ar-deko.su Open in urlscan Pro
2a06:98c1:3121::7 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://ar-deko.su/hanovercounty.gov
Submission: On March 03 via manual (March 3rd 2022, 12:25:52 am UTC) from US — Scanned from DE

Summary HTTP 73 Redirects Behaviour Indicators

Summary

This website contacted 22 IPs in 5 countries across 16 domains to perform 73 HTTP transactions. The main IP is 2a06:98c1:3121::7, located in United States and belongs to CLOUDFLARENET, US. The main domain is ar-deko.su.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on October 11th 2021. Valid for: a year.

This is the only time ar-deko.su was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
6	2a06:98c1:312... 2a06:98c1:3121::7	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	143.204.101.162 143.204.101.162	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:4001:808::2008	15169 (GOOGLE) (GOOGLE)
7	2a00:1450:400... 2a00:1450:4001:802::2002	15169 (GOOGLE) (GOOGLE)
1	2001:4de0:ac1... 2001:4de0:ac18::1:a:3a	20446 (HIGHWINDS3) (HIGHWINDS3)
7	2a00:1450:400... 2a00:1450:4001:830::2002	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:810::200e	15169 (GOOGLE) (GOOGLE)
1	142.250.184.226 142.250.184.226	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:829::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:811::2002	15169 (GOOGLE) (GOOGLE)
3	185.29.132.246 185.29.132.246	30419 (MEDIAMATH...) (MEDIAMATH-INC)
5	2a00:1450:400... 2a00:1450:4001:82f::2001	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:812::2002	15169 (GOOGLE) (GOOGLE)
1	138.201.63.165 138.201.63.165	24940 (HETZNER-AS) (HETZNER-AS)
1	2.18.233.201 2.18.233.201	16625 (AKAMAI-AS) (AKAMAI-AS)
4	138.201.63.157 138.201.63.157	24940 (HETZNER-AS) (HETZNER-AS)
1	2a00:1450:400... 2a00:1450:4001:800::200a	15169 (GOOGLE) (GOOGLE)
4	37.157.6.252 37.157.6.252	198622 (ADFORM) (ADFORM)
20	37.157.6.235 37.157.6.235	198622 (ADFORM) (ADFORM)
1	2a00:1450:400... 2a00:1450:4001:829::2004	15169 (GOOGLE) (GOOGLE)
3	2606:4700::68... 2606:4700::6810:135e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
73	22

6 2a06:98c1:3121::7 (United States)

ASN13335 (CLOUDFLARENET, US)

ar-deko.su	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cdn.ar-deko.su	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 143.204.101.162 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-101-162.fra50.r.cloudfront.net

dhbhdrzi4tiry.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:808::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a00:1450:4001:802::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4de0:ac18::1:a:3a (Netherlands)

ASN20446 (HIGHWINDS3, US)

code.jquery.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a00:1450:4001:830::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:810::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.184.226 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s12-in-f2.1e100.net

partner.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:829::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:811::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 185.29.132.246 (United Kingdom)

ASN30419 (MEDIAMATH-INC, US)

tags.mathtag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:82f::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:812::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 138.201.63.165 (Reilingen, Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.165.63.201.138.clients.your-server.de

hal9000.redintelligence.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2.18.233.201 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-233-201.deploy.static.akamaitechnologies.com

pixel.mathtag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 138.201.63.157 (Reilingen, Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.157.63.201.138.clients.your-server.de

hal90007.redintelligence.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:800::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

ajax.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 37.157.6.252 (Denmark)

ASN198622 (ADFORM, DK)
PTR: s1.adform.net

track.adform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

20 37.157.6.235 (Denmark)

ASN198622 (ADFORM, DK)

s1.adform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:829::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700::6810:135e (United States)

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
24	adform.net track.adform.net — Cisco Umbrella Rank: 3334 s1.adform.net — Cisco Umbrella Rank: 8028	197 KB
12	googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 90 tpc.googlesyndication.com — Cisco Umbrella Rank: 122	201 KB
7	doubleclick.net googleads.g.doubleclick.net — Cisco Umbrella Rank: 38	21 KB
6	ar-deko.su ar-deko.su cdn.ar-deko.su	21 KB
5	redintelligence.net hal9000.redintelligence.net — Cisco Umbrella Rank: 28803 hal90007.redintelligence.net — Cisco Umbrella Rank: 203003	7 KB
4	mathtag.com tags.mathtag.com — Cisco Umbrella Rank: 2892 pixel.mathtag.com — Cisco Umbrella Rank: 1093	3 KB
3	cloudflare.com cdnjs.cloudflare.com — Cisco Umbrella Rank: 194	25 KB
2	google.com adservice.google.com — Cisco Umbrella Rank: 57 www.google.com — Cisco Umbrella Rank: 2	2 KB
2	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 31	20 KB
2	cloudfront.net dhbhdrzi4tiry.cloudfront.net	279 KB
1	googleapis.com ajax.googleapis.com — Cisco Umbrella Rank: 251	32 KB
1	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 147	39 KB
1	google.de adservice.google.de — Cisco Umbrella Rank: 8832	792 B
1	googleadservices.com partner.googleadservices.com — Cisco Umbrella Rank: 716	645 B
1	jquery.com code.jquery.com — Cisco Umbrella Rank: 588	29 KB
1	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 54	37 KB
73	16

	Domain	Requested by
20	s1.adform.net	track.adform.net s1.adform.net ar-deko.su
7	googleads.g.doubleclick.net	pagead2.googlesyndication.com ar-deko.su
7	pagead2.googlesyndication.com	ar-deko.su pagead2.googlesyndication.com tpc.googlesyndication.com www.googletagservices.com
5	tpc.googlesyndication.com	googleads.g.doubleclick.net pagead2.googlesyndication.com tpc.googlesyndication.com
4	track.adform.net	hal90007.redintelligence.net s1.adform.net
4	hal90007.redintelligence.net	hal9000.redintelligence.net hal90007.redintelligence.net
3	cdnjs.cloudflare.com	s1.adform.net
3	tags.mathtag.com	googleads.g.doubleclick.net tags.mathtag.com
3	cdn.ar-deko.su	ar-deko.su cdn.ar-deko.su
3	ar-deko.su	ar-deko.su
2	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com
2	dhbhdrzi4tiry.cloudfront.net	ar-deko.su
1	www.google.com	tpc.googlesyndication.com
1	ajax.googleapis.com	hal90007.redintelligence.net
1	pixel.mathtag.com	tags.mathtag.com
1	hal9000.redintelligence.net	ar-deko.su
1	www.googletagservices.com	googleads.g.doubleclick.net
1	adservice.google.com	pagead2.googlesyndication.com
1	adservice.google.de	pagead2.googlesyndication.com
1	partner.googleadservices.com	pagead2.googlesyndication.com
1	code.jquery.com	ar-deko.su
1	www.googletagmanager.com	ar-deko.su
73	22

This site contains no links.

Subject Issuer	Validity	Valid
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2021-10-11` - `2022-10-10`	a year	crt.sh
*.cloudfront.net Amazon	`2022-02-01` - `2023-01-31`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2022-02-17` - `2022-05-12`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2022-02-17` - `2022-05-12`	3 months	crt.sh
*.jquery.com Sectigo RSA Domain Validation Secure Server CA	`2021-07-14` - `2022-08-14`	a year	crt.sh
*.googleadservices.com GTS CA 1C3	`2022-02-17` - `2022-05-12`	3 months	crt.sh
*.google.de GTS CA 1C3	`2022-02-17` - `2022-05-12`	3 months	crt.sh
*.google.com GTS CA 1C3	`2022-02-17` - `2022-05-12`	3 months	crt.sh
*.mathtag.com DigiCert SHA2 Secure Server CA	`2020-04-15` - `2022-04-22`	2 years	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2022-02-17` - `2022-05-12`	3 months	crt.sh
redintelligence.net R3	`2022-01-27` - `2022-04-27`	3 months	crt.sh
pixel.mathtag.com DigiCert SHA2 Secure Server CA	`2021-06-29` - `2022-07-07`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2022-02-17` - `2022-05-12`	3 months	crt.sh
track.adform.net DigiCert TLS RSA SHA256 2020 CA1	`2021-09-06` - `2022-10-07`	a year	crt.sh
www.google.com GTS CA 1C3	`2022-02-17` - `2022-05-12`	3 months	crt.sh

This page contains 12 frames:

Primary Page: https://ar-deko.su/hanovercounty.gov
Frame ID: AE69E2A10C01022D19EB0417F3724C3C
Requests: 20 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20220228/r20190131/zrt_lookup.html
Frame ID: 16E4CB26BEC775CFD9E7F3FFBC527FDA
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-0401673461163526&output=html&adk=1812271804&adf=3025194257&lmt=1646267147&plat=3%3A32%2C4%3A32%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Far-deko.su%2Fhanovercounty.gov&ea=0&flash=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1646267147438&bpp=2&bdt=168&idt=109&shv=r20220228&mjsv=m202202240101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=7111713296875&frm=20&pv=2&ga_vid=2122408744.1646267148&ga_sid=1646267148&ga_hid=1245227457&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531397%2C44750774%2C31060033%2C44756431&oid=2&pvsid=3926138564529050&pem=250&tmod=682907973&uas=0&nvt=1&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=126
Frame ID: 7DC80821370B1DBB8547BF27E7D0BFB4
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-0401673461163526&output=html&h=280&slotname=9185659687&adk=1066549570&adf=813095257&pi=t.ma~as.9185659687&w=769&fwrn=4&fwrnh=100&lmt=1646267147&rafmt=1&psa=0&format=769x280&url=https%3A%2F%2Far-deko.su%2Fhanovercounty.gov&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1646267147440&bpp=2&bdt=169&idt=130&shv=r20220228&mjsv=m202202240101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=7111713296875&frm=20&pv=1&ga_vid=2122408744.1646267148&ga_sid=1646267148&ga_hid=1245227457&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=215&ady=94&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531397%2C44750774%2C31060033%2C44756431&oid=2&pvsid=3926138564529050&pem=250&tmod=682907973&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=hQfdBlVmbs&p=https%3A//ar-deko.su&dtd=134
Frame ID: 192706F29AA570809559BD4B2DC3BE0D
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-0401673461163526&output=html&h=280&slotname=6499964204&adk=2647452932&adf=3890462116&pi=t.ma~as.6499964204&w=769&fwrn=4&fwrnh=100&lmt=1646267147&rafmt=1&psa=0&format=769x280&url=https%3A%2F%2Far-deko.su%2Fhanovercounty.gov&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1646267147442&bpp=1&bdt=171&idt=135&shv=r20220228&mjsv=m202202240101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C769x280&nras=1&correlator=7111713296875&frm=20&pv=1&ga_vid=2122408744.1646267148&ga_sid=1646267148&ga_hid=1245227457&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=215&ady=855&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531397%2C44750774%2C31060033%2C44756431&oid=2&pvsid=3926138564529050&pem=250&tmod=682907973&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&fsb=1&xpc=2Gynwj3esz&p=https%3A//ar-deko.su&dtd=140
Frame ID: 8EFC06BDD4A107414C449C8E6B4D6F19
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-0401673461163526&output=html&h=280&slotname=5218494511&adk=3938979412&adf=2315468765&pi=t.ma~as.5218494511&w=769&fwrn=4&fwrnh=100&lmt=1646267147&rafmt=1&psa=0&format=769x280&url=https%3A%2F%2Far-deko.su%2Fhanovercounty.gov&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1646267147443&bpp=1&bdt=172&idt=141&shv=r20220228&mjsv=m202202240101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C769x280%2C769x280&nras=1&correlator=7111713296875&frm=20&pv=1&ga_vid=2122408744.1646267148&ga_sid=1646267148&ga_hid=1245227457&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=215&ady=3582&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531397%2C44750774%2C31060033%2C44756431&oid=2&pvsid=3926138564529050&pem=250&tmod=682907973&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=4&uci=a!4&btvi=1&fsb=1&xpc=g7T8H4cS9o&p=https%3A//ar-deko.su&dtd=143
Frame ID: 1E440BF00E0645D26EAC04EDBB19B850
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-0401673461163526&output=html&h=280&slotname=8802516303&adk=143785488&adf=2938917947&pi=t.ma~as.8802516303&w=370&fwrn=4&fwrnh=100&lmt=1646267147&rafmt=1&psa=0&format=370x280&url=https%3A%2F%2Far-deko.su%2Fhanovercounty.gov&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1646267147444&bpp=1&bdt=173&idt=144&shv=r20220228&mjsv=m202202240101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C769x280%2C769x280%2C769x280&nras=1&correlator=7111713296875&frm=20&pv=1&ga_vid=2122408744.1646267148&ga_sid=1646267148&ga_hid=1245227457&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1015&ady=94&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531397%2C44750774%2C31060033%2C44756431&oid=2&pvsid=3926138564529050&pem=250&tmod=682907973&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=5&uci=a!5&fsb=1&xpc=eVdv33HUPi&p=https%3A//ar-deko.su&dtd=146
Frame ID: 45C370D2267B276082B198D3B8186C4E
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/adview?ai=Clbi2CwsgYumGJaTZ7_UPtteoqA3Ph46bXMCG2YLGAsCNtwEQASAAYJXikIKgB4IBF2NhLXB1Yi0wNDAxNjczNDYxMTYzNTI2yAEJqAMBqgS_AU_QegrunGkEDDMVHjQ6oxqPt2FBYywDqTRLmVCJpYJGpIK6wK1VK2lJqLMcgimOIjpdi8cqrMaS2cBBrTF8IqTCf3gU98RAkMMt0u7tTJqQbp1HCr-doPqia__IzmgN-HQofyURc-6T6hK_DyNicrD3-ziL8f-ptQ7OvldTiWfCG5Do6SYr5OtjOwhRMFIb5O6eUiRklCuAMqvHWpxuYjDLfIatzooe4lUDTxh9eyslpBM5cwR_Gd3dbxW50gVTgAbW3qLJ4pK-0Z0BoAYhqAemvhuoB5bYG6gHqpuxAqgH35-xAtgHANIIBwiA4YAQEAGACgH6CwIIAYAMAdAVAYAXAbIXGgoYEhRwdWItMDQwMTY3MzQ2MTE2MzUyNhgA&sigh=g_VdD76yB1s&uach_m=[UACH]&cid=CAQSGwCNIrLMAa-wvd15xY8ZQGSZGeK_7XRTLbGfExgB&tpd=AGWhJmu-1Nrpd9_2_QNrvCJmdMYmOsWFK6L3zv6MkiLjCvPcC7iDY-ryXGxE-JwD5kDYMVr3nslOuRm6d8pDOpNLqfcxXG1WIH8X6LxUImjbyiX1iFN8T1aPPZGjiPkAbsmPx-j5JmEBf-eORsUCpfIDqX_QQtSsvl391N5XJA0kDQ7iSMSAdYyj5uOz_P_tZIMqTcW5-angO_JU-5FqKvu8mP2FPx3t23EkgR_LsEmGOGlCcNSOQBRXG1tMai5sMlaewcT-qApMVXqosWhuI4Gi-P9i5HpW9bgSCoQDmhpTPof3B_LzxRv1by4hAiZwdf2c27SnnGNtAFGQ00urO5hHWd7g1CxK1qxEgwBUtrftb_pu1tKrCijWTrKZaBL_ibXEbKMvg2mYbcfbEhYW4uMkj-yCRbtgAutaDzHLg-mNyoJaKmMj65vIWR-i7FxeEh757lGdjc9x7UM_56_6r7YxQAv4jcIZFAHCaNY5pfzywA8nlEdjLvMYgLNaFMjMonOkLMpPKu2O4d8PlTCKvidH0gqujN5iW8ghtCHLpnVha88uBB4tE0zSw9w5FJ4y2_MY2gwJK_sAJytnh-8wghHd89KXKE7bE64WtMo4dKx0IPnSh3E8f2GCeVdlPpqn0AlfyxuEXz2mPb_S8XyFS1QzJJBKsBmVNndmuLQ7KS0aTKmszYuq3e22CiggkIMW3ge8tUr30DPa5I1JoaSLmbTT7xCQ0SK2-_t9MW7b9pv7DFMGnrgLW2yPkBC2wcxVfrCvB_6ztBRHZqY9jCj0oXCMA9MsY3ny79JNSMsbsIJluTx-Rq7nxXbivhOk2zDVJHidN7thg75A1FqBO5PPdINQfEcaNbNdJl3CdTK0KaU2T7TMXzDIs230M5EACQe7-Pc10dgfhUfkKWh_TGCAPhlMuDs_spdKadEnczDeRPds0q960Rp2z15omEUdFJoH19jZaKFi0yfAN4VsSMBICWkhfMAuAN01iwBaJ5GEy09kO2MEtoOWV9Mm0gkiLcd_GbzJWFAxjseSd4QLuRGyYounEl3n0cktfr8RNJWpUflqFgP1hYaLvH3xz64Haf8jv7wigHpbo4hkYaE
Frame ID: 038DCBB2D9A25F0BE90A9B70D51E7007
Requests: 12 HTTP requests in this frame

