cybernews.com Open in urlscan Pro
2606:4700:3108::ac42:2bc5 Public Scan

URL: https://www.facebook.com/cybernewscom/

URL: https://www.youtube.com/c/CyberNews

URL: https://www.linkedin.com/company/cybernews

URL: https://www.tiktok.com/@cybernewscom

URL: https://flipboard.com/@CyberNews_com

URL: https://careers.cybernews.com/
Title: Careers

ns31532337.ip-162-19-138.eu

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 98

https://sync-tm.everesttech.net/upi/pid/5w3jqr4k?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dg8f47s39e399f3fe%26google_hm%3D%24%7BTM_USER_ID_BASE64ENC_URLENC%7D&google_gid=CAESEKxznDXEH-JXSNxwX_mtLYo&google_cver=1&google_push=AXcoOmQzPsQ1CYZhc7XRdy1cRHkdoxnsuWjoA0JFWly_rxwgZdCqR8BMf8dimHvioeTBBQ5QpBfnuk8c-G7RAZT8AhwBCL-HalTWaA HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=&google_cver=1&google_gid=CAESEKxznDXEH-JXSNxwX_mtLYo&google_push=AXcoOmQzPsQ1CYZhc7XRdy1cRHkdoxnsuWjoA0JFWly_rxwgZdCqR8BMf8dimHvioeTBBQ5QpBfnuk8c-G7RAZT8AhwBCL-HalTWaA

Request Chain 100

https://pr-bh.ybp.yahoo.com/sync/adx?google_gid=CAESEF3ayKkRm6I1ABW3VkW6QBM&google_cver=1&google_push=AXcoOmRDOKyOrJTe6rnyE3yLw9s_q5njuEjKeeExzWPB9trri-QISG8iDt3mJ4Y4OUFmhcAhUPZpxgjm2D7K8bAcMoSn1mKHuzobtw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AXcoOmRDOKyOrJTe6rnyE3yLw9s_q5njuEjKeeExzWPB9trri-QISG8iDt3mJ4Y4OUFmhcAhUPZpxgjm2D7K8bAcMoSn1mKHuzobtw&google_hm=eS1aSkxPNzBoRTJwSFQxLlQ2VG1LZkp6bzc5UGg3WDhDN35B

Request Chain 102

https://onetag-sys.com/match/?int_id=19&redir=1&google_gid=CAESEKIjuIgLtuUj7bXt5_Ib9D8&google_cver=1&google_push=AXcoOmSU9bW7VyvdgrzIp_XtjpLbzdNcXUL9N15wTVI6djKEsSBN1Cz086feAGvd70oI9WuDxPd6Cr7RPax2kEV_-mPWUMEfUXVYBQ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=AXcoOmSU9bW7VyvdgrzIp_XtjpLbzdNcXUL9N15wTVI6djKEsSBN1Cz086feAGvd70oI9WuDxPd6Cr7RPax2kEV_-mPWUMEfUXVYBQ

Request Chain 104

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEDDZhl5UUXOZHpxfrMYs7vM&google_cver=1 HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEDDZhl5UUXOZHpxfrMYs7vM&google_cver=1&C=1

Request Chain 105

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZWdmvidxkNV6PNxicHsg8QAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEAfDMTBqhrvD59IMo3FdTfg&google_cver=1

Request Chain 106

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEElmDslgW4HW8v42eiHYsXA&google_cver=1

Request Chain 107

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MzY4MDA2NTQ2MzE5ODY5Njg1NQ%3D%3D

Request Chain 159

https://ad.turn.com/r/cs?pid=3&google_gid=CAESEAtb4BlhgvkEBmErBimcRjM&google_cver=1&google_push=AXcoOmRIVcEpM0b5Z81_aROHmRchDv6JKitRcOksQ2U2XiaqvX0BqPFDSs7WH4XAtKiahWO7gVKS688nFDr_nAO42wH0W6_djCFqfGc HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=turn1&google_cm&google_sc&google_hm=ODU4ODc3MDA1NDU4MDcyNjExMw==&gdpr=&gdpr_consent= HTTP 302
https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESEAtb4BlhgvkEBmErBimcRjM&google_cver=1

Request Chain 161

https://um.simpli.fi/gp_match?google_gid=CAESEC-RPK1fVfc9R_h1e3d5QF0&google_cver=1&google_push=AXcoOmSvSoXdtSPN2UbTIQ10sCIxGrSjD8i_VNDHDJiRoHtAMuRzen6CsWpnZsTQjxOkuuF8ft_atHpU6rg7PEcvCMk7n1i3byCkzEE HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=BEA96BD1890C40DC9A16A2628BA9DEF9&google_push=AXcoOmSvSoXdtSPN2UbTIQ10sCIxGrSjD8i_VNDHDJiRoHtAMuRzen6CsWpnZsTQjxOkuuF8ft_atHpU6rg7PEcvCMk7n1i3byCkzEE

Request Chain 164

https://c1.adform.net/serving/cookie/match/?party=1&google_gid=CAESEEoDVWdDAVav1--afzglvUQ&google_cver=1&google_push=AXcoOmRDBXFbp1BSB64UPUeZRlXfZ76-mw9Ui9nLbU68KLbW-h-I9DF-wGoPDMpN-7G9iUOfHeuOPK22c-Z5IOb5JgmgZGYzDdJoxQ HTTP 302
https://c1.adform.net/serving/cookie/match/?CC=1&party=1&google_gid=CAESEEoDVWdDAVav1--afzglvUQ&google_cver=1&google_push=AXcoOmRDBXFbp1BSB64UPUeZRlXfZ76-mw9Ui9nLbU68KLbW-h-I9DF-wGoPDMpN-7G9iUOfHeuOPK22c-Z5IOb5JgmgZGYzDdJoxQ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=MTI0NzA1NzQ5OTA4ODg2Mjc5Mw&google_push=AXcoOmRDBXFbp1BSB64UPUeZRlXfZ76-mw9Ui9nLbU68KLbW-h-I9DF-wGoPDMpN-7G9iUOfHeuOPK22c-Z5IOb5JgmgZGYzDdJoxQ

Request Chain 165

https://sync.teads.tv/um?ssb_provider_id=3&uid=&google_nid=teadstv_ab&fb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dteadstv_ab%26google_hm%3D%5BVID_B64%5D&google_gid=CAESEE4zaABL1qLpQGt_NIYEV6g&google_cver=1&google_push=AXcoOmS_nhnlXocM4ERr4MSx-XFuOnWWweUMjYbmvpwq-lqqRpg-DVnxaIJ9InJfBFLgSNlpmqSNvizFqE9rnr6QN-8ARoH9UyC747g HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=teadstv_ab&google_hm=&google_push=AXcoOmS_nhnlXocM4ERr4MSx-XFuOnWWweUMjYbmvpwq-lqqRpg-DVnxaIJ9InJfBFLgSNlpmqSNvizFqE9rnr6QN-8ARoH9UyC747g HTTP 302
https://sync.teads.tv/um/report?eid=3&google_nid=teadstv_ab

Request Chain 167

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Request Chain 168

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEAfDMTBqhrvD59IMo3FdTfg&google_cver=1

Request Chain 169

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZWdmvry7jmzwDZNiu4Da5QAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEAfDMTBqhrvD59IMo3FdTfg&google_cver=1

Request Chain 170

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEPfi8ud8ksLtKuFmG_HtjR4&google_cver=1

Request Chain 171

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MzY4MDA2NTQ2MzE5ODY5Njg1NQ%3D%3D

Request Chain 172

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_dbm HTTP 302
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEGrmvBIfIzrFR3XbnT5zrpQ&google_cver=1

Request Chain 174

https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_cm&google_dbm HTTP 302
https://sync.teads.tv/um?eid=3&uid=CAESEEJsEMB30IDqD3yPebb4sD8&google_cver=1

Request Chain 176

https://a.tribalfusion.com/i.match?p=b6&u=CAESEDsRKB4qV60ZyPgGdJDs20Q&google_cver=1&google_push=AXcoOmS0Kjjoy6ht-ZVruqBK7WR9ws9-nBjuu_KL1e2yVj0ICxwUGEtlkgTFdTR_ObyHyGGGdN2Q3rZnx305CAdHietqihLpkHbDLw&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAXcoOmS0Kjjoy6ht-ZVruqBK7WR9ws9-nBjuu_KL1e2yVj0ICxwUGEtlkgTFdTR_ObyHyGGGdN2Q3rZnx305CAdHietqihLpkHbDLw%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24 HTTP 302
https://s.tribalfusion.com/z/i.match?p=b6&u=CAESEDsRKB4qV60ZyPgGdJDs20Q&google_cver=1&google_push=AXcoOmS0Kjjoy6ht-ZVruqBK7WR9ws9-nBjuu_KL1e2yVj0ICxwUGEtlkgTFdTR_ObyHyGGGdN2Q3rZnx305CAdHietqihLpkHbDLw&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAXcoOmS0Kjjoy6ht-ZVruqBK7WR9ws9-nBjuu_KL1e2yVj0ICxwUGEtlkgTFdTR_ObyHyGGGdN2Q3rZnx305CAdHietqihLpkHbDLw%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24

Request Chain 177

https://um.simpli.fi/gp_match?google_gid=CAESEIncWRdgrpfQkGXrSIhWarQ&google_cver=1&google_push=AXcoOmRH-kbqAIaQbhSqojBxppw8Vp1ueKxuU7TbL5aFMEVCasOoGXyXLOncIlYohGkxF4k4vjFCmWU89KKfeSj6yW2txhN4SiQY HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=E33D4836CBD0486DA1AA366A67373F8A&google_push=AXcoOmRH-kbqAIaQbhSqojBxppw8Vp1ueKxuU7TbL5aFMEVCasOoGXyXLOncIlYohGkxF4k4vjFCmWU89KKfeSj6yW2txhN4SiQY

Request Chain 180

https://c1.adform.net/serving/cookie/match/?party=1&google_gid=CAESEOutusRLQJNENapFaTmL2_M&google_cver=1&google_push=AXcoOmS1zvdu_rELKE2-uIkbZqBH14tvTfgYQMdX2xAHt9YGgjkCbGrc-Xll6NUfHdTdGEa9Jk2NIzu4fJfXJRJF2h8-Sstvctae HTTP 302
https://c1.adform.net/serving/cookie/match/?CC=1&party=1&google_gid=CAESEOutusRLQJNENapFaTmL2_M&google_cver=1&google_push=AXcoOmS1zvdu_rELKE2-uIkbZqBH14tvTfgYQMdX2xAHt9YGgjkCbGrc-Xll6NUfHdTdGEa9Jk2NIzu4fJfXJRJF2h8-Sstvctae HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=MTgwNjcyNzAzNTg3MDk1ODEyNQ&google_push=AXcoOmS1zvdu_rELKE2-uIkbZqBH14tvTfgYQMdX2xAHt9YGgjkCbGrc-Xll6NUfHdTdGEa9Jk2NIzu4fJfXJRJF2h8-Sstvctae

Request Chain 181

https://c1.adform.net/serving/cookie/match/?party=1&google_gid=CAESEOutusRLQJNENapFaTmL2_M&google_cver=1&google_push=AXcoOmTINfxHxpS7LanFI11PYfgnrFcpNymvYr9mx2uVbY3Fjg1q7ZuQadWeA1wIueeBojenIScZbpoAhlnvVDLJXOvjPmIV8duiEQ HTTP 302
https://c1.adform.net/serving/cookie/match/?CC=1&party=1&google_gid=CAESEOutusRLQJNENapFaTmL2_M&google_cver=1&google_push=AXcoOmTINfxHxpS7LanFI11PYfgnrFcpNymvYr9mx2uVbY3Fjg1q7ZuQadWeA1wIueeBojenIScZbpoAhlnvVDLJXOvjPmIV8duiEQ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=NTcxNDUzMzEzMjU1OTc2Njk0OA&google_push=AXcoOmTINfxHxpS7LanFI11PYfgnrFcpNymvYr9mx2uVbY3Fjg1q7ZuQadWeA1wIueeBojenIScZbpoAhlnvVDLJXOvjPmIV8duiEQ

Request Chain 182

https://onetag-sys.com/match/?int_id=19&redir=1&google_gid=CAESEAXL3dK71Mlu1V5KM1TJpb4&google_cver=1&google_push=AXcoOmRXN1L8Ks6Bt4NUPCWLsTWJb1N3loaH1G3DWdn_tXujeRVvJCGJyHPmNL34-75nZR3GoqeBDUv_vuoBNg9Uul0gX--2M7VTdA HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=AXcoOmRXN1L8Ks6Bt4NUPCWLsTWJb1N3loaH1G3DWdn_tXujeRVvJCGJyHPmNL34-75nZR3GoqeBDUv_vuoBNg9Uul0gX--2M7VTdA

Request Chain 187

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Request Chain 189

https://hal90004.redintelligence.net/request.php?zone=jf2y0amzcvu0&nw=20&renderingType=javascript&namespace=d5c91ad52a&subid=&uid=be72f0a41dc53b3f&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=300x600&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCLr7XvmZnZbOBFIW6juwP_M2viASm5b2gab2YnKfJD_AuEAEgz9DbnQFglcL-gZQHyAEJqQK-F5vFC2qyPqgDAcgDmwSqBKQCT9BP2bjbtNn7wyG7v6pisWwyu-xOVtIqcg7Bb5XXMM7TXSR2_uNE8TxUEVCj0W2YtF-tO0r6kqqze7Mh0KkdCE7FoasBqvADJ-zlJi7adKu46zn8_36Lx_JLsW0XbxP6n9_mMAw5Npwsx-shIatno4D4iFjGy7YTpFiUDu-KNhDQAeoQK_QbHjaG6QrOJaAoChGJpp066LUg_DDP6niplQl_OQxTzYdI_R5jgKbheQOt7sWurYSsf2zQSymnKy5cdlugLChTgC8VlwoIcAq8Pr4SQFuQfdtiX14AQS3ghqUhCfH5cpkjN9S1DWoihkOZK7MU5VGhT4osxLudV1m-1chISXdF1NJCP4jYJo_5WxTo-AfXcEmPRHdU2a_-iz-t4HT0YMAE64_8jvcD4AQDiAXvr5aIPpAGAaAGTYAHrK31nwOoB9m2sQKoB47OG6gHk9gbqAfulrECqAf-nrECqAfVyRuoB6a-G6gHmgaoB_PRG6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggfCIDhgBAQARgdMgKqAjoCgEBIvf3BOljYo_S70OmCA4AKA5gLAcgLAYAMAaIMGCoWChTktLEC7rWxArW4sQLktLEC7rWxAqoNAkRF4g0TCLDe9LvQ6YIDFQWdgwcd_OYLQbATh--xFdATANgTA4gUAdgUAdAVAfgWAYAXAQ%26ae%3D1%26num%3D1%26cid%3DCAQSOwDICaaNh9xmN-dIFEukHbhi9qV88XOkip3ZtczJ71G4Tw_1rIEwLQ2Mo8lQ5Mq6cBHt1TXtW9dLEdC2GAE%26sig%3DAOD64_23IV2h6bJtfOzcuLpI2EOJGZlOXQ%26client%3Dca-pub-4647811890505995%26dbm_c%3DAKAmf-D1a9cBWzq3vWnSdQBdY4nujpPwrzfFctyYM6XULtN9zAwhBUgoMkWzA2LvEKLBglMXHrXT-c5x91CCMtY_kJ02saJM5tvvSeVMsOCSgn3Yp1SK3WS1E5tRf75BGR9EJSJ8qfMkwcV_zmNfr4kAUFEvfim7uQ3v9qDPcYGTiJlZZI40LDo%26cry%3D1%26dbm_d%3DAKAmf-DjkJIJGChlVludpu2KKtBOY510Sglq96LCJV0dSrgMr2VKABSeagreOyN-gNiV8HU5h3EAPsfzratwvmfookI9mlcFLb4nYXvrE4-N4dcXX2wT9vqYvYgzPxotffjrOr0hB9KIaCzfFP3BdjP_w_0SyKNsblpA_Aq4lnSbehoVMGwA01Yzlt3pL3khHaevZPAVW6kxN2Czk2gnlEWZJKsRKVDWHNaY8IT5cJug36XFaaMg9H1iioWqwT8VYaMCoxBpahNGT9jXaC4KjNISbjsIoeObMXFIxOsK5DwKvnpo19GW8gQYN6YDDHKM4akNTbcBXFXRbY84wKrY_Itdh9mCOi1BfCwZrh3doBLTvXqSUS5DEpbNiPh90yXOKsGmpEkamuGxHqOzxvtNrv4G1F_yvypfFx4BjxIQbSFSsQ3wKadIoWFckSC-tKDYT-Zgg-E8gflMXO9yNaQvSUcA0dkmbgaztNFihqq1QXDFKEqjwqQhOcrQ3mdXKWHnK2g6whqVmNn2Sem-PfGqQNTAG8QJVBxLQsi8Whe--PU4y5IzDoilD86my8FOyJ0KMWx6pTL_mcw9F3iRlkWcxMlhrqZpJxB51Q%26adurl%3D&documentReferer=https%3A%2F%2F4d058c42d22747ed1f386191f2385802.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-40%2Fhtml%2Fcontainer.html&ancestorOrigins=https%3A%2F%2Fcybernews.com&random=4235163504229&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0 HTTP 302
https://hal90004.redintelligence.net/request.php?zone=jf2y0amzcvu0&nw=20&renderingType=javascript&namespace=d5c91ad52a&subid=&uid=be72f0a41dc53b3f&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=300x600&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCLr7XvmZnZbOBFIW6juwP_M2viASm5b2gab2YnKfJD_AuEAEgz9DbnQFglcL-gZQHyAEJqQK-F5vFC2qyPqgDAcgDmwSqBKQCT9BP2bjbtNn7wyG7v6pisWwyu-xOVtIqcg7Bb5XXMM7TXSR2_uNE8TxUEVCj0W2YtF-tO0r6kqqze7Mh0KkdCE7FoasBqvADJ-zlJi7adKu46zn8_36Lx_JLsW0XbxP6n9_mMAw5Npwsx-shIatno4D4iFjGy7YTpFiUDu-KNhDQAeoQK_QbHjaG6QrOJaAoChGJpp066LUg_DDP6niplQl_OQxTzYdI_R5jgKbheQOt7sWurYSsf2zQSymnKy5cdlugLChTgC8VlwoIcAq8Pr4SQFuQfdtiX14AQS3ghqUhCfH5cpkjN9S1DWoihkOZK7MU5VGhT4osxLudV1m-1chISXdF1NJCP4jYJo_5WxTo-AfXcEmPRHdU2a_-iz-t4HT0YMAE64_8jvcD4AQDiAXvr5aIPpAGAaAGTYAHrK31nwOoB9m2sQKoB47OG6gHk9gbqAfulrECqAf-nrECqAfVyRuoB6a-G6gHmgaoB_PRG6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggfCIDhgBAQARgdMgKqAjoCgEBIvf3BOljYo_S70OmCA4AKA5gLAcgLAYAMAaIMGCoWChTktLEC7rWxArW4sQLktLEC7rWxAqoNAkRF4g0TCLDe9LvQ6YIDFQWdgwcd_OYLQbATh--xFdATANgTA4gUAdgUAdAVAfgWAYAXAQ%26ae%3D1%26num%3D1%26cid%3DCAQSOwDICaaNh9xmN-dIFEukHbhi9qV88XOkip3ZtczJ71G4Tw_1rIEwLQ2Mo8lQ5Mq6cBHt1TXtW9dLEdC2GAE%26sig%3DAOD64_23IV2h6bJtfOzcuLpI2EOJGZlOXQ%26client%3Dca-pub-4647811890505995%26dbm_c%3DAKAmf-D1a9cBWzq3vWnSdQBdY4nujpPwrzfFctyYM6XULtN9zAwhBUgoMkWzA2LvEKLBglMXHrXT-c5x91CCMtY_kJ02saJM5tvvSeVMsOCSgn3Yp1SK3WS1E5tRf75BGR9EJSJ8qfMkwcV_zmNfr4kAUFEvfim7uQ3v9qDPcYGTiJlZZI40LDo%26cry%3D1%26dbm_d%3DAKAmf-DjkJIJGChlVludpu2KKtBOY510Sglq96LCJV0dSrgMr2VKABSeagreOyN-gNiV8HU5h3EAPsfzratwvmfookI9mlcFLb4nYXvrE4-N4dcXX2wT9vqYvYgzPxotffjrOr0hB9KIaCzfFP3BdjP_w_0SyKNsblpA_Aq4lnSbehoVMGwA01Yzlt3pL3khHaevZPAVW6kxN2Czk2gnlEWZJKsRKVDWHNaY8IT5cJug36XFaaMg9H1iioWqwT8VYaMCoxBpahNGT9jXaC4KjNISbjsIoeObMXFIxOsK5DwKvnpo19GW8gQYN6YDDHKM4akNTbcBXFXRbY84wKrY_Itdh9mCOi1BfCwZrh3doBLTvXqSUS5DEpbNiPh90yXOKsGmpEkamuGxHqOzxvtNrv4G1F_yvypfFx4BjxIQbSFSsQ3wKadIoWFckSC-tKDYT-Zgg-E8gflMXO9yNaQvSUcA0dkmbgaztNFihqq1QXDFKEqjwqQhOcrQ3mdXKWHnK2g6whqVmNn2Sem-PfGqQNTAG8QJVBxLQsi8Whe--PU4y5IzDoilD86my8FOyJ0KMWx6pTL_mcw9F3iRlkWcxMlhrqZpJxB51Q%26adurl%3D&documentReferer=https%3A%2F%2F4d058c42d22747ed1f386191f2385802.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-40%2Fhtml%2Fcontainer.html&ancestorOrigins=https%3A%2F%2Fcybernews.com&random=4235163504229&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1

