Y0e0g6Zg8nZNMS2tvauoSUqjcj5PYxRI4M1SWk6_QkIyiMkgkcVXb3lA1_fPDOTo1FZSkTSBflwzA5YrHQClLdbbWljRr0GEefB37BbJgTG6WVdm2w6VmOR78J3pvdmtK5ilpEev9FupU50cQUMd1-J0OkkSGXJ1Xk1Wwv9xuDX3y0lEPRAtPbuNEdhy6GtKgVkb-in2cG1-LZAiICw0n9_90qi1hd30ULuk0H0b6sgvCkqnbqERM6iWre2sjzrOjT78KLByUr7b65-qXfnWds68g801li0ixNoy70HUNg8EMmT1w71ndA_n3Z_-0_8YhSTmjVUEtz5FzqVzA0rxmnBUAH4e82t5r61p0gLjOKE86U0mDCXYVh5HrfGedero_kOXIBJpYGvztM8LOG5L6bGpGaXMjn6zFum91UZ-NGcpKaXOCxFbBSd0dWXsIfl2VWlyZgk5dGqHK1cQHn6eQRJhRH9CxSRS1d2chPxHiI
Requested by: Host: mspfa.com
URL: https://mspfa.com/?s=37955&p=1
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mspfa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

GET
H2 200 e21910fd923a6283b5d44b2382eabc86.js Show response
www.gstatic.com/mysidia/ Frame 0184 9 KB
4 KB 25ms
24ms Script
text/javascript 2a00:1450:4001:831::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/e21910fd923a6283b5d44b2382eabc86.js?tag=client_fast_engine_2019

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2923503486893931&output=html&h=300&slotname=4362772295&adk=966170585&adf=3279755401&pi=t.ma~as.4362772295&w=650&format=650x300&url=https%3A%2F%2Fmspfa.com%2F%3Fs%3D37955&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1704574636437&bpp=1&bdt=138&idt=251&shv=r20240103&mjsv=m202401020101&ptt=9&saldr=aa&cookie=ID%3D8cbb09de74ed5ef1%3AT%3D1704574635%3ART%3D1704574635%3AS%3DALNI_MaEsg9b3ZhMRoN6bDv6GJ1NS6xpBg&gpic=UID%3D00000cf10375084b%3AT%3D1704574635%3ART%3D1704574635%3AS%3DALNI_MZLymbtnuwVfYIdBXYmjqG1T3SUkg&prev_fmts=0x0&nras=1&correlator=159799387172&frm=23&ife=1&pv=1&ga_vid=1518204706.1704574635&ga_sid=1704574637&ga_hid=406294277&ga_fc=1&nhd=1&u_tz=60&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=475&ady=866&biw=1600&bih=1200&isw=650&ish=402&ifk=4023565609&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31079759%2C31080145%2C95320869&oid=2&pvsid=3650528201294292&tmod=1208974737&uas=0&nvt=1&top=https%3A%2F%2Fmspfa.com%2F%3Fs%3D37955%26p%3D1&fc=1664&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C650%2C402&vis=1&rsz=%7C%7CoeE%7C&abl=CS&pfx=0&fu=4&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=2.3evvo7anqhxu&fsb=1&dtd=253

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

27d5ba2175dc395614adb2c69fe9f4bff9abddef3a7c6e3e30a68587f428a37b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Tue, 02 Jan 2024 01:04:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 417178
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4064
x-xss-protection: 0
last-modified: Thu, 07 Dec 2023 22:13:01 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Mon, 01 Apr 2024 01:04:19 GMT

GET
H3 200 load_preloaded_resource_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240103/r20110914/client/ Frame 0184 2 KB
822 B 22ms
22ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240103/r20110914/client/load_preloaded_resource_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

41d2526e9c4595fc1fc747555bda18a041033a863a9b2ed180e7b5836918facd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Sat, 06 Jan 2024 14:41:09 GMT
content-encoding: br
x-content-type-options: nosniff
age: 22568
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 795
x-xss-protection: 0
server: cafe
etag: 4925184154378345226
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 20 Jan 2024 14:41:09 GMT

GET
H2 200 50459845d1cbd526a76ea757de42d266.js Show response
www.gstatic.com/mysidia/ Frame 0184 23 KB
10 KB 23ms
23ms Script
text/javascript 2a00:1450:4001:831::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/50459845d1cbd526a76ea757de42d266.js?tag=exit_2019

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9caffafcdae7b42e3d074103c18a33640d4edf81401c216e99dbb77a15dfa511

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Fri, 05 Jan 2024 11:31:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 120340
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9842
x-xss-protection: 0
last-modified: Thu, 07 Dec 2023 22:13:01 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Thu, 04 Apr 2024 11:31:37 GMT

GET
H3 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240103/r20110914/ Frame 0184 23 KB
9 KB 23ms
22ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240103/r20110914/abg_lite_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

428f4d59e61cdf9887ad4cd7c4592a24b214d2d9c0ba09db01c4cfde66a3cd11

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Sat, 06 Jan 2024 14:39:26 GMT
content-encoding: br
x-content-type-options: nosniff
age: 22671
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9276
x-xss-protection: 0
server: cafe
etag: 3558958386372919956
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 20 Jan 2024 14:39:26 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240103/r20110914/client/ Frame 0184 3 KB
1 KB 24ms
23ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240103/r20110914/client/window_focus_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Sat, 06 Jan 2024 14:36:45 GMT
content-encoding: br
x-content-type-options: nosniff
age: 22832
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 20 Jan 2024 14:36:45 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240103/r20110914/client/ Frame 0184 20 KB
8 KB 24ms
24ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240103/r20110914/client/qs_click_protection_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