Frame: https://hal90007.redintelligence.net/request_content.php?s=88337000009662704189741011887007&a=278d6bcf
Frame ID: D9808E7D8C1BB3B50FBE57E088C0FF8B
Requests: 11 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: CA7C9F07630ACC22F9D4BA38F47F96DD
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 08515E899E052115056F220886281B75
Requests: 2 HTTP requests in this frame

Frame: https://s1.adform.net/Banners/Elements/Files/160090/10942335/10942335.js?ADFassetID=10942335&bv=258
Frame ID: FAF8ACF15FAA8BD055CD4A63378CE49E
Requests: 21 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Hanovercounty.gov : Hanover County, VA | Official Website

Detected technologies

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

ZURB Foundation (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

<link[^>]+foundation[^>"]+css
<div [^>]*class="[^"]*(?:small|medium|large)-\d{1,2} columns

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtag/js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
/([\d.]+)/jquery(?:\.min)?\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

73
Requests

100 %
HTTPS

62 %
IPv6

16
Domains

22
Subdomains

22
IPs

5
Countries

913 kB
Transfer

1758 kB
Size

9
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

73 HTTP transactions
2 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request hanovercounty.gov Show response
ar-deko.su/ 21 KB
5 KB 415ms
276ms Document
text/html 2a06:98c1:3121::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ar-deko.su/hanovercounty.gov
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3121::7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 480470bf08a15a52adebed25c57bb6336709f4efef5f747d9e18e908f7eff88a

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9

Response headers

date: Thu, 03 Mar 2022 00:25:47 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=os%2FRkWmU2u2AX%2Fr%2F0p89fsXaaW9p%2FL0TaMo9zVhLe3JeBCVJwuyXCkE7RhCPnFDy4fas0nWttDimaLUcx8I1SZR7hXDtfxKpydkAuwscygQitJ01ETFMvM4U6%2BS3hyHri0A%2B5vI68Sfa"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 6e5e3ca4bce659b9-MXP
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 flag-icon.min.css
cdn.ar-deko.su/assets/css/ 33 KB
2 KB 41ms
22ms Stylesheet
text/css 2a06:98c1:3121::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.ar-deko.su/assets/css/flag-icon.min.css
Requested by: Host: ar-deko.su
URL: https://ar-deko.su/hanovercounty.gov
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3121::7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d27e980d821ec562661f24cab514474d7be86a742b5e915fa6c7efd21e77aaf9

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ar-deko.su/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 03 Mar 2022 00:25:47 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 4456556
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Fri, 07 Jan 2022 14:03:06 GMT
server: cloudflare
etag: W/"61d8481a-84a9"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YJTIQqGsSs7blUE2kNIqH2%2BO1eQG8W%2FmsM8958Ec81eNiJG8WMMZnaQGAwteayqlzhM15OWtrb5pSPdzAvuVfED3WJ7DObOTMxFcujNmJFocqvtDC2TzPP3gHOI0CXepv8USNsVXQ%2BEaM7%2F99w%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=315360000
cf-ray: 6e5e3ca6b82b59b9-MXP
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 6style.css
cdn.ar-deko.su/assets/css/ 2 KB
1 KB 42ms
23ms Stylesheet
text/css 2a06:98c1:3121::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.ar-deko.su/assets/css/6style.css
Requested by: Host: ar-deko.su
URL: https://ar-deko.su/hanovercounty.gov
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3121::7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a5f24345baf1c72cf657450216a58d94939beac49641e7027befa1f411d19dc1

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ar-deko.su/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 03 Mar 2022 00:25:47 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 3746844
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Mon, 17 Jan 2022 23:24:07 GMT
server: cloudflare
etag: W/"61e5fa97-8b4"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GsyPkOMKUOMsTE%2F5Qku%2FsFWbRXscTvplJknIh4oq3ctVgD%2FGhB3uyAf14w4aqEy4imcEqnAwBjBcflnIWj4bY8Dh9L38MJxUc7PZCH6IeYcmMY0SZA82YLfo8lEjCqgbxUhti%2FCdCVuswBJatw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=315360000
cf-ray: 6e5e3ca6b82a59b9-MXP
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H/1.1 200
OK foundation.min.css
dhbhdrzi4tiry.cloudfront.net/cdn/sites/ 49 KB
49 KB 46ms
8ms Stylesheet
text/css 143.204.101.162
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://dhbhdrzi4tiry.cloudfront.net/cdn/sites/foundation.min.css
Requested by: Host: ar-deko.su
URL: https://ar-deko.su/hanovercounty.gov
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.101.162 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-101-162.fra50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 08e7d98e767f185bdbdc70bc962d784292f1ba7a6d9230d2cd9a7a841112fa19

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ar-deko.su/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Wed, 02 Mar 2022 23:26:19 GMT
Via: 1.1 d627b75d0c1aedd3691390ac8498d3b0.cloudfront.net (CloudFront)
Last-Modified: Thu, 19 Nov 2015 20:04:31 GMT
Server: AmazonS3
Age: 3862
ETag: "08f0ca148c519d8f574f3851cb745c5d"
X-Cache: Hit from cloudfront
Content-Type: text/css
Connection: keep-alive
X-Amz-Cf-Pop: FRA50-C1
Accept-Ranges: bytes
Content-Length: 49709
X-Amz-Cf-Id: iyAzQAdLNiV2FSbJUAjCTUtI6NbuNGW70x7FpxdDOWkL-CU1ABI8-Q==

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 94 KB
37 KB 53ms
28ms Script
application/javascript 2a00:1450:4001:808::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-211438602-1

Requested by

Host: ar-deko.su
URL: https://ar-deko.su/hanovercounty.gov

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

66dc655a304a2c2dbbe5d2c00c3ffef5c6c9f8dd452e8a76e1bfbe3bbe9bed23

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ar-deko.su/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 03 Mar 2022 00:25:47 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37536
x-xss-protection: 0
last-modified: Thu, 03 Mar 2022 00:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Thu, 03 Mar 2022 00:25:47 GMT

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 153 KB
53 KB 49ms
25ms Script
text/javascript 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-0401673461163526

Requested by

Host: ar-deko.su
URL: https://ar-deko.su/hanovercounty.gov

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d7eaab0c14f2f2b2568dfa8896d1deb6b98ce12f6631c34456b835153ca1efe8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ar-deko.su/
Origin: https://ar-deko.su
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 03 Mar 2022 00:25:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 53839
x-xss-protection: 0
server: cafe
etag: 3606602913514344989
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Thu, 03 Mar 2022 00:25:47 GMT

GET
H2 200 logo.png
ar-deko.su/assets/ 10 KB
10 KB 22ms
21ms Image
image/png 2a06:98c1:3121::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ar-deko.su/assets/logo.png
Requested by: Host: ar-deko.su
URL: https://ar-deko.su/hanovercounty.gov
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3121::7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 635fdded8604da8ca650d149c4b2c8bf831b5e6332255e63407f25eb1ba2d492

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ar-deko.su/hanovercounty.gov
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 03 Mar 2022 00:25:47 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 3840082
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 10320
last-modified: Mon, 17 Jan 2022 11:28:59 GMT
server: cloudflare
etag: "61e552fb-2850"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jj0kVw5RpHIqHWajVwy89hz3yGnHW5efKqvZeFloWiTe8eTkFDS4h6emI3wSLRh0BblbfX%2BFK%2FBjTs%2BmTi7wQv%2FRqKWJPgpOi8nJlXotwXWvlRje0Rg0rwbHZXHrQDL7KrYU7f8O40wW"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 6e5e3ca6f8a459b9-MXP
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 email-decode.min.js Show response
ar-deko.su/cdn-cgi/scripts/5c5dd728/cloudflare-static/ 1 KB
1 KB 18ms
17ms Script
application/javascript 2a06:98c1:3121::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://ar-deko.su/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js

Requested by

Host: ar-deko.su
URL: https://ar-deko.su/hanovercounty.gov

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a06:98c1:3121::7 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ar-deko.su/hanovercounty.gov
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 03 Mar 2022 00:25:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Mon, 28 Feb 2022 17:09:01 GMT
server: cloudflare
etag: W/"621d01ad-4d7"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-frame-options: DENY
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=o9tcztK%2FYQGppLZR%2B1Vt%2B452a0LOkOS2mPo67FntTzJ45%2BY%2Bg98HsRoIVvFy5h8CWUGOQlPt5Foh4P%2BB3cLYg%2F3D936SvZpvdqwd4Kry4fxohNzJU3rAb%2FmTsFGzW4pgVKepEmpjDG3P"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=172800, public
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 6e5e3ca6d87c59b9-MXP
vary: Accept-Encoding
expires: Sat, 05 Mar 2022 00:25:47 GMT

GET
H2 200 jquery-2.1.4.min.js Show response
code.jquery.com/ 82 KB
29 KB 29ms
9ms Script
application/javascript 2001:4de0:ac18::1:a:3a
HIGHWINDS3

General

Check archive.org

Show headers Download Go to

Full URL: https://code.jquery.com/jquery-2.1.4.min.js
Requested by: Host: ar-deko.su
URL: https://ar-deko.su/hanovercounty.gov
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4de0:ac18::1:a:3a , Netherlands, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software: nginx /
Resource Hash: f16ab224bb962910558715c82f58c10c3ed20f153ddfaa199029f141b5b0255c

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ar-deko.su/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 03 Mar 2022 00:25:47 GMT
content-encoding: gzip
last-modified: Fri, 20 Aug 2021 17:47:53 GMT
server: nginx
etag: W/"611feac9-14979"
vary: Accept-Encoding
x-hw: 1646267147.dop001.fr8.t,1646267147.cds292.fr8.hn,1646267147.cds244.fr8.c
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=315360000, public
accept-ranges: bytes
content-length: 29519

GET
H/1.1 200
OK foundation.js Show response
dhbhdrzi4tiry.cloudfront.net/cdn/sites/ 230 KB
230 KB 10ms
10ms Script
application/x-javascript 143.204.101.162
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://dhbhdrzi4tiry.cloudfront.net/cdn/sites/foundation.js
Requested by: Host: ar-deko.su
URL: https://ar-deko.su/hanovercounty.gov
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.101.162 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-101-162.fra50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 95584f79f7f9453c4e27a91c0d0100d02589f68478bd5d8369d06adb096a2a84

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ar-deko.su/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Wed, 02 Mar 2022 02:01:25 GMT
Via: 1.1 d627b75d0c1aedd3691390ac8498d3b0.cloudfront.net (CloudFront)
Last-Modified: Thu, 19 Nov 2015 20:04:29 GMT
Server: AmazonS3
Age: 80672
ETag: "e8edd9bfac79d3935ea72f7e9ffd1961"
X-Cache: Hit from cloudfront
Content-Type: application/x-javascript
Connection: keep-alive
X-Amz-Cf-Pop: FRA50-C1
Accept-Ranges: bytes
Content-Length: 235230
X-Amz-Cf-Id: b3hlUY9UYp7jbtzqx4xQRY9THKSBwR-Lq_HGAVRB2CT-lP_KlGa5Sg==

GET
H2 200 us.svg
cdn.ar-deko.su/assets/flags/4x3/ 4 KB
1 KB 25ms
25ms Image
image/svg+xml 2a06:98c1:3121::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.ar-deko.su/assets/flags/4x3/us.svg
Requested by: Host: cdn.ar-deko.su
URL: https://cdn.ar-deko.su/assets/css/flag-icon.min.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3121::7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c70ba1cb67cc649da2b1f5dc4a26891437d8bba2cc098c88461e6bfc23949d9e

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://cdn.ar-deko.su/assets/css/flag-icon.min.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 03 Mar 2022 00:25:47 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 3821104
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Fri, 07 Jan 2022 14:12:46 GMT
server: cloudflare
etag: W/"61d84a5e-116d"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Sb0pJVB7ng6uULZe1Il0ic0HlnIx2qt8ODpS6AJ%2FhxVM3zI5h7ItKP5rrFfeX5H4qi3owZI%2FA46Xo2y6Kzp3k9sTPupKdd2q4xElXY8Mwah8cq2lp50M4lIMD91tGs2cYgI%2Fd4SdQj2uhG%2BT1g%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/svg+xml
cache-control: max-age=315360000
cf-ray: 6e5e3ca6f8b859b9-MXP
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 show_ads_impl_with_ama_fy2019.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202202240101/ 291 KB
105 KB 74ms
59ms Script
text/javascript 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202202240101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-0401673461163526&plah=ar-deko.su

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-0401673461163526

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0625e9cde838ae0576bd4a69319719d0225f52725200bcb59efe4884913584fd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ar-deko.su/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 03 Mar 2022 00:25:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 107185
x-xss-protection: 0
server: cafe
etag: 15313897389421410525
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Thu, 03 Mar 2022 00:25:47 GMT