Request Chain 193

https://googleads.g.doubleclick.net/pagead/adview?ai=Cno_KvmZnZaeEBYaQid4P0tKC0AP45u-3dMSPu_GeEv39rfafQRABILbX6XtglcL-gZQHoAGlvY3KA8gBCakCvhebxQtqsj6oAwHIA8sEqgStAk_QtfI7JggwDj7Vabzaj_6Th3nFEV22xk5d_a2ROOrJYaw6NOKdvTZwUo6Gq8j0qSOEjWNXsK7JE2k1RIH1ByE_zJHQmDkqqj37Q0qeEqlVBu_fsuKcthrYv0OKQzpqsFkneoBrjDbL9pEmvZqxbHz6fLsjr3iDZSJwHu1f6G_qp4Lzd0kRAwLx2xYRvEo83A_rYv09JmCG5Us8I7p9yopjNf5rRF4smtkAl_CMxVZCcMqAwiBTxUyb8GlgGn6kGjzqAogUT5HHIkQj2hP53kdem2fmj3pc8pA01kYKQTwEK-UnwBYv502SpLtvYeRZShnf0lT4zu569HXmO7e9014lzdnVMdDND3cMtTnK4jyavzbFQrGGirUjoe55AlUtr0lrUYRhxHfRQYaAlzTABNfZmpLBBIgFq4fqjUySBQQIBBgBkgUECAUYBJIFBAgFGBiSBQUIBRioAaAGLoAHw8LyNagH2baxAqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB9XJG6gHpr4b2AcA8gcEENHqBNIIHwiA4YAQEAEYHzICqgI6AoBASL39wTpY353fu9DpggOaCRlodHRwczovL3d3dy5teXNreXdpbmQuY29tgAoByAsBogwQKg4KDOS0sQLutbECtbixArgT5APYEwzQFQGYFgGAFwGyFxwKGggAEhRwdWItNTkyODE2MTA3NDc3OTM4MBgA&sigh=Y1agTJ74Dzg&uach_m=%5BUACH%5D&ase=2&nis=4&cid=CAQSPADICaaNk41uhxtgqXC5ayxgikAbV9gkowyrdRRZU0h_P7Aq7lqP2aSeypSkvfeHbMlfgMH23BypoWuTuBgB&template_id=484&cbvp=2&vis=1 HTTP 302
https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%228752366147714398171%22,%22debug_reporting%22:true,%22destination%22:%22https://myskywind.com%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%22960716453%22],%224%22:[%2211-29%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%223238228920255133873%22}&andc=true

Request Chain 199

https://googleads.g.doubleclick.net/pagead/adview?ai=C9xnBvmZnZZHZBJaXid4Pip2loA7-jbWTdO3o57_bEafHrI_ZDxABILbX6XtglcL-gZQHoAHZ3YnGA8gBAqkCvhebxQtqsj6oAwHIA8kEqgSXAk_QkOVJSp8dwe9wMJze4z83mtEIl5F9QhvvjwsRPEIa8dpbLEQLOJat91jO3EqhWXmIoZO6vBue5zBirkYBseHCf_NvyclibImKJ011nyiN6JFSnpUCSpqvlclou8_Cy-kU_Ma8YzmWv6gFbqt1Ba99VvPJm2EISrgQGn22LQMXd7t6_uqEzXj6DewiE6V8V10-EVHSzaOaqz_SkDfYjjLLvFKoRPJhymwB1bCIqftxGgj10X-zlyTwY5srxgbQZfTG-Kk3qU6lNNZyydkzVnd0YsShfmFi4MSyUpo-PNpaKno1Foza2BJnUUVNcDUy-KZ03Xph4O6jux0pZRQfudPcZPGRIYf1d2JfotSdhUL_lGgFs3soaMAE7ejwtMIDiAXSlofWL5IFBAgEGAGSBQQIBRgEoAYCgAePovY5qAfZtrECqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgH1ckbqAemvhvYBwHyBwQQqYAT0ggfCIDhgBAQARgfMgKqAjoCgEBIvf3BOljU-9670OmCA5oJNmh0dHBzOi8vd3d3LmhhdXNmcmFnZS5kZS9hcnRpa2VsL2Rlci1mZWhsZXItYmVpLXNvbGFyL4AKAcgLAaIMECoOCgzktLEC7rWxArW4sQLYEwzQFQGAFwGyFxwKGggAEhRwdWItNTkyODE2MTA3NDc3OTM4MBgA&sigh=T_iMmaGXPHs&uach_m=%5BUACH%5D&ase=2&nis=4&cid=CAQSOwDICaaNGUK-OghUT9rlvViSrkGh-u8wQmaBqc4RfOzquKfTat2dpt3s3m4YVZiepVitMBe7HPnXUexTGAE&cbvp=2&vis=1 HTTP 302
https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%2218035210657938404444%22,%22debug_reporting%22:true,%22destination%22:%22https://hausfrage.de%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%22952266457%22],%224%22:[%2211-29%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%2217619920726351842753%22}&andc=true

Request Chain 204

https://pv.medialead.de/trck/epv/e99aace94e6e5873881d3400993e1e7e?subid=61389200112753804444978012523004&t=htlp&gdpr=1&consent=1&gdpr_consent= HTTP 302
https://pb.media01.eu/view.aspx?trackid=529D4F146E3238B0FD87AE72E1190AD4&dt_subid1=52180&dt_subid2=61389200112753804444978012523004&actionid=879111&produktid=ratenkredit&dt_url=

Request Chain 206

https://cdn.retailads.net/tb.php?t=150337V2172132532M&subid=61389200112753804444978012523004&ra_cnt_active=1&ra_cnt=1 HTTP 302
https://futalis.de/htlp?utm_medium=affiliate&utm_source=retailads&utm_campaign=150337&ra_id=3352676751

Request Chain 208

https://5994599.fls.doubleclick.net/activityi;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=6558766078668.139 HTTP 302
https://5994599.fls.doubleclick.net/activityi;dc_pre=CPi8s7zQ6YIDFUJJHgIdOg4ExA;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=6558766078668.139

Request Chain 210

https://medialead.de/trck/eview/e99aace94e6e5873881d3400993e1e7e?subid=61389200112753804444978012523004&t=htlp&gdpr=1&consent=1&gdpr_consent= HTTP 302
https://pv.medialead.de/trck/eview/e99aace94e6e5873881d3400993e1e7e?subid=61389200112753804444978012523004&t=htlp&gdpr=1&consent=1&gdpr_consent=

Request Chain 221

https://ad.turn.com/r/cs?pid=3&google_gid=CAESEPPrHPE16AwkvKiT9u_-aiI&google_cver=1&google_push=AXcoOmRJin3C5PGAqaqSVFNkesUD3fpBXntqUDDCtYxj1rjxkXenCbRYsjkfOdwa8IWbiBaqrEHDIvyT2_4wRePVfrxKx9Tbs3uZEg HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=turn1&google_cm&google_sc&google_hm=ODU4ODc3MDA1NDU4MDcyNjExMw==&gdpr=&gdpr_consent= HTTP 302
https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESEAtb4BlhgvkEBmErBimcRjM&google_cver=1

Request Chain 222

https://pm.w55c.net/ping_match.gif?ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESEGRNlbDCfe-y-d7VtqeLxKg&google_cver=1&google_push=AXcoOmRa6w5E63zTe03lEJzXpAZd3xjXy-on8IdexDjqIiYKki676FygWga32QoWtySSMRGcQ_1LNpDGVx4pLSvkyABuNFA4uUEr HTTP 302
https://pm.w55c.net/ping_match.gif?scc=1&ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESEGRNlbDCfe-y-d7VtqeLxKg&google_cver=1&google_push=AXcoOmRa6w5E63zTe03lEJzXpAZd3xjXy-on8IdexDjqIiYKki676FygWga32QoWtySSMRGcQ_1LNpDGVx4pLSvkyABuNFA4uUEr HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=elN5c0lZeTUxUjhucUQ1&google_gid=CAESEGRNlbDCfe-y-d7VtqeLxKg&google_cver=1&google_push=AXcoOmRa6w5E63zTe03lEJzXpAZd3xjXy-on8IdexDjqIiYKki676FygWga32QoWtySSMRGcQ_1LNpDGVx4pLSvkyABuNFA4uUEr

Request Chain 223

https://gcm.ctnsnet.com/int/cm?exc=1&acc=crimtan&google_gid=CAESEAiipNOE2WcuaElmQiPn-oI&google_cver=1&google_push=AXcoOmT9HsOatPHuDt4X1mWZcHC1pVMrmoyTS45qQjh0OSqs2nDuh0RcbCnENgtsq5mAarAQTgs6HKiShYIPht7BpS3sqmMmqfgE6g HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=AXcoOmT9HsOatPHuDt4X1mWZcHC1pVMrmoyTS45qQjh0OSqs2nDuh0RcbCnENgtsq5mAarAQTgs6HKiShYIPht7BpS3sqmMmqfgE6g&google_hm=P4apKmbvTiCWKmASgUkd5vk

Request Chain 226

https://sync.1rx.io/usersync2/rmpssp?sub=google&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dr1%26google_push%3D%5BRX_SPD%5D%26google_hm%3D%5BRX_UUID_B64_BIN%5D&google_gid=CAESEEjNVknNoZVQOznGbZjIKL8&google_cver=1&google_push=AXcoOmQ4FBtJn7cJ_CJ13FP2yihQznNziG6hGA2-3BZT9zaf45o6CpDbnebX_VoW8AHoaO3FtwRS8CvaLEnm-4Y1XFdB8pSDuXL0 HTTP 302
https://sync.1rx.io/usersync2/rmpssp?sub=google&zcc=1&google_push=AXcoOmQ4FBtJn7cJ_CJ13FP2yihQznNziG6hGA2-3BZT9zaf45o6CpDbnebX_VoW8AHoaO3FtwRS8CvaLEnm-4Y1XFdB8pSDuXL0&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dr1%26google_push%3D%5BRX_SPD%5D%26google_hm%3D%5BRX_UUID_B64_BIN%5D&cb=1701275327358 HTTP 302
https://sync.targeting.unrulymedia.com/csync/RX-9190863a-8c51-445a-834e-0117d6deb39b-003?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dr1%26google_push%3DAXcoOmQ4FBtJn7cJ_CJ13FP2yihQznNziG6hGA2-3BZT9zaf45o6CpDbnebX_VoW8AHoaO3FtwRS8CvaLEnm-4Y1XFdB8pSDuXL0%26google_hm%3DA5GQhjqMUURag04BF9bes5s HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=r1&google_push=AXcoOmQ4FBtJn7cJ_CJ13FP2yihQznNziG6hGA2-3BZT9zaf45o6CpDbnebX_VoW8AHoaO3FtwRS8CvaLEnm-4Y1XFdB8pSDuXL0&google_hm=A5GQhjqMUURag04BF9bes5s

Request Chain 227

https://eb2.3lift.com/ebda?sync=1&google_gid=CAESELnBFZPhSWVp-s3ujG1dHhY&google_cver=1&google_push=AXcoOmQL-LUVSOf7JAKs6oGqy2E-M_cojbFLAtqcs-eQEb9onmoRdTjoagO8nxsOQnXaqgHrU1kpbZsLxYpg1-lLUOVWnv_TPgVTRQ HTTP 302
https://eb2.3lift.com/sync/google/supply?ld=1&gdpr=1&gdpr_consent=&us_privacy=&sync=1&google_push=AXcoOmQL-LUVSOf7JAKs6oGqy2E-M_cojbFLAtqcs-eQEb9onmoRdTjoagO8nxsOQnXaqgHrU1kpbZsLxYpg1-lLUOVWnv_TPgVTRQ&google_gid=CAESELnBFZPhSWVp-s3ujG1dHhY HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=MjQ4MTQzNTExODAwNTk0NzI2MjM4OA%3D%3D&google_push=AXcoOmQL-LUVSOf7JAKs6oGqy2E-M_cojbFLAtqcs-eQEb9onmoRdTjoagO8nxsOQnXaqgHrU1kpbZsLxYpg1-lLUOVWnv_TPgVTRQ

Request Chain 246

https://pv.medialead.de/trck/epv/89f7480c0afa0150827cf163f8728151?subid=72816100134992804444556012523001&t=htlp&gdpr=1&consent=1&gdpr_consent= HTTP 302
https://pb.media01.eu/view.aspx?trackid=FCAFEED7E361667AB6C39756DB56E118&dt_subid1=656766bf6daf2092667aa0dd&dt_subid2=&actionid=56481&produktid=&bannerID=FYRSTDisplay&dt_url=

Request Chain 247

https://8019191.fls.doubleclick.net/activityi;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=3732407320144.3774 HTTP 302
https://8019191.fls.doubleclick.net/activityi;dc_pre=CPHAvbzQ6YIDFepgwgodvVsHAg;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=3732407320144.3774

Request Chain 252

https://ad.turn.com/r/cs?pid=3&google_gid=CAESEJoDFVeO-s3NjYItoVJ_EOo&google_cver=1&google_push=AXcoOmTxYlefrO2QkDGmXVIs2rdYwqwNrguZiK2eNq0oBnG2NElwCZ-jxrrw7EjEtg2AGke5DZHiWKXwyhXkIJgP8HMElQ4YgykSakA HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=turn1&google_cm&google_sc&google_hm=ODU4ODc3MDA1NDU4MDcyNjExMw==&gdpr=&gdpr_consent= HTTP 302
https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESEAtb4BlhgvkEBmErBimcRjM&google_cver=1

Request Chain 253

https://um.simpli.fi/gp_match?google_gid=CAESEIncWRdgrpfQkGXrSIhWarQ&google_cver=1&google_push=AXcoOmSRCpcPj4CXnjn2vxsGf_PfjykrBDiaYYy1Y52fnYUSpapg_G5xMvRX4fvqvG-uqIer_n9hJyy579sxN_TH8p1ue0EQDSEJjss HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=E33D4836CBD0486DA1AA366A67373F8A&google_push=AXcoOmSRCpcPj4CXnjn2vxsGf_PfjykrBDiaYYy1Y52fnYUSpapg_G5xMvRX4fvqvG-uqIer_n9hJyy579sxN_TH8p1ue0EQDSEJjss

Request Chain 254

https://ipac.ctnsnet.com/int/cm?exc=1&acc=crimtan_au&google_gid=CAESELeOAjqgqC7n1R0Dmq9Qvbo&google_cver=1&google_push=AXcoOmQ0qcGDBwQgfe0yy5b_hIEwnHthqjkHbd5I1DWr5HSVhkgf1A63KDagZ3vj5gp_e53RCtc6AdjrczJER0lObizowonsj-GveBM HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=crimtan_au&google_push=AXcoOmQ0qcGDBwQgfe0yy5b_hIEwnHthqjkHbd5I1DWr5HSVhkgf1A63KDagZ3vj5gp_e53RCtc6AdjrczJER0lObizowonsj-GveBM&google_hm=P4apKmbvTiCWKmASgUkd5vk

Request Chain 255

https://e.dlx.addthis.com/e/a-1189/s-3614?redirect_provider_id=3614&ru=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Ddatalogix_dmp%26google_hm%3D%3CNA_ID%3E%26google_push%3DAXcoOmS1O1HIEuHhGQXSMxWyYJQdat4bmQYbFIju2R7mlbgHGg_cL4jDtVVXq-HURs9_FP1onQ499724xnKmbnDHDUv3OCToCF1AGXI&google_gid=CAESELeDPOTFTk8Zwg0m2oBYK6I&google_cver=1 HTTP 302
https://e.dlx.addthis.com/e/a-1189/s-3614?redirect_provider_id=3614&ru=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Ddatalogix_dmp%26google_hm%3D%3CNA_ID%3E%26google_push%3DAXcoOmS1O1HIEuHhGQXSMxWyYJQdat4bmQYbFIju2R7mlbgHGg_cL4jDtVVXq-HURs9_FP1onQ499724xnKmbnDHDUv3OCToCF1AGXI&google_gid=CAESELeDPOTFTk8Zwg0m2oBYK6I&google_cver=1&rd=Y HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=datalogix_dmp&google_hm=MjAyMzExMjkxNjI4NDcwMDA1MDI2MDI3MzA5NQ%3D%3D&google_push=AXcoOmS1O1HIEuHhGQXSMxWyYJQdat4bmQYbFIju2R7mlbgHGg_cL4jDtVVXq-HURs9_FP1onQ499724xnKmbnDHDUv3OCToCF1AGXI

Request Chain 256

https://pr-bh.ybp.yahoo.com/sync/adx?google_gid=CAESEHuevRvPcXZhz6GrNQGTbwk&google_cver=1&google_push=AXcoOmRWr7E4NGRwZRIny_0pwkIksipBe2hO9cbq60o3WJeZNcbZIL6Ni6u5v2pB4vvar3LaWaXDIR9hlnWOtagk6uMi_r4LBK4AKfo HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AXcoOmRWr7E4NGRwZRIny_0pwkIksipBe2hO9cbq60o3WJeZNcbZIL6Ni6u5v2pB4vvar3LaWaXDIR9hlnWOtagk6uMi_r4LBK4AKfo&google_hm=eS1aSkxPNzBoRTJwSFQxLlQ2VG1LZkp6bzc5UGg3WDhDN35B

Request Chain 258

https://sync.teads.tv/um?ssb_provider_id=3&uid=&google_nid=teadstv_ab&fb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dteadstv_ab%26google_hm%3D%5BVID_B64%5D&google_gid=CAESEF-8kzB-LAKwAJjj2GgEvDI&google_cver=1&google_push=AXcoOmQmRMvucPkJcECnlpeNG9PYsLnggUlq1UKlBPYK9izpwqRC9vfRxBSFa382Pqpnq2QQtAtFgkiNOtx2iX7uz7xPNhSmhKph2ZSS HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=teadstv_ab&google_hm=&google_push=AXcoOmQmRMvucPkJcECnlpeNG9PYsLnggUlq1UKlBPYK9izpwqRC9vfRxBSFa382Pqpnq2QQtAtFgkiNOtx2iX7uz7xPNhSmhKph2ZSS HTTP 302
https://sync.teads.tv/um/report?eid=3&google_nid=teadstv_ab

Request Chain 273

https://ad.turn.com/r/cs?pid=3&google_gid=CAESEJoDFVeO-s3NjYItoVJ_EOo&google_cver=1&google_push=AXcoOmQ1NffjJ4MELIay6EKKvfyyriJDFcIJczWz_uyaC8vjeOFGMXgi4Y0veujSlPlO0b4Nf_YofVWpJ3M7zkRzPBPOAE9feQlArdI HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=turn1&google_cm&google_sc&google_hm=ODU4ODc3MDA1NDU4MDcyNjExMw==&gdpr=&gdpr_consent= HTTP 302
https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESEAtb4BlhgvkEBmErBimcRjM&google_cver=1

Request Chain 275

https://ipac.ctnsnet.com/int/cm?exc=1&acc=crimtan_au&google_gid=CAESELeOAjqgqC7n1R0Dmq9Qvbo&google_cver=1&google_push=AXcoOmQH9jGrZQraNy91ZWnpbCu2sgy4sg1eCO2vh13a5Wq2Xl2gclm3En7CYamNkhKKiXVYlyfQhnRktzo2F_yPVGDqjTu60i3IoYg HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=crimtan_au&google_push=AXcoOmQH9jGrZQraNy91ZWnpbCu2sgy4sg1eCO2vh13a5Wq2Xl2gclm3En7CYamNkhKKiXVYlyfQhnRktzo2F_yPVGDqjTu60i3IoYg&google_hm=P4apKmbvTiCWKmASgUkd5vk

Request Chain 276

https://tr.blismedia.com/v1/api/sync/AdxPixel?google_gid=CAESELngFcAIvIPceuizqXdw5Rg&google_cver=1&google_push=AXcoOmRaclCQ0_if1xN5n72zF4NIDfKrGHuIQae-FHpScMVJFWJxn9tpLGk4P03i-7QoVu6gVntWhhDsuY1WQVQwVeRuhPP9jRBnmw HTTP 307
https://cm.g.doubleclick.net/pixel?google_nid=blismobile&google_push=AXcoOmRaclCQ0_if1xN5n72zF4NIDfKrGHuIQae-FHpScMVJFWJxn9tpLGk4P03i-7QoVu6gVntWhhDsuY1WQVQwVeRuhPP9jRBnmw&google_hm=hmVnZr_8uP6ZmT0WIw&google_redir=https%3A%2F%2Ftr.blismedia.com%2Fv1%2Fredirect%2FAdxPixel%3F%25%25GOOGLE_ERROR_PAIR%25%25%26partner_device_id%3D656766BFFCB8FE99993D1623BLIS

Request Chain 279

https://onetag-sys.com/match/?int_id=19&redir=1&google_gid=CAESEAXL3dK71Mlu1V5KM1TJpb4&google_cver=1&google_push=AXcoOmTNrcYDIkjyZoQdezhePBAum5D8bvdlLwmDLrb2qbCSZacFrI-ePjhRufxyDMCiv2RJ3ve7msvBYQGHRq0OKgiOMEklhIwJF9Q HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=AXcoOmTNrcYDIkjyZoQdezhePBAum5D8bvdlLwmDLrb2qbCSZacFrI-ePjhRufxyDMCiv2RJ3ve7msvBYQGHRq0OKgiOMEklhIwJF9Q

Request Chain 296

https://cm.adform.net/cookie?redirect_url=https%3A%2F%2Fprebid-stag.setupad.net%2Fsetuid%3Fbidder%3Dadform%26gdpr%3D%26gdpr_consent%3D%26gpp%3D%26gpp_sid%3D%26f%3Di%26uid%3D%24UID HTTP 303
https://prebid-stag.setupad.net/setuid?bidder=adform&gdpr=&gdpr_consent=&gpp=&gpp_sid=&f=i&uid=1806727035870958125

296 HTTP transactions
10 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
cybernews.com/security/appscook-data-leak/ 124 KB
30 KB 154ms
134ms Document
text/html 2606:4700:3108::ac42:2bc5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cybernews.com/security/appscook-data-leak/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3108::ac42:2bc5 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d914c2b65170bb0e04f13d0a146acfc8cbce91fc0fc2989201dc7561b3e1126d