2f764c969a82705ba7838239087f5ff9b33e978b6bae2657e299b6b14c30ad7f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Sat, 06 Jan 2024 14:36:43 GMT
content-encoding: br
x-content-type-options: nosniff
age: 22834
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8523
x-xss-protection: 0
server: cafe
etag: 16500369019378894752
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 20 Jan 2024 14:36:43 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame 0184 0
0 30ms
30ms Image
text/html 2a00:1450:4001:80f::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaQ2vlSMdYpSXB9vocPfwH-SBuQRTc6K7uIiC1OaGcCLj6nhYrpsYwndgdnTts6Ev4PYvpS1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2923503486893931&output=html&h=300&slotname=4362772295&adk=966170585&adf=3279755401&pi=t.ma~as.4362772295&w=650&format=650x300&url=https%3A%2F%2Fmspfa.com%2F%3Fs%3D37955&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1704574636437&bpp=1&bdt=138&idt=251&shv=r20240103&mjsv=m202401020101&ptt=9&saldr=aa&cookie=ID%3D8cbb09de74ed5ef1%3AT%3D1704574635%3ART%3D1704574635%3AS%3DALNI_MaEsg9b3ZhMRoN6bDv6GJ1NS6xpBg&gpic=UID%3D00000cf10375084b%3AT%3D1704574635%3ART%3D1704574635%3AS%3DALNI_MZLymbtnuwVfYIdBXYmjqG1T3SUkg&prev_fmts=0x0&nras=1&correlator=159799387172&frm=23&ife=1&pv=1&ga_vid=1518204706.1704574635&ga_sid=1704574637&ga_hid=406294277&ga_fc=1&nhd=1&u_tz=60&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=475&ady=866&biw=1600&bih=1200&isw=650&ish=402&ifk=4023565609&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31079759%2C31080145%2C95320869&oid=2&pvsid=3650528201294292&tmod=1208974737&uas=0&nvt=1&top=https%3A%2F%2Fmspfa.com%2F%3Fs%3D37955%26p%3D1&fc=1664&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C650%2C402&vis=1&rsz=%7C%7CoeE%7C&abl=CS&pfx=0&fu=4&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=2.3evvo7anqhxu&fsb=1&dtd=253
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:80f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

GET
H2 200 ufs_web_display.js Show response
www.googletagservices.com/activeview/js/current/ Frame 0184 204 KB
64 KB 69ms
69ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8941597d26275d5e8775ac804bffb1d86f749d0cfe471777800a4543e4b65603

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Sat, 06 Jan 2024 20:57:17 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 65775
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1704286440049996"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 06 Jan 2024 20:57:17 GMT

GET
H2 200 3152570674043255071
s0.2mdn.net/simgad/ Frame 0184 888 KB
888 KB 24ms
23ms Image
image/jpeg 2a00:1450:4001:82f::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/simgad/3152570674043255071

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

65f5e05c1d85d170ecfe1edce8e3abd835b7aeb58a230cb72ad17d544d83d7e2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

expires: Wed, 01 Jan 2025 15:41:57 GMT
date: Tue, 02 Jan 2024 15:41:57 GMT
x-content-type-options: nosniff
age: 364520
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 908995
x-xss-protection: 0
last-modified: Fri, 28 Jul 2023 01:53:50 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
allow-fenced-frame-automatic-beacons: true

GET
DATA 200
OK truncated
/ Frame 0184 218 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 12cd2f13f96d02bce68ef570c163673c23fcaa426605cc7260ae204768de8446

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Content-Type: image/png

GET
H3

200

/
www.googleadservices.com/pagead/ar-adview/ Frame 0184
Redirect Chain

https://googleads.g.doubleclick.net/pagead/adview?ai=CH158rL6ZZZKELK-D1fAPlai0-Ayl0fL6dITa_qDDEmQQASChlfMoYJWCgICYB6ABvL3SmQPIAQaoAwGqBPABT9AHIw5CT1uTPaYuoXaxTVwpxXqFN60EBA1vlH5WVtWXujZVuK5EL7yaEyq...
https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%2212903717613665221267%22,%22debug_reporting%22:true,%22destination%22:%22https://fewo-direkt.de%22,%22event_report_window%2...

0
0

105ms
58ms

Fetch
text/css

172.217.16.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%2212903717613665221267%22,%22debug_reporting%22:true,%22destination%22:%22https://fewo-direkt.de%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%22859086524%22],%2222%22:[%22true%22],%224%22:[%2201-06%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%2211764514632417322353%22}&andc=true

Protocol

Server

172.217.16.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

zrh04s06-in-f130.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Sat, 06 Jan 2024 20:57:17 GMT
x-content-type-options: nosniff
attribution-reporting-register-source: {"debug_key":"12903717613665221267","debug_reporting":true,"destination":"https://fewo-direkt.de","event_report_window":"259200","expiry":"2592000","filter_data":{"2":["859086524"],"22":["true"],"4":["01-06"],"6":["true"]},"priority":"500","source_event_id":"11764514632417322353"}
server: cafe
content-type: text/css; charset=UTF-8
access-control-allow-origin: https://googleads.g.doubleclick.net
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Sat, 06 Jan 2024 20:57:17 GMT