GET
H2 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20220228/r20190131/ Frame 16E4 10 KB
5 KB 29ms
7ms Document
text/html 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20220228/r20190131/zrt_lookup.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-0401673461163526

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0ce5fc08d0f617e71e1d61bcd79fc7cc1855f4221945b0c09ac774685fe7f52c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://ar-deko.su/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 4502
x-xss-protection: 0
date: Wed, 02 Mar 2022 23:41:23 GMT
expires: Wed, 16 Mar 2022 23:41:23 GMT
cache-control: public, max-age=1209600
age: 2664
etag: 4044455266028820542
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 49 KB
20 KB 27ms
6ms Script
text/javascript 2a00:1450:4001:810::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-211438602-1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ar-deko.su/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 02 Nov 2021 17:39:06 GMT
server: Golfe2
age: 3054
date: Wed, 02 Mar 2022 23:34:53 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20006
expires: Thu, 03 Mar 2022 01:34:53 GMT

POST
H3 200 collect Show response
www.google-analytics.com/j/ 1 B
21 B 27ms
13ms XHR
text/plain 2a00:1450:4001:810::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j96&a=1245227457&t=pageview&_s=1&dl=https%3A%2F%2Far-deko.su%2Fhanovercounty.gov&ul=en-us&de=UTF-8&dt=Hanovercounty.gov%20%3A%20Hanover%20County%2C%20VA%20%7C%20Official%20Website&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAUABAAAAAC~&jid=1881758941&gjid=363820639&cid=2122408744.1646267148&tid=UA-211438602-1&_gid=1412831523.1646267148&_r=1&gtm=2ou2s0&z=899666206

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://ar-deko.su/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Thu, 03 Mar 2022 00:25:47 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://ar-deko.su
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 cookie.js Show response
partner.googleadservices.com/gampad/ 214 B
645 B 34ms
14ms Script
text/javascript 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://partner.googleadservices.com/gampad/cookie.js?domain=ar-deko.su&callback=_gfp_s_&client=ca-pub-0401673461163526

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202202240101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-0401673461163526&plah=ar-deko.su

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

be6d7c0ed232ae682b6c3b1a9e7ae18b4de62b1c0cd8d536b0146872002a57a4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ar-deko.su/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 03 Mar 2022 00:25:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: text/javascript; charset=UTF-8
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 201
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
792 B 37ms
15ms Script
application/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=ar-deko.su

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ar-deko.su/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 03 Mar 2022 00:25:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
549 B 36ms
14ms Script
application/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=ar-deko.su

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ar-deko.su/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 03 Mar 2022 00:25:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 7DC8 11 KB
4 KB 153ms
139ms Document
text/html 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-0401673461163526&output=html&adk=1812271804&adf=3025194257&lmt=1646267147&plat=3%3A32%2C4%3A32%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Far-deko.su%2Fhanovercounty.gov&ea=0&flash=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1646267147438&bpp=2&bdt=168&idt=109&shv=r20220228&mjsv=m202202240101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=7111713296875&frm=20&pv=2&ga_vid=2122408744.1646267148&ga_sid=1646267148&ga_hid=1245227457&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531397%2C44750774%2C31060033%2C44756431&oid=2&pvsid=3926138564529050&pem=250&tmod=682907973&uas=0&nvt=1&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=126

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c20f22093bfc50affa97d0f12acc672ea558dae528a3a54733ee7ff83784d2c7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://ar-deko.su/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Thu, 03 Mar 2022 00:25:47 GMT
server: cafe
content-length: 4490
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Thu, 03 Mar 2022 00:25:47 GMT
cache-control: private

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 1927 436 B
235 B 137ms
132ms Document
text/html 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-0401673461163526&output=html&h=280&slotname=9185659687&adk=1066549570&adf=813095257&pi=t.ma~as.9185659687&w=769&fwrn=4&fwrnh=100&lmt=1646267147&rafmt=1&psa=0&format=769x280&url=https%3A%2F%2Far-deko.su%2Fhanovercounty.gov&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1646267147440&bpp=2&bdt=169&idt=130&shv=r20220228&mjsv=m202202240101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=7111713296875&frm=20&pv=1&ga_vid=2122408744.1646267148&ga_sid=1646267148&ga_hid=1245227457&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=215&ady=94&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531397%2C44750774%2C31060033%2C44756431&oid=2&pvsid=3926138564529050&pem=250&tmod=682907973&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=hQfdBlVmbs&p=https%3A//ar-deko.su&dtd=134

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

396665a5beda35bc3c28a3c71637931c67b6ed997dd42bf21fd5edde7c08b88a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://ar-deko.su/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Thu, 03 Mar 2022 00:25:47 GMT
server: cafe
content-length: 212
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Thu, 03 Mar 2022 00:25:47 GMT
cache-control: private

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 8EFC 436 B
235 B 114ms
113ms Document
text/html 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-0401673461163526&output=html&h=280&slotname=6499964204&adk=2647452932&adf=3890462116&pi=t.ma~as.6499964204&w=769&fwrn=4&fwrnh=100&lmt=1646267147&rafmt=1&psa=0&format=769x280&url=https%3A%2F%2Far-deko.su%2Fhanovercounty.gov&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1646267147442&bpp=1&bdt=171&idt=135&shv=r20220228&mjsv=m202202240101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C769x280&nras=1&correlator=7111713296875&frm=20&pv=1&ga_vid=2122408744.1646267148&ga_sid=1646267148&ga_hid=1245227457&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=215&ady=855&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531397%2C44750774%2C31060033%2C44756431&oid=2&pvsid=3926138564529050&pem=250&tmod=682907973&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&fsb=1&xpc=2Gynwj3esz&p=https%3A//ar-deko.su&dtd=140

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d76656d48ab4788637f122a191d0918911e9b21fd7379f3cb756f529d5be581c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://ar-deko.su/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Thu, 03 Mar 2022 00:25:47 GMT
server: cafe
content-length: 212
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Thu, 03 Mar 2022 00:25:47 GMT
cache-control: private

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 1E44 436 B
235 B 132ms
131ms Document
text/html 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-0401673461163526&output=html&h=280&slotname=5218494511&adk=3938979412&adf=2315468765&pi=t.ma~as.5218494511&w=769&fwrn=4&fwrnh=100&lmt=1646267147&rafmt=1&psa=0&format=769x280&url=https%3A%2F%2Far-deko.su%2Fhanovercounty.gov&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1646267147443&bpp=1&bdt=172&idt=141&shv=r20220228&mjsv=m202202240101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C769x280%2C769x280&nras=1&correlator=7111713296875&frm=20&pv=1&ga_vid=2122408744.1646267148&ga_sid=1646267148&ga_hid=1245227457&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=215&ady=3582&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531397%2C44750774%2C31060033%2C44756431&oid=2&pvsid=3926138564529050&pem=250&tmod=682907973&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=4&uci=a!4&btvi=1&fsb=1&xpc=g7T8H4cS9o&p=https%3A//ar-deko.su&dtd=143

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

06305ecb557abbb0b4780a1a60241ea27d0ae7fb9fb25afb1e6913f6684005b5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://ar-deko.su/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Thu, 03 Mar 2022 00:25:47 GMT
server: cafe
content-length: 212
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Thu, 03 Mar 2022 00:25:47 GMT
cache-control: private

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 45C3 29 KB
11 KB 166ms
165ms Document
text/html 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-0401673461163526&output=html&h=280&slotname=8802516303&adk=143785488&adf=2938917947&pi=t.ma~as.8802516303&w=370&fwrn=4&fwrnh=100&lmt=1646267147&rafmt=1&psa=0&format=370x280&url=https%3A%2F%2Far-deko.su%2Fhanovercounty.gov&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1646267147444&bpp=1&bdt=173&idt=144&shv=r20220228&mjsv=m202202240101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C769x280%2C769x280%2C769x280&nras=1&correlator=7111713296875&frm=20&pv=1&ga_vid=2122408744.1646267148&ga_sid=1646267148&ga_hid=1245227457&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1015&ady=94&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531397%2C44750774%2C31060033%2C44756431&oid=2&pvsid=3926138564529050&pem=250&tmod=682907973&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=5&uci=a!5&fsb=1&xpc=eVdv33HUPi&p=https%3A//ar-deko.su&dtd=146

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

1715d135e0717b121eed38d2806533375659ce4bef74d4954624e71dc04d3ab6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://ar-deko.su/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Thu, 03 Mar 2022 00:25:47 GMT
server: cafe
content-length: 10954
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Thu, 03 Mar 2022 00:25:47 GMT
cache-control: private

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame 038D 0
0 56ms
56ms Fetch
text/html 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=Clbi2CwsgYumGJaTZ7_UPtteoqA3Ph46bXMCG2YLGAsCNtwEQASAAYJXikIKgB4IBF2NhLXB1Yi0wNDAxNjczNDYxMTYzNTI2yAEJqAMBqgS_AU_QegrunGkEDDMVHjQ6oxqPt2FBYywDqTRLmVCJpYJGpIK6wK1VK2lJqLMcgimOIjpdi8cqrMaS2cBBrTF8IqTCf3gU98RAkMMt0u7tTJqQbp1HCr-doPqia__IzmgN-HQofyURc-6T6hK_DyNicrD3-ziL8f-ptQ7OvldTiWfCG5Do6SYr5OtjOwhRMFIb5O6eUiRklCuAMqvHWpxuYjDLfIatzooe4lUDTxh9eyslpBM5cwR_Gd3dbxW50gVTgAbW3qLJ4pK-0Z0BoAYhqAemvhuoB5bYG6gHqpuxAqgH35-xAtgHANIIBwiA4YAQEAGACgH6CwIIAYAMAdAVAYAXAbIXGgoYEhRwdWItMDQwMTY3MzQ2MTE2MzUyNhgA&sigh=g_VdD76yB1s&uach_m=[UACH]&cid=CAQSGwCNIrLMAa-wvd15xY8ZQGSZGeK_7XRTLbGfExgB&tpd=AGWhJmu-1Nrpd9_2_QNrvCJmdMYmOsWFK6L3zv6MkiLjCvPcC7iDY-ryXGxE-JwD5kDYMVr3nslOuRm6d8pDOpNLqfcxXG1WIH8X6LxUImjbyiX1iFN8T1aPPZGjiPkAbsmPx-j5JmEBf-eORsUCpfIDqX_QQtSsvl391N5XJA0kDQ7iSMSAdYyj5uOz_P_tZIMqTcW5-angO_JU-5FqKvu8mP2FPx3t23EkgR_LsEmGOGlCcNSOQBRXG1tMai5sMlaewcT-qApMVXqosWhuI4Gi-P9i5HpW9bgSCoQDmhpTPof3B_LzxRv1by4hAiZwdf2c27SnnGNtAFGQ00urO5hHWd7g1CxK1qxEgwBUtrftb_pu1tKrCijWTrKZaBL_ibXEbKMvg2mYbcfbEhYW4uMkj-yCRbtgAutaDzHLg-mNyoJaKmMj65vIWR-i7FxeEh757lGdjc9x7UM_56_6r7YxQAv4jcIZFAHCaNY5pfzywA8nlEdjLvMYgLNaFMjMonOkLMpPKu2O4d8PlTCKvidH0gqujN5iW8ghtCHLpnVha88uBB4tE0zSw9w5FJ4y2_MY2gwJK_sAJytnh-8wghHd89KXKE7bE64WtMo4dKx0IPnSh3E8f2GCeVdlPpqn0AlfyxuEXz2mPb_S8XyFS1QzJJBKsBmVNndmuLQ7KS0aTKmszYuq3e22CiggkIMW3ge8tUr30DPa5I1JoaSLmbTT7xCQ0SK2-_t9MW7b9pv7DFMGnrgLW2yPkBC2wcxVfrCvB_6ztBRHZqY9jCj0oXCMA9MsY3ny79JNSMsbsIJluTx-Rq7nxXbivhOk2zDVJHidN7thg75A1FqBO5PPdINQfEcaNbNdJl3CdTK0KaU2T7TMXzDIs230M5EACQe7-Pc10dgfhUfkKWh_TGCAPhlMuDs_spdKadEnczDeRPds0q960Rp2z15omEUdFJoH19jZaKFi0yfAN4VsSMBICWkhfMAuAN01iwBaJ5GEy09kO2MEtoOWV9Mm0gkiLcd_GbzJWFAxjseSd4QLuRGyYounEl3n0cktfr8RNJWpUflqFgP1hYaLvH3xz64Haf8jv7wigHpbo4hkYaE

Requested by

Host: ar-deko.su
URL: https://ar-deko.su/hanovercounty.gov

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-0401673461163526&output=html&h=280&slotname=8802516303&adk=143785488&adf=2938917947&pi=t.ma~as.8802516303&w=370&fwrn=4&fwrnh=100&lmt=1646267147&rafmt=1&psa=0&format=370x280&url=https%3A%2F%2Far-deko.su%2Fhanovercounty.gov&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1646267147444&bpp=1&bdt=173&idt=144&shv=r20220228&mjsv=m202202240101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C769x280%2C769x280%2C769x280&nras=1&correlator=7111713296875&frm=20&pv=1&ga_vid=2122408744.1646267148&ga_sid=1646267148&ga_hid=1245227457&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1015&ady=94&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531397%2C44750774%2C31060033%2C44756431&oid=2&pvsid=3926138564529050&pem=250&tmod=682907973&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=5&uci=a!5&fsb=1&xpc=eVdv33HUPi&p=https%3A//ar-deko.su&dtd=146
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
date: Thu, 03 Mar 2022 00:25:47 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Thu, 03 Mar 2022 00:25:47 GMT

GET
H/1.1 200
OK js Show response
tags.mathtag.com/notify/ Frame 038D 3 KB
2 KB 67ms
35ms Script
application/x-javascript 185.29.132.246
MEDIAMATH-INC