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https: data: blob: wss://*.hotjar.com;style-src data: blob: https: 'unsafe-inline';script-src https: data: blob: 'unsafe-inline' 'unsafe-eval';img-src 'self' https: data: blob:;worker-src 'self';block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 19311
alt-svc: h3=":443"; ma=86400
cache-control: public, max-age=14400
cf-cache-status: HIT
cf-ray: 82dc39bf7e543a49-FRA
content-encoding: br
content-security-policy: default-src 'self' https: data: blob: wss://*.hotjar.com;style-src data: blob: https: 'unsafe-inline';script-src https: data: blob: 'unsafe-inline' 'unsafe-eval';img-src 'self' https: data: blob:;worker-src 'self';block-all-mixed-content;upgrade-insecure-requests;
content-type: text/html; charset=UTF-8
cross-origin-embedder-policy: unsafe-none
cross-origin-resource-policy: same-site
ct-content-bucket: Security
ct-content-type: Editorial
ct-date-published: 2023-11-23
date: Wed, 29 Nov 2023 16:28:45 GMT
expires: Wed, 29 Nov 2023 20:28:45 GMT
last-modified: Wed, 29 Nov 2023 09:01:58 GMT
permissions-policy: geolocation=(), camera=(), microphone=()
referrer-policy: no-referrer
server: cloudflare
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept-Encoding
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block

GET
H2 200 OneSignalSDK.js Show response
cdn.onesignal.com/sdks/ 9 KB
3 KB 38ms
20ms Script
application/javascript 2606:4700::6812:d73b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.onesignal.com/sdks/OneSignalSDK.js

Requested by

Host: cybernews.com
URL: https://cybernews.com/security/appscook-data-leak/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:d73b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4191d89ec03bce5dc273716075335e31851031184b0fff0ab9fc900a8442019f

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Wed, 29 Nov 2023 16:28:45 GMT
via: 1.1 google
content-encoding: br
cf-cache-status: HIT
server: cloudflare
strict-transport-security: max-age=15552000; includeSubDomains
age: 1159
etag: W/"a87c48d211877c49b878679b2e3cdab8"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=259200
cf-ray: 82dc39c07dae699b-FRA
access-control-allow-headers: OneSignal-Subscription-Id
alt-svc: h3=":443"; ma=86400
expires: Sat, 02 Dec 2023 16:28:45 GMT

GET
H2 200 base-ac2c959392bdf669ad5e.js Show response
cybernews.com/js/ 24 KB
10 KB 34ms
33ms Script
application/javascript 2606:4700:3108::ac42:2bc5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cybernews.com/js/base-ac2c959392bdf669ad5e.js

Requested by

Host: cybernews.com
URL: https://cybernews.com/security/appscook-data-leak/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3108::ac42:2bc5 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b49a24935c33b6588afe92ff18fd96fb3186453e8ce83caf438101329c9c35ef

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https: data: blob: wss://*.hotjar.com;style-src data: blob: https: 'unsafe-inline';script-src https: data: blob: 'unsafe-inline' 'unsafe-eval';img-src 'self' https: data: blob:;worker-src 'self';block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Wed, 29 Nov 2023 16:28:45 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
content-security-policy: default-src 'self' https: data: blob: wss://*.hotjar.com;style-src data: blob: https: 'unsafe-inline';script-src https: data: blob: 'unsafe-inline' 'unsafe-eval';img-src 'self' https: data: blob:;worker-src 'self';block-all-mixed-content;upgrade-insecure-requests;
age: 26939
cross-origin-embedder-policy: unsafe-none
cf-polished: origSize=24352
cross-origin-resource-policy: same-site
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: no-referrer
last-modified: Mon, 27 Nov 2023 09:09:55 GMT
cf-bgj: minify
server: cloudflare
etag: W/"65645ce3-5f20"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
cache-control: public, max-age=14400
permissions-policy: geolocation=(), camera=(), microphone=()
cf-ray: 82dc39c05f913a49-FRA
expires: Wed, 29 Nov 2023 20:28:45 GMT

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 150 KB
52 KB 127ms
69ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-5928161074779380

Requested by

Host: cybernews.com
URL: https://cybernews.com/security/appscook-data-leak/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef234224a63c98752ac76cf3b9168a84b38556b1d58e89e5be908d6e8008f19f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
Origin: https://cybernews.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Wed, 29 Nov 2023 16:28:45 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 52627
x-xss-protection: 0
server: cafe
etag: 294476279703291675
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=3600
timing-allow-origin: *
link: <https://googleads.g.doubleclick.net>; rel="preconnect"; crossorigin
expires: Wed, 29 Nov 2023 16:28:45 GMT

GET
H2 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ 91 KB
30 KB 158ms
100ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: cybernews.com
URL: https://cybernews.com/security/appscook-data-leak/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

493596e2ac7eb43fa6e6d4426d7c82788fb246966fdf2a89e8aced3f6240f52f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Wed, 29 Nov 2023 16:28:45 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 29939
x-xss-protection: 0
server: cafe
etag: 985 / 19690 / m202311150101 / config-hash: 2176564774933884501
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
expires: Wed, 29 Nov 2023 16:28:45 GMT

GET
H2 200 5774 Show response
stpd.cloud/saas/ 350 KB
105 KB 72ms
52ms Script
text/javascript 2606:4700::6812:1f31
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://stpd.cloud/saas/5774
Requested by: Host: cybernews.com
URL: https://cybernews.com/security/appscook-data-leak/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:1f31 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1fe80dcd3088cc14ba38c93ca19515c11df993ec2c299ac4837194b4ce6e5863

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

expires: Wed, 29 Nov 2023 16:48:45 GMT
date: Wed, 29 Nov 2023 16:28:45 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 29 Nov 2023 16:28:35 GMT
server: cloudflare
age: 10
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=1200
cf-ray: 82dc39c08d8c1959-FRA
stpdhash: cache

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 245 KB
86 KB 89ms
33ms Script
application/javascript 2a00:1450:4001:80f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-KMWQ6GT

Requested by

Host: cybernews.com
URL: https://cybernews.com/security/appscook-data-leak/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

88190e0a82aa22b7fc6ef2265d71178f18c8e8003171cce861afdbce9535ccee

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Wed, 29 Nov 2023 16:28:45 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 87296
x-xss-protection: 0
last-modified: Wed, 29 Nov 2023 15:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Wed, 29 Nov 2023 16:28:45 GMT

GET
DATA 200
OK truncated
/ 61 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e138d129f38769d7080ed6ac6519dce8a4d546b7da5709b12aedff39673fa021

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 64 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: f290a3a287182664a81ea150c04e7d1a451f1bf74f6738b43d382e3d40d98002

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 63 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: c04449ed4256e2f4a5f052da11d2ff577f98bef710af2aa5cef74107fbae698e

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 63 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 731011540d78a983bc5a9a9faf087a672cfb50494eb9ca29719ba88dd4994bf1

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 63 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 9fca9ae04b4bca7ef7d4f2c43505769b1f03fd173ecf3871dd7b7ee0f115dd48

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 62 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: ab8f0b6cec3eb6cd02efd0a9324053b868cac7dcda99fc89871b4e87141bdf14

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 hqdefault.jpg
img.youtube.com/vi/jtktmJAwR3s/ Frame C2C4 33 KB
33 KB 52ms
15ms Image
image/jpeg 2a00:1450:4001:810::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://img.youtube.com/vi/jtktmJAwR3s/hqdefault.jpg

Requested by

Host: cybernews.com
URL: https://cybernews.com/security/appscook-data-leak/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c844aabaf649b9bcb45936e29580ea9357a9e9eaf4978d4bd4681a4e4808498e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Wed, 29 Nov 2023 14:36:36 GMT
x-content-type-options: nosniff
age: 6729
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 33351
x-xss-protection: 0
server: sffe
etag: "1700665306"
vary: Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: image/jpeg
cache-control: public, max-age=7200
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Wed, 29 Nov 2023 16:36:36 GMT

GET
H2 200 OneSignalPageSDKES6.js Show response
cdn.onesignal.com/sdks/ 284 KB
68 KB 55ms
55ms Script
application/javascript 2606:4700::6812:d73b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.onesignal.com/sdks/OneSignalPageSDKES6.js?v=151605

Requested by

Host: cdn.onesignal.com
URL: https://cdn.onesignal.com/sdks/OneSignalSDK.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:d73b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ebe0f94ca53bc5f7d865f89aec5b0315bca03ace6942d6c1c76d94d5b59d419a

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Wed, 29 Nov 2023 16:28:45 GMT
via: 1.1 google
content-encoding: br
cf-cache-status: HIT
server: cloudflare
strict-transport-security: max-age=15552000; includeSubDomains
age: 608
etag: W/"e3be409ac3c100e2a5d3f264ec260551"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=259200
cf-ray: 82dc39c09dde699b-FRA
access-control-allow-headers: OneSignal-Subscription-Id
alt-svc: h3=":443"; ma=86400
expires: Sat, 02 Dec 2023 16:28:45 GMT

GET
H2 200 Paulina.jpg
media.cybernews.com/2022/12/ 28 KB
29 KB 67ms
45ms Image
image/jpeg 2606:4700:3108::ac42:2bc5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://media.cybernews.com/2022/12/Paulina.jpg

Requested by

Host: cybernews.com
URL: https://cybernews.com/security/appscook-data-leak/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3108::ac42:2bc5 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

cfb9d227112112ea799160522621bcd75f35c3e5df888be3298cbfa24d1b9a6d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Wed, 29 Nov 2023 16:28:45 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 cdb2dba3874dd4d7b53213b8c63a0996.cloudfront.net (CloudFront)
cf-cache-status: HIT
age: 17200
x-amz-cf-pop: FRA50-C1
cf-polished: origSize=30591
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
alt-svc: h3=":443"; ma=86400
content-length: 28901
last-modified: Wed, 14 Dec 2022 10:03:02 GMT
cf-bgj: imgq:100,h2pri
server: cloudflare
etag: "0a6d524cc0d74b82582791ae4959cd2c"
vary: Accept-Encoding
content-type: image/jpeg
cache-control: public, max-age=15780000
accept-ranges: bytes
cf-ray: 82dc39c0cae52c3d-FRA
x-amz-cf-id: iM-pK9HuwuegFMApR9jFaTbvi367GLwGCUNJOE_2b9-xMid-qu2FVQ==
expires: Thu, 30 May 2024 07:48:45 GMT

GET
H2 200 appscook-dataleak.jpg
media.cybernews.com/images/750w/2023/11/ 31 KB
32 KB 64ms
41ms Image
image/avif 2606:4700:3108::ac42:2bc5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://media.cybernews.com/images/750w/2023/11/appscook-dataleak.jpg

Requested by

Host: cybernews.com
URL: https://cybernews.com/security/appscook-data-leak/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3108::ac42:2bc5 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6a4dca6cff7f04f102cd9192c4ec39d2ffecf0380395352a3f6a54192166d2bd

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; navigate-to 'none'; form-action 'none'
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Wed, 29 Nov 2023 16:28:45 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 9ab847fabb8c9edbd39cff57c2a2f4c0.cloudfront.net (CloudFront)
cf-cache-status: HIT
x-content-type-options: nosniff
content-security-policy: default-src 'none'; navigate-to 'none'; form-action 'none'
alt-svc: h3=":443"; ma=86400
content-length: 32191
cf-resized: internal=ok/h q=0 n=12+542 c=0+0 v=2023.9.8 l=32191
last-modified: Thu, 23 Nov 2023 09:28:34 GMT
cf-bgj: imgq:90,h2pri
server: cloudflare
etag: "cf7VrnSPeqpKFZ7aGXA03GSdTju5KfpxHRw9djGO55DQ:efde7082b67cd10326fab6916c41310f"
vary: Accept, Accept-Encoding
content-type: image/avif
cache-control: max-age=15780000
accept-ranges: bytes
cf-ray: 82dc39c0cae12c3d-FRA

GET
H2 200 jesse-youtube-documentary.png
media.cybernews.com/images/thumbnail/2023/11/ 7 KB
7 KB 59ms
36ms Image
image/avif 2606:4700:3108::ac42:2bc5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://media.cybernews.com/images/thumbnail/2023/11/jesse-youtube-documentary.png

Requested by

Host: cybernews.com
URL: https://cybernews.com/security/appscook-data-leak/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3108::ac42:2bc5 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7f836527be687b92737f2f9b3f6cb1df31ccef7e168406623102fd76d8247509

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; navigate-to 'none'; form-action 'none'
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Wed, 29 Nov 2023 16:28:45 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 f6c241b75ae7d21ac836339454ab90b8.cloudfront.net (CloudFront)
cf-cache-status: HIT
x-content-type-options: nosniff
content-security-policy: default-src 'none'; navigate-to 'none'; form-action 'none'
alt-svc: h3=":443"; ma=86400
content-length: 7378
cf-resized: internal=ok/e q=0 n=48+101 c=0+0 v=2023.9.8 l=7378
last-modified: Mon, 27 Nov 2023 08:36:31 GMT
cf-bgj: imgq:90,h2pri
server: cloudflare
etag: "cfjFjxFZTr55rFBt2CWCBzCPH1Pri99XVCPD58WiJxDQ:ab3b261f3203bcd6ddda69892f911243"
vary: Accept, Accept-Encoding
content-type: image/avif
cache-control: max-age=15780000
accept-ranges: bytes
cf-ray: 82dc39c0cae22c3d-FRA

GET
H2 200 chip_1.jpg
media.cybernews.com/images/thumbnail_small/2023/11/ 5 KB
6 KB 55ms
33ms Image
image/avif 2606:4700:3108::ac42:2bc5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://media.cybernews.com/images/thumbnail_small/2023/11/chip_1.jpg

Requested by

Host: cybernews.com
URL: https://cybernews.com/security/appscook-data-leak/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3108::ac42:2bc5 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7a6976ef5016a7f2e82810e7238a46182474c312ceaf6eb4e4988a61c723d0b1

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; navigate-to 'none'; form-action 'none'
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Wed, 29 Nov 2023 16:28:45 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 5317564e96c9dceb46123f6c5f149a02.cloudfront.net (CloudFront)
cf-cache-status: HIT
x-content-type-options: nosniff
content-security-policy: default-src 'none'; navigate-to 'none'; form-action 'none'
alt-svc: h3=":443"; ma=86400
content-length: 5435
cf-resized: internal=ok/e q=0 n=37+0 c=6+76 v=2023.9.8 l=5435
last-modified: Mon, 27 Nov 2023 08:48:11 GMT
cf-bgj: imgq:90,h2pri
server: cloudflare
etag: "cfZF4Wx3JEX6hE3XmK9QWYSekI8iFZYhIqdjUqgfspDQ:36a93a62a1b5b7bd41cbba57ba1e2a6e"
vary: Accept, Accept-Encoding
content-type: image/avif
cache-control: max-age=15780000
accept-ranges: bytes
cf-ray: 82dc39c0cae72c3d-FRA

GET
H2 200 elon-musk-grok2.jpg
media.cybernews.com/images/thumbnail_small/2023/11/ 2 KB
2 KB 59ms
37ms Image
image/avif 2606:4700:3108::ac42:2bc5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://media.cybernews.com/images/thumbnail_small/2023/11/elon-musk-grok2.jpg

Requested by

Host: cybernews.com
URL: https://cybernews.com/security/appscook-data-leak/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3108::ac42:2bc5 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

de96a085e4d01e60576e1d2a4e55602eef2506ccfef849bc6f1f68facc353bc1

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; navigate-to 'none'; form-action 'none'
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Wed, 29 Nov 2023 16:28:45 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 5d8c59c4e33ff30f6610982ac8ad0232.cloudfront.net (CloudFront)
cf-cache-status: HIT
x-content-type-options: nosniff
content-security-policy: default-src 'none'; navigate-to 'none'; form-action 'none'
alt-svc: h3=":443"; ma=86400
content-length: 1681
cf-resized: internal=ok/e q=0 n=28+0 c=4+39 v=2023.9.8 l=1681
last-modified: Mon, 27 Nov 2023 10:26:50 GMT
cf-bgj: imgq:90,h2pri
server: cloudflare
etag: "cf32O1aFGAswIex3Phfpv2ngNq8iFZYhIqdjUqgfspDQ:8e2f7f11176cdd4514b87085f1354072"
vary: Accept, Accept-Encoding
content-type: image/avif
cache-control: max-age=15780000
accept-ranges: bytes
cf-ray: 82dc39c0caea2c3d-FRA

GET
H2 200 sam-altman-podcast.png
media.cybernews.com/images/thumbnail_small/2023/11/ 5 KB
6 KB 57ms
35ms Image
image/avif 2606:4700:3108::ac42:2bc5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://media.cybernews.com/images/thumbnail_small/2023/11/sam-altman-podcast.png

Requested by

Host: cybernews.com
URL: https://cybernews.com/security/appscook-data-leak/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3108::ac42:2bc5 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6f92a928b9a381c815a0689e4a2e5a0f7e4e7e9864bb495dc06584bfe738f398

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; navigate-to 'none'; form-action 'none'
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Wed, 29 Nov 2023 16:28:45 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 a148356b14492df0e216c234ac2c2308.cloudfront.net (CloudFront)
cf-cache-status: HIT
x-content-type-options: nosniff
content-security-policy: default-src 'none'; navigate-to 'none'; form-action 'none'
alt-svc: h3=":443"; ma=86400
content-length: 5395
cf-resized: internal=ok/e q=0 n=38+0 c=29+86 v=2023.9.8 l=5395
last-modified: Fri, 24 Nov 2023 09:06:28 GMT
cf-bgj: imgq:90,h2pri
server: cloudflare
etag: "cfdBSk9upcl59AmkHfnILIjph68iFZYhIqdjUqgfspDQ:b011db20df3a738cca58e5b638c12349"
vary: Accept, Accept-Encoding
content-type: image/avif
cache-control: max-age=15780000
accept-ranges: bytes
cf-ray: 82dc39c0cae82c3d-FRA

GET
H2 200 smart-dog.jpg
media.cybernews.com/images/thumbnail_small/2023/11/ 7 KB
7 KB 30ms
30ms Image
image/avif 2606:4700:3108::ac42:2bc5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://media.cybernews.com/images/thumbnail_small/2023/11/smart-dog.jpg

Requested by

Host: cybernews.com
URL: https://cybernews.com/security/appscook-data-leak/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3108::ac42:2bc5 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

aa2414e1e9767180be06dab3216b8d3756c6619c1bd5d48009abde48a64a4a4b

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; navigate-to 'none'; form-action 'none'
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Wed, 29 Nov 2023 16:28:45 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 80c1ad5f9352d00b95a9da73eb6b6be4.cloudfront.net (CloudFront)
cf-cache-status: HIT
x-content-type-options: nosniff
content-security-policy: default-src 'none'; navigate-to 'none'; form-action 'none'
alt-svc: h3=":443"; ma=86400
content-length: 6891
cf-resized: internal=ok/e q=0 n=30+0 c=6+81 v=2023.9.8 l=6891
last-modified: Mon, 20 Nov 2023 07:10:32 GMT
cf-bgj: imgq:90,h2pri
server: cloudflare
etag: "cf-IAoEMvPBaoMQHhkhzAQX3GC8iFZYhIqdjUqgfspDQ:d4fa5611b7933b21040586c814bd8585"
vary: Accept, Accept-Encoding
content-type: image/avif
cache-control: max-age=15780000
accept-ranges: bytes
cf-ray: 82dc39c0fb3a2c3d-FRA

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 263 KB
89 KB 34ms
34ms Script
application/javascript 2a00:1450:4001:80f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-KT8DKCHF41&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-KMWQ6GT

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

d48cf00bc9b27c633012331478fbb5c17af961b3fffa0aa6f07629f7b3784674

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Wed, 29 Nov 2023 16:28:45 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 90793
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Wed, 29 Nov 2023 16:28:45 GMT

GET
H2 200 uwt.js Show response
static.ads-twitter.com/ 56 KB
15 KB 25ms
8ms Script
application/javascript 146.75.120.157
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://static.ads-twitter.com/uwt.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-KMWQ6GT
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 146.75.120.157 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: cf7fcc9f75c8717897bfaef72f303fab423ce1b70c98512aeb3677e4af988dee

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Wed, 29 Nov 2023 16:28:45 GMT
content-encoding: gzip
last-modified: Thu, 27 Oct 2022 16:56:53 GMT
etag: "32ad004436155ec972bc50e6238b5b67+gzip+gzip"
vary: Accept-Encoding,Host
x-cache: HIT, HIT
content-type: application/javascript; charset=utf-8
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
x-tw-cdn: FT
cache-control: no-cache
accept-ranges: bytes
content-length: 15375
x-served-by: cache-iad-kjyo7100081-IAD, cache-fra-etou8220036-FRA

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/589784210/ 3 KB
2 KB 64ms
29ms Script
text/javascript 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/589784210/?random=1701275325673&cv=11&fst=1701275325673&bg=ffffff&guid=ON&async=1&gtm=45He3b81v813159125&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&u_w=1600&u_h=1200&url=https%3A%2F%2Fcybernews.com%2Fsecurity%2Fappscook-data-leak%2F&hn=www.googleadservices.com&frm=0&tiba=App%20used%20by%20hundreds%20of%20schools%20leaking%20children%27s%20data%20%7C%20Cybernews&auid=1280130762.1701275326&uamb=0&uaw=0&data=contentBucket%3DSecurity%3BcontentType%3DEditorial&rfmt=3&fmt=4

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-KMWQ6GT

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a82cfe56684bcc592a56bb4e320ec5fedba1c14ecdeccf616f7dbadc87ded843

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 29 Nov 2023 16:28:45 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1334
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 202 KB
54 KB 46ms
15ms Script
application/x-javascript 2a03:2880:f084:105:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: cybernews.com
URL: https://cybernews.com/security/appscook-data-leak/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f084:105:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

3e136e77083bfc6ef14ffc5abd19da89a82bf12fc0cda3c603e01582b93303c8

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Wed, 29 Nov 2023 16:28:45 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 54273
x-xss-protection: 0
reporting-endpoints
pragma: public
x-fb-debug: uW7dLZZQhj4NZa5jMNYRgRgFHcQRNgB5o9ylfc/S7nT7X4U9M68y8UTlAW8KbhssxGhaBrv3kWBM97lSso0DbQ==
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), payment=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=()
timing-allow-origin: *
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H3 200 show_ads_impl_with_ama_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202311150101/ 397 KB
134 KB 111ms
81ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202311150101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-5928161074779380&plah=cybernews.com