Redirect headers

content-security-policy: script-src 'none'; object-src 'none'
date: Sat, 06 Jan 2024 20:57:17 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
location: https://www.googleadservices.com/pagead/ar-adview/?nrh={"debug_key":"12903717613665221267","debug_reporting":true,"destination":"https://fewo-direkt.de","event_report_window":"259200","expiry":"2592000","filter_data":{"2":["859086524"],"22":["true"],"4":["01-06"],"6":["true"]},"priority":"500","source_event_id":"11764514632417322353"}&andc=true
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3 200 ad
googleads.g.doubleclick.net/dbm/ Frame 0184 42 B
63 B 48ms
47ms Image
image/gif 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-CITFUMY6Yc-huwfh7z_MmE8LQP4tS7fsJFZJcY2Rk3-vlWiduzXdP4HWSZ4eqlgWWl2UK7YTHJt-rnjph_V0VNFVV2EsP9avApRgaZ65lC5XlEW37riSJILzvWof2HbjPeI9o6FxeMOam5i55UPIDj2Mf9zw&dbm_d=AKAmf-AVzIVgFQZM6MSLe4-JcD6Fb5PcBf9v6C1FniDS54434qHtpmQUE7unJa35UlBaRioaWvDLeQJAZ2xeFDojZY5AX2ng6SQpUg5T9DqYCrL2xt2x-6NXklteWM-7vCPf9dDZUKz-LUnQBhXsmmIJ9Dih7gPgqis1bXAu7EiM2rdZjug6m4NWJ3VkXg0Qx8bGvvKX1oEoZ9tnKJPePSnYo24R5RtKbJe4cVhKCBcdh7YawOG3U_Ik3CbHE_d4_6leFwbC-i7D4GKSJy1nKLPQemtOtdgr9pgOqVT6CFLqlw4wgg8abPQLfzxP0cKFNPdOwbCPATisL7vKlRfoimkrSORBztqNgj9lekxKnHJv5Eclnr9FKDThla2Flbq5HMpI5YyoRHtdDsbFsyHaEsp2vfrUCikgEUevAHQmUjuxzvZB5V0RGrhW_eej7t05d7v2YYmH3fiSiyh5MfpQUGr_BpZXwksbyEyUqPWacXwLjng4Gd-tLxn7am0J_s_ISSivZy88BrYCfE5dWXqGpSxaxvQUparlaVWATQZIwN9AnuiC8cVNLzNmCusmeCViOxCzh0Nkjv2HPknip1EMTihjEjjaVXuEcac_XJ2cqslRBDxGIc2Ae4YzDOvf95-bXsDhgnjbOe7OCsUzTL5_EcJ2INoipg4MyIXmS5z3B1zur3qlIP3_8rma33AtOZ6l_M1rIFAR1tSCUAWFggGQppzEi1qKi_tEaGv7Vydk5XIfgz2bOhqiH8nzA4cWdnZzL2g-69p1FwMrI3r6A1_a9IKNSZwzFKwAHzKfyTjfIH-FYPQVH5bJAkCDfEdG51XIXzxGE1dtnpO8drx4OwOaWipzjfSJ59Sk1NHFvvVUuR_UisPWoauudrQw4Lf6Gubw-1BV5-K8hlKGMy9aVz2cx7dzfF7WInfq3JEFpJmc4fMhhyJ9_pd8V1MvWiDTKVFJolXYHX0AelyMCkL4o98JedxYYl1PoaKnCpc6b_KhezblO-mm1y6Ivnep8yBOycSxjylJ6XRojWYjn96PLiwD7-xkm94E684XRla3Rl7Ch1phf3nGn26TyN6XhSfubjLFLUZ0dxkAc84S0P1_jsG8Ptt4FBH_l0W32OJSw0Jt9eXojvO7X9t8giUfswGzAgMpUth8mr61gFaYubWrclS7RHVkk7a4PLNugbhT3j8gimyOw1V1Gums0smOOeDEJW1UzFxvcifQCJL4k0PAcbxXI1FpjadDsi_03Ha5HppFylSCQUsYly0plJQ6gFnVpMCjAxn2fIPobFvPd8nPuhKFXAgD1g7kpMUumWGn8mdPHRaZzb0cmRz-tHz1jduSMPgmGHskBmTgIPkg-01OYbIhJJxFhdzwZXIWjyHFPVUHZtTbOvvIMOg02cR7WekCgq_4r188QbTdZF-RRiXgqHlccjZ41j2RHp_fj73_jZD1H059NfwONZmRocG--IFTMxDDPMc9Wo9joLLCTgV2F9mWnXVCbv74fYX8ccN6_ZNBpCCOh4-rrHtM74AGjFU4huoxCJgc7dGYp5TPazh3RtgYeU6Myj5BgVMEoOLIvZ-RnYUzb12jtApktq3Qwx9DHS3Rv_FYlJpvBa6J_CtPrDjZDFMI3pfknyYdIM8RLbI1_67fmsqgAJiRHwvV9u43O-8QAgL28s_LYJbTqLYJWcAPBTjfh9ubaP_-wUlcaatiZrzMGoDvxxCXVNRHZ6XYdDjKHwmVnH6Mg7zTTLEgzGPLczfhPHNa7zOOtZN7xbe8YZaDMzSRTH10ZMcJLxmblPREdmBXkOPxv6hpuuQxlxrf6Wg5mLfY7vNvGhcy3DFfelrUA3jA1ZV1OYccbK_r3FPAfiIdxjmaedeBRdqwI3nw78ZmS4eyHa57LHVHbbMvdDzf0dvcROznq_DojYoiHcBokmo6CBSX478ojVLC8DKEIKz91WFbBAbCvlh99aJ-ByfsPyTW9oE-yHSmg43iJDDaP6xV-5_uS3rMouNe4Jk32Tbu90sbxVv41puNPaOpva3osN_OSDGuXCFFBQDtCOYZt_5u1RVKNgRV0QnUOCeLXGKP3zf0ugJrI5b_kSD72u3jrUkyFB9huGGwRp1xEmDHUWLZRTaLzHkYlm6h8BIiDyyiFRN4N1SmxLhwCdmnxxn-cf_aPfMbqMBm7vq3qphkZUL3kKJpSi9lL-dE5GYWjqgUzcY4iRdTUF0RFAQx9mN6kR8ZC1ZkP_DaqN9fjbJ51lQeXLnAZnCS46_dQ1RFl8SUUfDA4VCNf17tbcQupN7O8onQ1iLfFBct-ybzgbGuSiPBeMWIyRKAYE0CgCPSM7QblmB08cb7q34dyKcFUXroQ_qAN-qMETc2CAQnCgqOt4_qmv5kxu9QuqLk898uAOlqvrMrJ48hUB0zRwQvpbfiYDcFFhbCYPBYGVvoocKkUbNR1hXKBL9Hs4qYpotEBkwKEOdFDzI39rPo3ONQhByhhpAMBa-5ICfNRoPKMRPWKwtkZy3GhAG4XW_pv1Atj3U-9Fe_KOBLqvmen-NL1iAV-o5jTCMPLIE6YvTqj1O5YjdwrXwY3WDZjH6L8tWTIEJPQzKMPXvtYEMbmJsEYC3PWNQZ5_n5he-4tdXkZwHkITZIB9vAOHNYA3OJKCVRkoo-YI1de4Wyk9gsDHb75k4xVPC1yMxJz6shqq8q_Q7EBFsjYbp_fGXrUpGaFa3dX8Z7KEmZxQb-vXcx9CEbLnR8qz8tsr-prKNubut4mHLujWdGvhHY8gqh-NAOh9eqfZOfxGrBua1nEntMA1d7JlLREr6Dhxq5wkFgztfKgsRSMcJaE7kXoiMpdTme6jLwKudR5mYcc1J11JX9b4XowmgnveTt_5Drb_Q7fuxJ7oyWy_TCbxcYSN8AptnmEPsGt4ltD3PosRY3THnOxsWNUVhiLtZYIUZRteX5_B0ob2XKyQOXPlQaoANM9Lr4qLnGLEbQtVcimdMAsL3hG80bOaUIFVrHFSkZGy8LbBcOuR89-QwrIe4UgIBjS9Sg1jwz4EG5bM9sMLVOk3PWm-PgAzHOO01vWU_E_RGAR1pUlBGFYUJKGS02GS5l76fvLnGrKjzzqamKEd4T4WACt-y4RR5mjLLcugkgQHDSalp55daHR-9Qzq9S00sB40laX8kWZc5M3WKVlt1it-4DKWptFdVuahLk4YEOcAk-qr26O2mj0OkmRpan_3IQYmgAWxRei1pa7fITBUY-xM95uwixMJSnQX1xW-WP9I579faAUV5urKtTkaR6ZW2np-VaM2JW2hTK1YXKL0h3qEu1HGWQhr73LP8aKbd2lvcPOfgBc1ErSk0eZ09WhW-4-j9xL9jD4p21s443IeUuc2l2Xz6gHew5SKDyXo-VqCmFojldSaGFEtZaBlXntUxZ5YrCc7XRAJAxUkFUSEHeztmtDGWQZnuCBlgQE_9VgnkNmCuEq0WrTy2oj0eSqn5RO6wxabwlFv6BIsJMT7fRriEAIB-9bMMsrvF9HGvA-YrQI4p-Wg-aDAG0YM4r0a9Ea6uxapIeiXh0O40zHwNFKoTGm8AiC6UaeJZO2iZ0ktcKk4COueBvNoiv9zeKFqgFTQOULnP4Zyij-SBoPQB5nXrzMQKAQhLv1yzrJO7GXqTMIk-09bmuREyMWlZgIa-d2mkx-vQVheWfaYVBXBX6qvirVa1cQ3YFxt1IiRqOum6PH55maMyCY9-W59TsyjLAqE4YyDbqXqBt41Jn34ZMCqe7AOQwBLD84o4wl7jtaEZjDNxBYYugvJIkMkxl658R&cid=CAQSPAAvHhf_q4ekePIFhtjUjAvcBIoM_qKGwCPUw19Ihu2FakzC0wdn2gR2MlU_KK_g_xVv6gaNDlRdsVYFvRgB&dc_exteid=31443852083561894047417100292363848&dc_pubid=4&cbvp=2