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.mathtag.com/notify/js?exch=adx&s_exch=adx&id=5aW95q2jLzIzLyAvTjJGbE5UWmxNVEl0TURBd01DMHdNREF3TFRBd01EQXRNREF3TURBd01EQXdNREF3LzI4MDIwMzA2Njc2MDQ5Njk0ODMvOTk2NjQ1OS8xMDQ5NzQ2OS80L0pmN044NWxEVW1CckhSQ1JMMHloQWVTN3FCakluSzIwMC0xS2Q5aXBpS00vMS80LzAvMC8xNzg3NTgyLzAvMjE1NTQzLzEwNzMyMjcvMS8wLzAvTURBd01EQXdNREF0TURBd01DMHdNREF3TFRBd01EQXRNREF3TURBd01EQXdNREF3LzAvMC8wLzAvMC8yODAyMDMwNjY3NjA0OTY5NDgzL2Ftcy8wLzg2MTgvNDIvOTk5LzI1OC8yMDAxOmFjODoyMDo6LzAuMDAwLzE2NDYyNjcxNDcvMTY0NjI3OTc0Ny80L3B1Yi0wNDAxNjczNDYxMTYzNTI2Lw/UOFUdPclv8wqrp2m5AVsQzN8qZQ&nodeid=706&group=cdg&auctionid=2802030667604969483&shardkey=2802030667604969483&sid=10497469&cid=9966459&bp=a_bidfbj&nfy_act=LD5weg&type=adm&client=c2s&bfip=185.29.132.67&3pck=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCDSnyCwsgYumGJaTZ7_UPtteoqA3Ph46bXMCG2YLGAsCNtwEQASAAYJXikIKgB4IBF2NhLXB1Yi0wNDAxNjczNDYxMTYzNTI2yAEJqAMBqgTCAU_QegrunGkEDDMVHjQ6oxqPt2FBYywDqTRLmVCJpYJGpIK6wK1VK2lJqLMcgimOIjpdi8cqrMaS2cBBrTF8IqTCf3gU98RAkMMt0u7tTJqQbp1HCr-doPqia__IzmgN-HQofyURc-6T6hK_DyNicrD3-ziL8f-ptQ7OvldTiWfCG5Do6SYr5OtjOwhRMFIb5O6eUiRklCuAMunFew7C3pTM8SLlZVJeTaUeWxLBcQU9Ra75M6uFuMPxd7sgbgLeDrpBgAbW3qLJ4pK-0Z0BoAYhqAemvhuoB5bYG6gHqpuxAqgH35-xAtgHANIIBwiA4YAQEAH6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_1pRyOd8bn8uM4WakwHf8UAVymQ_Q%26client%3Dca-pub-0401673461163526%26adurl%3D
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-0401673461163526&output=html&h=280&slotname=8802516303&adk=143785488&adf=2938917947&pi=t.ma~as.8802516303&w=370&fwrn=4&fwrnh=100&lmt=1646267147&rafmt=1&psa=0&format=370x280&url=https%3A%2F%2Far-deko.su%2Fhanovercounty.gov&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1646267147444&bpp=1&bdt=173&idt=144&shv=r20220228&mjsv=m202202240101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C769x280%2C769x280%2C769x280&nras=1&correlator=7111713296875&frm=20&pv=1&ga_vid=2122408744.1646267148&ga_sid=1646267148&ga_hid=1245227457&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1015&ady=94&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531397%2C44750774%2C31060033%2C44756431&oid=2&pvsid=3926138564529050&pem=250&tmod=682907973&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=5&uci=a!5&fsb=1&xpc=eVdv33HUPi&p=https%3A//ar-deko.su&dtd=146
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.29.132.246 , United Kingdom, ASN30419 (MEDIAMATH-INC, US),
Reverse DNS
Software: MMBD/3.302.0 /
Resource Hash: ddb2720f1a28a40c29a6e6f657e12de1dff93c0bbfac2ccc6247a78008a71707

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Thu, 03 Mar 2022 00:25:47 GMT
Content-Encoding: gzip
x-mm-bid-request-time: 1646267147
Last-Modified: Thu, 03 Mar 2022 00:25:47 GMT
Server: MMBD/3.302.0
x-mm-latency: 23 (0)
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
x-mm-dbg: Count
Cache-Control: no-cache
x-mm-host: zrh-router-x33, cdg-bidder-x79
Connection: close
Content-Type: application/x-javascript; charset=UTF-8
Expires: Thu, 03 Mar 2022 00:25:46 GMT

GET
H2 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220228/r20110914/client/ Frame 038D 2 KB
1 KB 28ms
6ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220228/r20110914/client/window_focus_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-0401673461163526&output=html&h=280&slotname=8802516303&adk=143785488&adf=2938917947&pi=t.ma~as.8802516303&w=370&fwrn=4&fwrnh=100&lmt=1646267147&rafmt=1&psa=0&format=370x280&url=https%3A%2F%2Far-deko.su%2Fhanovercounty.gov&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1646267147444&bpp=1&bdt=173&idt=144&shv=r20220228&mjsv=m202202240101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C769x280%2C769x280%2C769x280&nras=1&correlator=7111713296875&frm=20&pv=1&ga_vid=2122408744.1646267148&ga_sid=1646267148&ga_hid=1245227457&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1015&ady=94&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531397%2C44750774%2C31060033%2C44756431&oid=2&pvsid=3926138564529050&pem=250&tmod=682907973&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=5&uci=a!5&fsb=1&xpc=eVdv33HUPi&p=https%3A//ar-deko.su&dtd=146

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

68026f99511fbc5c2275b7068b5fac19797d638977ffb9db12c5c1523614c18f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 03 Mar 2022 00:19:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 358
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1233
x-xss-protection: 0
server: cafe
etag: 16517525077337815633
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 17 Mar 2022 00:19:49 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 038D 124 KB
39 KB 37ms
15ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6ded445534230fe3d1274bd48ed100b17ea890a65d5c0250172369a5b522f3ba

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 03 Mar 2022 00:25:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 38860
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1646224922100600"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Thu, 03 Mar 2022 00:25:47 GMT

GET
H2 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220228/r20110914/client/ Frame 038D 15 KB
7 KB 27ms
6ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220228/r20110914/client/qs_click_protection_fy2019.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

383f95a75b02bb1370e93c9c3c6b9f060a98dbe492b16d8e1da3f653a800e435

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 03 Mar 2022 00:23:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 166
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6433
x-xss-protection: 0
server: cafe
etag: 3306657128042699500
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 17 Mar 2022 00:23:01 GMT

GET
H/1.1 200
OK vro4j8tlqzop Show response
hal9000.redintelligence.net/zone/ Frame 038D 10 KB
3 KB 42ms
12ms Script
text/html 138.201.63.165
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal9000.redintelligence.net/zone/vro4j8tlqzop?subid=&gdpr=1&gdpr_consent=li&rnd=2802030667604969483&extVar[]=DOUBLEBORDER:1&extVar[]=MMA_SSP:adx&redirectClick=https%3A%2F%2Fpixel.mathtag.com%2Fclick%2Fimg%3Fexch_aid%3DYiALCwAKdVEHg4OZ_gJ0Hg%26exch_seat%3D20035004448%26mt_aid%3D2802030667604969483%26mt_id%3D9966459%26mt_adid%3D215543%26mt_sid%3D10497469%26mt_exid%3D4%26mt_inapp%3D0%26mt_os%3DWindows%26mt_uuid%3D5ca96220-0b0b-4a01-adb6-d9472fb4a21f%26mt_cid%3D5ca96220-0b0b-4a01-adb6-d9472fb4a21f%26mt_3pck%3Dhttps%253A%2F%2Fadclick.g.doubleclick.net%2Faclk%253Fsa%253DL%2526ai%253DCDSnyCwsgYumGJaTZ7_UPtteoqA3Ph46bXMCG2YLGAsCNtwEQASAAYJXikIKgB4IBF2NhLXB1Yi0wNDAxNjczNDYxMTYzNTI2yAEJqAMBqgTCAU_QegrunGkEDDMVHjQ6oxqPt2FBYywDqTRLmVCJpYJGpIK6wK1VK2lJqLMcgimOIjpdi8cqrMaS2cBBrTF8IqTCf3gU98RAkMMt0u7tTJqQbp1HCr-doPqia__IzmgN-HQofyURc-6T6hK_DyNicrD3-ziL8f-ptQ7OvldTiWfCG5Do6SYr5OtjOwhRMFIb5O6eUiRklCuAMunFew7C3pTM8SLlZVJeTaUeWxLBcQU9Ra75M6uFuMPxd7sgbgLeDrpBgAbW3qLJ4pK-0Z0BoAYhqAemvhuoB5bYG6gHqpuxAqgH35-xAtgHANIIBwiA4YAQEAH6CwIIAYAMAdAVAYAXAQ%2526num%253D1%2526sig%253DAOD64_1pRyOd8bn8uM4WakwHf8UAVymQ_Q%2526client%253Dca-pub-0401673461163526%2526adurl%253D%26redirect%3D
Requested by: Host: ar-deko.su
URL: https://ar-deko.su/hanovercounty.gov
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.63.165 Reilingen, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.165.63.201.138.clients.your-server.de
Software: Apache /
Resource Hash: cdc3d315988d7ba44d327fa0113d353788639d50bda2e8275efe07bcb0a210eb

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Thu, 03 Mar 2022 00:25:47 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 3314
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8

GET
H/1.1 200
OK ck-confirm
tags.mathtag.com/ Frame 038D 49 B
329 B 48ms
24ms Image
image/gif 185.29.132.246
MEDIAMATH-INC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tags.mathtag.com/ck-confirm?bid_id=2802030667604969483&node_id=706&exch_id=4
Requested by: Host: tags.mathtag.com
URL: https://tags.mathtag.com/notify/js?exch=adx&s_exch=adx&id=5aW95q2jLzIzLyAvTjJGbE5UWmxNVEl0TURBd01DMHdNREF3TFRBd01EQXRNREF3TURBd01EQXdNREF3LzI4MDIwMzA2Njc2MDQ5Njk0ODMvOTk2NjQ1OS8xMDQ5NzQ2OS80L0pmN044NWxEVW1CckhSQ1JMMHloQWVTN3FCakluSzIwMC0xS2Q5aXBpS00vMS80LzAvMC8xNzg3NTgyLzAvMjE1NTQzLzEwNzMyMjcvMS8wLzAvTURBd01EQXdNREF0TURBd01DMHdNREF3TFRBd01EQXRNREF3TURBd01EQXdNREF3LzAvMC8wLzAvMC8yODAyMDMwNjY3NjA0OTY5NDgzL2Ftcy8wLzg2MTgvNDIvOTk5LzI1OC8yMDAxOmFjODoyMDo6LzAuMDAwLzE2NDYyNjcxNDcvMTY0NjI3OTc0Ny80L3B1Yi0wNDAxNjczNDYxMTYzNTI2Lw/UOFUdPclv8wqrp2m5AVsQzN8qZQ&nodeid=706&group=cdg&auctionid=2802030667604969483&shardkey=2802030667604969483&sid=10497469&cid=9966459&bp=a_bidfbj&nfy_act=LD5weg&type=adm&client=c2s&bfip=185.29.132.67&3pck=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCDSnyCwsgYumGJaTZ7_UPtteoqA3Ph46bXMCG2YLGAsCNtwEQASAAYJXikIKgB4IBF2NhLXB1Yi0wNDAxNjczNDYxMTYzNTI2yAEJqAMBqgTCAU_QegrunGkEDDMVHjQ6oxqPt2FBYywDqTRLmVCJpYJGpIK6wK1VK2lJqLMcgimOIjpdi8cqrMaS2cBBrTF8IqTCf3gU98RAkMMt0u7tTJqQbp1HCr-doPqia__IzmgN-HQofyURc-6T6hK_DyNicrD3-ziL8f-ptQ7OvldTiWfCG5Do6SYr5OtjOwhRMFIb5O6eUiRklCuAMunFew7C3pTM8SLlZVJeTaUeWxLBcQU9Ra75M6uFuMPxd7sgbgLeDrpBgAbW3qLJ4pK-0Z0BoAYhqAemvhuoB5bYG6gHqpuxAqgH35-xAtgHANIIBwiA4YAQEAH6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_1pRyOd8bn8uM4WakwHf8UAVymQ_Q%26client%3Dca-pub-0401673461163526%26adurl%3D
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.29.132.246 , United Kingdom, ASN30419 (MEDIAMATH-INC, US),
Reverse DNS
Software: MMBD/3.302.0 /
Resource Hash: 1cd58a827318c4a29b32a0db15c8c39d5651b42d8cad227519ad81bce4adb944

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Thu, 03 Mar 2022 00:25:47 GMT
Server: MMBD/3.302.0
Content-Type: image/gif
Cache-Control: no-cache
x-mm-host: zrh-router-x44, cdg-bidder-x79
Connection: keep-alive
Keep-Alive: timeout=360
Content-Length: 49
Expires: Thu, 03 Mar 2022 00:25:46 GMT

GET
H/1.1 200
OK img
pixel.mathtag.com/event/ Frame 038D 43 B
405 B 95ms
29ms Image
image/gif 2.18.233.201
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.mathtag.com/event/img?mt_id=1368875&mt_adid=216764&v1=4&v2=2802030667604969483&v3=1073227&v4=10497469&v5=9966459&mt_nsync=1&no_attr=1
Requested by: Host: tags.mathtag.com
URL: https://tags.mathtag.com/notify/js?exch=adx&s_exch=adx&id=5aW95q2jLzIzLyAvTjJGbE5UWmxNVEl0TURBd01DMHdNREF3TFRBd01EQXRNREF3TURBd01EQXdNREF3LzI4MDIwMzA2Njc2MDQ5Njk0ODMvOTk2NjQ1OS8xMDQ5NzQ2OS80L0pmN044NWxEVW1CckhSQ1JMMHloQWVTN3FCakluSzIwMC0xS2Q5aXBpS00vMS80LzAvMC8xNzg3NTgyLzAvMjE1NTQzLzEwNzMyMjcvMS8wLzAvTURBd01EQXdNREF0TURBd01DMHdNREF3TFRBd01EQXRNREF3TURBd01EQXdNREF3LzAvMC8wLzAvMC8yODAyMDMwNjY3NjA0OTY5NDgzL2Ftcy8wLzg2MTgvNDIvOTk5LzI1OC8yMDAxOmFjODoyMDo6LzAuMDAwLzE2NDYyNjcxNDcvMTY0NjI3OTc0Ny80L3B1Yi0wNDAxNjczNDYxMTYzNTI2Lw/UOFUdPclv8wqrp2m5AVsQzN8qZQ&nodeid=706&group=cdg&auctionid=2802030667604969483&shardkey=2802030667604969483&sid=10497469&cid=9966459&bp=a_bidfbj&nfy_act=LD5weg&type=adm&client=c2s&bfip=185.29.132.67&3pck=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCDSnyCwsgYumGJaTZ7_UPtteoqA3Ph46bXMCG2YLGAsCNtwEQASAAYJXikIKgB4IBF2NhLXB1Yi0wNDAxNjczNDYxMTYzNTI2yAEJqAMBqgTCAU_QegrunGkEDDMVHjQ6oxqPt2FBYywDqTRLmVCJpYJGpIK6wK1VK2lJqLMcgimOIjpdi8cqrMaS2cBBrTF8IqTCf3gU98RAkMMt0u7tTJqQbp1HCr-doPqia__IzmgN-HQofyURc-6T6hK_DyNicrD3-ziL8f-ptQ7OvldTiWfCG5Do6SYr5OtjOwhRMFIb5O6eUiRklCuAMunFew7C3pTM8SLlZVJeTaUeWxLBcQU9Ra75M6uFuMPxd7sgbgLeDrpBgAbW3qLJ4pK-0Z0BoAYhqAemvhuoB5bYG6gHqpuxAqgH35-xAtgHANIIBwiA4YAQEAH6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_1pRyOd8bn8uM4WakwHf8UAVymQ_Q%26client%3Dca-pub-0401673461163526%26adurl%3D
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.233.201 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-233-201.deploy.static.akamaitechnologies.com
Software: MT3 4172 645ee8c master zrh-pixel-x15 config:1.0.0 /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Thu, 03 Mar 2022 00:25:47 GMT
Server: MT3 4172 645ee8c master zrh-pixel-x15 config:1.0.0
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Access-Control-Allow-Origin: *
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Thu, 03 Mar 2022 00:25:46 GMT