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-5928161074779380

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4876e75b4cee15f8659da42bb3790c1ba1fb5c58d91e31f034b5cc16e94973d9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Wed, 29 Nov 2023 16:28:45 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 137282
x-xss-protection: 0
server: cafe
etag: 13808170703785144796
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Wed, 29 Nov 2023 16:28:45 GMT

GET
H2 200 zrt_lookup_fy2021.html Show response
googleads.g.doubleclick.net/pagead/html/r20231109/r20190131/ Frame 9124 9 KB
4 KB 16ms
15ms Document
text/html 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20231109/r20190131/zrt_lookup_fy2021.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-5928161074779380

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

623c81b092a6116d4d60ff89b14803818efb0b9aebf6e4e2c50241e802f6e016

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 12230
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4118
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 29 Nov 2023 13:04:55 GMT
etag: 16674218716276178799
expires: Wed, 13 Dec 2023 13:04:55 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 pubads_impl.js Show response
securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202311150101/ 431 KB
135 KB 15ms
15ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202311150101/pubads_impl.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b033f59e4ffeaa6f3e4f2e839c035a14811d5469d3f772eda6056d7d5782c53f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Wed, 29 Nov 2023 12:39:26 GMT
content-encoding: br
x-content-type-options: nosniff
age: 13759
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 138149
x-xss-protection: 0
server: cafe
etag: 11558412289700915514
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
timing-allow-origin: *
expires: Thu, 28 Nov 2024 12:39:26 GMT

GET
H3 200 ppub_config Show response
securepubads.g.doubleclick.net/pagead/ 83 B
89 B 81ms
51ms XHR
application/json 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/ppub_config?ippd=cybernews.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3142bb4e2fa4747ce46bda530c71048a97094101c8f76566946719c5498d8266

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Wed, 29 Nov 2023 16:28:45 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private, max-age=3600, stale-while-revalidate=3600
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 64
x-xss-protection: 0
expires: Wed, 29 Nov 2023 16:28:45 GMT

GET
H2 200 adsct
t.co/1/i/ 43 B
377 B 241ms
201ms Image
image/gif 104.244.42.5
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://t.co/1/i/adsct?bci=4&eci=3&event=%7B%7D&event_id=5871258b-fe92-494b-8284-9558a6b51c58&integration=gtm&p_id=Twitter&p_user_id=0&pl_id=ccffa832-dc58-40b6-acc7-41978bf18962&tw_document_href=https%3A%2F%2Fcybernews.com%2Fsecurity%2Fappscook-data-leak%2F&tw_iframe_status=0&txn_id=o3auk&type=javascript&version=2.3.29

Requested by

Host: cybernews.com
URL: https://cybernews.com/security/appscook-data-leak/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.5 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

x-response-time: 181
date: Wed, 29 Nov 2023 16:28:45 GMT
strict-transport-security: max-age=0
server: tsa_o
content-type: image/gif;charset=utf-8
x-transaction-id: 278633f80348c849
cache-control: no-cache, no-store, max-age=0
perf: 7626143928
x-connection-hash: b0394893a3c1b6a98b45cf5649fcd03a585d6e63e206cc2e2671f470416f9c2c
content-length: 43

GET
H2 200 adsct
analytics.twitter.com/1/i/ 43 B
724 B 163ms
122ms Image
image/gif 104.244.42.131
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://analytics.twitter.com/1/i/adsct?bci=4&eci=3&event=%7B%7D&event_id=5871258b-fe92-494b-8284-9558a6b51c58&integration=gtm&p_id=Twitter&p_user_id=0&pl_id=ccffa832-dc58-40b6-acc7-41978bf18962&tw_document_href=https%3A%2F%2Fcybernews.com%2Fsecurity%2Fappscook-data-leak%2F&tw_iframe_status=0&txn_id=o3auk&type=javascript&version=2.3.29

Requested by

Host: cybernews.com
URL: https://cybernews.com/security/appscook-data-leak/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.131 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

x-response-time: 103
date: Wed, 29 Nov 2023 16:28:45 GMT
strict-transport-security: max-age=631138519
server: tsa_o
content-type: image/gif;charset=utf-8
x-transaction-id: 9313aed42e4bf456
cache-control: no-cache, no-store, max-age=0
perf: 7626143928
x-connection-hash: e14190272ba3efa417cd5bd2811cba4d92ad1b535092b4308c4e2b0f784e75ba
content-length: 43

POST
H2 204 collect
region1.analytics.google.com/g/ 0
252 B 56ms
20ms Ping
text/plain 2001:4860:4802:32::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.analytics.google.com/g/collect?v=2&tid=G-KT8DKCHF41&gtm=45je3b81v882489589z8813159125&_p=1701275325503&_gaz=1&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&cid=169331770.1701275325&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=1&sid=1701275325&sct=1&seg=0&dl=https%3A%2F%2Fcybernews.com%2Fsecurity%2Fappscook-data-leak%2F&dt=App%20used%20by%20hundreds%20of%20schools%20leaking%20children%27s%20data%20%7C%20Cybernews&en=page_view&_fv=1&_ss=1&ep.contentBucket=Security&ep.pagePostAuthor=Paulina%20Okunyt%C4%97&tfd=423
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-KT8DKCHF41&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 29 Nov 2023 16:28:45 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://cybernews.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
stats.g.doubleclick.net/g/ 0
252 B 57ms
18ms Ping
text/plain 2a00:1450:400c:c00::9c
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.g.doubleclick.net/g/collect?v=2&tid=G-KT8DKCHF41&cid=169331770.1701275325&gtm=45je3b81v882489589z8813159125&aip=1&dma=1&dma_cps=sypham&gcd=11l1l1l1l1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-KT8DKCHF41&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:400c:c00::9c Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 29 Nov 2023 16:28:45 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://cybernews.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
107 B 112ms
60ms Image
image/gif 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-KT8DKCHF41&cid=169331770.1701275325&gtm=45je3b81v882489589z8813159125&aip=1&dma=1&dma_cps=sypham&gcd=11l1l1l1l1&z=2056068081

Requested by

Host: cybernews.com
URL: https://cybernews.com/security/appscook-data-leak/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 29 Nov 2023 16:28:45 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 1031670724691978 Show response
connect.facebook.net/signals/config/ 133 KB
35 KB 15ms
15ms Script
application/x-javascript 2a03:2880:f084:105:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/1031670724691978?v=2.9.138&r=stable&domain=cybernews.com

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f084:105:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

9ec169e17d05c2935b44d196fe74a35c7c1ea22182fb146394f12b30d4396891

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'self';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

content-security-policy: default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Wed, 29 Nov 2023 16:28:45 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 35312
x-xss-protection: 0
reporting-endpoints
pragma: public
x-fb-debug: LQiIlKy3ismLhYwr2Hr4YDfth32zNuApS5nHdLQf0grKerkZ6wAFzASU/o9wU5+0Y5338G7qv30mpj2hBJPSQQ==
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), payment=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=()
timing-allow-origin: *
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 /
www.google.com/pagead/1p-user-list/589784210/ 42 B
455 B 62ms
27ms Image
image/gif 2a00:1450:4001:809::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/589784210/?random=1701275325673&cv=11&fst=1701273600000&bg=ffffff&guid=ON&async=1&gtm=45He3b81v813159125&u_w=1600&u_h=1200&url=https%3A%2F%2Fcybernews.com%2Fsecurity%2Fappscook-data-leak%2F&frm=0&tiba=App%20used%20by%20hundreds%20of%20schools%20leaking%20children%27s%20data%20%7C%20Cybernews&data=contentBucket%3DSecurity%3BcontentType%3DEditorial&fmt=3&is_vtc=1&cid=CAQSGwDICaaN3tFRXESm7U-Qc5GHNmZhGlw1lnnRow&random=2425018076&rmt_tld=0&ipr=y

Requested by

Host: cybernews.com
URL: https://cybernews.com/security/appscook-data-leak/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 29 Nov 2023 16:28:45 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.de/pagead/1p-user-list/589784210/ 42 B
455 B 69ms
31ms Image
image/gif 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/589784210/?random=1701275325673&cv=11&fst=1701273600000&bg=ffffff&guid=ON&async=1&gtm=45He3b81v813159125&u_w=1600&u_h=1200&url=https%3A%2F%2Fcybernews.com%2Fsecurity%2Fappscook-data-leak%2F&frm=0&tiba=App%20used%20by%20hundreds%20of%20schools%20leaking%20children%27s%20data%20%7C%20Cybernews&data=contentBucket%3DSecurity%3BcontentType%3DEditorial&fmt=3&is_vtc=1&cid=CAQSGwDICaaN3tFRXESm7U-Qc5GHNmZhGlw1lnnRow&random=2425018076&rmt_tld=1&ipr=y

Requested by

Host: cybernews.com
URL: https://cybernews.com/security/appscook-data-leak/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 29 Nov 2023 16:28:45 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

OPTIONS
H2 200 json
gum.criteo.com/sid/ Frame 0
0 39ms
13ms Preflight
application/json 2a02:2638:3::c
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fcybernews.com%2F&domain=cybernews.com&cw=1&lsw=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::c , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: GET
Origin: https://cybernews.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: content-type
access-control-allow-methods: GET
access-control-allow-origin: https://cybernews.com
cache-control: no-cache, no-store, must-revalidate
content-encoding: gzip
content-type: application/json; charset=utf-8
date: Wed, 29 Nov 2023 16:28:45 GMT
expires: 0
pragma: no-cache
server: Kestrel
server-processing-duration-in-ticks: 171231
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding

GET
H2 200 apstag.js Show response
c.amazon-adsystem.com/aax2/ 267 KB
65 KB 46ms
16ms Script
application/javascript 108.138.37.209
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/aax2/apstag.js
Requested by: Host: stpd.cloud
URL: https://stpd.cloud/saas/5774
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.138.37.209 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-138-37-209.muc50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 4c8fe936e012d2d229577704c34c41a451d7a98aa5c2566ea5c3930aa7e3f40f

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Wed, 29 Nov 2023 15:38:26 GMT
content-encoding: gzip
via: 1.1 9336c14434e205e440418213079c6074.cloudfront.net (CloudFront), 1.1 e33c4b19512a86c5972c18d1c60d21f8.cloudfront.net (CloudFront)
last-modified: Mon, 13 Nov 2023 20:18:45 GMT
server: AmazonS3
x-amz-cf-pop: FRA60-P1, MUC50-P2
age: 3020
x-amz-server-side-encryption: AES256
etag: W/"2d08dd94de483579c1dc3f3783c06f6e"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: max-age=3600
x-amz-cf-id: GzVreKA2TmmiYM8WYHOdSb_X8fat6mPL4VLznWn8hqxQcTGbYstHRQ==

POST
H2 200 prebid Show response
id5-sync.com/api/config/ 135 B
414 B 47ms
16ms XHR
application/json 162.19.138.82
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://id5-sync.com/api/config/prebid

Requested by

Host: stpd.cloud
URL: https://stpd.cloud/saas/5774

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

162.19.138.82 Frankfurt am Main, Germany, ASN16276 (OVH, FR),

Reverse DNS

Software

Resource Hash

7c2589f966c01479236dda131a4942c70ba281e3be202cc12d56680f86977a54

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Referer
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://cybernews.com
date: Wed, 29 Nov 2023 16:28:45 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Origin
content-type: application/json;charset=UTF-8

GET
H2 200 json Show response
gum.criteo.com/sid/ 2 B
372 B 41ms
14ms XHR
application/json 2a02:2638:3::c
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fcybernews.com%2F&domain=cybernews.com&cw=1&lsw=1

Requested by

Host: stpd.cloud
URL: https://stpd.cloud/saas/5774

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::c , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
Content-Type: application/json

Response headers

pragma: no-cache
date: Wed, 29 Nov 2023 16:28:45 GMT
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
server: Kestrel
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/json; charset=utf-8
access-control-allow-origin: https://cybernews.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
server-processing-duration-in-ticks: 178083
expires: 0

GET
H2 200 latest.json Show response
cdn.jsdelivr.net/gh/prebid/currency-file@1/ 2 KB
2 KB 34ms
17ms XHR
application/json 2606:4700::6810:5714
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/gh/prebid/currency-file@1/latest.json?date=20231129

Requested by

Host: stpd.cloud
URL: https://stpd.cloud/saas/5774

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:5714 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f9737dc7bd88dbd2aa4e121c52743b42f6224c4dff8750010ff122c2c2313730

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
Content-Type: text/plain

Response headers

date: Wed, 29 Nov 2023 16:28:45 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 1666
x-jsd-version: 1.0.1889
content-encoding: br
x-cache: HIT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-served-by: cache-fra-eddf8230071-FRA
x-jsd-version-type: version
server: cloudflare
etag: W/"63d-nxUY9OfUBBLsO71XhrhIQ3KMTHs"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tUwDBQXvEapsog4lh8NhVgWdDduSs%2FvtQlej0%2FTDagqLewdoBevcnNfO0JlZ3iSo756qXhD0fIWpi7qVU8ze9ZQzQLbsEkB4FMWE0GDQdIpVJ%2BfhZluvWqSQdzqTPGkuZ94FKDqYtt%2F%2B5H0U%2BR0%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/json; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=604800, s-maxage=43200
timing-allow-origin: *
cf-ray: 82dc39c24b6e9a24-FRA

GET
H2 200 /
www.facebook.com/tr/ 0
185 B 45ms
15ms Image
text/plain 2a03:2880:f176:181:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=1031670724691978&ev=PageView&dl=https%3A%2F%2Fcybernews.com%2Fsecurity%2Fappscook-data-leak%2F&rl=&if=false&ts=1701275325799&sw=1600&sh=1200&v=2.9.138&r=stable&ec=0&o=4126&fbp=fb.1.1701275325799.790215911&ler=empty&it=1701275325767&coo=false&rqm=GET

Requested by

Host: cybernews.com
URL: https://cybernews.com/security/appscook-data-leak/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f176:181:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
date: Wed, 29 Nov 2023 16:28:45 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0

GET v1
lb.eu-1-id5-sync.com/lb/ 0
0

POST
H2 200 cookie_sync Show response
prebid-stag.setupad.net/ 2 KB
1 KB 187ms
171ms XHR
application/json 104.26.9.178
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid-stag.setupad.net/cookie_sync
Requested by: Host: stpd.cloud
URL: https://stpd.cloud/saas/5774
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.9.178 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0b16c56013c4f976b98d76ba08e26c5e184c3a3342982ad73946d863b297d595

Request headers

Referer
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 29 Nov 2023 16:28:46 GMT
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Origin
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=l6EmByy8S2o76FXhcjIFx54KrYaHhD5AmwaHkrBb1KgzHciNO3lUUJX1YJYzu%2BM7WwLKRrGQLjedRbVw2zlssuVUJWVQXl2Nz%2Beut2G9UISnrv%2FUP83bgqVTwJthrdnpJUdojs6iYwRw"}],"group":"cf-nel","max_age":604800}
content-type: application/json; charset=utf-8
access-control-allow-origin: https://cybernews.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cf-ray: 82dc39c2abc4199e-FRA
expires: 0

POST auction
prebid-stag.setupad.net/openrtb2/ 0
0

POST
H2 204 cdb Show response
bidder.criteo.com/ 0
192 B 41ms
14ms XHR
text/plain 2a02:2638:3::7
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://bidder.criteo.com/cdb?profileId=207&av=36&wv=7.54.0&cb=60978691310&lsavail=1

Requested by

Host: stpd.cloud
URL: https://stpd.cloud/saas/5774

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::7 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://cybernews.com
date: Wed, 29 Nov 2023 16:28:45 GMT
strict-transport-security: max-age=31536000; preload;
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
server: Kestrel
vary: Origin

POST
H2 204 bids Show response
prebid-eu.creativecdn.com/bidder/prebid/ 0
176 B 62ms
33ms XHR
text/plain 185.184.8.90
RTB-HOUSE-AMS

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid-eu.creativecdn.com/bidder/prebid/bids
Requested by: Host: stpd.cloud
URL: https://stpd.cloud/saas/5774
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.184.8.90 Amsterdam, Netherlands, ASN204995 (RTB-HOUSE-AMS, PL),
Reverse DNS: ip-185-184-8-90.rtbhouse.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://cybernews.com
date: Wed, 29 Nov 2023 16:28:45 GMT
access-control-allow-credentials: true
vary: Origin
access-control-max-age: 3600
access-control-allow-methods: POST

POST
H/1.1 200
OK v1 Show response
prg.smartadserver.com/prebid/ 171 B
555 B 137ms
110ms XHR
application/json 81.17.55.161
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://prg.smartadserver.com/prebid/v1
Requested by: Host: stpd.cloud
URL: https://stpd.cloud/saas/5774
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 81.17.55.161 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: /
Resource Hash: 966ae054fb01b6518dd949476622ad377803b83ff8f0bc5bfd6fecfb91930068

Request headers

Referer
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 29 Nov 2023 16:28:44 GMT
content-encoding: br
transfer-encoding: chunked
vary: Accept-Encoding, Origin
content-type: application/json; charset=UTF-8
access-control-allow-origin: https://cybernews.com
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
cache-control: no-cache,no-store
access-control-allow-credentials: true

POST
H2 200 prebidjs Show response
rtb.openx.net/openrtbb/ 53 B
256 B 50ms
20ms XHR
text/plain 35.186.253.211
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://rtb.openx.net/openrtbb/prebidjs
Requested by: Host: stpd.cloud
URL: https://stpd.cloud/saas/5774
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.186.253.211 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 211.253.186.35.bc.googleusercontent.com
Software: /
Resource Hash: f6fdf4ec74b030f424512b446a3f2bb4b894f1e07e2249e362191c1da699785a

Request headers

Referer
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
Content-Type: text/plain

Response headers

date: Wed, 29 Nov 2023 16:28:45 GMT
content-encoding: gzip
via: 1.1 google
vary: Origin
content-type: text/plain
access-control-allow-origin: https://cybernews.com
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 77

POST
H/1.1 200
OK bid Show response
ap.lijit.com/rtb/ 24 B
400 B 79ms
35ms XHR
application/json 216.52.2.86
SINGLEHOP-LLC

General

Check archive.org

Show headers Download Go to

Full URL: https://ap.lijit.com/rtb/bid?src=prebid_prebid_7.54.0
Requested by: Host: stpd.cloud
URL: https://stpd.cloud/saas/5774
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 216.52.2.86 , United States, ASN32475 (SINGLEHOP-LLC, US),
Reverse DNS
Software: /
Resource Hash: bbdad36c850870a155fb444fffb6d4fa4c2fa3991530f2a4200318e16b324671

Request headers

Referer
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
Content-Type: text/plain

Response headers

Date: Wed, 29 Nov 2023 16:28:45 GMT
Vary: Accept-Encoding, User-Agent
Access-Control-Allow-Methods: GET, POST, DELETE, PUT
Content-Type: application/json
Access-Control-Allow-Origin: https://cybernews.com
Access-Control-Allow-Credentials: true
X-Sovrn-Pod: ad_ap4ams1
Access-Control-Allow-Headers: X-Requested-With, Content-Type
Content-Length: 24

GET
H2 200 d14c8d3d-c09a-40c7-8c08-b5d7cd1d7fac Show response
config.aps.amazon-adsystem.com/configs/ 537 B
804 B 43ms
14ms Script
application/javascript 108.138.36.117
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://config.aps.amazon-adsystem.com/configs/d14c8d3d-c09a-40c7-8c08-b5d7cd1d7fac
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.138.36.117 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-138-36-117.muc50.r.cloudfront.net
Software: CloudFront /
Resource Hash: b0bc4832bff20424c219616d614a0da01ca98a13026edc54b008aa99db057011

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Wed, 29 Nov 2023 16:19:36 GMT
via: 1.1 7f6fdb9a0ec439bac9ac6cc0db13237e.cloudfront.net (CloudFront)
server: CloudFront
x-amz-cf-pop: MUC50-P2
age: 549
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: max-age=3600
content-length: 537
x-amz-cf-id: 8f8bXzONMHOuynKZqEsMbqeW2hQ94TgH1p65ok2dayhE2EiqpJTXrA==

GET
H2 200 config Show response
c.amazon-adsystem.com/cdn/prod/ 4 KB
4 KB 16ms
16ms XHR
application/json 108.138.37.209
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/cdn/prod/config?src=600&u=https%3A%2F%2Fcybernews.com&pubid=d14c8d3d-c09a-40c7-8c08-b5d7cd1d7fac
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.138.37.209 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-138-37-209.muc50.r.cloudfront.net
Software: Server /
Resource Hash: 5f27f2d6fd0d7a35050e1868e67548df87f1c88964ee798f826cca6ea1cd747b

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Wed, 29 Nov 2023 11:21:17 GMT
via: 1.1 e33c4b19512a86c5972c18d1c60d21f8.cloudfront.net (CloudFront)
server: Server
x-amz-cf-pop: MUC50-P2
age: 18448
x-cache: Hit from cloudfront
content-type: application/json;charset=UTF-8
access-control-allow-origin: https://cybernews.com
cache-control: max-age=21550, s-maxage=21600
access-control-allow-credentials: true
content-length: 3623
x-amz-cf-id: 0ri7510oqQeIXtpYjMMZbJkUKPx_4Stvhan-xfHCwSYyjTplu_tJbA==

GET
H2 200 bid Show response
aax.amazon-adsystem.com/e/dtb/ 23 B
462 B 91ms
62ms XHR
text/javascript 18.173.191.32
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://aax.amazon-adsystem.com/e/dtb/bid?src=600&u=https%3A%2F%2Fcybernews.com%2Fsecurity%2Fappscook-data-leak%2F&pid=p34yglGWmvkpJ&cb=0&ws=1600x1200&v=23.1108.2350&t=400&slots=%5B%7B%22sd%22%3A%22cybernews_com_300x600_sidebar_1%22%2C%22s%22%3A%5B%22300x250%22%2C%22300x600%22%5D%2C%22sn%22%3A%22%2F21924397842%2Fcybernews.com_300x600_sidebar_1%22%7D%5D&schain=1.0%2C1!setupad.com%2C2339%2C1%2C%2C%2C&pubid=d14c8d3d-c09a-40c7-8c08-b5d7cd1d7fac&gdprl=%7B%22status%22%3A%22no-cmp%22%7D