Requested by

Host: mspfa.com
URL: https://mspfa.com/um/matched.njs

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2923503486893931&output=html&h=300&slotname=4362772295&adk=966170585&adf=3279755401&pi=t.ma~as.4362772295&w=650&format=650x300&url=https%3A%2F%2Fmspfa.com%2F%3Fs%3D37955&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1704574636437&bpp=1&bdt=138&idt=251&shv=r20240103&mjsv=m202401020101&ptt=9&saldr=aa&cookie=ID%3D8cbb09de74ed5ef1%3AT%3D1704574635%3ART%3D1704574635%3AS%3DALNI_MaEsg9b3ZhMRoN6bDv6GJ1NS6xpBg&gpic=UID%3D00000cf10375084b%3AT%3D1704574635%3ART%3D1704574635%3AS%3DALNI_MZLymbtnuwVfYIdBXYmjqG1T3SUkg&prev_fmts=0x0&nras=1&correlator=159799387172&frm=23&ife=1&pv=1&ga_vid=1518204706.1704574635&ga_sid=1704574637&ga_hid=406294277&ga_fc=1&nhd=1&u_tz=60&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=475&ady=866&biw=1600&bih=1200&isw=650&ish=402&ifk=4023565609&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C31079759%2C31080145%2C95320869&oid=2&pvsid=3650528201294292&tmod=1208974737&uas=0&nvt=1&top=https%3A%2F%2Fmspfa.com%2F%3Fs%3D37955%26p%3D1&fc=1664&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C650%2C402&vis=1&rsz=%7C%7CoeE%7C&abl=CS&pfx=0&fu=4&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=2.3evvo7anqhxu&fsb=1&dtd=253
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 06 Jan 2024 20:57:17 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 6998 16 KB
12 KB 71ms
71ms XHR
application/json 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20240103&st=env