GET
H/1.1 200
OK img
tags.mathtag.com/event/ Frame 038D 49 B
329 B 52ms
28ms Image
image/gif 185.29.132.246
MEDIAMATH-INC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tags.mathtag.com/event/img?type=mmImpTrack&exch=adx&bid=2802030667604969483&st=10497469&time=1646267147&nodeid=706
Requested by: Host: tags.mathtag.com
URL: https://tags.mathtag.com/notify/js?exch=adx&s_exch=adx&id=5aW95q2jLzIzLyAvTjJGbE5UWmxNVEl0TURBd01DMHdNREF3TFRBd01EQXRNREF3TURBd01EQXdNREF3LzI4MDIwMzA2Njc2MDQ5Njk0ODMvOTk2NjQ1OS8xMDQ5NzQ2OS80L0pmN044NWxEVW1CckhSQ1JMMHloQWVTN3FCakluSzIwMC0xS2Q5aXBpS00vMS80LzAvMC8xNzg3NTgyLzAvMjE1NTQzLzEwNzMyMjcvMS8wLzAvTURBd01EQXdNREF0TURBd01DMHdNREF3TFRBd01EQXRNREF3TURBd01EQXdNREF3LzAvMC8wLzAvMC8yODAyMDMwNjY3NjA0OTY5NDgzL2Ftcy8wLzg2MTgvNDIvOTk5LzI1OC8yMDAxOmFjODoyMDo6LzAuMDAwLzE2NDYyNjcxNDcvMTY0NjI3OTc0Ny80L3B1Yi0wNDAxNjczNDYxMTYzNTI2Lw/UOFUdPclv8wqrp2m5AVsQzN8qZQ&nodeid=706&group=cdg&auctionid=2802030667604969483&shardkey=2802030667604969483&sid=10497469&cid=9966459&bp=a_bidfbj&nfy_act=LD5weg&type=adm&client=c2s&bfip=185.29.132.67&3pck=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCDSnyCwsgYumGJaTZ7_UPtteoqA3Ph46bXMCG2YLGAsCNtwEQASAAYJXikIKgB4IBF2NhLXB1Yi0wNDAxNjczNDYxMTYzNTI2yAEJqAMBqgTCAU_QegrunGkEDDMVHjQ6oxqPt2FBYywDqTRLmVCJpYJGpIK6wK1VK2lJqLMcgimOIjpdi8cqrMaS2cBBrTF8IqTCf3gU98RAkMMt0u7tTJqQbp1HCr-doPqia__IzmgN-HQofyURc-6T6hK_DyNicrD3-ziL8f-ptQ7OvldTiWfCG5Do6SYr5OtjOwhRMFIb5O6eUiRklCuAMunFew7C3pTM8SLlZVJeTaUeWxLBcQU9Ra75M6uFuMPxd7sgbgLeDrpBgAbW3qLJ4pK-0Z0BoAYhqAemvhuoB5bYG6gHqpuxAqgH35-xAtgHANIIBwiA4YAQEAH6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_1pRyOd8bn8uM4WakwHf8UAVymQ_Q%26client%3Dca-pub-0401673461163526%26adurl%3D
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.29.132.246 , United Kingdom, ASN30419 (MEDIAMATH-INC, US),
Reverse DNS
Software: MMBD/3.302.0 /
Resource Hash: 1cd58a827318c4a29b32a0db15c8c39d5651b42d8cad227519ad81bce4adb944

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Thu, 03 Mar 2022 00:25:47 GMT
Server: MMBD/3.302.0
Content-Type: image/gif
Cache-Control: no-cache
x-mm-host: zrh-router-x69, cdg-bidder-x79
Connection: keep-alive
Keep-Alive: timeout=360
Content-Length: 49
Expires: Thu, 03 Mar 2022 00:25:46 GMT

GET
H/1.1 200
OK request.php Show response
hal90007.redintelligence.net/ Frame 038D 612 B
773 B 120ms
56ms Script
application/x-javascript 138.201.63.157
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal90007.redintelligence.net/request.php?zone=vro4j8tlqzop&nw=20&renderingType=javascript&namespace=753a25bd8a&subid=&uid=acfabc27c64e212f&screenSize=0x0&screenSizeAvail=0x0&clientSize=0x0&scrollPos=0x0&extData[]=&extVar[]=DOUBLEBORDER%3A1&extVar[]=MMA_SSP%3Aadx&envData=&gdpr=1&gdpr_consent=li&ud=&redirectClick=https%3A%2F%2Fpixel.mathtag.com%2Fclick%2Fimg%3Fexch_aid%3DYiALCwAKdVEHg4OZ_gJ0Hg%26exch_seat%3D20035004448%26mt_aid%3D2802030667604969483%26mt_id%3D9966459%26mt_adid%3D215543%26mt_sid%3D10497469%26mt_exid%3D4%26mt_inapp%3D0%26mt_os%3DWindows%26mt_uuid%3D5ca96220-0b0b-4a01-adb6-d9472fb4a21f%26mt_cid%3D5ca96220-0b0b-4a01-adb6-d9472fb4a21f%26mt_3pck%3Dhttps%253A%2F%2Fadclick.g.doubleclick.net%2Faclk%253Fsa%253DL%2526ai%253DCDSnyCwsgYumGJaTZ7_UPtteoqA3Ph46bXMCG2YLGAsCNtwEQASAAYJXikIKgB4IBF2NhLXB1Yi0wNDAxNjczNDYxMTYzNTI2yAEJqAMBqgTCAU_QegrunGkEDDMVHjQ6oxqPt2FBYywDqTRLmVCJpYJGpIK6wK1VK2lJqLMcgimOIjpdi8cqrMaS2cBBrTF8IqTCf3gU98RAkMMt0u7tTJqQbp1HCr-doPqia__IzmgN-HQofyURc-6T6hK_DyNicrD3-ziL8f-ptQ7OvldTiWfCG5Do6SYr5OtjOwhRMFIb5O6eUiRklCuAMunFew7C3pTM8SLlZVJeTaUeWxLBcQU9Ra75M6uFuMPxd7sgbgLeDrpBgAbW3qLJ4pK-0Z0BoAYhqAemvhuoB5bYG6gHqpuxAqgH35-xAtgHANIIBwiA4YAQEAH6CwIIAYAMAdAVAYAXAQ%2526num%253D1%2526sig%253DAOD64_1pRyOd8bn8uM4WakwHf8UAVymQ_Q%2526client%253Dca-pub-0401673461163526%2526adurl%253D%26redirect%3D&documentReferer=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fads%3Fclient%3Dca-pub-0401673461163526%26output%3Dhtml%26h%3D280%26slotname%3D8802516303%26adk%3D143785488%26adf%3D2938917947%26pi%3Dt.ma~as.8802516303%26w%3D370%26fwrn%3D4%26fwrnh%3D100%26lmt%3D1646267147%26rafmt%3D1%26psa%3D0%26format%3D370x280%26url%3Dhttps%253A%252F%252Far-deko.su%252Fhanovercounty.gov%26flash%3D0%26fwr%3D0%26fwrattr%3Dtrue%26rpe%3D1%26resp_fmts%3D3%26wgl%3D1%26uach%3DWyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.%26dt%3D1646267147444%26bpp%3D1%26bdt%3D173%26idt%3D144%26shv%3Dr20220228%26mjsv%3Dm202202240101%26ptt%3D9%26saldr%3Daa%26abxe%3D1%26prev_fmts%3D0x0%252C769x280%252C769x280%252C769x280%26nras%3D1%26correlator%3D7111713296875%26frm%3D20%26pv%3D1%26ga_vid%3D2122408744.1646267148%26ga_sid%3D1646267148%26ga_hid%3D1245227457%26ga_fc%3D1%26u_tz%3D0%26u_his%3D2%26u_h%3D1200%26u_w%3D1600%26u_ah%3D1200%26u_aw%3D1600%26u_cd%3D24%26u_sd%3D1%26dmc%3D8%26adx%3D1015%26ady%3D94%26biw%3D1600%26bih%3D1200%26scr_x%3D0%26scr_y%3D0%26eid%3D42531397%252C44750774%252C31060033%252C44756431%26oid%3D2%26pvsid%3D3926138564529050%26pem%3D250%26tmod%3D682907973%26uas%3D0%26nvt%3D1%26eae%3D0%26fc%3D1920%26brdim%3D0%252C0%252C0%252C0%252C1600%252C0%252C1600%252C1200%252C1600%252C1200%26vis%3D1%26rsz%3D%257C%257CeE%257C%26abl%3DCS%26pfx%3D0%26fu%3D128%26bc%3D31%26ifi%3D5%26uci%3Da!5%26fsb%3D1%26xpc%3DeVdv33HUPi%26p%3Dhttps%253A%2F%2Far-deko.su%26dtd%3D146&ancestorOrigins=null&random=3017621746166&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0
Requested by: Host: hal9000.redintelligence.net
URL: https://hal9000.redintelligence.net/zone/vro4j8tlqzop?subid=&gdpr=1&gdpr_consent=li&rnd=2802030667604969483&extVar[]=DOUBLEBORDER:1&extVar[]=MMA_SSP:adx&redirectClick=https%3A%2F%2Fpixel.mathtag.com%2Fclick%2Fimg%3Fexch_aid%3DYiALCwAKdVEHg4OZ_gJ0Hg%26exch_seat%3D20035004448%26mt_aid%3D2802030667604969483%26mt_id%3D9966459%26mt_adid%3D215543%26mt_sid%3D10497469%26mt_exid%3D4%26mt_inapp%3D0%26mt_os%3DWindows%26mt_uuid%3D5ca96220-0b0b-4a01-adb6-d9472fb4a21f%26mt_cid%3D5ca96220-0b0b-4a01-adb6-d9472fb4a21f%26mt_3pck%3Dhttps%253A%2F%2Fadclick.g.doubleclick.net%2Faclk%253Fsa%253DL%2526ai%253DCDSnyCwsgYumGJaTZ7_UPtteoqA3Ph46bXMCG2YLGAsCNtwEQASAAYJXikIKgB4IBF2NhLXB1Yi0wNDAxNjczNDYxMTYzNTI2yAEJqAMBqgTCAU_QegrunGkEDDMVHjQ6oxqPt2FBYywDqTRLmVCJpYJGpIK6wK1VK2lJqLMcgimOIjpdi8cqrMaS2cBBrTF8IqTCf3gU98RAkMMt0u7tTJqQbp1HCr-doPqia__IzmgN-HQofyURc-6T6hK_DyNicrD3-ziL8f-ptQ7OvldTiWfCG5Do6SYr5OtjOwhRMFIb5O6eUiRklCuAMunFew7C3pTM8SLlZVJeTaUeWxLBcQU9Ra75M6uFuMPxd7sgbgLeDrpBgAbW3qLJ4pK-0Z0BoAYhqAemvhuoB5bYG6gHqpuxAqgH35-xAtgHANIIBwiA4YAQEAH6CwIIAYAMAdAVAYAXAQ%2526num%253D1%2526sig%253DAOD64_1pRyOd8bn8uM4WakwHf8UAVymQ_Q%2526client%253Dca-pub-0401673461163526%2526adurl%253D%26redirect%3D
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.63.157 Reilingen, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.157.63.201.138.clients.your-server.de
Software: Apache /
Resource Hash: d55f1d76206aba4f4d4c3b1f2c91b62ca6cd461114120854a38ce7eed11b58cc

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 03 Mar 2022 00:25:47 GMT
Content-Encoding: gzip
Server: Apache
Vary: Accept-Encoding
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
X-NEORY-SubId: 88337000009662704189741011887007
Connection: close
Content-Type: application/x-javascript; charset=utf-8
Content-Length: 330
Expires: Thu, 03 Mar 2022 00:25:47 +0100