Requested by

Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.173.191.32 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-173-191-32.muc50.r.cloudfront.net

Software

Server /

Resource Hash

745a085b52b8371ec6705413fca70a28c6d8bff0db480e6b124bd08c54e95ef8

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Wed, 29 Nov 2023 16:28:45 GMT
strict-transport-security: max-age=47474747; includeSubDomains; preload
via: 1.1 455035b7b3ab5f564b775e2968249d3e.cloudfront.net (CloudFront)
server: Server
x-amz-cf-pop: MUC50-P4
x-amz-rid: KC1T8PFSG8E82RYRW9PA
vary: Accept-Encoding,User-Agent
x-cache: Miss from cloudfront
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: https://cybernews.com
access-control-allow-credentials: true
timing-allow-origin: *
content-length: 23
x-amz-cf-id: dbFnMFcZoxYm4yLaD8hpZPePRacKrg7guj9wHkscGeQacXD5nH5YpQ==

GET
H2 200 aps_csm.js Show response
c.amazon-adsystem.com/bao-csm/aps-comm/ 6 KB
3 KB 43ms
15ms XHR
application/javascript 108.138.37.209
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/bao-csm/aps-comm/aps_csm.js
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.138.37.209 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-138-37-209.muc50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

x-amz-version-id: 9yABOonr2HqHtwbarUcdbIqN0f4A8Qog
content-encoding: gzip
via: 1.1 75964e4626dd702b8dac2690031df25a.cloudfront.net (CloudFront)
date: Wed, 29 Nov 2023 08:42:00 GMT
x-amz-cf-pop: MUC50-P2
age: 28006
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
last-modified: Tue, 29 Aug 2023 08:30:37 GMT
server: AmazonS3
etag: W/"a4d296427fc806b21335359e398c025c"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
vary: Accept-Encoding,Origin
x-amz-cf-id: BkO8WqJsXD1pAK5sdJ1QYiMMXlCuEs2d0l38TigYmuHPdS8rVgIvEw==

GET
H2 200 pubcid.min.js Show response
secure.cdn.fastclick.net/js/pubcid/latest/ 54 KB
17 KB 37ms
13ms Script
application/javascript 23.197.10.19
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://secure.cdn.fastclick.net/js/pubcid/latest/pubcid.min.js
Requested by: Host: cybernews.com
URL: https://cybernews.com/security/appscook-data-leak/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.197.10.19 Düsseldorf, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-197-10-19.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 43f804d38a294c6df1ce8ee64fb95ad0ff5a8d6d5685d9537df02212668a1dff

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Wed, 29 Nov 2023 16:28:45 GMT
content-encoding: gzip
last-modified: Mon, 23 Jan 2023 19:40:17 GMT
server: Apache
etag: "d734-5f2f3919e751f-gzip"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=900
accept-ranges: bytes
content-length: 17407
expires: Wed, 29 Nov 2023 16:43:45 GMT

GET
H2 200 sync.min.js Show response
tags.crwdcntrl.net/lt/c/16576/ 39 KB
12 KB 46ms
15ms Script
text/javascript 108.138.36.46
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.crwdcntrl.net/lt/c/16576/sync.min.js
Requested by: Host: cybernews.com
URL: https://cybernews.com/security/appscook-data-leak/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.138.36.46 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-138-36-46.muc50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 7713183ba1a38b1ea2be2d5f7d3d49dab7b8d468cf78a603e6517ffbd1f33d59

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Wed, 29 Nov 2023 06:08:51 GMT
content-encoding: gzip
via: 1.1 210c8ad3e752d602af05a2de06eb2ff8.cloudfront.net (CloudFront)
last-modified: Wed, 06 Sep 2023 15:56:42 GMT
server: AmazonS3
x-amz-cf-pop: MUC50-P2
age: 37195
x-amz-server-side-encryption: AES256
etag: W/"6e8b1f94eaf615b7d0953ad4e8d8bb85"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/javascript
cache-control: public, max-age=86400
x-amz-cf-id: EIv07At7rkH0uNLXeNaw01HZuOpMabLBvGZjrF9sUv0n7y3eeyCpyA==

GET
H2 200 hadron.js Show response
cdn.hadronid.net/ 55 KB
10 KB 40ms
19ms Script
application/javascript 2606:4700:10::6816:35ad
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.hadronid.net/hadron.js?url=https%3A%2F%2Fcybernews.com%2Fsecurity%2Fappscook-data-leak%2F&ref=&_it=amazon&partner_id=533
Requested by: Host: cybernews.com
URL: https://cybernews.com/security/appscook-data-leak/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:35ad , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2365cc11ef3d43f265b848c7164e5487c7a49d6af06c2938ac9272c8d91fc1a2

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Wed, 29 Nov 2023 16:28:45 GMT
content-encoding: gzip
cf-cache-status: HIT
cf-bgj: minify
last-modified: Wed, 29 Nov 2023 15:31:45 GMT
server: cloudflare
x-amz-request-id: 01CC8G5F16RM7B26
age: 3417
etag: W/"13043c1bbaf21ccc6e8ed474a744d3f2"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=3600
cf-ray: 82dc39c2eb499c0c-FRA
x-amz-id-2: HXRUR8HjAo6USwQLdtHY+PYQf8tGuqDCh/+7XnINsX6lV9HyCEeo0/fdHmm/D8O2xprGCoT8y84=

GET
H2 200 id5-api.js Show response
cdn.id5-sync.com/api/1.0/ 151 KB
33 KB 37ms
20ms Script
text/javascript 2606:4700:10::ac43:266a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.id5-sync.com/api/1.0/id5-api.js

Requested by

Host: cybernews.com
URL: https://cybernews.com/security/appscook-data-leak/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:266a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7571db16348512fc55b35102ce3699733cf0882f4b4fb3e652fa8db700c07fb5

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Wed, 29 Nov 2023 16:28:45 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-encoding: gzip
cf-cache-status: HIT
last-modified: Tue, 28 Nov 2023 11:19:25 GMT
server: cloudflare
x-amz-request-id: MZ1SMZNNQ03R32VH
age: 2974
etag: W/"53159e4ae3ffbda2ff6c0204350035be"
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
content-type: text/javascript;charset=utf-8
cache-control: public, max-age=3600
cf-ray: 82dc39c2dc191d92-FRA
x-amz-id-2: PTtuGVlW86/lw6DBxeOyPXzoTsgfLjDUnYK3grbWOmKV5vopn3rRgL9PbvYp5z6ECilDUFmMBNY=

GET
H2 200 launcher-stub.min.js Show response
secure.cdn.fastclick.net/js/cnvr-launcher/latest/ 14 KB
5 KB 42ms
19ms Script
application/javascript 23.197.10.19
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://secure.cdn.fastclick.net/js/cnvr-launcher/latest/launcher-stub.min.js
Requested by: Host: cybernews.com
URL: https://cybernews.com/security/appscook-data-leak/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.197.10.19 Düsseldorf, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-197-10-19.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: d3c286558922ca8c2c69167698cd61a8280cb03b81bb41d9bd633f80f18c274f

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Wed, 29 Nov 2023 16:28:45 GMT
content-encoding: gzip
last-modified: Tue, 20 Sep 2022 18:52:26 GMT
server: Apache
etag: "38c0-5e92054540ea5-gzip"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=900
accept-ranges: bytes
content-length: 5252
expires: Wed, 29 Nov 2023 16:43:45 GMT

GET
H2 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 67E7 300 KB
70 KB 741ms
740ms Document
text/html 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5928161074779380&output=html&adk=1812271804&adf=3025194257&lmt=1701248518&plat=9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&plas=164x810_l%7C188x675_r&format=0x0&url=https%3A%2F%2Fcybernews.com%2Fsecurity%2Fappscook-data-leak%2F&ea=0&pra=5&wgl=1&easpi=1&asro=0&asiscm=1&aslmt=0.4&asamt=-1&asedf=0&asefa=1&aseiel=1~2&aslcwct=300&asacwct=50&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1701275325687&bpp=2&bdt=198&idt=204&shv=r20231109&mjsv=m202311150101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=2559682454802&frm=20&pv=2&ga_vid=169331770.1701275325&ga_sid=1701275326&ga_hid=2118992224&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C42532605%2C31078020%2C31079758%2C44809315%2C31078301%2C31079722%2C44806140%2C44807764%2C44808148%2C44808285%2C44809071&oid=2&pvsid=1049970428930962&tmod=678715320&uas=0&nvt=1&fsapi=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=1&uci=a!1&fsb=1&dtd=218

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202311150101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-5928161074779380&plah=cybernews.com

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

cb1e4b03a0d29ec8fa525a785a7481093e31f1dc7b51e25f0379d2214f5d8529

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 70849
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 29 Nov 2023 16:28:46 GMT
expires: Wed, 29 Nov 2023 16:28:46 GMT
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 00FC 105 KB
40 KB 956ms
955ms Document
text/html 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5928161074779380&output=html&h=280&slotname=2732825802&adk=652042997&adf=2125223602&pi=t.ma~as.2732825802&w=749&fwrn=4&fwrnh=100&lmt=1701248518&rafmt=1&format=749x280&url=https%3A%2F%2Fcybernews.com%2Fsecurity%2Fappscook-data-leak%2F&ea=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1701275325689&bpp=1&bdt=200&idt=219&shv=r20231109&mjsv=m202311150101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=2559682454802&frm=20&pv=1&ga_vid=169331770.1701275325&ga_sid=1701275326&ga_hid=2118992224&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=226&ady=1117&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C42532605%2C31078020%2C31079758%2C44809315%2C31078301%2C31079722%2C44806140%2C44807764%2C44808148%2C44808285%2C44809071&oid=2&pvsid=1049970428930962&tmod=678715320&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpEe%7C&abl=CS&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&fsb=1&dtd=222

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

468f93d0963d268f657446f7999b384ccc9df5a4dd2ae0e6f3f9402d90096613

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 40185
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 29 Nov 2023 16:28:46 GMT
expires: Wed, 29 Nov 2023 16:28:46 GMT
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame FF16 121 KB
42 KB 778ms
777ms Document
text/html 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5928161074779380&output=html&h=280&slotname=1815900770&adk=471421629&adf=3153423549&pi=t.ma~as.1815900770&w=749&fwrn=4&fwrnh=100&lmt=1701248518&rafmt=1&format=749x280&url=https%3A%2F%2Fcybernews.com%2Fsecurity%2Fappscook-data-leak%2F&ea=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1701275325690&bpp=1&bdt=201&idt=224&shv=r20231109&mjsv=m202311150101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C749x280&nras=1&correlator=2559682454802&frm=20&pv=1&ga_vid=169331770.1701275325&ga_sid=1701275326&ga_hid=2118992224&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=226&ady=2769&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C42532605%2C31078020%2C31079758%2C44809315%2C31078301%2C31079722%2C44806140%2C44807764%2C44808148%2C44808285%2C44809071&oid=2&pvsid=1049970428930962&tmod=678715320&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpEebr%7C&abl=CS&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&btvi=1&fsb=1&dtd=226

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0acf63312c65b380572933b30e445f5aa9d667ea97a9b926b4cdd198cbe95d81

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 42233
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 29 Nov 2023 16:28:46 GMT
expires: Wed, 29 Nov 2023 16:28:46 GMT
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 hadron.json Show response
id.hadron.ad.gt/v1/ 98 B
288 B 109ms
109ms XHR
application/json 2606:4700:10::6816:445
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://id.hadron.ad.gt/v1/hadron.json?_it=amazon&partner_id=533&sync=0&domain=cybernews.com&url=https://cybernews.com/security/appscook-data-leak/
Requested by: Host: cdn.hadronid.net
URL: https://cdn.hadronid.net/hadron.js?url=https%3A%2F%2Fcybernews.com%2Fsecurity%2Fappscook-data-leak%2F&ref=&_it=amazon&partner_id=533
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:445 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 27be45251280faa83fe4195a0a4abbcf17316d16844e75af95a6c4f936d26c44

Request headers

Referer
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
Content-Type: application/json

Response headers

date: Wed, 29 Nov 2023 16:28:46 GMT
content-encoding: gzip
cf-cache-status: DYNAMIC
server: cloudflare
access-control-allow-methods: HEAD,GET,POST,PUT,DELETE,OPTIONS
content-type: application/json
access-control-allow-origin: *
cache-control: private,max-age=30
access-control-allow-credentials: true
debug: NON-OPTIONS
access-control-allow-headers: authorization
cf-ray: 82dc39c3dd0f4d70-FRA

OPTIONS
H2 200 hadron.json
id.hadron.ad.gt/v1/ Frame 0
0 124ms
106ms Preflight
application/json 2606:4700:10::6816:445
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://id.hadron.ad.gt/v1/hadron.json?_it=amazon&partner_id=533&sync=0&domain=cybernews.com&url=https://cybernews.com/security/appscook-data-leak/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:445 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: GET
Origin: https://cybernews.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
access-control-allow-origin: *
allow: POST, OPTIONS, GET
cache-control: max-age=31536000 public, no-transform
cf-cache-status: DYNAMIC
cf-ray: 82dc39c32c3c4d70-FRA
content-length: 0
content-type: application/json
date: Wed, 29 Nov 2023 16:28:46 GMT
debug: OPTIONS block
expires: Thu, 28 Nov 2024 16:28:46 GMT
server: cloudflare

GET
H2 200 launcher.min.js Show response
secure.cdn.fastclick.net/js/cnvr-launcher/latest/ 49 KB
17 KB 22ms
22ms Script
application/javascript 23.197.10.19
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://secure.cdn.fastclick.net/js/cnvr-launcher/latest/launcher.min.js
Requested by: Host: secure.cdn.fastclick.net
URL: https://secure.cdn.fastclick.net/js/cnvr-launcher/latest/launcher-stub.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.197.10.19 Düsseldorf, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-197-10-19.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 938c64115ce60b98ee8151d7eb28208567753f3d4ebbe0aa0f56618c555a18fb

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Wed, 29 Nov 2023 16:28:45 GMT
content-encoding: gzip
last-modified: Tue, 20 Sep 2022 18:52:26 GMT
server: Apache
etag: "c4b6-5e920545406d3-gzip"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=900
accept-ranges: bytes
content-length: 17042
expires: Wed, 29 Nov 2023 16:43:45 GMT

POST
H2 200 map Show response
bcp.crwdcntrl.net/6/ 60 B
333 B 92ms
32ms XHR
application/json 108.128.196.67
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://bcp.crwdcntrl.net/6/map
Requested by: Host: tags.crwdcntrl.net
URL: https://tags.crwdcntrl.net/lt/c/16576/sync.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 108.128.196.67 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-108-128-196-67.eu-west-1.compute.amazonaws.com
Software: Jetty(9.4.38.v20210224) /
Resource Hash: 363f76eeb2fbc85b0207605ad80e20f033d73f8e9ab5fb6d69750a65fc5af8b5

Request headers

Referer
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Wed, 29 Nov 2023 16:28:46 GMT
server: Jetty(9.4.38.v20210224)
content-type: application/json;charset=utf-8
p3p: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
access-control-allow-origin: https://cybernews.com
cache-control: no-cache
x-server: 10.45.25.124
access-control-allow-credentials: true
content-length: 60
expires: 0

GET
H2 200 launcher Show response
proc.ad.cpe.dotomi.com/cvx/client/direct/ 190 B
462 B 44ms
15ms XHR
application/json 2a02:fa8:8806:20::2100
VCLK-EU-SE

General

Check archive.org

Show headers Download Go to

Full URL: https://proc.ad.cpe.dotomi.com/cvx/client/direct/launcher?version=1.1.1&lid=681
Requested by: Host: secure.cdn.fastclick.net
URL: https://secure.cdn.fastclick.net/js/cnvr-launcher/latest/launcher.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:fa8:8806:20::2100 , Singapore, ASN41041 (VCLK-EU-SE, US),
Reverse DNS
Software: nginx /
Resource Hash: 71f0c958e33905cb028dfd76ff7fcffa9d57a260845594e84d116530e3f80a36

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Wed, 29 Nov 2023 16:28:46 GMT
server: nginx
accept-ch: Sec-CH-UA-Platform-Version,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Bitness
vary: Origin
content-type: application/json
access-control-allow-origin: https://cybernews.com
cache-control: max-age=1800
access-control-allow-credentials: true
content-length: 190
expires: Wed, 29 Nov 2023 16:58:46 GMT

GET
H2 200 coreid.min.js Show response
secure.cdn.fastclick.net/js/cnvr-coreid/latest/ 229 KB
66 KB 21ms
21ms Script
application/javascript 23.197.10.19
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://secure.cdn.fastclick.net/js/cnvr-coreid/latest/coreid.min.js
Requested by: Host: secure.cdn.fastclick.net
URL: https://secure.cdn.fastclick.net/js/cnvr-launcher/latest/launcher.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.197.10.19 Düsseldorf, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-197-10-19.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: eb87c0447bd19366919bdb8913f775caca732ac31cbc5e5d42e4db5df39437ce

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Wed, 29 Nov 2023 16:28:46 GMT
content-encoding: gzip
last-modified: Mon, 23 Oct 2023 16:23:46 GMT
server: Apache
etag: "394d0-60864a57eaadc-gzip"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=900
accept-ranges: bytes
content-length: 67550
expires: Wed, 29 Nov 2023 16:43:46 GMT

GET
H/1.1 204
No Content /
ap.lijit.com/beacon/prebid-server/ Frame C70A 0
0 36ms
36ms Document
text/plain 216.52.2.86
SINGLEHOP-LLC

General

Check archive.org

Show headers Download Go to

Full URL: https://ap.lijit.com/beacon/prebid-server/?gdpr=&gdpr_consent=&us_privacy=&url=https%3A%2F%2Fprebid-stag.setupad.net%2Fsetuid%3Fbidder%3Dsovrn%26gdpr%3D%26gdpr_consent%3D%26gpp%3D%26gpp_sid%3D%26f%3Db%26uid%3D%24UID
Requested by: Host: stpd.cloud
URL: https://stpd.cloud/saas/5774
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 216.52.2.86 , United States, ASN32475 (SINGLEHOP-LLC, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Cache-Control: private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
Date: Wed, 29 Nov 2023 16:28:46 GMT
Expires: Fri, 20 Mar 2009 00:00:00 GMT
P3P: CP="CUR ADM OUR NOR STA NID"
Pragma: no-cache
X-Sovrn-Pod: ad_ap4ams1

GET
H2 200 533 Show response
a.ad.gt/api/v1/u/matches/ 12 KB
4 KB 44ms
25ms Script
application/javascript 2606:4700:10::6816:445
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://a.ad.gt/api/v1/u/matches/533?_it=amazon
Requested by: Host: cdn.hadronid.net
URL: https://cdn.hadronid.net/hadron.js?url=https%3A%2F%2Fcybernews.com%2Fsecurity%2Fappscook-data-leak%2F&ref=&_it=amazon&partner_id=533
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:445 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f5efd96a0d74d581af07e1108268455f10e9b89d81cf5913641001ad775fe801

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Wed, 29 Nov 2023 16:28:46 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Wed, 29 Nov 2023 16:26:06 GMT
server: cloudflare
age: 160
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=14400
cross-origin-resource-policy: cross-origin
cf-ray: 82dc39c4ac425d4d-FRA

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 29 KB
13 KB 391ms
390ms Fetch
text/plain 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=1049970428930962&correlator=81843493249145&eid=31079783%2C31079525&output=ldjh&gdfp_req=1&vrg=202311150101&ptt=17&impl=fifs&iu_parts=21924397842%2Ccybernews.com_300x600_sidebar_1&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250%7C300x600&ifi=5&sfv=1-0-40&eri=1&sc=1&cookie_enabled=1&abxe=1&dt=1701275326258&lmt=1701248518&adxs=1023&adys=1325&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=1&ucis=1&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&u_tz=60&dmc=8&bc=31&nvt=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&url=https%3A%2F%2Fcybernews.com%2Fsecurity%2Fappscook-data-leak%2F&vis=1&psz=350x20&msz=350x0&fws=516&ohw=350&ga_vid=169331770.1701275325&ga_sid=1701275326&ga_hid=2118992224&ga_fc=true&dlt=1701275325489&idt=283&prev_scp=amznbid%3D2%26amznp%3D2&cust_params=origin%3Ddirect%26ECT%3D4g%26hb_rf%3D0&adks=3686707683&frm=20

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202311150101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d288d4c751c4fb458e024611134d87597cfa48c0304c8c9b592ceeea8286b430

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Wed, 29 Nov 2023 16:28:46 GMT
content-encoding: br
x-content-type-options: nosniff
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13381
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://cybernews.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
4d058c42d22747ed1f386191f2385802.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame C15C 6 KB
3 KB 102ms
33ms Document
text/html 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://4d058c42d22747ed1f386191f2385802.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202311150101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Wed, 29 Nov 2023 16:28:46 GMT
expires: Thu, 28 Nov 2024 16:28:46 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 publishertag.prebid.136.js Show response
static.criteo.net/js/ld/ 94 KB
30 KB 55ms
26ms Script
text/javascript 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/js/ld/publishertag.prebid.136.js

Requested by

Host: stpd.cloud
URL: https://stpd.cloud/saas/5774

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

ed3dc50aa8e28ea856d113dfbd2bd12dbb09ceb4381f2bdf8dba7b14b2a00108

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Wed, 29 Nov 2023 16:28:46 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Tue, 07 Nov 2023 09:08:30 GMT
server: nginx
etag: W/"6549fe8e-17704"
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=86400, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Thu, 30 Nov 2023 16:28:46 GMT

GET
H2 200 publishertag.prebid.136.js Show response
static.criteo.net/js/ld/ 94 KB
30 KB 67ms
27ms XHR
text/javascript 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/js/ld/publishertag.prebid.136.js

Requested by

Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.prebid.136.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

ed3dc50aa8e28ea856d113dfbd2bd12dbb09ceb4381f2bdf8dba7b14b2a00108

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Wed, 29 Nov 2023 16:28:46 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Tue, 07 Nov 2023 09:08:30 GMT
server: nginx
etag: W/"6549fe8e-17704"
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=86400, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Thu, 30 Nov 2023 16:28:46 GMT