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9438dae40799eeaa26d4c425c4d665a39280d3600e81e04d7a5c60d85f8fa03d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mspfa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Sat, 06 Jan 2024 20:57:17 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12166
x-xss-protection: 0

OPTIONS
H2 204 /
www.googleadservices.com/pagead/ar-adview/ Frame 0
0 119ms
57ms Preflight
text/html 172.217.16.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.16.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

zrh04s06-in-f130.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: attribution-reporting-eligible
Access-Control-Request-Method: GET
Origin: https://googleads.g.doubleclick.net
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: attribution-reporting-eligible
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-origin: https://googleads.g.doubleclick.net
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
content-type: text/html; charset=UTF-8
date: Sat, 06 Jan 2024 20:57:17 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 6998 17 KB
6 KB 39ms
39ms Script
text/javascript 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mspfa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Sat, 06 Jan 2024 20:57:17 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Sat, 06 Jan 2024 20:57:17 GMT

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 81E4 13 KB
5 KB 23ms
23ms Document
text/html 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://mspfa.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 6034
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Sat, 06 Jan 2024 19:16:43 GMT
expires: Sun, 05 Jan 2025 19:16:43 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame B4C2 829 B
561 B 35ms
35ms Document
text/html 2a00:1450:4001:80f::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

18e47a6d0ae539e521e6f920c96224a16c6b791d4dc1f590bcec142cedf22263

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-qklvOBCxzOQKxdWnjPsgHA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://mspfa.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=300
content-encoding: gzip
content-security-policy: script-src 'report-sample' 'nonce-qklvOBCxzOQKxdWnjPsgHA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Sat, 06 Jan 2024 20:57:17 GMT
expires: Sat, 06 Jan 2024 20:57:17 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 200 Dtt_-LR3WxpzwV0Gscftq1A_D1owstvxoTnWWhwY4Ow.js Show response
pagead2.googlesyndication.com/bg/ Frame 81E4 39 KB
15 KB 22ms
21ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/Dtt_-LR3WxpzwV0Gscftq1A_D1owstvxoTnWWhwY4Ow.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0edb7ff8b4775b1a73c15d06b1c7edab503f0f5a30b2dbf1a139d65a1c18e0ec