GET
H/1.1 200
OK request_content.php Show response
hal90007.redintelligence.net/ Frame D980 7 KB
3 KB 31ms
11ms Document
text/html 138.201.63.157
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal90007.redintelligence.net/request_content.php?s=88337000009662704189741011887007&a=278d6bcf
Requested by: Host: hal90007.redintelligence.net
URL: https://hal90007.redintelligence.net/request.php?zone=vro4j8tlqzop&nw=20&renderingType=javascript&namespace=753a25bd8a&subid=&uid=acfabc27c64e212f&screenSize=0x0&screenSizeAvail=0x0&clientSize=0x0&scrollPos=0x0&extData[]=&extVar[]=DOUBLEBORDER%3A1&extVar[]=MMA_SSP%3Aadx&envData=&gdpr=1&gdpr_consent=li&ud=&redirectClick=https%3A%2F%2Fpixel.mathtag.com%2Fclick%2Fimg%3Fexch_aid%3DYiALCwAKdVEHg4OZ_gJ0Hg%26exch_seat%3D20035004448%26mt_aid%3D2802030667604969483%26mt_id%3D9966459%26mt_adid%3D215543%26mt_sid%3D10497469%26mt_exid%3D4%26mt_inapp%3D0%26mt_os%3DWindows%26mt_uuid%3D5ca96220-0b0b-4a01-adb6-d9472fb4a21f%26mt_cid%3D5ca96220-0b0b-4a01-adb6-d9472fb4a21f%26mt_3pck%3Dhttps%253A%2F%2Fadclick.g.doubleclick.net%2Faclk%253Fsa%253DL%2526ai%253DCDSnyCwsgYumGJaTZ7_UPtteoqA3Ph46bXMCG2YLGAsCNtwEQASAAYJXikIKgB4IBF2NhLXB1Yi0wNDAxNjczNDYxMTYzNTI2yAEJqAMBqgTCAU_QegrunGkEDDMVHjQ6oxqPt2FBYywDqTRLmVCJpYJGpIK6wK1VK2lJqLMcgimOIjpdi8cqrMaS2cBBrTF8IqTCf3gU98RAkMMt0u7tTJqQbp1HCr-doPqia__IzmgN-HQofyURc-6T6hK_DyNicrD3-ziL8f-ptQ7OvldTiWfCG5Do6SYr5OtjOwhRMFIb5O6eUiRklCuAMunFew7C3pTM8SLlZVJeTaUeWxLBcQU9Ra75M6uFuMPxd7sgbgLeDrpBgAbW3qLJ4pK-0Z0BoAYhqAemvhuoB5bYG6gHqpuxAqgH35-xAtgHANIIBwiA4YAQEAH6CwIIAYAMAdAVAYAXAQ%2526num%253D1%2526sig%253DAOD64_1pRyOd8bn8uM4WakwHf8UAVymQ_Q%2526client%253Dca-pub-0401673461163526%2526adurl%253D%26redirect%3D&documentReferer=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fads%3Fclient%3Dca-pub-0401673461163526%26output%3Dhtml%26h%3D280%26slotname%3D8802516303%26adk%3D143785488%26adf%3D2938917947%26pi%3Dt.ma~as.8802516303%26w%3D370%26fwrn%3D4%26fwrnh%3D100%26lmt%3D1646267147%26rafmt%3D1%26psa%3D0%26format%3D370x280%26url%3Dhttps%253A%252F%252Far-deko.su%252Fhanovercounty.gov%26flash%3D0%26fwr%3D0%26fwrattr%3Dtrue%26rpe%3D1%26resp_fmts%3D3%26wgl%3D1%26uach%3DWyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.%26dt%3D1646267147444%26bpp%3D1%26bdt%3D173%26idt%3D144%26shv%3Dr20220228%26mjsv%3Dm202202240101%26ptt%3D9%26saldr%3Daa%26abxe%3D1%26prev_fmts%3D0x0%252C769x280%252C769x280%252C769x280%26nras%3D1%26correlator%3D7111713296875%26frm%3D20%26pv%3D1%26ga_vid%3D2122408744.1646267148%26ga_sid%3D1646267148%26ga_hid%3D1245227457%26ga_fc%3D1%26u_tz%3D0%26u_his%3D2%26u_h%3D1200%26u_w%3D1600%26u_ah%3D1200%26u_aw%3D1600%26u_cd%3D24%26u_sd%3D1%26dmc%3D8%26adx%3D1015%26ady%3D94%26biw%3D1600%26bih%3D1200%26scr_x%3D0%26scr_y%3D0%26eid%3D42531397%252C44750774%252C31060033%252C44756431%26oid%3D2%26pvsid%3D3926138564529050%26pem%3D250%26tmod%3D682907973%26uas%3D0%26nvt%3D1%26eae%3D0%26fc%3D1920%26brdim%3D0%252C0%252C0%252C0%252C1600%252C0%252C1600%252C1200%252C1600%252C1200%26vis%3D1%26rsz%3D%257C%257CeE%257C%26abl%3DCS%26pfx%3D0%26fu%3D128%26bc%3D31%26ifi%3D5%26uci%3Da!5%26fsb%3D1%26xpc%3DeVdv33HUPi%26p%3Dhttps%253A%2F%2Far-deko.su%26dtd%3D146&ancestorOrigins=null&random=3017621746166&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.63.157 Reilingen, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.157.63.201.138.clients.your-server.de
Software: Apache /
Resource Hash: 59b1848fcf926582d7798e40841e051e34c3a73c36518796d5845d3dfbba56d4

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/

Response headers

Date: Thu, 03 Mar 2022 00:25:48 GMT
Server: Apache
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Expires: Thu, 03 Mar 2022 00:25:48 +0100
Pragma: no-cache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 2304
Connection: close
Content-Type: text/html; charset=utf-8

GET
DATA 200
OK truncated
/ Frame 038D 219 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b5f03e5e481a513995fc99344c9967e154eae9ee9181f3a7551edce61e6ab778

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 jquery.min.js Show response
ajax.googleapis.com/ajax/libs/jquery/1.6.2/ Frame D980 89 KB
32 KB 28ms
7ms Script
text/javascript 2a00:1450:4001:800::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/jquery/1.6.2/jquery.min.js

Requested by

Host: hal90007.redintelligence.net
URL: https://hal90007.redintelligence.net/request_content.php?s=88337000009662704189741011887007&a=278d6bcf

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d16d07a0353405fcec95f7efc50a2621bc7425f9a5e8895078396fb0dc460c4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal90007.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sat, 26 Feb 2022 17:07:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 371920
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 32245
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
vary: Accept-Encoding
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 26 Feb 2023 17:07:08 GMT

GET
H2 200 / Show response
track.adform.net/adfscript/ Frame D980 745 B
940 B 73ms
19ms Script
text/javascript 37.157.6.252
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://track.adform.net/adfscript/?bn=53457417;click=https%3A%2F%2Fhal90007.redintelligence.net%2Fc%2Fpgbsxi92xm1hhg2%3Ftprde%3D

Requested by

Host: hal90007.redintelligence.net
URL: https://hal90007.redintelligence.net/request_content.php?s=88337000009662704189741011887007&a=278d6bcf

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.6.252 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

s1.adform.net

Software

nginx /

Resource Hash

dbf4b6021d5a078b203f39fa2c9969d5e430bd2d1545d3158b6aa51145441064

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal90007.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 03 Mar 2022 00:25:48 GMT
content-encoding: gzip
server: nginx
vary: Accept-Encoding
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
strict-transport-security: max-age=31536000; includeSubDomains
content-type: text/javascript; charset=utf-8
content-length: 547
expires: -1

GET
H/1.1 200
OK viewability Show response
hal90007.redintelligence.net/ Frame D980 0
150 B 32ms
11ms Script
text/html 138.201.63.157
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal90007.redintelligence.net/viewability?s=88337000009662704189741011887007&a=fdbaf4c5&vb=m
Requested by: Host: hal90007.redintelligence.net
URL: https://hal90007.redintelligence.net/request_content.php?s=88337000009662704189741011887007&a=278d6bcf
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.63.157 Reilingen, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.157.63.201.138.clients.your-server.de
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal90007.redintelligence.net/request_content.php?s=88337000009662704189741011887007&a=278d6bcf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Thu, 03 Mar 2022 00:25:48 GMT
Server: Apache
Connection: close
Content-Length: 0
Content-Type: text/html; charset=UTF-8

GET
H2 200 bootstrap.js Show response
s1.adform.net/stoat/626/s1.adform.net/ Frame D980 33 KB
16 KB 70ms
18ms Script
text/javascript 37.157.6.235
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL: https://s1.adform.net/stoat/626/s1.adform.net/bootstrap.js
Requested by: Host: track.adform.net
URL: https://track.adform.net/adfscript/?bn=53457417;click=https%3A%2F%2Fhal90007.redintelligence.net%2Fc%2Fpgbsxi92xm1hhg2%3Ftprde%3D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.157.6.235 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software: nginx /
Resource Hash: 3d0bf782b47dcd079eedf6bb34ecb0742c114a4e4b90e37a58a412482101b475

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal90007.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 03 Mar 2022 00:25:48 GMT
content-encoding: gzip
last-modified: Thu, 10 Feb 2022 15:16:56 GMT
server: nginx
x-cache-status: HIT
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=100000
expires: Fri, 04 Mar 2022 03:50:42 GMT

GET
H2 200 / Show response
track.adform.net/adfserve/ Frame D980 4 KB
2 KB 26ms
26ms Script
text/javascript 37.157.6.252
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://track.adform.net/adfserve/?CC=1&bn=53457417;click=https%3A%2F%2Fhal90007.redintelligence.net%2Fc%2Fpgbsxi92xm1hhg2%3Ftprde%3D;js=1;adfxid=1x;1012;set=en-US|en-US|1600X1200|0|350|300|24|8|3|7|1|;cmpgdpr=;cmpgdprconsent=;fd=0|0&CREFURL=https%3A%2F%2Far-deko.su

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/bootstrap.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.6.252 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

s1.adform.net

Software

nginx /

Resource Hash

2205b36ec3696b8e67669e2a6c2993d20f829e3ad931a923399e9f55232ae850

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal90007.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 03 Mar 2022 00:25:48 GMT
content-encoding: gzip
server: nginx
vary: Accept-Encoding
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
strict-transport-security: max-age=31536000; includeSubDomains
content-type: text/javascript; charset=utf-8
content-length: 1983
expires: -1

GET
DATA 200
OK truncated
/ Frame D980 43 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Content-Type: image/gif

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 14 KB
10 KB 42ms
27ms XHR
application/json 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20220228&st=env

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

bec49bed44913d32162e9bb6508ece95d0115a554f3aef301e1fcf4ad7ce91b9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ar-deko.su/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 03 Mar 2022 00:25:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10516
x-xss-protection: 0

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
6 KB 39ms
23ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ar-deko.su/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 03 Mar 2022 00:25:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Thu, 03 Mar 2022 00:25:48 GMT

GET
H2 200 Standard Show response
s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.219/e/igSBggDQ/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/HTML:types/ Frame D980 90 KB
39 KB 27ms
27ms Script
text/javascript 37.157.6.235
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.219/e/igSBggDQ/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/HTML:types/Standard
Requested by: Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/bootstrap.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.157.6.235 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software: nginx /
Resource Hash: f7e06ae449bdd4ebece6e26cdb36840f7cb19f28b57bbb6b8647a54535557d3f

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal90007.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 03 Mar 2022 00:25:48 GMT
content-encoding: gzip
last-modified: Thu, 10 Feb 2022 15:16:56 GMT
server: nginx
x-cache-status: HIT
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=100000
expires: Fri, 04 Mar 2022 03:50:59 GMT

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame CA7C 13 KB
5 KB 6ms
6ms Document
text/html 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://ar-deko.su/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-length: 5046
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 02 Mar 2022 20:37:00 GMT
expires: Thu, 02 Mar 2023 20:37:00 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
content-type: text/html
age: 13728
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 0851 783 B
1 KB 38ms
16ms Document
text/html 2a00:1450:4001:829::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

49c2ff8ec8792722fb691d7daedf9e82c61ec58672da506a2aeb7023ad6c86d4

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-lc8A86xzIKP1mlZ841EpVw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://ar-deko.su/

Response headers

cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
expires: Thu, 03 Mar 2022 00:25:48 GMT
date: Thu, 03 Mar 2022 00:25:48 GMT
cache-control: private, max-age=300
content-type: text/html; charset=utf-8
content-security-policy: script-src 'report-sample' 'nonce-lc8A86xzIKP1mlZ841EpVw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 514
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

POST
H2 200 /
track.adform.net/csimpr/ Frame D980 35 B
477 B 19ms
19ms Ping
image/gif 37.157.6.252
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://track.adform.net/csimpr/?bn=53457417&csi=5PZPpCUJF1d5FJYuV4cOUiD3u0T3UNnziEe4QfD8vwDrygPkIxxfk43EwsCFEUYdI7xAcqXTe5HDzD9Sh2rVI96vWmW1dlSa0

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/bootstrap.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.6.252 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

s1.adform.net

Software

nginx /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://hal90007.redintelligence.net/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Thu, 03 Mar 2022 00:25:48 GMT
server: nginx
access-control-max-age: 86400
access-control-allow-methods: GET, POST
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: https://hal90007.redintelligence.net
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
access-control-allow-headers: Content-Type, Cache-Control, Accept-Encoding, X-Requested-With
expires: -1

GET
H2 200 10942335.js Show response
s1.adform.net/Banners/Elements/Files/160090/10942335/ Frame FAF8 4 KB
1 KB 19ms
18ms Script
application/x-javascript 37.157.6.235
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://s1.adform.net/Banners/Elements/Files/160090/10942335/10942335.js?ADFassetID=10942335&bv=258

Requested by

Host: ar-deko.su
URL: https://ar-deko.su/hanovercounty.gov

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.6.235 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

4755cd65933fc44cec09095fab1c0ded311c266d96dee045b466e2343bffef69

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal90007.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 03 Mar 2022 00:25:48 GMT
content-encoding: gzip
last-modified: Fri, 25 Feb 2022 16:15:30 GMT
server: nginx
etag: W/"621900a2-e22"
x-cache-status: HIT
strict-transport-security: max-age=0
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: public, max-age=604800
content-type: application/x-javascript

GET
H3 200 mF8jAiIKdU2I24lDkXEdvB6f9nJ-5cys-Upa-8ZRieM.js Show response
pagead2.googlesyndication.com/bg/ Frame CA7C 35 KB
13 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/mF8jAiIKdU2I24lDkXEdvB6f9nJ-5cys-Upa-8ZRieM.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

985f2302220a754d88db894391711dbc1e9ff6727ee5ccacf94a5afbc65189e3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 02 Mar 2022 20:53:53 GMT
content-encoding: br
x-content-type-options: nosniff
age: 12715
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13514
x-xss-protection: 0
last-modified: Thu, 24 Feb 2022 13:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 02 Mar 2023 20:53:53 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 0851 0
0 59ms
59ms Image
text/html 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20220228&jk=3926138564529050&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

GET
H2 200 screen.css
s1.adform.net/Banners/Elements/Files/160090/10942335/bvpath_258/ Frame FAF8 1 KB
905 B 18ms
17ms Stylesheet
text/css 37.157.6.235
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://s1.adform.net/Banners/Elements/Files/160090/10942335/bvpath_258/screen.css

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.219/e/igSBggDQ/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/HTML:types/Standard

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.6.235 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

4f61b6a62a2b74a415128eb66dee3a7772b2b8bba6645e25d0bbb6e05fa6902c

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal90007.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 03 Mar 2022 00:25:48 GMT
content-encoding: gzip
last-modified: Fri, 25 Feb 2022 16:15:33 GMT
server: nginx
etag: W/"621900a5-5ef"
x-cache-status: HIT
strict-transport-security: max-age=0
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: public, max-age=604800
content-type: text/css

GET
H2 200 Adform.DHTML.js Show response
s1.adform.net/banners/scripts/rmb/ Frame FAF8 30 KB
13 KB 19ms
18ms Script
application/x-javascript 37.157.6.235
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL: https://s1.adform.net/banners/scripts/rmb/Adform.DHTML.js?bv=626
Requested by: Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.219/e/igSBggDQ/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/HTML:types/Standard
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.157.6.235 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software: nginx /
Resource Hash: bea63616949c80ff0dfdbb1e8547f1585882fc691483317b06441688e3e5f14a

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal90007.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 03 Mar 2022 00:25:48 GMT
content-encoding: gzip
last-modified: Fri, 14 May 2021 12:35:38 GMT
server: nginx
etag: W/"609e6e9a-76d9"
x-cache-status: HIT
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: public, max-age=604800
content-type: application/x-javascript

GET
H2 200 introfill.png
s1.adform.net/Banners/Elements/Files/160090/10942335/bvpath_258/ Frame FAF8 117 B
413 B 20ms
18ms Image
image/png 37.157.6.235
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s1.adform.net/Banners/Elements/Files/160090/10942335/bvpath_258/introfill.png

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.219/e/igSBggDQ/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/HTML:types/Standard

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.6.235 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

9e9b34f0817548b428e128d5a7551fbc499d01fee0a12d016c323f65b9d4e2fd

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal90007.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 03 Mar 2022 00:25:48 GMT
last-modified: Fri, 25 Feb 2022 16:15:33 GMT
server: nginx
etag: "621900a5-75"
x-cache-status: HIT
strict-transport-security: max-age=0
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: public, max-age=604800
accept-ranges: bytes
content-type: image/png
content-length: 117