GET
H2 200 container.html Show response
4d058c42d22747ed1f386191f2385802.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame FE32 6 KB
3 KB 16ms
15ms Document
text/html 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://4d058c42d22747ed1f386191f2385802.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202311150101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Wed, 29 Nov 2023 16:28:46 GMT
expires: Thu, 28 Nov 2024 16:28:46 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 reactive_library_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202311150101/ 160 KB
55 KB 117ms
116ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202311150101/reactive_library_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

221da66e36e898a365bde9873223eeb63539a18dae9f4ecde31e90f1bb106a1c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Wed, 29 Nov 2023 16:28:46 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 55853
x-xss-protection: 0
server: cafe
etag: 1427650917797119087
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=1209600
timing-allow-origin: *
expires: Wed, 29 Nov 2023 16:28:46 GMT

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame EE24 624 B
242 B 55ms
54ms Document
text/html 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxia77vGATAB&v=APEucNXCRepZ8Ye60hX7JzNBTfvYYn10FfZZmYS2FXx2NA3_2z8yIrStUTJTgqOInQQ0vYRFIzZ-4ZbXGXvBoyFYZ_rap9gQMXNowB3xKyPOq0OhnWbHWDHRgiaHWrhc_iGSV022jKloeIRuYL7w_ag4ux-KgiKncuCr5JrdoUNEA8Oq7ua7km0

Requested by

Host: 4d058c42d22747ed1f386191f2385802.safeframe.googlesyndication.com
URL: https://4d058c42d22747ed1f386191f2385802.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://4d058c42d22747ed1f386191f2385802.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 222
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 29 Nov 2023 16:28:46 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame FE32 89 KB
31 KB 74ms
73ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Host: 4d058c42d22747ed1f386191f2385802.safeframe.googlesyndication.com
URL: https://4d058c42d22747ed1f386191f2385802.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

38eb0379c855f10a0e69073af6b54582216fa37b7e2b1563a1246bbf1ef49642

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://4d058c42d22747ed1f386191f2385802.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Wed, 29 Nov 2023 16:28:46 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 31485
x-xss-protection: 0
server: cafe
etag: 7119415641918660631
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Wed, 29 Nov 2023 16:28:46 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame FE32 42 B
63 B 50ms
48ms Image
image/gif 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-DDC0uFtU6GCCSumEYmAr70lZEQOHCnp3otL0pChzlT43ezvnQdEFiNbTdpmuMPS9LTrMO12vO41mszvLPqAQ0cbU8XxQFCrx8QssaxBIkDxnaxy68

Requested by

Host: 4d058c42d22747ed1f386191f2385802.safeframe.googlesyndication.com
URL: https://4d058c42d22747ed1f386191f2385802.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://4d058c42d22747ed1f386191f2385802.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 29 Nov 2023 16:28:46 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame FE32 0
20 B 49ms
48ms Image
image/gif 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=fetch&cor=2710221900013710347&x=1&ct=77

Requested by

Host: 4d058c42d22747ed1f386191f2385802.safeframe.googlesyndication.com
URL: https://4d058c42d22747ed1f386191f2385802.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://4d058c42d22747ed1f386191f2385802.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 29 Nov 2023 16:28:46 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/ Frame FE32 3 KB
1 KB 64ms
27ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/window_focus_fy2021.js

Requested by

Host: 4d058c42d22747ed1f386191f2385802.safeframe.googlesyndication.com
URL: https://4d058c42d22747ed1f386191f2385802.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://4d058c42d22747ed1f386191f2385802.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Wed, 29 Nov 2023 12:41:19 GMT
content-encoding: br
x-content-type-options: nosniff
age: 13647
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 13 Dec 2023 12:41:19 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/ Frame FE32 20 KB
9 KB 51ms
13ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: 4d058c42d22747ed1f386191f2385802.safeframe.googlesyndication.com
URL: https://4d058c42d22747ed1f386191f2385802.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3c30eaaa059a466037880c18c01c2fe94183d8e67eaab42061d4d2a180114658

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://4d058c42d22747ed1f386191f2385802.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 23:16:58 GMT
content-encoding: br
x-content-type-options: nosniff
age: 61908
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8541
x-xss-protection: 0
server: cafe
etag: 737174102934380276
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 12 Dec 2023 23:16:58 GMT

GET
H2 204 l
www.google.com/ads/measurement/ Frame FE32 0
0 23ms
21ms Image
text/html 2a00:1450:4001:809::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaRTqzjG7BF_mysJV7oXCkC4BaOGvcArscanMKm0k7Q6CPRksYcC2z9OFRwUU8TXhIJ7aGDWYD7eZcPkSVwGSHcV26X-rQ
Requested by: Host: 4d058c42d22747ed1f386191f2385802.safeframe.googlesyndication.com
URL: https://4d058c42d22747ed1f386191f2385802.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:809::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://4d058c42d22747ed1f386191f2385802.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

GET
H2 200 ufs_web_display.js Show response
www.googletagservices.com/activeview/js/current/ Frame FE32 202 KB
64 KB 145ms
103ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Requested by

Host: 4d058c42d22747ed1f386191f2385802.safeframe.googlesyndication.com
URL: https://4d058c42d22747ed1f386191f2385802.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d00881661ce5e766ce98430f69d6d217ab80bdfa98811e039afc92a327d57a68

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://4d058c42d22747ed1f386191f2385802.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Wed, 29 Nov 2023 16:28:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 65070
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1700193896630564"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 29 Nov 2023 16:28:46 GMT

GET
H2 200 css
fonts.googleapis.com/ Frame FF16 4 KB
1 KB 72ms
35ms Stylesheet
text/css 2a00:1450:4001:831::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto%3A400%2C500

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5928161074779380&output=html&h=280&slotname=1815900770&adk=471421629&adf=3153423549&pi=t.ma~as.1815900770&w=749&fwrn=4&fwrnh=100&lmt=1701248518&rafmt=1&format=749x280&url=https%3A%2F%2Fcybernews.com%2Fsecurity%2Fappscook-data-leak%2F&ea=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1701275325690&bpp=1&bdt=201&idt=224&shv=r20231109&mjsv=m202311150101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C749x280&nras=1&correlator=2559682454802&frm=20&pv=1&ga_vid=169331770.1701275325&ga_sid=1701275326&ga_hid=2118992224&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=226&ady=2769&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C42532605%2C31078020%2C31079758%2C44809315%2C31078301%2C31079722%2C44806140%2C44807764%2C44808148%2C44808285%2C44809071&oid=2&pvsid=1049970428930962&tmod=678715320&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpEebr%7C&abl=CS&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&btvi=1&fsb=1&dtd=226

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

f8238cdd1cc6032f1c34cf7e559b55a936097f78cc8839628e5cc39a6fc3f390

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Wed, 29 Nov 2023 16:28:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Wed, 29 Nov 2023 14:29:48 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 29 Nov 2023 16:28:46 GMT

GET
H2 200 load_preloaded_resource_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/ Frame FF16 2 KB
902 B 50ms
17ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/load_preloaded_resource_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

41d2526e9c4595fc1fc747555bda18a041033a863a9b2ed180e7b5836918facd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Wed, 29 Nov 2023 15:51:29 GMT
content-encoding: br
x-content-type-options: nosniff
age: 2237
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 795
x-xss-protection: 0
server: cafe
etag: 4925184154378345226
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 13 Dec 2023 15:51:29 GMT

GET
H2 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231109/r20110914/ Frame FF16 23 KB
9 KB 54ms
29ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231109/r20110914/abg_lite_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8f665ba5c27890ebed553836dee5572ad583c0a65374373741ec0a5309df2b5a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Wed, 29 Nov 2023 07:50:48 GMT
content-encoding: br
x-content-type-options: nosniff
age: 31078
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9282
x-xss-protection: 0
server: cafe
etag: 14645652906762492339
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 13 Dec 2023 07:50:48 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/ Frame FF16 3 KB
1 KB 53ms
28ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/window_focus_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Wed, 29 Nov 2023 12:41:19 GMT
content-encoding: br
x-content-type-options: nosniff
age: 13647
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 13 Dec 2023 12:41:19 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/ Frame FF16 20 KB
8 KB 48ms
15ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/qs_click_protection_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3c30eaaa059a466037880c18c01c2fe94183d8e67eaab42061d4d2a180114658

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 23:16:58 GMT
content-encoding: br
x-content-type-options: nosniff
age: 61908
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8541
x-xss-protection: 0
server: cafe
etag: 737174102934380276
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 12 Dec 2023 23:16:58 GMT

GET
H2 204 l
www.google.com/ads/measurement/ Frame FF16 0
0 21ms
21ms Image
text/html 2a00:1450:4001:809::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaRQvJ-ncp6Sx8D1UxV-R0EtW79cHK5s3_U81e6ANOGxGFD3M7MGK-OcLS-WNoYMZZFHgpKCnZWA8pKnYSkhuHhBwueYEg
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5928161074779380&output=html&h=280&slotname=1815900770&adk=471421629&adf=3153423549&pi=t.ma~as.1815900770&w=749&fwrn=4&fwrnh=100&lmt=1701248518&rafmt=1&format=749x280&url=https%3A%2F%2Fcybernews.com%2Fsecurity%2Fappscook-data-leak%2F&ea=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1701275325690&bpp=1&bdt=201&idt=224&shv=r20231109&mjsv=m202311150101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C749x280&nras=1&correlator=2559682454802&frm=20&pv=1&ga_vid=169331770.1701275325&ga_sid=1701275326&ga_hid=2118992224&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=226&ady=2769&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C42532605%2C31078020%2C31079758%2C44809315%2C31078301%2C31079722%2C44806140%2C44807764%2C44808148%2C44808285%2C44809071&oid=2&pvsid=1049970428930962&tmod=678715320&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpEebr%7C&abl=CS&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&btvi=1&fsb=1&dtd=226
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:809::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

GET
H2 200 ufs_web_display.js Show response
www.googletagservices.com/activeview/js/current/ Frame FF16 202 KB
64 KB 213ms
177ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d00881661ce5e766ce98430f69d6d217ab80bdfa98811e039afc92a327d57a68

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Wed, 29 Nov 2023 16:28:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 65070
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1700193896630564"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 29 Nov 2023 16:28:46 GMT

GET
H2 200 a6de5423b7c632060e8f86136bd5d27a.js Show response
www.gstatic.com/mysidia/ Frame FF16 37 KB
16 KB 47ms
13ms Script
text/javascript 2a00:1450:4001:810::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/a6de5423b7c632060e8f86136bd5d27a.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0c21f21f7b1658ed6ab5c0461020a21d62f9e0a7cd7cf3d9e6ef61a2c481f31e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 07:40:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 118098
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15478
x-xss-protection: 0
last-modified: Tue, 14 Nov 2023 14:10:21 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Mon, 26 Feb 2024 07:40:28 GMT

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 77EC 1 KB
643 B 13ms
13ms Document
text/html 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 636
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 29 Nov 2023 16:18:10 GMT
etag: 48472445140208031
expires: Thu, 30 Nov 2023 16:18:10 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 14763004658117789537
tpc.googlesyndication.com/simgad/185435562479224912/ Frame FF16 14 KB
14 KB 51ms
31ms Image
image/jpeg 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/185435562479224912/14763004658117789537?w=400&h=209&tw=1&q=75

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ebd24caec1dc503b8c66481a8fc57aa42e8aeb0bcc051da84f1d896f71b07462

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Mon, 27 Nov 2023 06:35:47 GMT
x-content-type-options: nosniff
age: 208379
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14024
x-xss-protection: 0
last-modified: Fri, 04 Aug 2023 20:44:39 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Tue, 26 Nov 2024 06:35:47 GMT

GET
H2 200 14763004658117789537
tpc.googlesyndication.com/simgad/1688606332721326501/ Frame FF16 2 KB
3 KB 50ms
30ms Image
image/jpeg 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/1688606332721326501/14763004658117789537?w=100&h=100&tw=1&q=75

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

203c5272828b96e1b3fbd028685239ee1e0d45afcbc821a0b8bffe34f761aff3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 12:45:24 GMT
x-content-type-options: nosniff
age: 99802
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2242
x-xss-protection: 0
last-modified: Tue, 01 Aug 2023 16:57:00 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Wed, 27 Nov 2024 12:45:24 GMT

GET
H2 200 dpixel
cms.quantserve.com/ Frame 77EC 35 B
463 B 54ms
17ms Image
image/gif 2620:116:800d:21:93ca:31d8:d86e:38f6
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESEAceoz0zz_4607_t0PmMtoo&google_cver=1&google_push=AXcoOmSwvKRjgRepcCvpsvsRCv6bILBg_-UOqeUVUNa8L0o0KMaDTH7oLXrzc0W7WgUmjX9tqEKskMk5yTmZPr1BHdcaJAGExmaK

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:116:800d:21:93ca:31d8:d86e:38f6 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 29 Nov 2023 16:28:46 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
content-type: image/gif
cache-control: private, no-cache, no-store, proxy-revalidate
content-length: 35
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H2 204 current
dclk-match.dotomi.com/match/bounce/ Frame 77EC 0
104 B 102ms
65ms Image
text/plain 2a02:fa8:8806:12::1370
VCLK-EU-SE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dclk-match.dotomi.com/match/bounce/current?networkId=14000&version=1&google_gid=CAESEBeHORN4UIeMt5BOVo5ELxU&google_cver=1&google_push=AXcoOmReHYCjgZw9cYXFZ8ZFiy7tjB2A6xiJakMIu4mmwSo3NfRZN-xMTg6qsMsB97FS_VcKvR_UCtR1dE_YxZlZwCYCMLHJ2ua_7w
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5928161074779380&output=html&h=280&slotname=1815900770&adk=471421629&adf=3153423549&pi=t.ma~as.1815900770&w=749&fwrn=4&fwrnh=100&lmt=1701248518&rafmt=1&format=749x280&url=https%3A%2F%2Fcybernews.com%2Fsecurity%2Fappscook-data-leak%2F&ea=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1701275325690&bpp=1&bdt=201&idt=224&shv=r20231109&mjsv=m202311150101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C749x280&nras=1&correlator=2559682454802&frm=20&pv=1&ga_vid=169331770.1701275325&ga_sid=1701275326&ga_hid=2118992224&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=226&ady=2769&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C42532605%2C31078020%2C31079758%2C44809315%2C31078301%2C31079722%2C44806140%2C44807764%2C44808148%2C44808285%2C44809071&oid=2&pvsid=1049970428930962&tmod=678715320&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpEebr%7C&abl=CS&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&btvi=1&fsb=1&dtd=226
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2a02:fa8:8806:12::1370 , Singapore, ASN41041 (VCLK-EU-SE, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 29 Nov 2023 16:28:46 GMT
cache-control: no-cache, private, max-age=0, no-store
server: nginx
expires: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 77EC
Redirect Chain

https://sync-tm.everesttech.net/upi/pid/5w3jqr4k?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dg8f47s39e399f3fe%26google_hm%3D%24%7BTM_USER_ID_BASE64ENC_URLENC%7D&google_gid=CAESE...
https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=&google_cver=1&google_gid=CAESEKxznDXEH-JXSNxwX_mtLYo&google_push=AXcoOmQzPsQ1CYZhc7XRdy1cRHkdoxnsuWjoA0JFWly_rxwgZdCqR8BMf8...

170 B
188 B

25ms
25ms

Image
image/png

142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=&google_cver=1&google_gid=CAESEKxznDXEH-JXSNxwX_mtLYo&google_push=AXcoOmQzPsQ1CYZhc7XRdy1cRHkdoxnsuWjoA0JFWly_rxwgZdCqR8BMf8dimHvioeTBBQ5QpBfnuk8c-G7RAZT8AhwBCL-HalTWaA

Requested by

Protocol

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 29 Nov 2023 16:28:46 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

x-served-by: cache-fra-eddf8230127-FRA
pragma: no-cache
date: Wed, 29 Nov 2023 16:28:46 GMT
via: 1.1 varnish
server: Jetty(9.4.35.v20201120)
x-timer: S1701275327.833327,VS0,VE98
x-cache: MISS
p3p: CP="NOI DSP COR LAW PSAo PSDo IVAo IVDo OUR BUS UNI DEM"
access-control-allow-origin: *
location: https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=&google_cver=1&google_gid=CAESEKxznDXEH-JXSNxwX_mtLYo&google_push=AXcoOmQzPsQ1CYZhc7XRdy1cRHkdoxnsuWjoA0JFWly_rxwgZdCqR8BMf8dimHvioeTBBQ5QpBfnuk8c-G7RAZT8AhwBCL-HalTWaA
cache-control: no-cache
accept-ranges: bytes
content-length: 0
x-cache-hits: 0

GET
H2 200 google
match.adsrvr.org/track/cmf/ Frame 77EC 70 B
149 B 260ms
30ms Image
image/gif 15.197.193.217
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/google?google_gid=CAESEFytGqAXonXmXIxtsruwQts&google_cver=1&google_push=AXcoOmSU_1Cigropd9WMXj0cJv4dLNfxkMdaJ08gfpKstFNtTrJCJeC8QcRaaMhPEyKW5CPKNCuPOdFGxWOStmg3sukd1g1o-TqrfA
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5928161074779380&output=html&h=280&slotname=1815900770&adk=471421629&adf=3153423549&pi=t.ma~as.1815900770&w=749&fwrn=4&fwrnh=100&lmt=1701248518&rafmt=1&format=749x280&url=https%3A%2F%2Fcybernews.com%2Fsecurity%2Fappscook-data-leak%2F&ea=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1701275325690&bpp=1&bdt=201&idt=224&shv=r20231109&mjsv=m202311150101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C749x280&nras=1&correlator=2559682454802&frm=20&pv=1&ga_vid=169331770.1701275325&ga_sid=1701275326&ga_hid=2118992224&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=226&ady=2769&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C42532605%2C31078020%2C31079758%2C44809315%2C31078301%2C31079722%2C44806140%2C44807764%2C44808148%2C44808285%2C44809071&oid=2&pvsid=1049970428930962&tmod=678715320&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpEebr%7C&abl=CS&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&btvi=1&fsb=1&dtd=226
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 15.197.193.217 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a12b7a488abeaa9e4.awsglobalaccelerator.com
Software: Kestrel /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Wed, 29 Nov 2023 16:28:47 GMT
server: Kestrel
content-length: 70
content-type: image/gif

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 77EC
Redirect Chain

https://pr-bh.ybp.yahoo.com/sync/adx?google_gid=CAESEF3ayKkRm6I1ABW3VkW6QBM&google_cver=1&google_push=AXcoOmRDOKyOrJTe6rnyE3yLw9s_q5njuEjKeeExzWPB9trri-QISG8iDt3mJ4Y4OUFmhcAhUPZpxgjm2D7K8bAcMoSn1mK...
https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AXcoOmRDOKyOrJTe6rnyE3yLw9s_q5njuEjKeeExzWPB9trri-QISG8iDt3mJ4Y4OUFmhcAhUPZpxgjm2D7K8bAcMoSn1mKHuzobtw&google_hm=eS1aSkxPNzBoRTJwSFQx...