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Sat, 06 Jan 2024 20:40:44 GMT
content-encoding: br
x-content-type-options: nosniff
age: 993
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15165
x-xss-protection: 0
last-modified: Tue, 28 Nov 2023 18:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sun, 05 Jan 2025 20:40:44 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame B4C2 0
0 55ms
55ms Image
text/html 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20240103&jk=3650528201294292&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame 81E4 0
10 B 24ms
23ms Image
text/plain 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?SniaKg
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Sat, 06 Jan 2024 20:57:17 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 2C29 0
0 58ms
58ms Image
text/html 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gda_r20240103&jk=3872663414102045&bg=!FxSlFFvNAAY3kmNgF5I7ADQBe5WfOG67VYSG9e99A8QAncGVP27t6DaEQiw4QT6E1Nmj-v5IRc2O0d9ktTyCSi8kL6kXAgAAADBSAAAAAmgBB5kCyNYgVImVThfXP05Lwiy9xdnWQ-qxFSsaxj8xo7JqsqWGw-5HHo5Rjv_lC8D4r-N-2eJgkQ24wPROIaIrODjDTdMiA_N4rrILxVfZ1CeJcsyTPJ9NJR0U7S0HeRim7ReCKvLN3J93GxYptFTTuqPsbbVKxHAY8X0k-Cf5nYt3d9td5RZ3eOrZtr9pdpxX6woh5THp0hzdO6iioq9ZqJVmfxx-bcc26t7n2IwJmMlR_1UDHKztaGnRKdzRWnu0irWdv5DKYjnrZnXeqkVC7SVYH0L3nD2xf26Knq7mpaYkXJd1z6rLjpnH3wlccrWM8gFp0B3xGDxYF2P1mvCB923BFiiuqhgeZxfHDYynzz_4_dD6fcI2GBf_fRG-Bsvvj9BMVpx6yj34EgGX9KGe_Kxdu7ilfvFVO0sauvzY-tMGhRb5p5D2IJY_6eJpfgJjXFKZtPzruxwZuqNWl64MdZ0tuPn2VV1ZnIfaok7UQ4OWESpDwFVnnCObRaKdHzlAr8aD07t842x_NzDrn7p_SY0VuTeETZ6DbRR5QANox4ZRfpIYlzwZE7mwYYTqc2KveigHuR7LdCmMK0rA9uzfot6ylQb8c96iIuIdH073vrJshsjjp7A2crdnDboEcI5QCTbx-HgJHKVGzwTYMzaqfHkoB44JTebjFnSjBShexmb258VYHh9EO1aB9HwoZcLD9WQ3cQlU-yDbGcdlrVUvBVK1pdEOLQO6q4kvep62wWDwnFuBhrIDI7iYGuqZZBLcHbZ6wnLROU2f63_ywZy7Dx1YiupML0whUJ0nTqVKgsu2S54f1hf7eo-TytDVbumbEyqMHsNzyf9EgczhwVlcjTosWFPNyE-P1hNsSHvRSBOFOmkKM2cUrD9e-O7ZS4pEtrFwPsqF-Nu1wSEZekGEkMyyEjT8JVf3vvRLX2yvS5pHHjj58wOvDw8x8gs
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mspfa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 751A 0
20 B 56ms
56ms Ping
image/gif 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=3566778489424&version=m202309260101&ct=76&x=1&cor=18030935117909440000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 06 Jan 2024 20:57:17 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 751A 42 B
64 B 62ms
62ms Fetch
image/gif 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvh52lpP5GWqXZhilclnpFWxPpqQ9vsOxDJqKzKiyKMKpa3dK3zNEai11mxBca1I8zNh1bnK5ebwGZ5MBtfSvssJDXZpFkRbqSTMGwzXnXAOYlTRu3_WYVNPYM_rNxfBx33sx96EOwzov9Tq77kblxoILty&sai=AMfl-YRdWlo2LI1ejhMBGlZltKxuxsGdi_2cvVaDpE-39Yn-JPgZM6BHbVXLCKS7jzZpljkDOJ6-Ew-33dv5Kzmkh2UUJmh9p0FnIuUpE8RyBPdN0l5Q1-obvbjopj7U8SR_g0Dmc9z-N-DTlEK8RL1B2w&sig=Cg0ArKJSzLD256lkPeZeEAE&cid=CAQSTwAvHhf_zsXWJK4YDsumC4xnNlhzL37puWbRqJpXF8x9WhXjxTi_GNwD5v8KlnTY75ZyH4guP8FkjLDSLZoeoskxqxOwv5cUFBbsEngKc3IYAQ&id=lidar2&mcvt=1003&p=0,0,600,120&mtos=1003,1003,1003,1003,1003&tos=1003,0,0,0,0&v=20240103&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=2787914377&rs=2&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&vs=4&r=v&rst=1704574636317&rpt=392&met=ie&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 06 Jan 2024 20:57:17 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 6998 0
0 58ms
58ms Image
text/html 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gda_r20240103&jk=3650528201294292&bg=!PD-lP3DNAAY3kmNgF5I7ADQBe5WfOOqHqkWzo1w4o1kyCDXdVvCZO8We35UPXJ_HzlRxAiHeDXwt2KkoiM6Z00uoGpi4AgAAADpSAAAAAmgBBwoAX0jZxJ6f0ewVzY6oMO-pgOWNqUdL0YrAVUTwXnYQYhc8fi3T7HW-1Mu66iZPMLrHUBEmkgaKyKhcZ_0XZ0XSY9KL7Ex_B58r33HAlvGE_moneC4NZSndTQENcsgHr3r4mQLJVEUVwelb9Ed15QSFZKw-bZmSf2mti80fjJeDPmcoHurBha6aUDYK2KWt0FzCSRq_z3Rg4zHJR1Q2gdwUhLRLhPDrHN9JJtIyR6uH599ZHvm7H3A6Sw-7eaYNbRFmURiLCGvbQDIoAIf1c8_IYlG4e_43bkS9tkhJQ--IKrHmieb2EM7jeCnmm21ui6-lvfFmb8lwqDmzAqyib_geiJ3MeBj4DKvCiZ2890bRXo-7gUxH_Y8d6hWofgtVhcTFWBlBacEl85WWYypA9e4oLCOJBcIsdLnxQzjfMhS2pvSNX4UYGt0O8ZFucYRJBk48Vr_dNQa67ww83uWl-E4CJKoXtlzDK3Q3YpKZgckQ8kadEgRDVBOqJbE9JUJL5K9m00p_sq4zfraE4T95wKj-vIz1dl5ErVboLKF-F7wC_B6aX5zIrSxox5PgKKr-CIpdJ1-LfWNKftqFXv2oTq8nK4hlih9f-RfOj4ZwhOuWCms4sIqD1tmzN5b-MLtHJfKOkffFXvpsmyGkoVRHFADV7-IgcPYsKN_Up1AIr7ItWeaj7yN0lFN-dSbTnFhNWgysOVQS7DHvkYypaTIPUfjWHlD2eMSD2eBunE2BNA-NsZ0XNg6ruiAhYUAFAdl5Y5IyOok4BSHQfNeI6NYOcp03dy_7oiaWOZ5OQ48znVTDOnOaCMRY0J2UoRXZbT64Stm77jAFYU5lZiZ2djorRfkT8ZQQw-8fTg_wlKtJmwURuOR77o3nBh9XWEcffZZHzEH7NldQjM-a0hTotFkvms9QU9fIaiz7yKW93DOaK53_LYBA22E1rEl3LoL3SIOHwwLRhHl-IQ0NpQf1Ah7wgqyAhw7eQAPaKA5fr0ap73VccGov3yiL0-SkkOuKUnnGZbPdbuvUyxSohwku9rkWpX1X3MVW0DZBd1wWcHE-PIXOzNBhjxq9ywRvRWxheeg
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mspfa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 0184 42 B
64 B 61ms
61ms Fetch
image/gif 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjssGlwxCC5ipTb3OXbG-wbdfDKdXaAvqBh5WnKlbTJVAOa_otloLpY9lV44Q7VORxlMitraxM9Pnj0YCg-eqzdhJs2np9h6c07iQgSlVbHsndDgHp84GpBhA3eNgysCyK3tU7NOwOIvnkYS5pbWOfoNpqgLI&sai=AMfl-YRPJpfsOeHN9xUJ1ndmbm96wdBJ-qHm9lVCMbdj2HMus5Z4iXeEU85yIUbJa367I61wdQlzdGCKo33OXWW72k08uTg5i5tiICpDn2mw5p30pZpkrvzoO1kVaY6p&sig=Cg0ArKJSzPpljFdsqXOUEAE&cid=CAQSPAAvHhf_q4ekePIFhtjUjAvcBIoM_qKGwCPUw19Ihu2FakzC0wdn2gR2MlU_KK_g_xVv6gaNDlRdsVYFvRgB&id=lidar2&mcvt=1000&p=0,0,300,650&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20240103&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=22&adk=966170585&rs=2&la=0&cr=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&vs=4&r=v&rst=1704574636690&rpt=521&met=mue&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 06 Jan 2024 20:57:18 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Verdicts & Comments Add Verdict or Comment