GET
H2 200 stoerer.png
s1.adform.net/Banners/Elements/Files/160090/10942335/bvpath_258/ Frame FAF8 6 KB
7 KB 20ms
18ms Image
image/png 37.157.6.235
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s1.adform.net/Banners/Elements/Files/160090/10942335/bvpath_258/stoerer.png

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.219/e/igSBggDQ/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/HTML:types/Standard

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.6.235 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

8e0e79e215e578a6c4db88e1c09ca72c6e0367d4cd951de0743f2170e474cb86

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal90007.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 03 Mar 2022 00:25:48 GMT
last-modified: Fri, 25 Feb 2022 16:15:33 GMT
server: nginx
etag: "621900a5-1908"
x-cache-status: HIT
strict-transport-security: max-age=0
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: public, max-age=604800
accept-ranges: bytes
content-type: image/png
content-length: 6408

GET
H2 200 text1.png
s1.adform.net/Banners/Elements/Files/160090/10942335/bvpath_258/ Frame FAF8 33 KB
34 KB 23ms
19ms Image
image/png 37.157.6.235
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s1.adform.net/Banners/Elements/Files/160090/10942335/bvpath_258/text1.png

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.219/e/igSBggDQ/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/HTML:types/Standard

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.6.235 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

88b8789b23183e64f11d636d61b391ce3682cfe8cdc29021ac043fc7c6f35e3e

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal90007.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 03 Mar 2022 00:25:48 GMT
last-modified: Fri, 25 Feb 2022 16:15:30 GMT
server: nginx
etag: "621900a2-859a"
x-cache-status: HIT
strict-transport-security: max-age=0
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: public, max-age=604800
accept-ranges: bytes
content-type: image/png
content-length: 34202

GET
H2 200 b1.png
s1.adform.net/Banners/Elements/Files/160090/10942335/bvpath_258/ Frame FAF8 7 KB
7 KB 26ms
23ms Image
image/png 37.157.6.235
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s1.adform.net/Banners/Elements/Files/160090/10942335/bvpath_258/b1.png

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.219/e/igSBggDQ/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/HTML:types/Standard

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.6.235 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

d9c2d3d15c40d77b0e466603aff3b13540e6fec4cb9d106b98a12db93f16f366

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal90007.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 03 Mar 2022 00:25:48 GMT
last-modified: Fri, 25 Feb 2022 16:15:30 GMT
server: nginx
etag: "621900a2-1bf3"
x-cache-status: HIT
strict-transport-security: max-age=0
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: public, max-age=604800
accept-ranges: bytes
content-type: image/png
content-length: 7155

GET
H2 200 b2.png
s1.adform.net/Banners/Elements/Files/160090/10942335/bvpath_258/ Frame FAF8 8 KB
8 KB 34ms
31ms Image
image/png 37.157.6.235
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s1.adform.net/Banners/Elements/Files/160090/10942335/bvpath_258/b2.png

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.219/e/igSBggDQ/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/HTML:types/Standard

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.6.235 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

620877d80966782d88b31255132304930531edd5d3792854f8dfc4816416dbf6

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal90007.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 03 Mar 2022 00:25:48 GMT
last-modified: Fri, 25 Feb 2022 16:15:33 GMT
server: nginx
etag: "621900a5-1e99"
x-cache-status: HIT
strict-transport-security: max-age=0
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: public, max-age=604800
accept-ranges: bytes
content-type: image/png
content-length: 7833

GET
H2 200 b3.png
s1.adform.net/Banners/Elements/Files/160090/10942335/bvpath_258/ Frame FAF8 8 KB
8 KB 35ms
31ms Image
image/png 37.157.6.235
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s1.adform.net/Banners/Elements/Files/160090/10942335/bvpath_258/b3.png

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.219/e/igSBggDQ/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/HTML:types/Standard

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.6.235 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

7d59162941ab2c89197f8db7a428e791b24517825fe8b9de25c11a7699d2ea4e

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal90007.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 03 Mar 2022 00:25:48 GMT
last-modified: Fri, 25 Feb 2022 16:15:33 GMT
server: nginx
etag: "621900a5-1fd2"
x-cache-status: HIT
strict-transport-security: max-age=0
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: public, max-age=604800
accept-ranges: bytes
content-type: image/png
content-length: 8146

GET
H2 200 b4.png
s1.adform.net/Banners/Elements/Files/160090/10942335/bvpath_258/ Frame FAF8 8 KB
8 KB 37ms
33ms Image
image/png 37.157.6.235
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s1.adform.net/Banners/Elements/Files/160090/10942335/bvpath_258/b4.png

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.219/e/igSBggDQ/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/HTML:types/Standard

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.6.235 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

f1a7c99a269bc09772a3aea64343e714ee4b8db6c7a5c9494e7b1aa2d115d64e

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal90007.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 03 Mar 2022 00:25:48 GMT
last-modified: Fri, 25 Feb 2022 16:15:30 GMT
server: nginx
etag: "621900a2-1ec3"
x-cache-status: HIT
strict-transport-security: max-age=0
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: public, max-age=604800
accept-ranges: bytes
content-type: image/png
content-length: 7875

GET
H2 200 disclaimer.png
s1.adform.net/Banners/Elements/Files/160090/10942335/bvpath_258/ Frame FAF8 3 KB
3 KB 37ms
34ms Image
image/png 37.157.6.235
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s1.adform.net/Banners/Elements/Files/160090/10942335/bvpath_258/disclaimer.png

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.219/e/igSBggDQ/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/HTML:types/Standard

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.6.235 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

a7f660360f986830418098d593c35845d576cf1d16de89151f8c77266ee3164f

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal90007.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 03 Mar 2022 00:25:48 GMT
last-modified: Fri, 25 Feb 2022 16:15:33 GMT
server: nginx
etag: "621900a5-b36"
x-cache-status: HIT
strict-transport-security: max-age=0
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: public, max-age=604800
accept-ranges: bytes
content-type: image/png
content-length: 2870

GET
H2 200 date.png
s1.adform.net/Banners/Elements/Files/160090/10942335/bvpath_258/ Frame FAF8 2 KB
2 KB 38ms
34ms Image
image/png 37.157.6.235
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s1.adform.net/Banners/Elements/Files/160090/10942335/bvpath_258/date.png

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.219/e/igSBggDQ/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/HTML:types/Standard

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.6.235 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

cda3ec4d16fbf2f69ca13ce0e300ce2a81db033aea6226196be47d9f4e1fe7e3

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal90007.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 03 Mar 2022 00:25:48 GMT
last-modified: Fri, 25 Feb 2022 16:15:33 GMT
server: nginx
etag: "621900a5-85d"
x-cache-status: HIT
strict-transport-security: max-age=0
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: public, max-age=604800
accept-ranges: bytes
content-type: image/png
content-length: 2141

GET
H2 200 cta.png
s1.adform.net/Banners/Elements/Files/160090/10942335/bvpath_258/ Frame FAF8 2 KB
2 KB 38ms
34ms Image
image/png 37.157.6.235
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s1.adform.net/Banners/Elements/Files/160090/10942335/bvpath_258/cta.png

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.219/e/igSBggDQ/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/HTML:types/Standard

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.6.235 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

2f44a459ede8be3dd24268f27949c06880929fc876716e3787b8f6a4ae0928eb

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal90007.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 03 Mar 2022 00:25:48 GMT
last-modified: Fri, 25 Feb 2022 16:15:30 GMT
server: nginx
etag: "621900a2-78d"
x-cache-status: HIT
strict-transport-security: max-age=0
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: public, max-age=604800
accept-ranges: bytes
content-type: image/png
content-length: 1933

GET
H2 200 logostart.png
s1.adform.net/Banners/Elements/Files/160090/10942335/bvpath_258/ Frame FAF8 7 KB
7 KB 39ms
36ms Image
image/png 37.157.6.235
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s1.adform.net/Banners/Elements/Files/160090/10942335/bvpath_258/logostart.png

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.219/e/igSBggDQ/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/HTML:types/Standard

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.6.235 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

5f5cc14425f252a51538edf4a3e8eb842fc5f640a90e0e3a2b9856007aff50ef

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal90007.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 03 Mar 2022 00:25:48 GMT
last-modified: Fri, 25 Feb 2022 16:15:33 GMT
server: nginx
etag: "621900a5-1b03"
x-cache-status: HIT
strict-transport-security: max-age=0
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: public, max-age=604800
accept-ranges: bytes
content-type: image/png
content-length: 6915

GET
H2 200 logo.png
s1.adform.net/Banners/Elements/Files/160090/10942335/bvpath_258/ Frame FAF8 4 KB
4 KB 40ms
36ms Image
image/png 37.157.6.235
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s1.adform.net/Banners/Elements/Files/160090/10942335/bvpath_258/logo.png

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.219/e/igSBggDQ/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/HTML:types/Standard

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.6.235 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

94aea0bf6407c556d6403f2390af417fed122850cd2382a966b0bff02b839150

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal90007.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 03 Mar 2022 00:25:48 GMT
last-modified: Fri, 25 Feb 2022 16:15:33 GMT
server: nginx
etag: "621900a5-1084"
x-cache-status: HIT
strict-transport-security: max-age=0
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: public, max-age=604800
accept-ranges: bytes
content-type: image/png
content-length: 4228

GET
H2 200 model.jpg
s1.adform.net/Banners/Elements/Files/160090/10942335/bvpath_258/ Frame FAF8 23 KB
23 KB 41ms
38ms Image
image/jpeg 37.157.6.235
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s1.adform.net/Banners/Elements/Files/160090/10942335/bvpath_258/model.jpg

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.219/e/igSBggDQ/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/HTML:types/Standard

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.6.235 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

b7d9f9c93559172d5b81fb72259097d64bf173ea80136bd0c85cbc964bd1b48c

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal90007.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 03 Mar 2022 00:25:48 GMT
last-modified: Fri, 25 Feb 2022 16:15:30 GMT
server: nginx
etag: "621900a2-5a08"
x-cache-status: HIT
strict-transport-security: max-age=0
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: public, max-age=604800
accept-ranges: bytes
content-type: image/jpeg
content-length: 23048

GET
H2 200 background.jpg
s1.adform.net/Banners/Elements/Files/160090/10942335/bvpath_258/ Frame FAF8 7 KB
7 KB 44ms
41ms Image
image/jpeg 37.157.6.235
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s1.adform.net/Banners/Elements/Files/160090/10942335/bvpath_258/background.jpg

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.219/e/igSBggDQ/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/HTML:types/Standard

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.6.235 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

2fec46d6c6cea091c5555a2d620711cf4729fadf608d437ad96d60ffccff9d29

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal90007.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 03 Mar 2022 00:25:48 GMT
last-modified: Fri, 25 Feb 2022 16:15:33 GMT
server: nginx
etag: "621900a5-1bee"
x-cache-status: HIT
strict-transport-security: max-age=0
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: public, max-age=604800
accept-ranges: bytes
content-type: image/jpeg
content-length: 7150

GET
H2 200 CSSPlugin.min.js Show response
cdnjs.cloudflare.com/ajax/libs/gsap/1.18.0/plugins/ Frame FAF8 38 KB
14 KB 62ms
21ms Script
application/javascript 2606:4700::6810:135e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/gsap/1.18.0/plugins/CSSPlugin.min.js

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.219/e/igSBggDQ/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/HTML:types/Standard

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:135e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

cbf2228ab439f89b83feb79ea549213521a81212fde9ff67f9c73d002d586198

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal90007.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 03 Mar 2022 00:25:48 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 87783
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 13669
timing-allow-origin: *
last-modified: Mon, 04 May 2020 16:10:25 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03e71-9833"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NhmCgH%2FPVHEBEzIOE6qbfI%2BqWlj066gSLub6Mow25L0qGS9co3Q7lfZ0lvaQ%2Fl2zNVzv5g%2ByYpA4uvPXSkBheJP1OutHhzS3yVymIOkgsGUubV3eJ9rogukIFQY0jN%2Bg7UwY%2BT9EuwkpXp974e2gKAlS"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 6e5e3cadfb3a0f52-MXP
expires: Tue, 21 Feb 2023 00:25:48 GMT

GET
H2 200 EasePack.min.js Show response
cdnjs.cloudflare.com/ajax/libs/gsap/1.18.0/easing/ Frame FAF8 5 KB
2 KB 66ms
25ms Script
application/javascript 2606:4700::6810:135e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/gsap/1.18.0/easing/EasePack.min.js

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.219/e/igSBggDQ/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/HTML:types/Standard

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:135e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

37bc930c63149650677d732eea9526432bd8494c55737f45c98e7f8ad7c1e7ff

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal90007.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 03 Mar 2022 00:25:48 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 450588
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 1730
timing-allow-origin: *
last-modified: Mon, 04 May 2020 16:10:25 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03e71-146f"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4mA6X1LZ%2FnbYlllviuRlaCCnwTlG%2FK0snjbalfeOn0SoJzHnvFyau4Sk%2BNOxAOUSAUiUj5xCDMZkCWGPaGp9W9pMv6ehaSeoShDcAhacJAIfA7yBwyBKR981zvWcR67NG%2F7EkgB73fZ3tYE6bW0K9YFY"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 6e5e3cadfb3c0f52-MXP
expires: Tue, 21 Feb 2023 00:25:48 GMT

GET
H2 200 TweenLite.min.js Show response
cdnjs.cloudflare.com/ajax/libs/gsap/1.18.0/ Frame FAF8 26 KB
9 KB 63ms
23ms Script
application/javascript 2606:4700::6810:135e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/gsap/1.18.0/TweenLite.min.js

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.219/e/igSBggDQ/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/HTML:types/Standard

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:135e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7e5b4dd28e58e76dbe83eb2b357fdad7e54b85a9def9bf953063d5970a91ee6a

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal90007.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 03 Mar 2022 00:25:48 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 442245
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 8578
timing-allow-origin: *
last-modified: Mon, 04 May 2020 16:10:25 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03e71-697f"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qkNavTELz4Lw%2F2oaGQL0D0IGlzfOPcYgDKtIsA4P3ASwG%2FD3bXhflBaYNWLYNJJ%2BL2uigEr6LQura%2BAXlBrU1ruNLTsJbhJnOegEJEryNG9gI4fRsZNj%2F0AQ%2B2rM4Rhq0CLaUQVOvV8UHrnyFk877rTL"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 6e5e3cadfb3d0f52-MXP
expires: Tue, 21 Feb 2023 00:25:48 GMT

GET
H2 200 script.js Show response
s1.adform.net/Banners/Elements/Files/160090/10942335/bvpath_258/ Frame FAF8 8 KB
2 KB 43ms
41ms Script
application/x-javascript 37.157.6.235
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://s1.adform.net/Banners/Elements/Files/160090/10942335/bvpath_258/script.js