170 B
188 B

30ms
30ms

Image
image/png

142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AXcoOmRDOKyOrJTe6rnyE3yLw9s_q5njuEjKeeExzWPB9trri-QISG8iDt3mJ4Y4OUFmhcAhUPZpxgjm2D7K8bAcMoSn1mKHuzobtw&google_hm=eS1aSkxPNzBoRTJwSFQxLlQ2VG1LZkp6bzc5UGg3WDhDN35B

Requested by

Protocol

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 29 Nov 2023 16:28:46 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Wed, 29 Nov 2023 16:28:46 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
server: ATS
content-security-policy: sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-frame-options: DENY
location: https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AXcoOmRDOKyOrJTe6rnyE3yLw9s_q5njuEjKeeExzWPB9trri-QISG8iDt3mJ4Y4OUFmhcAhUPZpxgjm2D7K8bAcMoSn1mKHuzobtw&google_hm=eS1aSkxPNzBoRTJwSFQxLlQ2VG1LZkp6bzc5UGg3WDhDN35B
content-length: 0

GET
H2 200 usersync.aspx
dis.criteo.com/dis/ Frame 77EC 43 B
363 B 51ms
14ms Image
image/gif 178.250.1.9
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dis.criteo.com/dis/usersync.aspx?r=4&p=14&cp=google&cu=1&url=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcjp%26google_hm%3D%40%40CRITEO_USERID%40%40%26google_push%3DAXcoOmRVuexTUVuGoJuaOdXXT9aNNLujB1NbhFOD8SsDGcY9QTTwrKHq0mtDe1DGbCxwkEfA4PLdk8e6LLwC_mUIuND_gVL1KsPVOQ&google_gid=CAESEJ_WrTdB3UINEwl0-68SZ9Q&google_cver=1

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.1.9 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 29 Nov 2023 16:28:46 GMT
x-errorlevel: 0
strict-transport-security: max-age=31536000; preload;
server: Kestrel
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
content-type: image/gif
cache-control: no-cache
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 206128
expires: Wed, 29 Nov 2023 00:00:00 GMT

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame 77EC
Redirect Chain

https://onetag-sys.com/match/?int_id=19&redir=1&google_gid=CAESEKIjuIgLtuUj7bXt5_Ib9D8&google_cver=1&google_push=AXcoOmSU9bW7VyvdgrzIp_XtjpLbzdNcXUL9N15wTVI6djKEsSBN1Cz086feAGvd70oI9WuDxPd6Cr7RPax2...
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=AXcoOmSU9bW7VyvdgrzIp_XtjpLbzdNcXUL9N15wTVI6djKEsSBN1Cz086feAGvd70oI9WuDxPd6Cr7RPax2kEV_-mPWUMEfUXVYBQ

170 B
243 B

27ms
27ms

Image
image/png

142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=AXcoOmSU9bW7VyvdgrzIp_XtjpLbzdNcXUL9N15wTVI6djKEsSBN1Cz086feAGvd70oI9WuDxPd6Cr7RPax2kEV_-mPWUMEfUXVYBQ

Requested by

Protocol

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 29 Nov 2023 16:28:46 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=AXcoOmSU9bW7VyvdgrzIp_XtjpLbzdNcXUL9N15wTVI6djKEsSBN1Cz086feAGvd70oI9WuDxPd6Cr7RPax2kEV_-mPWUMEfUXVYBQ
strict-transport-security: max-age=15552000
cache-control: no-transform, no-cache
alt-svc: h3=":443"; ma=900, h3-29=":443"; ma=900
content-length: 0
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'

GET
H2 204 attr
cm.g.doubleclick.net/pixel/ Frame 77EC 0
130 B 59ms
22ms Image
text/html 142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13JhL1Wlf4oO8K9UI1kxX1PzYSIH4ne64AeWCS-Wk3108gMKF_513yqI65FSV4YYwZsxJ7nY

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

1005.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Wed, 29 Nov 2023 16:28:46 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H2

200

rum
dsum-sec.casalemedia.com/ Frame EE24
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEDDZhl5UUXOZHpxfrMYs7vM&google_cver=1
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEDDZhl5UUXOZHpxfrMYs7vM&google_cver=1&C=1

43 B
341 B

23ms
22ms

Image
image/gif

104.18.36.155
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEDDZhl5UUXOZHpxfrMYs7vM&google_cver=1&C=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxia77vGATAB&v=APEucNXCRepZ8Ye60hX7JzNBTfvYYn10FfZZmYS2FXx2NA3_2z8yIrStUTJTgqOInQQ0vYRFIzZ-4ZbXGXvBoyFYZ_rap9gQMXNowB3xKyPOq0OhnWbHWDHRgiaHWrhc_iGSV022jKloeIRuYL7w_ag4ux-KgiKncuCr5JrdoUNEA8Oq7ua7km0
Protocol: H2
Server: 104.18.36.155 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 29 Nov 2023 16:28:46 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yaKR2JGzcUgVsVZUe3TI57XOuyVYNa74%2FX9OkHy7Qiy8m52s%2FD743ryyvA4sf9l3xACB5sYvCVFb2TNrjYOTM%2FLFusJ%2BS5x%2FT8JkpZPB8Aw69OLoMpCkbfIUDJYQ3xPU5ikaZjKhaKXpeg%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 82dc39c90c661da2-FRA
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Wed, 29 Nov 2023 16:28:46 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=v2Qo9Ym%2B9DM6pLhaQAN6PLTcYKyTtabPBenka%2FQ5rOG9YkYi43XpJe0AN%2FZb9f7T7Tl14o%2FcIZuu03BgS2YdEAlkwI2RYBLgvElQEnDYHytLXvAemiXTMgftM0Fx4DnFcVlZcIVs14QvKQ%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
location: /rum?cm_dsp_id=45&external_user_id=CAESEDDZhl5UUXOZHpxfrMYs7vM&google_cver=1&C=1
cache-control: no-cache
cf-ray: 82dc39c8ec2a1da2-FRA
alt-svc: h3=":443"; ma=86400
content-length: 0
expires: 0

GET
H3

200

rum
dsum-sec.casalemedia.com/ Frame EE24
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZWdmvidxkNV6PNxicHsg8QAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEAfDMTBqhrvD59IMo3FdTfg&google_cver=1

43 B
769 B

23ms
23ms

Image
image/gif

104.18.36.155
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEAfDMTBqhrvD59IMo3FdTfg&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxia77vGATAB&v=APEucNXCRepZ8Ye60hX7JzNBTfvYYn10FfZZmYS2FXx2NA3_2z8yIrStUTJTgqOInQQ0vYRFIzZ-4ZbXGXvBoyFYZ_rap9gQMXNowB3xKyPOq0OhnWbHWDHRgiaHWrhc_iGSV022jKloeIRuYL7w_ag4ux-KgiKncuCr5JrdoUNEA8Oq7ua7km0
Protocol: H3
Server: 104.18.36.155 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 29 Nov 2023 16:28:46 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5CiacSqiklp8bUeUbISS6034GRonQSzyhXnlPt4GzbDwAkf9GYstAaS%2BIsko1Y2p0oXlBaKwibPYD7qOBk4SrJmaZdQW%2FHkXUsHTV29JeQKodsrdBvl5c%2F9lF97HOC3BnHlIUH%2FRAsGCAg%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 82dc39c96d82039a-FRA
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Wed, 29 Nov 2023 16:28:46 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEAfDMTBqhrvD59IMo3FdTfg&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

setuid
ib.adnxs.com/ Frame EE24
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEElmDslgW4HW8v42eiHYsXA&google_cver=1

43 B
844 B

7ms
7ms

Image
image/gif

37.252.171.52
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESEElmDslgW4HW8v42eiHYsXA&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxia77vGATAB&v=APEucNXCRepZ8Ye60hX7JzNBTfvYYn10FfZZmYS2FXx2NA3_2z8yIrStUTJTgqOInQQ0vYRFIzZ-4ZbXGXvBoyFYZ_rap9gQMXNowB3xKyPOq0OhnWbHWDHRgiaHWrhc_iGSV022jKloeIRuYL7w_ag4ux-KgiKncuCr5JrdoUNEA8Oq7ua7km0

Protocol

Server

37.252.171.52 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

Software

nginx/1.23.4 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 29 Nov 2023 16:28:46 GMT
an-x-request-uuid: fcf8a679-70ae-45e1-a39d-7f63de15d4af
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: image/gif
cache-control: no-store, no-cache, private
x-proxy-origin: 37.58.58.249; 37.58.58.249; 1005.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
content-length: 43
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 29 Nov 2023 16:28:46 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://ib.adnxs.com/setuid?entity=101&code=CAESEElmDslgW4HW8v42eiHYsXA&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame EE24
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MzY4MDA2NTQ2MzE5ODY5Njg1NQ%3D%3D

170 B
232 B

23ms
23ms

Image
image/png

142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MzY4MDA2NTQ2MzE5ODY5Njg1NQ%3D%3D

Requested by

Protocol

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

zrh04s06-in-f134.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 29 Nov 2023 16:28:46 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 29 Nov 2023 16:28:46 GMT
an-x-request-uuid: 73dd56ba-4c96-4af3-b45f-8fee76ffab3a
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MzY4MDA2NTQ2MzE5ODY5Njg1NQ%3D%3D
x-proxy-origin: 37.58.58.249; 37.58.58.249; 1005.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
DATA 200
OK truncated
/ Frame FF16 215 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 04102ed039f3510adf19914ffb6690695c42ea511c8b10412423ae047d42913d

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 zrt_lookup_fy2021.html Show response
googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/ Frame 0D39 9 KB
4 KB 13ms
13ms Document
text/html 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

623c81b092a6116d4d60ff89b14803818efb0b9aebf6e4e2c50241e802f6e016

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 31697
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4118
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 29 Nov 2023 07:40:29 GMT
etag: 16674218716276178799
expires: Wed, 13 Dec 2023 07:40:29 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 zrt_lookup_fy2021.html Show response
googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/ Frame A6D1 9 KB
4 KB 13ms
13ms Document
text/html 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

623c81b092a6116d4d60ff89b14803818efb0b9aebf6e4e2c50241e802f6e016

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 31697
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4118
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 29 Nov 2023 07:40:29 GMT
etag: 16674218716276178799
expires: Wed, 13 Dec 2023 07:40:29 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 zrt_lookup_fy2021.html Show response
googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/ Frame 514F 9 KB
4 KB 13ms
13ms Document
text/html 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

623c81b092a6116d4d60ff89b14803818efb0b9aebf6e4e2c50241e802f6e016

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 31697
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4118
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 29 Nov 2023 07:40:29 GMT
etag: 16674218716276178799
expires: Wed, 13 Dec 2023 07:40:29 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame FE32 0
20 B 50ms
50ms Ping
image/gif 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=1138135934241&version=m202309260101

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://4d058c42d22747ed1f386191f2385802.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 29 Nov 2023 16:28:46 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame FE32 0
20 B 49ms
48ms Ping
image/gif 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=1138135934241&version=m202309260101&ct=77&x=1&cor=2710221900013710300

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://4d058c42d22747ed1f386191f2385802.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 29 Nov 2023 16:28:46 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame FE32 20 KB
14 KB 54ms
54ms Script
text/javascript 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-Dgup9nGeRXzmLxNnov29kMnybC0v6RYYcFWLk0jkVOXJKkV1sGHs40iXso3bnx8w4c9hM7CYBgN0QDal4B4LHubiigl8luIRHI6ovuIHU6umnPd7FXrSw7gaWTanVq6vAxU7bFwuGSO-Bp_BpPn2iMMUTZcprV4nTEhKxNZyXbC4qiV30&cry=1&dbm_d=AKAmf-DUKRSgYpu4TeZ551qkeAF5BQuKU3HM3vHlWqQOUkMstNVEP_QTu8BVlAXpX3xPGnoZilSjw1G1TR-RhiwQiLf_wfOz-4sdNUxcD4uI9nKAebaB6lxNi7BrRKBTzCcXGzjRZRU0LfjC74bjQ92MmDCUfP-OYBHwMrzY6zlV9sxPliQCC6dbKFtIotYvVQ-zCygnAqdDRqEhVqe2IXNZ8yTIBOROM5uUZIubk-bnfGYFN5r7tk_V2x74ZRgrRypgrQ1mYTk0-L11XsDA3wNIiP4qEB1ixW8V7kxSJ8BHZ09Y3pIPjYoIO--XQdM3LvjJDySBEm11YIQFijdTo5eUwjn3NAHNlqoRMFOjwD2WLvVMrBbPhY74ZPT5zNuOS5W6XqqMxdWu0v7jjyHM51bLpb8QA6SC6_mPT7THGk1fwc5U66xsI8qfoK4GpFUJx31NUBY4JaxqEbOyuyyaf3omFAF8sfGJlWsCWzf-rwZN_AhK4obW53_umyujFBvcBe577WfrZpl5k0WImEZE8RPvYJgyLPQvZEidmZ_aR_071JMZ6QgFFXN4Hqpyr1rbBw5df9A9qGLoJrUPiC9_lXckcRzXXBl4ngdSOZbTxHL79zmVoy--BGJy4LjjNYZ-jo0VYIZul93SpIMnHh3o9cqXbZiUqaoL_nIkKVPXc2UgVyrAJvIkEi1LylI2ctdyY4Uv3ZochbP32M9Aof9p0Jdz_7f99kViFEkp6XDwfGFYgjTp4TuSBcgHohNxQxdEmeoBqQapcjze0OteXy2KGmLbM-CjMLwXxZ_qYm4VEK5HhNthPq_ifBSx8ZkgvbVUjB-hSc68VV1wvP5tMFe2cOTsU6yC0Lc9QNRIn2jXkPXdV_y5sAqFtCbO7hy3cc6vO2GYX7b6g_nnCzpAbbzQjMtwl0vqAI73h2VaiZZDXJ8MDrV1V765VrKMDN3c5ck2tUxj9vq8lrCwqHLgQtIc81kD3IqGLMDjFb29QwkZA1Gq_cIQ3U06dMZeWNgto3Q6vwezvX0U6O429dNkC_9qJ78qTKOEexwnA3i5N7MYZ0LReyVHC5iOo_izkH3j_7Xv6M1aEk4Itxd4mWYPpeMgMBF8Q2IK5wX9MXn2zrXFkwdvlY9s7DG85vs-6khMRQ1_ANGtTk4vQNouNutd0URB6ooZxbeIf7bO55YYaoZI7GTvF9RQbVW3pcPI7H-SJFABA27aluaVsfzffq1BQmuIdeuDXlohAns2YVrYxTl63yT7RI1UQ-VxWXNl_n8KWLMG3rPwx88D-uqNAwEjrX1fNqoFAxnshh6rtwt3_ZVWMRschmX5ppobaMar5-5xL6zg9GS-CzxiNW8ce07aumIUDnb9rgLt8KLXO1p9fdogmGZtqs-0Xr22Syoe2JFhQCyK1ZuFNbeO35Ypg_hgkPLRI8f684Dsc-hKUqg8hTIZxShwKY8xi3n_ywX32IzEDQpdGu2-RD467312Fe5h98kOk7g7CoxImyO7X4xZPD9C7zuICJyxW4Zvryi1cna4x1Tit25n5tofLLtbNSryRMS0SXHxGGYe0ujdEwlcJpqmC3jVCbNvJPFB3LuCxMGUsiMId_L4Xc1QwhY3u4mVmWJqvKfusSkwmQRYb2fJWB0lpuXxnesS_-GRC7Yp6sVWUK3Qz_3F78yCdv9n1Ioc95_Ti5KmZKpFGSk-Po-4j3d1SXzpa430oEetZnxeli5ag-RBiYbTj72Ek-e1bQVm65EoKvlfbTIlxkAcVM5lmJ9rbYoy91gn6qFieAqJqb_A9E6sfpkw5JEW3x_rRSemAmecJ3FTengbJGoRwXkIouR3mdOd1vibCoaoHhGhRGgInapWH6plCSj5ym8clYEbYTdc5fvK62swfxaRUykoiY4YVt5-MNqzZbRNA_bYhNuhTGwZHFTLYgFG67YWq9IuTT7rSqSX81jR2GLQ9Je1ZF-KH9CQzVOBM0Km25pcieT_KbOxICidjlUR_Juxq7JRzL2UvzxN0M0Vf3oJ8BIkx5nOQnG8NZGaZp7mIFAtz8Hot02Qzz432RhPlWvpLHSrsAVzFA0MEb28ARg_0a4Vm-dYN06VUuCTiDQiKw3dv1w2zTR3DP3u0ZBSX7ttgDe7ACDbH5aQ2W5CgwbVB1lEQmDlQL77-63OMU4TRBbZwiqoXvkALLWqEWZH0xnRS6Wpy24ebQTIaAGceE6bCB2_ZH71caUt4IEsfFi1a9ltEXTnYnYgBUZMA9xfHsd5Jv-kL05QA5YH35zXjbDNdP2iMxg_0GKPN-wYeFAOLXE8lV8gIRkBEwQQeac5T2sTULs9TiYjYjT-BEbxhRIeQIHMjzWqNHpJzzYJsq08t8cOoBfV-O_AL09HyxJrhx5aET2ss9yaV_coE7XfyPvly4hc-gtM84oiKKqbqsumTRkIs2DoRvO6CXdWpjk-fAKU78PK2N16eIFlVOpL4oMBQv_wpiSELGhrU1aEGAY4RubeRQ85zLxfFg2QW0waByYHiKBhThZpE8LKPkZ4miiS8wjmpbJN5GsC0nUGZOMvuH6Z1JbREJQWhlG2WGG10s8b1CjTvbOuQHz5i1NIJ1G6zzwgQiLZP_PrgtWaEY67CN7Ro-d2ItYV3I3OmmKLMHeNOM1jyrN7lDO8dWsIkglEJjDT346zrUtFFFnloW4GEV1Ab8KPepth1YUIZJhdhlHF655hqCNv6OeLzZBLrUWxLDmvUlUm6tRfbWPLqLIvvvCQ3bFpOd3knitUVRCyYGOQDOcZThf_Cjh2W0mq5uFfU5qC2oks5zba4-S1bv3txz0zpEppPlIwzGqWpvkxi337hoPsK3ITH1_KJsIaw0adMVvLvICOqzMqF6kz0dJ0ZPWY0zNRF3jnTkipjORm5R1ZRRwDmI4xmBnBYZEhy6pXf7SNvDpNP1sQWn3U-UaVSVts0BA-REjjBmFwNf_MAEkmQ1xF21J8hkOrwMZXMiS6AxL5KYXqBDsU8fG6KuUKHBh6od_JUARsk5YwkuNL-m6VgJlYOTMdK7tClAS-uMLEivSANxpTUDP2bhh4HX-rKNZepWHpBII5uQ3xc7g3VhC7GVlRVca8kSSn-N-ncrqu_Umw7-PW4RVO2knLOvjZoVdTpjrRC8cHbGOZqpEKJkSfzMJW-zLAjpPsUnkz-mSiAxCcjnrQjNMHqQIZXzPIm7csuCB8DsUXjO39aGQggRshQh2hl-Xe_aKPEG4xc1vrsYRC_kuCiBvQ2c3yBB_4OljIQ4WWSHEzVW58uexFToqa4BfVM9AB30YU9YyawX2uEPHXOgPTP8HTnumhd80synIsfeeqbI57HcJCBBYk-cv3hdRauzsXZNaTrvzNObSCKBiJyUiVx5KJCRhDcKUgHFBg-6sOtlvygCxf0-CU6yOouqNIPTGzXtjqdSPcNzukRvLNOWyQZTHKb_Cfd8szR3gAImr1h8H4oAxiSIQFKYCpXr6C9ADXzt8wnQbKCbNCJ7OBPZv8bWO_ldxgm9jbPlGPLrC9fzCE4cSfGV1e5aS3hBOd8VvqJU_Rh5E2m9vBo9C63UT4WeJ2gyLEnmkW7SuBgjLpD9BoKMi0yKxVTLaMl12FTn33GqmwT_n9buH47UNKirdXsfZaQKHjrRNoZFHKR4UIgXQdnxMCFQdQBYJPpfw9E_qKxT7_OMXf9RMt8VYAE6WeEy9I2JdmSy9U3DZNg4wd-y2c8NUTSy7qoA2H2q-Pwc3teURlvKurCE8zpjZs_asBQLWluhdpoRcwNbcQGECBQJ9YG2rZbsIkYuIM1kkxQhrh0xjC-ZrHUZXcGRP1z9owUs8q8CD9u94MSHVGYEPBsWS3Jx3m_2j0LJeLf3uHcLhJoNanIzDy14U-QSV1oHdTovW9sN8l-XbAD7TBJEQJbVAno5BRsZ9NJpSHjKorxgTwRM2YawapYjyMl613x54pa8lo3TiEvuF78CVT_diIN4FaEnzIRbWzdlpgmDgHmvaESsbzGtyjU7MsaYUsIx1FpCMuGmjbcj36nRkd_nCbOj3oVBFivGIrxYvbY4n67DeKAY71N1y6qcd0Gt6Z_C7cT0RS15zLp1tz-_0349BWd7v84QSxDYkAzBRxjNkTMMERd-sNJAcUgzK-KA&cid=CAQSOwDICaaNh9xmN-dIFEukHbhi9qV88XOkip3ZtczJ71G4Tw_1rIEwLQ2Mo8lQ5Mq6cBHt1TXtW9dLEdC2GAE&dv3_ver=m202309260101&rfl=https%3A%2F%2Fcybernews.com&ds=l&xdt=1&iif=1&cor=2710221900013710300&adk=2857193498&idt=77&cac=0&dtd=14

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

63bb2d8db2cce89f9df34af80e9a9dde306ae3db1a7400610e32a78ffb5ffa1f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://4d058c42d22747ed1f386191f2385802.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 29 Nov 2023 16:28:46 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14066
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 947589038702611989
tpc.googlesyndication.com/daca_images/simgad/ Frame 00FC 85 KB
85 KB 19ms
18ms Image
image/png 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/daca_images/simgad/947589038702611989

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5928161074779380&output=html&h=280&slotname=2732825802&adk=652042997&adf=2125223602&pi=t.ma~as.2732825802&w=749&fwrn=4&fwrnh=100&lmt=1701248518&rafmt=1&format=749x280&url=https%3A%2F%2Fcybernews.com%2Fsecurity%2Fappscook-data-leak%2F&ea=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1701275325689&bpp=1&bdt=200&idt=219&shv=r20231109&mjsv=m202311150101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=2559682454802&frm=20&pv=1&ga_vid=169331770.1701275325&ga_sid=1701275326&ga_hid=2118992224&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=226&ady=1117&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C42532605%2C31078020%2C31079758%2C44809315%2C31078301%2C31079722%2C44806140%2C44807764%2C44808148%2C44808285%2C44809071&oid=2&pvsid=1049970428930962&tmod=678715320&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpEe%7C&abl=CS&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&fsb=1&dtd=222

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

86d9a202fda905a87a86fa20d3e70d483706ca67732052c2ff4e522e693fe29a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Sat, 25 Nov 2023 04:03:19 GMT
x-content-type-options: nosniff
age: 390327
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 87349
x-xss-protection: 0
last-modified: Thu, 31 Aug 2023 08:27:58 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Sun, 24 Nov 2024 04:03:19 GMT

GET
H2 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231109/r20110914/ Frame 00FC 23 KB
9 KB 17ms
17ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231109/r20110914/abg_lite_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8f665ba5c27890ebed553836dee5572ad583c0a65374373741ec0a5309df2b5a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Wed, 29 Nov 2023 07:50:48 GMT
content-encoding: br
x-content-type-options: nosniff
age: 31078
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9282
x-xss-protection: 0
server: cafe
etag: 14645652906762492339
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 13 Dec 2023 07:50:48 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/ Frame 00FC 3 KB
1 KB 16ms
16ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/window_focus_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Wed, 29 Nov 2023 12:41:19 GMT
content-encoding: br
x-content-type-options: nosniff
age: 13647
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 13 Dec 2023 12:41:19 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/ Frame 00FC 20 KB
8 KB 14ms
14ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/qs_click_protection_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3c30eaaa059a466037880c18c01c2fe94183d8e67eaab42061d4d2a180114658

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 23:16:58 GMT
content-encoding: br
x-content-type-options: nosniff
age: 61908
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8541
x-xss-protection: 0
server: cafe
etag: 737174102934380276
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 12 Dec 2023 23:16:58 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame 00FC 0
0 23ms
23ms Image
text/html 2a00:1450:4001:809::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaSpItUQY9X1vFndNztWu-vPRGIr36S7H4bjslDhs44ogyTCYxItT758m5RfTorjNP8z0G85VwqSPAP22Jxoym-mI-kqYA
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5928161074779380&output=html&h=280&slotname=2732825802&adk=652042997&adf=2125223602&pi=t.ma~as.2732825802&w=749&fwrn=4&fwrnh=100&lmt=1701248518&rafmt=1&format=749x280&url=https%3A%2F%2Fcybernews.com%2Fsecurity%2Fappscook-data-leak%2F&ea=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1701275325689&bpp=1&bdt=200&idt=219&shv=r20231109&mjsv=m202311150101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=2559682454802&frm=20&pv=1&ga_vid=169331770.1701275325&ga_sid=1701275326&ga_hid=2118992224&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=226&ady=1117&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C42532605%2C31078020%2C31079758%2C44809315%2C31078301%2C31079722%2C44806140%2C44807764%2C44808148%2C44808285%2C44809071&oid=2&pvsid=1049970428930962&tmod=678715320&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpEe%7C&abl=CS&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&fsb=1&dtd=222
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:809::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