24 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

11 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.google.com/	1970-01-20 21:53:05	Name: NID Value: 511=J_PRhGAvBIkGY1guElC6av3G_gxpzBV7POP3hkiUnpoEZcIWqPJuLWGkUBBpwM9EpB2SSqEX8jQi_Mi9Apfwn6X88h29Tep7zTQbJBhx7s5AIM3fgP-YDzBfFrsXXqNlplqMh8DIedq2lqun8MyiRndfl3hixqueyvVMHKMbsYI
.mspfa.com/	1970-01-21 03:05:34	Name: _ga_1PXKHYX2CY Value: GS1.1.1704574635.1.0.1704574635.0.0.0
.mspfa.com/	1970-01-21 03:05:34	Name: _ga Value: GA1.1.1518204706.1704574635
mspfa.com/	1969-12-31 23:59:59	Name: magic Value: real
.mspfa.com/	1970-01-21 03:05:34	Name: G_ENABLED_IDPS Value: google
mspfa.com/	1970-01-21 03:05:34	Name: commentary-enabled Value: 0
.doubleclick.net/	1970-01-21 02:51:10	Name: IDE Value: AHWqTUnZPdr7BQGjfcNTxDFcb2VwZeWJeni9olwU_FOgPzHpWZi3CSb8ZFOf_-FP
.doubleclick.net/	1970-01-20 21:48:46	Name: APC Value: AfxxVi7eVqKiPiwO_KOqh0b96U8_8zxEoObZazVZpm9Hlwm4hDyWhw
.mspfa.com/	1970-01-21 02:51:10	Name: __gads Value: ID=8cbb09de74ed5ef1:T=1704574635:RT=1704574635:S=ALNI_MaEsg9b3ZhMRoN6bDv6GJ1NS6xpBg
.mspfa.com/	1970-01-21 02:51:10	Name: __gpi Value: UID=00000cf10375084b:T=1704574635:RT=1704574635:S=ALNI_MZLymbtnuwVfYIdBXYmjqG1T3SUkg
.googleadservices.com/	1970-01-20 19:39:10	Name: ar_debug Value: 1

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	warning	URL: https://apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.de.Vfl3xXWFLmk.O/m=auth2/rt=j/sv=1/d=1/ed=1/rs=AHpOoo86I-Lz9xExGf4hsd4WDA5L6jMrIA/cb=gapi.loaded_0?le=scs(Line 186) Message: An iframe which has both allow-scripts and allow-same-origin for its sandbox attribute can escape its sandboxing.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