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.219/e/igSBggDQ/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/HTML:types/Standard

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.6.235 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

ede3215741b201e7827fdb5bd29735f214f96be75183960fa1508693935db401

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal90007.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 03 Mar 2022 00:25:48 GMT
content-encoding: gzip
last-modified: Fri, 25 Feb 2022 16:15:30 GMT
server: nginx
etag: W/"621900a2-21d1"
x-cache-status: HIT
strict-transport-security: max-age=0
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: public, max-age=604800
content-type: application/x-javascript

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame CA7C 0
9 B 6ms
6ms Image
text/plain 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?sCd_0A
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Thu, 03 Mar 2022 00:25:48 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
20 B 45ms
44ms Image
image/gif 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=225&t=2&li=gda_r20220228&jk=3926138564529050&bg=!OTqlOn7NAAYFuXAgBbk7ACkAdvg8Wtn2HfCYNsycAyYykhQ3GnRYE0k5_40QO36A1wH3Ne_olH5e_wIAAABkUgAAAAJoAQcKAEHA0WOqldNSXReewpOuPmcJVwDJfAzQAufsdY7zWNx_i7SwhyVvkRL-VDObMDSkMcsCeBgeNondcrfenxtfV3Wv6JkCp6wmswdKo0lrXa2jVioGoqfJHR8o67u3StTmqq3R0rVPdB4i3tN0r0uOfcKo4HyNkQXouJRD8AkFzlKODGBCBzFwdU2UgBItU-xPp6iONL-5wrXO--z4SDinHPiK3YpwjplLq3Hlpo2fSIXjlIg9PrTDdU_rf2q69G9uqfbFoXfMuQFpoKe6hlytmcgLEnt93o7wcnqPD5Pg4LrVL9Fk0yRO1rUllZibvP_BcySlmLmIZquKaSmFpYXHW_TNEUf-ZPiYulOi45g8XFvO_Fmzl4vHlJ2f8tQ82CjP2NHi2_xNC-8CR1uj-h_pjUo8R41bAAdrcRRDNLAkZzEpeMiMWB5JdLhfHS8lYfRhINpwILHgj1UuJEiA_mNR16tIEyL-DQ863Gkz0HmBWkZruNaoNe35yvTdVHcPPM6STVBw1svJG3iIl8oBkvaRbwsiLMu5I0GB7FE-PzYNRLvdCf9bb0UlqlbNriOs9ofZ0KY-JxMC3CJSc5PKwDpcC52BiQt21ZVUnOxWwzQOMfPNbKXbBVFvEk8RrUmHmSRJBWPaO4IbGAaAZLPc0s_YniFI_uQL6lW1pMw_FafZhxcLnOVnLqPbdJ8wNSmbqDwUkJ9VYG_kiiUDKp1lixPN-XCupPGyVE2hNBpHy2UnLB4iV9j_Gcdrpf-OM35sQaTKAFBbm4CnSHYbCEmiWQ41mq84FByGwx8UtOGaaI40ya8MkvkibI2HH1BuXcIOtcjfAIoMf-uANmnr03_eEVaWncRDzkz2k1diFXuJvVfNEmFs_2TE5QwpUy0o9bJt4JCt52D7e6QQUrqM-CbOj5G-Xv9ss6u6X22lULecTnak5en8GIoxUWQzMMPr_T8lU9st-CwXw7SZaoD5F6GiVYSTT54LMn0Q0m24xsNEZ5I

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ar-deko.su/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 03 Mar 2022 00:25:49 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 038D 42 B
64 B 44ms
44ms Fetch
image/gif 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvj7RIXizcUYr-pmKkkEqezvJXaRDAX5XhQ5h7TaKxsDiN5UazwJmWNB43N3_ThNAoC0QOOVueKMpSR3rMFs61Ttg&sig=Cg0ArKJSzO0xpPuAih6zEAE&id=lidar2&mcvt=1000&p=0,0,280,336&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20220302&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=20&adk=143785488&rs=2&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0%3D&vs=4&r=v&rst=1646267147771&rpt=273&met=mue&wmsd=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 03 Mar 2022 00:25:49 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK viewability Show response
hal90007.redintelligence.net/ Frame D980 0
150 B 34ms
12ms Script
text/html 138.201.63.157
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal90007.redintelligence.net/viewability?s=88337000009662704189741011887007&a=fdbaf4c5&vb=v
Requested by: Host: hal90007.redintelligence.net
URL: https://hal90007.redintelligence.net/request_content.php?s=88337000009662704189741011887007&a=278d6bcf
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.63.157 Reilingen, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.157.63.201.138.clients.your-server.de
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal90007.redintelligence.net/request_content.php?s=88337000009662704189741011887007&a=278d6bcf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Thu, 03 Mar 2022 00:25:49 GMT
Server: Apache
Connection: close
Content-Length: 0
Content-Type: text/html; charset=UTF-8

POST
H2 200 /
track.adform.net/serving/unload/ Frame D980 35 B
468 B 20ms
20ms Ping
image/gif 37.157.6.252
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://track.adform.net/serving/unload/?version=15&unload=5804157720539226146@@53457417,3069324764750922928,100|1200|0|0|0|0|0|0|0||59|1|||||1|0|0|a-cIq6xb9oRcPlakbYq96bnFNzPcHZfBiw0PRsoc7UFnkVelKmN48om3nyX34Xgm0|||11||0

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/bootstrap.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.6.252 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

s1.adform.net

Software

nginx /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://hal90007.redintelligence.net/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Thu, 03 Mar 2022 00:25:49 GMT
server: nginx
access-control-max-age: 86400
access-control-allow-methods: GET, POST
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: https://hal90007.redintelligence.net
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
access-control-allow-headers: Content-Type, Cache-Control, Accept-Encoding, X-Requested-With
expires: -1

Verdicts & Comments Add Verdict or Comment

53 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

9 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.ar-deko.su/	1970-01-20 18:48:59	Name: _ga Value: GA1.2.2122408744.1646267148
.ar-deko.su/	1970-01-20 01:19:13	Name: _gid Value: GA1.2.1412831523.1646267148
.ar-deko.su/	1970-01-20 01:17:47	Name: _gat_gtag_UA_211438602_1 Value: 1
.ar-deko.su/	1970-01-20 10:39:23	Name: __gads Value: ID=f1f01cc12fc670d9-22ba8d4050cd0064:T=1646267147:RT=1646267147:S=ALNI_MYDgKNfUJnKZmySCpFyOn9aQKdHaw
.doubleclick.net/	1970-01-20 10:39:23	Name: IDE Value: AHWqTUmQCapuvydEXv0u8PDKZfDOOPzx3KTdUZC8PZvJT3R6ihhn4abp5sHgwExSb1g
.mathtag.com/	1970-01-20 10:03:23	Name: uuid Value: 5ca96220-0b0b-4a01-adb6-d9472fb4a21f
.adform.net/	1970-01-20 02:02:21	Name: C Value: 1
.adform.net/	1970-01-20 02:44:07	Name: uid Value: 5804157720539226146
.adform.net/	1970-01-20 01:27:51	Name: TPC Value: 1646267148222

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

adservice.google.com
adservice.google.de
ajax.googleapis.com
ar-deko.su
cdn.ar-deko.su
cdnjs.cloudflare.com
code.jquery.com
dhbhdrzi4tiry.cloudfront.net
googleads.g.doubleclick.net
hal9000.redintelligence.net
hal90007.redintelligence.net
pagead2.googlesyndication.com
partner.googleadservices.com
pixel.mathtag.com
s1.adform.net
tags.mathtag.com
tpc.googlesyndication.com
track.adform.net
www.google-analytics.com
www.google.com
www.googletagmanager.com
www.googletagservices.com
138.201.63.157
138.201.63.165
142.250.184.226
143.204.101.162
185.29.132.246
2.18.233.201
2001:4de0:ac18::1:a:3a
2606:4700::6810:135e
2a00:1450:4001:800::200a
2a00:1450:4001:802::2002
2a00:1450:4001:808::2008
2a00:1450:4001:810::200e
2a00:1450:4001:811::2002
2a00:1450:4001:812::2002
2a00:1450:4001:829::2002
2a00:1450:4001:829::2004
2a00:1450:4001:82f::2001
2a00:1450:4001:830::2002
2a06:98c1:3121::7
37.157.6.235
37.157.6.252
0625e9cde838ae0576bd4a69319719d0225f52725200bcb59efe4884913584fd
06305ecb557abbb0b4780a1a60241ea27d0ae7fb9fb25afb1e6913f6684005b5
08e7d98e767f185bdbdc70bc962d784292f1ba7a6d9230d2cd9a7a841112fa19
0ce5fc08d0f617e71e1d61bcd79fc7cc1855f4221945b0c09ac774685fe7f52c
1715d135e0717b121eed38d2806533375659ce4bef74d4954624e71dc04d3ab6
1cd58a827318c4a29b32a0db15c8c39d5651b42d8cad227519ad81bce4adb944
2205b36ec3696b8e67669e2a6c2993d20f829e3ad931a923399e9f55232ae850
2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8
2f44a459ede8be3dd24268f27949c06880929fc876716e3787b8f6a4ae0928eb
2fec46d6c6cea091c5555a2d620711cf4729fadf608d437ad96d60ffccff9d29
37bc930c63149650677d732eea9526432bd8494c55737f45c98e7f8ad7c1e7ff
383f95a75b02bb1370e93c9c3c6b9f060a98dbe492b16d8e1da3f653a800e435
396665a5beda35bc3c28a3c71637931c67b6ed997dd42bf21fd5edde7c08b88a
3d0bf782b47dcd079eedf6bb34ecb0742c114a4e4b90e37a58a412482101b475
4755cd65933fc44cec09095fab1c0ded311c266d96dee045b466e2343bffef69
480470bf08a15a52adebed25c57bb6336709f4efef5f747d9e18e908f7eff88a
49c2ff8ec8792722fb691d7daedf9e82c61ec58672da506a2aeb7023ad6c86d4
4f61b6a62a2b74a415128eb66dee3a7772b2b8bba6645e25d0bbb6e05fa6902c
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
59b1848fcf926582d7798e40841e051e34c3a73c36518796d5845d3dfbba56d4
5f5cc14425f252a51538edf4a3e8eb842fc5f640a90e0e3a2b9856007aff50ef
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
620877d80966782d88b31255132304930531edd5d3792854f8dfc4816416dbf6
635fdded8604da8ca650d149c4b2c8bf831b5e6332255e63407f25eb1ba2d492
66dc655a304a2c2dbbe5d2c00c3ffef5c6c9f8dd452e8a76e1bfbe3bbe9bed23
68026f99511fbc5c2275b7068b5fac19797d638977ffb9db12c5c1523614c18f
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
6ded445534230fe3d1274bd48ed100b17ea890a65d5c0250172369a5b522f3ba
7d59162941ab2c89197f8db7a428e791b24517825fe8b9de25c11a7699d2ea4e
7e5b4dd28e58e76dbe83eb2b357fdad7e54b85a9def9bf953063d5970a91ee6a
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
88b8789b23183e64f11d636d61b391ce3682cfe8cdc29021ac043fc7c6f35e3e
8e0e79e215e578a6c4db88e1c09ca72c6e0367d4cd951de0743f2170e474cb86
94aea0bf6407c556d6403f2390af417fed122850cd2382a966b0bff02b839150
95584f79f7f9453c4e27a91c0d0100d02589f68478bd5d8369d06adb096a2a84
985f2302220a754d88db894391711dbc1e9ff6727ee5ccacf94a5afbc65189e3
9e9b34f0817548b428e128d5a7551fbc499d01fee0a12d016c323f65b9d4e2fd
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a5f24345baf1c72cf657450216a58d94939beac49641e7027befa1f411d19dc1
a7f660360f986830418098d593c35845d576cf1d16de89151f8c77266ee3164f
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b5f03e5e481a513995fc99344c9967e154eae9ee9181f3a7551edce61e6ab778
b7d9f9c93559172d5b81fb72259097d64bf173ea80136bd0c85cbc964bd1b48c
be6d7c0ed232ae682b6c3b1a9e7ae18b4de62b1c0cd8d536b0146872002a57a4
bea63616949c80ff0dfdbb1e8547f1585882fc691483317b06441688e3e5f14a
bec49bed44913d32162e9bb6508ece95d0115a554f3aef301e1fcf4ad7ce91b9
c20f22093bfc50affa97d0f12acc672ea558dae528a3a54733ee7ff83784d2c7
c70ba1cb67cc649da2b1f5dc4a26891437d8bba2cc098c88461e6bfc23949d9e
cbf2228ab439f89b83feb79ea549213521a81212fde9ff67f9c73d002d586198
cda3ec4d16fbf2f69ca13ce0e300ce2a81db033aea6226196be47d9f4e1fe7e3
cdc3d315988d7ba44d327fa0113d353788639d50bda2e8275efe07bcb0a210eb
d16d07a0353405fcec95f7efc50a2621bc7425f9a5e8895078396fb0dc460c4f
d27e980d821ec562661f24cab514474d7be86a742b5e915fa6c7efd21e77aaf9
d55f1d76206aba4f4d4c3b1f2c91b62ca6cd461114120854a38ce7eed11b58cc
d76656d48ab4788637f122a191d0918911e9b21fd7379f3cb756f529d5be581c
d7eaab0c14f2f2b2568dfa8896d1deb6b98ce12f6631c34456b835153ca1efe8
d9c2d3d15c40d77b0e466603aff3b13540e6fec4cb9d106b98a12db93f16f366
dbf4b6021d5a078b203f39fa2c9969d5e430bd2d1545d3158b6aa51145441064
ddb2720f1a28a40c29a6e6f657e12de1dff93c0bbfac2ccc6247a78008a71707
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ede3215741b201e7827fdb5bd29735f214f96be75183960fa1508693935db401
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f16ab224bb962910558715c82f58c10c3ed20f153ddfaa199029f141b5b0255c
f1a7c99a269bc09772a3aea64343e714ee4b8db6c7a5c9494e7b1aa2d115d64e
f7e06ae449bdd4ebece6e26cdb36840f7cb19f28b57bbb6b8647a54535557d3f

ar-deko.su Open in urlscan Pro 2a06:98c1:3121::7 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

73 Requests

100 %HTTPS

62 %IPv6

16 Domains

22 Subdomains

22 IPs

5 Countries

913 kBTransfer

1758 kBSize

9 Cookies

0 Outgoing links

Redirected requests

73 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 2 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

ar-deko.su Open in urlscan Pro
2a06:98c1:3121::7 Public Scan

Screenshot
Live screenshot

Full Image

73
Requests

100 %
HTTPS

62 %
IPv6

16
Domains

22
Subdomains

22
IPs

5
Countries

913 kB
Transfer

1758 kB
Size

9
Cookies

73 HTTP transactions
2 data transactions