accounts.google.com
apis.google.com
file.garden
fonts.googleapis.com
fonts.gstatic.com
googleads.g.doubleclick.net
googleads4.g.doubleclick.net
mspfa.com
pagead2.googlesyndication.com
region1.google-analytics.com
s0.2mdn.net
sburbtas.mspfa.com
tpc.googlesyndication.com
www.google.com
www.googleadservices.com
www.googletagmanager.com
www.googletagservices.com
www.gstatic.com
142.250.186.98
172.217.16.130
2001:4860:4802:34::36
2606:4700:3035::6815:407c
2606:4700:3036::ac43:b916
2a00:1450:4001:80f::2004
2a00:1450:4001:810::2002
2a00:1450:4001:812::2002
2a00:1450:4001:813::2003
2a00:1450:4001:81c::200e
2a00:1450:4001:827::2001
2a00:1450:4001:828::2008
2a00:1450:4001:82b::2002
2a00:1450:4001:82f::2006
2a00:1450:4001:831::2003
2a00:1450:4001:831::200a
2a00:1450:400c:c09::54
2a06:98c1:3120::3
03a67d4a890d4eabc03ef0fb43984b9ad3d511c49c5678fc482c7097a349556d
0abf9b4eac3c073ae6ec7e87f3c2f9794c30ed5103530aa69513146af5e57cc9
0c27e371fef7b6b3bcb5befc6f8e9bd249fd76f45cca171bb646cc86f784dcca
0edb7ff8b4775b1a73c15d06b1c7edab503f0f5a30b2dbf1a139d65a1c18e0ec
12cd2f13f96d02bce68ef570c163673c23fcaa426605cc7260ae204768de8446
13968c344791e8cb48bccfdf3559b83b8a42b722cabcbc7161ab8ef3ba102d27
18e47a6d0ae539e521e6f920c96224a16c6b791d4dc1f590bcec142cedf22263
1a7ac6fa21c4046373f22832ba6ce9c1fd0b067f9a854bbe3949699bc144ba9f
1af155dbabd3d3d99fe75644c67d72212968c01ff1343344e20636969cf84771
1bccae4a2fa46956417b7bc20e3cbc3efe52d8aa79e6452e76668ac6e2758026
1dcb5b2d771ba0f6f2d5fd5e4b892d8c3a09399958c2d18d76fcbdc62ab56247
24c36d2e65f8fd6fb1aec8297e898dc610161e7cd7b812e49491c30d60ea0d61
27d5ba2175dc395614adb2c69fe9f4bff9abddef3a7c6e3e30a68587f428a37b
2911aeced0cbb569265fb9721d83e5c7dd2da4010e12fb694c645b3e7948dc14
2ada976efd79d16709fc8c3c036bde9b7a9ce1fbae0519d4e5161984f3e7e5b5
2f764c969a82705ba7838239087f5ff9b33e978b6bae2657e299b6b14c30ad7f
304c04bdeeef0f2b062a1c77da2f98c8df7c3abbde560237ae3f29853a98caad
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
3881a5531bbc84d9d1ffe230b557c65f019948cc7b23eb0bffec9f4beb3f0237
38eb0379c855f10a0e69073af6b54582216fa37b7e2b1563a1246bbf1ef49642
3eff02f8fd885f648241e70f9b2507e13f26b9a253073cb49980fa701c84b629
3f96f090d1b4a1c2b0bb3cfe24c4e7b0d4732d9ca9df479c862aa0eb10e42147
41d2526e9c4595fc1fc747555bda18a041033a863a9b2ed180e7b5836918facd
428f4d59e61cdf9887ad4cd7c4592a24b214d2d9c0ba09db01c4cfde66a3cd11
434480c2427c3ffff4d720876f92373caf624c5e469aafcd06a316bd75205ecf
435db380c9936c0970dcd3d9941eab6aec2fcf2a38c3e2b4e02d957e8e76bd1f
449d7aa963c2aa74d7793df0b01cd7034e42084a62df5943714f8f38d8af061e
4836b6031bc4af96767f0121fa458714583340054aea6338ef99a1bc4011f43b
492e753c7f204ffb42208a7f742fa7a4c5f30bbcefb15633500f38c3071acb40
499dcc54d1e629c084c673c0a56591bfa188b62d387158dacc7c685e8eed2e25
52ed64b6502d685f5fbc2d7c508565a51b0dff32707b36f75aa021b286c13670
53c7b752ee3f76701e2468242f45402ee1947f269c5e73ed34f1799a89006622
55996ca93c2c9fadd593b22c02a818a1f70ca07791779092d1fc3259989316f3
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
5bd44fee71c38c481d5b546bf29a65b6a6e69dd4ab89acd8de2d49baeebb8317
5d6761121e36dada7b2cb2088e9749ddc66c64da9a262386e1e358c8dbbeeeeb
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
6494e5d57e95e616a57e1b8461002b1dd6ecdfffb63d846673cb245d75f3be38
65f5e05c1d85d170ecfe1edce8e3abd835b7aeb58a230cb72ad17d544d83d7e2
712bf11a3755c81fa1ce57249e7a61f6845b843b84aea09889a11478515234ca
749fe22e0680f2d4d77b7741910e9740767a97865fa3dc0c5361627db2de7e58
7a68e85969b392991fd8b13baefd6c794308912bfc25a044b1d3b9ac7537374d
7b65fd93b3b357a91df9268bc0012fcc0f58d8b902491ce2bc3c8c10e0bac154
8941597d26275d5e8775ac804bffb1d86f749d0cfe471777800a4543e4b65603
8e7d7594bc11d6f7617a0c3f02479a1a17a1315928ba25a38c50a657fb6aaea1
9438dae40799eeaa26d4c425c4d665a39280d3600e81e04d7a5c60d85f8fa03d
966311360a0435296c58e3ada31ba53c9f2673e1d85574505085a1d0512064aa
9caffafcdae7b42e3d074103c18a33640d4edf81401c216e99dbb77a15dfa511
9dfbb8e1be036059aea6dd87bdbefa7ecada3617fb3f404ba4647ebbbf8160b1
a1767312a5516d196a3683b83931a24a9a87669b63d5ec294fe19f479c7e5a7f
a1c8dbc47a5e324717fb82efee789fe72766111b69ebf52cee674a4444fa40a5
a1cb6fdfa1996b75cee2eb24a93a0e3b5e859719c93f45010bbbef5e1da63118
a7c6950b33f948e84bc45b44317e0fdb675246283882b3f8a9db0efceab591ee
a951eefcb9be697e43611ba4eca19aff74594f051a4fd60dd6c3eededfd852c1
b1eb9ba34e4307d0579566b2c1010d569cafae392e7c53f38c1d975376e7070a
b2b23f5654a02f82252e56b125b59be14f91d5ee952f710e1964c7e2f459ab63
b3ec702ce294cd56e8d910fbc991947d94de6d1406b84cf11efd03ee9e5e8a74
badde797653a016bb5572385cd34e57a0774625f0ed2569f075ce7b961ccaac3
c26501dfd0fb7399dbc4b5845d8d339cdfbd84d32c770cf117fb781db161b546
c4f8aa197bc4c7d9f715c6e432942b7094c34266ff2a57a55c820f15e6259441
d33c6b78c22e775802b68c6a3df3856ea0ed6da3eb444e45ab84c5f217941f3d
d5ecd572c0e63a7ed72ecac9fb0bac666353399088c0be7aec69b81742651a21
d76831690bb50ba96a984e8b154765598b9fe118a1ea5482737f0d5aef2deb02
d85f21be5db07a2ea03381f9ba5f984d5fd971f4ceb3174957e8cb6f28949aa9
dad25abb90eb83a73f494561cba807f987e4ab852bd011ec77de33961723589a
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e93b8c0ae5b5910b7107c8b455eda029935c56efa8de0be2443d8eabba207197
eb66c7c9d097d5ba414230f422484c17fa6f37157d30e1ded2cc5f65a9667987
ed00b5e1f578f3bc8d525f1e3e37eca032b703b7dea53ce5b312a2024cb24c0b
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
ef28a1c128e0933d998989c7ed4f07b73877cbddffc828161ba7256bf37fee89
fc7913c5659d63128af93916d16b92eef984a6d4159fa24867ff4225a4e4c2d8

mspfa.com Open in urlscan Pro 2606:4700:3036::ac43:b916 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

118 Requests

99 %HTTPS

89 %IPv6

12 Domains

18 Subdomains

19 IPs

3 Countries

2765 kBTransfer

5735 kBSize

11 Cookies

5 Outgoing links

Page URL History

Redirected requests

118 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 2 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

mspfa.com Open in urlscan Pro
2606:4700:3036::ac43:b916 Public Scan

Screenshot
Live screenshot

Full Image

118
Requests

99 %
HTTPS

89 %
IPv6

12
Domains

18
Subdomains

19
IPs

3
Countries

2765 kB
Transfer

5735 kB
Size

11
Cookies

118 HTTP transactions
2 data transactions