GET
H2 200 ufs_web_display.js Show response
www.googletagservices.com/activeview/js/current/ Frame 00FC 202 KB
64 KB 126ms
126ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d00881661ce5e766ce98430f69d6d217ab80bdfa98811e039afc92a327d57a68

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Wed, 29 Nov 2023 16:28:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 65070
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1700193896630564"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 29 Nov 2023 16:28:47 GMT

GET
H2 200 one_click_handler_one_afma_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/ Frame 00FC 36 KB
15 KB 17ms
16ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/one_click_handler_one_afma_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a3e5c486ca9cab98b690f2f3fcc83c73141a667293c8a8236bb1e376313f0e36

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 23:27:11 GMT
content-encoding: br
x-content-type-options: nosniff
age: 61295
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14803
x-xss-protection: 0
server: cafe
etag: 12205605038930952422
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 12 Dec 2023 23:27:11 GMT

GET
H2 200 css2
fonts.googleapis.com/ Frame 0D39 4 KB
744 B 24ms
24ms Stylesheet
text/css 2a00:1450:4001:831::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Roboto:wght@400;700&display=swap

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

2d0922bd18f06df3c7413fcd6a3f1c5ec9545b4b07b131e362f30df7275fc058

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Wed, 29 Nov 2023 16:28:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Wed, 29 Nov 2023 16:25:59 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 29 Nov 2023 16:28:46 GMT

GET
H2 200 feedback_grey600_24dp.png
www.gstatic.com/images/icons/material/system/2x/ Frame 0D39 205 B
519 B 15ms
14ms Image
image/png 2a00:1450:4001:810::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/images/icons/material/system/2x/feedback_grey600_24dp.png

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4d45982f2dc34f36c9045ee46a75a1943666bb7fd64e103cac8c7429e7012840

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 17:58:23 GMT
x-content-type-options: nosniff
age: 81023
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 205
x-xss-protection: 0
last-modified: Thu, 20 Jul 2023 22:48:00 GMT
server: sffe
vary: Origin
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Wed, 27 Nov 2024 17:58:23 GMT

GET
H2 200 settings_grey600_24dp.png
www.gstatic.com/images/icons/material/system/2x/ Frame 0D39 604 B
695 B 16ms
16ms Image
image/png 2a00:1450:4001:810::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/images/icons/material/system/2x/settings_grey600_24dp.png

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5c4a713ee4250851232be9f9f68d41586be39b299528cfc7266e0b0e7e582e1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 19:23:55 GMT
x-content-type-options: nosniff
age: 75891
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 604
x-xss-protection: 0
last-modified: Thu, 20 Jul 2023 22:48:00 GMT
server: sffe
vary: Origin
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Wed, 27 Nov 2024 19:23:55 GMT

GET
H2 200 fullscreen_api_adapter_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231109/r20110914/elements/html/ Frame 0D39 15 KB
7 KB 30ms
30ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231109/r20110914/elements/html/fullscreen_api_adapter_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

2881d8eadc298102d2462e8d32e40792adce37b6cd89d99045f574eb3ecbb748

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 23:27:01 GMT
content-encoding: br
x-content-type-options: nosniff
age: 61305
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6702
x-xss-protection: 0
server: cafe
etag: 11213825687312121238
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 12 Dec 2023 23:27:01 GMT

GET
H2 200 interstitial_ad_frame_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231109/r20110914/elements/html/ Frame 0D39 21 KB
9 KB 31ms
31ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231109/r20110914/elements/html/interstitial_ad_frame_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

25b1b4e9934aa4cb8e8bdf5fd7911f6ec67acde6b6b39f1561aec2244f7826af

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Wed, 29 Nov 2023 03:59:33 GMT
content-encoding: br
x-content-type-options: nosniff
age: 44953
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8781
x-xss-protection: 0
server: cafe
etag: 9666818975682992898
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 13 Dec 2023 03:59:33 GMT

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 2DF0 624 B
242 B 58ms
57ms Document
text/html 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxjT7bvGATAB&v=APEucNWR71OrWyGuUOUk4B_FoOqyvVFmTNzeLbw3sCqI422DUJzkREA9GskRH0fvuNoqan1BsfPfitBDzKfTYGYwsaOYOecm34t1KSh4fwclUl83Ac-1nEHNcB3sE-riMjzUF-m4fXT_ln1rsvxm6_vOKv05AKSs_PFV1mabY8dbgfDDc_FrJw8

Requested by

Host: cybernews.com
URL: https://cybernews.com/security/appscook-data-leak/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 222
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 29 Nov 2023 16:28:46 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame 3D32 89 KB
31 KB 67ms
66ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Host: cybernews.com
URL: https://cybernews.com/security/appscook-data-leak/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

38eb0379c855f10a0e69073af6b54582216fa37b7e2b1563a1246bbf1ef49642

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Wed, 29 Nov 2023 16:28:46 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 31485
x-xss-protection: 0
server: cafe
etag: 7119415641918660631
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Wed, 29 Nov 2023 16:28:46 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/ Frame 3D32 3 KB
1 KB 27ms
25ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/window_focus_fy2021.js

Requested by

Host: cybernews.com
URL: https://cybernews.com/security/appscook-data-leak/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Wed, 29 Nov 2023 12:41:19 GMT
content-encoding: br
x-content-type-options: nosniff
age: 13647
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 13 Dec 2023 12:41:19 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/ Frame 3D32 20 KB
8 KB 26ms
24ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: cybernews.com
URL: https://cybernews.com/security/appscook-data-leak/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3c30eaaa059a466037880c18c01c2fe94183d8e67eaab42061d4d2a180114658

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 23:16:58 GMT
content-encoding: br
x-content-type-options: nosniff
age: 61908
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8541
x-xss-protection: 0
server: cafe
etag: 737174102934380276
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 12 Dec 2023 23:16:58 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame 3D32 0
0 24ms
23ms Image
text/html 2a00:1450:4001:809::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaQaLK3RDt5xzgprNRydzkQ8kBKp3ZrWN8Bz2NzTyHtO3MoTMsHk0w1gJPq-xBBJUAdlIVnh33sCf3QIcDNLaP3Aja-y3A
Requested by: Host: cybernews.com
URL: https://cybernews.com/security/appscook-data-leak/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:809::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

GET
H2 200 ufs_web_display.js Show response
www.googletagservices.com/activeview/js/current/ Frame 3D32 202 KB
64 KB 68ms
66ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Requested by

Host: cybernews.com
URL: https://cybernews.com/security/appscook-data-leak/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d00881661ce5e766ce98430f69d6d217ab80bdfa98811e039afc92a327d57a68

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Wed, 29 Nov 2023 16:28:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 65070
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1700193896630564"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 29 Nov 2023 16:28:46 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 3D32 42 B
63 B 52ms
51ms Image
image/gif 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-AtSyDKnMMTYDcXgA4B3KktRs-XdPdE7rAZ8muOAZwchmgda7FU0uNjXAPPVWBJkGmpKOnXITNBYfIPC8fMmjd5r99V4hHsSAGElhXI5y622nDl3tc

Requested by

Host: cybernews.com
URL: https://cybernews.com/security/appscook-data-leak/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 29 Nov 2023 16:28:46 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 3D32 0
20 B 53ms
53ms Image
image/gif 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=fetch&cor=3956431064532319337&x=1&ct=77

Requested by

Host: cybernews.com
URL: https://cybernews.com/security/appscook-data-leak/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 29 Nov 2023 16:28:46 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame C607 640 B
262 B 55ms
55ms Document
text/html 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxjT7bvGATAB&v=APEucNUItSmTkldCPdZz8DqguRJz5f5F1PKEEd5c7JkIMFmc4IfdCcVtjc2oA-j4lZIMiabB-2b-SPS4tq5hw4gClke0IyVPHZcq5LRuBW-YlbprJWxE2lH7qXiFRfzLkiJPWS5D5TjjIAmzZ-oJdAchF0VOaK1j_B7hFHWZOV3dfHL4bX3Jx3s

Requested by

Host: cybernews.com
URL: https://cybernews.com/security/appscook-data-leak/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d0e8821e889280c3b745b859e6b3971924723a4562bac65ba8aa0fe44bfc83b2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 242
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 29 Nov 2023 16:28:46 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame 1196 89 KB
31 KB 126ms
124ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Host: cybernews.com
URL: https://cybernews.com/security/appscook-data-leak/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

cf940bd2489897434455528323cf66c4e3aecd5eea963f1d99d96acd452d6dd4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Wed, 29 Nov 2023 16:28:47 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 31498
x-xss-protection: 0
server: cafe
etag: 4296746511219988724
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Wed, 29 Nov 2023 16:28:47 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/ Frame 1196 3 KB
1 KB 18ms
17ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/window_focus_fy2021.js

Requested by

Host: cybernews.com
URL: https://cybernews.com/security/appscook-data-leak/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Wed, 29 Nov 2023 12:41:19 GMT
content-encoding: br
x-content-type-options: nosniff
age: 13647
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 13 Dec 2023 12:41:19 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/ Frame 1196 20 KB
8 KB 17ms
16ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: cybernews.com
URL: https://cybernews.com/security/appscook-data-leak/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3c30eaaa059a466037880c18c01c2fe94183d8e67eaab42061d4d2a180114658

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 23:16:58 GMT
content-encoding: br
x-content-type-options: nosniff
age: 61908
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8541
x-xss-protection: 0
server: cafe
etag: 737174102934380276
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 12 Dec 2023 23:16:58 GMT

GET
H2 200 ufs_web_display.js Show response
www.googletagservices.com/activeview/js/current/ Frame 1196 202 KB
64 KB 95ms
93ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Requested by

Host: cybernews.com
URL: https://cybernews.com/security/appscook-data-leak/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d00881661ce5e766ce98430f69d6d217ab80bdfa98811e039afc92a327d57a68

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Wed, 29 Nov 2023 16:28:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 65070
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1700193896630564"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 29 Nov 2023 16:28:46 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 1196 42 B
63 B 50ms
49ms Image
image/gif 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-CISNf08Nn6lbo7yAg0iWg-8XVXeW90Ob3iym231Ny947zfuTW2PuMTFvxLI8AOc3Ee0hz46B39NIlxAyXuzKNnPslcSH1sfO6fUmUa2e6aNf9BHTI

Requested by

Host: cybernews.com
URL: https://cybernews.com/security/appscook-data-leak/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 29 Nov 2023 16:28:46 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 1196 0
20 B 50ms
50ms Image
image/gif 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=fetch&cor=6078281579516911736&x=1&ct=77

Requested by

Host: cybernews.com
URL: https://cybernews.com/security/appscook-data-leak/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 29 Nov 2023 16:28:46 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 0F33 143 B
166 B 18ms
17ms Document
text/html 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5928161074779380&output=html&h=280&slotname=2732825802&adk=652042997&adf=2125223602&pi=t.ma~as.2732825802&w=749&fwrn=4&fwrnh=100&lmt=1701248518&rafmt=1&format=749x280&url=https%3A%2F%2Fcybernews.com%2Fsecurity%2Fappscook-data-leak%2F&ea=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1701275325689&bpp=1&bdt=200&idt=219&shv=r20231109&mjsv=m202311150101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=2559682454802&frm=20&pv=1&ga_vid=169331770.1701275325&ga_sid=1701275326&ga_hid=2118992224&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=226&ady=1117&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C42532605%2C31078020%2C31079758%2C44809315%2C31078301%2C31079722%2C44806140%2C44807764%2C44808148%2C44808285%2C44809071&oid=2&pvsid=1049970428930962&tmod=678715320&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpEe%7C&abl=CS&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&fsb=1&dtd=222
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 1464
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=3600
content-encoding: gzip
content-length: 145
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 29 Nov 2023 16:04:22 GMT
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 0748 1 KB
643 B 19ms
18ms Document
text/html 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 636
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 29 Nov 2023 16:18:10 GMT
etag: 48472445140208031
expires: Thu, 30 Nov 2023 16:18:10 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 css
fonts.googleapis.com/ Frame DC34 14 KB
1 KB 28ms
24ms Stylesheet
text/css 2a00:1450:4001:831::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

aade7746342f608807b7eb107059c842fe200e1ff09e146db822250055cecaed

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Wed, 29 Nov 2023 16:28:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Wed, 29 Nov 2023 14:30:51 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 29 Nov 2023 16:28:46 GMT

GET
H2 200 load_preloaded_resource_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/ Frame DC34 2 KB
856 B 18ms
14ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/load_preloaded_resource_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

41d2526e9c4595fc1fc747555bda18a041033a863a9b2ed180e7b5836918facd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Wed, 29 Nov 2023 15:51:29 GMT
content-encoding: br
x-content-type-options: nosniff
age: 2237
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 795
x-xss-protection: 0
server: cafe
etag: 4925184154378345226
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 13 Dec 2023 15:51:29 GMT

GET
H2 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231109/r20110914/ Frame DC34 23 KB
9 KB 18ms
15ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231109/r20110914/abg_lite_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8f665ba5c27890ebed553836dee5572ad583c0a65374373741ec0a5309df2b5a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Wed, 29 Nov 2023 07:50:48 GMT
content-encoding: br
x-content-type-options: nosniff
age: 31078
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9282
x-xss-protection: 0
server: cafe
etag: 14645652906762492339
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 13 Dec 2023 07:50:48 GMT

GET
H3 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 56F3 143 B
166 B 21ms
18ms Document
text/html 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 1464
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=3600
content-encoding: gzip
content-length: 145
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 29 Nov 2023 16:04:22 GMT
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/ Frame DC34 3 KB
1 KB 18ms
15ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/window_focus_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Wed, 29 Nov 2023 12:41:19 GMT
content-encoding: br
x-content-type-options: nosniff
age: 13647
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 13 Dec 2023 12:41:19 GMT

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 0B38 1 KB
643 B 19ms
16ms Document
text/html 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 636
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 29 Nov 2023 16:18:10 GMT
etag: 48472445140208031
expires: Thu, 30 Nov 2023 16:18:10 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/ Frame DC34 20 KB
8 KB 15ms
13ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3c30eaaa059a466037880c18c01c2fe94183d8e67eaab42061d4d2a180114658

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 23:16:58 GMT
content-encoding: br
x-content-type-options: nosniff
age: 61908
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8541
x-xss-protection: 0
server: cafe
etag: 737174102934380276
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 12 Dec 2023 23:16:58 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame DC34 0
0 24ms
22ms Image
text/html 2a00:1450:4001:809::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaSqgIMKmAhB-mNd-nRlt27rRcFsGSAgRWjNxOAF4M4Cip9jDlfWOkNQkHaOH_ON655to6SvergLA5HfEbtmn08WLVF__A
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:809::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

GET
H2 200 ufs_web_display.js Show response
www.googletagservices.com/activeview/js/current/ Frame DC34 202 KB
64 KB 109ms
107ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d00881661ce5e766ce98430f69d6d217ab80bdfa98811e039afc92a327d57a68

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Wed, 29 Nov 2023 16:28:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 65070
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1700193896630564"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 29 Nov 2023 16:28:47 GMT

GET
H3 200 a6de5423b7c632060e8f86136bd5d27a.js Show response
www.gstatic.com/mysidia/ Frame DC34 37 KB
15 KB 18ms
17ms Script
text/javascript 2a00:1450:4001:810::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/a6de5423b7c632060e8f86136bd5d27a.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0c21f21f7b1658ed6ab5c0461020a21d62f9e0a7cd7cf3d9e6ef61a2c481f31e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 07:40:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 118098
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15478
x-xss-protection: 0
last-modified: Tue, 14 Nov 2023 14:10:21 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Mon, 26 Feb 2024 07:40:28 GMT

GET v1
lb.eu-1-id5-sync.com/lb/ 0
0

GET
H3 200 Q12zgMmT.js Show response
tpc.googlesyndication.com/sodar/ Frame FE32 41 KB
14 KB 24ms
24ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-Dgup9nGeRXzmLxNnov29kMnybC0v6RYYcFWLk0jkVOXJKkV1sGHs40iXso3bnx8w4c9hM7CYBgN0QDal4B4LHubiigl8luIRHI6ovuIHU6umnPd7FXrSw7gaWTanVq6vAxU7bFwuGSO-Bp_BpPn2iMMUTZcprV4nTEhKxNZyXbC4qiV30&cry=1&dbm_d=AKAmf-DUKRSgYpu4TeZ551qkeAF5BQuKU3HM3vHlWqQOUkMstNVEP_QTu8BVlAXpX3xPGnoZilSjw1G1TR-RhiwQiLf_wfOz-4sdNUxcD4uI9nKAebaB6lxNi7BrRKBTzCcXGzjRZRU0LfjC74bjQ92MmDCUfP-OYBHwMrzY6zlV9sxPliQCC6dbKFtIotYvVQ-zCygnAqdDRqEhVqe2IXNZ8yTIBOROM5uUZIubk-bnfGYFN5r7tk_V2x74ZRgrRypgrQ1mYTk0-L11XsDA3wNIiP4qEB1ixW8V7kxSJ8BHZ09Y3pIPjYoIO--XQdM3LvjJDySBEm11YIQFijdTo5eUwjn3NAHNlqoRMFOjwD2WLvVMrBbPhY74ZPT5zNuOS5W6XqqMxdWu0v7jjyHM51bLpb8QA6SC6_mPT7THGk1fwc5U66xsI8qfoK4GpFUJx31NUBY4JaxqEbOyuyyaf3omFAF8sfGJlWsCWzf-rwZN_AhK4obW53_umyujFBvcBe577WfrZpl5k0WImEZE8RPvYJgyLPQvZEidmZ_aR_071JMZ6QgFFXN4Hqpyr1rbBw5df9A9qGLoJrUPiC9_lXckcRzXXBl4ngdSOZbTxHL79zmVoy--BGJy4LjjNYZ-jo0VYIZul93SpIMnHh3o9cqXbZiUqaoL_nIkKVPXc2UgVyrAJvIkEi1LylI2ctdyY4Uv3ZochbP32M9Aof9p0Jdz_7f99kViFEkp6XDwfGFYgjTp4TuSBcgHohNxQxdEmeoBqQapcjze0OteXy2KGmLbM-CjMLwXxZ_qYm4VEK5HhNthPq_ifBSx8ZkgvbVUjB-hSc68VV1wvP5tMFe2cOTsU6yC0Lc9QNRIn2jXkPXdV_y5sAqFtCbO7hy3cc6vO2GYX7b6g_nnCzpAbbzQjMtwl0vqAI73h2VaiZZDXJ8MDrV1V765VrKMDN3c5ck2tUxj9vq8lrCwqHLgQtIc81kD3IqGLMDjFb29QwkZA1Gq_cIQ3U06dMZeWNgto3Q6vwezvX0U6O429dNkC_9qJ78qTKOEexwnA3i5N7MYZ0LReyVHC5iOo_izkH3j_7Xv6M1aEk4Itxd4mWYPpeMgMBF8Q2IK5wX9MXn2zrXFkwdvlY9s7DG85vs-6khMRQ1_ANGtTk4vQNouNutd0URB6ooZxbeIf7bO55YYaoZI7GTvF9RQbVW3pcPI7H-SJFABA27aluaVsfzffq1BQmuIdeuDXlohAns2YVrYxTl63yT7RI1UQ-VxWXNl_n8KWLMG3rPwx88D-uqNAwEjrX1fNqoFAxnshh6rtwt3_ZVWMRschmX5ppobaMar5-5xL6zg9GS-CzxiNW8ce07aumIUDnb9rgLt8KLXO1p9fdogmGZtqs-0Xr22Syoe2JFhQCyK1ZuFNbeO35Ypg_hgkPLRI8f684Dsc-hKUqg8hTIZxShwKY8xi3n_ywX32IzEDQpdGu2-RD467312Fe5h98kOk7g7CoxImyO7X4xZPD9C7zuICJyxW4Zvryi1cna4x1Tit25n5tofLLtbNSryRMS0SXHxGGYe0ujdEwlcJpqmC3jVCbNvJPFB3LuCxMGUsiMId_L4Xc1QwhY3u4mVmWJqvKfusSkwmQRYb2fJWB0lpuXxnesS_-GRC7Yp6sVWUK3Qz_3F78yCdv9n1Ioc95_Ti5KmZKpFGSk-Po-4j3d1SXzpa430oEetZnxeli5ag-RBiYbTj72Ek-e1bQVm65EoKvlfbTIlxkAcVM5lmJ9rbYoy91gn6qFieAqJqb_A9E6sfpkw5JEW3x_rRSemAmecJ3FTengbJGoRwXkIouR3mdOd1vibCoaoHhGhRGgInapWH6plCSj5ym8clYEbYTdc5fvK62swfxaRUykoiY4YVt5-MNqzZbRNA_bYhNuhTGwZHFTLYgFG67YWq9IuTT7rSqSX81jR2GLQ9Je1ZF-KH9CQzVOBM0Km25pcieT_KbOxICidjlUR_Juxq7JRzL2UvzxN0M0Vf3oJ8BIkx5nOQnG8NZGaZp7mIFAtz8Hot02Qzz432RhPlWvpLHSrsAVzFA0MEb28ARg_0a4Vm-dYN06VUuCTiDQiKw3dv1w2zTR3DP3u0ZBSX7ttgDe7ACDbH5aQ2W5CgwbVB1lEQmDlQL77-63OMU4TRBbZwiqoXvkALLWqEWZH0xnRS6Wpy24ebQTIaAGceE6bCB2_ZH71caUt4IEsfFi1a9ltEXTnYnYgBUZMA9xfHsd5Jv-kL05QA5YH35zXjbDNdP2iMxg_0GKPN-wYeFAOLXE8lV8gIRkBEwQQeac5T2sTULs9TiYjYjT-BEbxhRIeQIHMjzWqNHpJzzYJsq08t8cOoBfV-O_AL09HyxJrhx5aET2ss9yaV_coE7XfyPvly4hc-gtM84oiKKqbqsumTRkIs2DoRvO6CXdWpjk-fAKU78PK2N16eIFlVOpL4oMBQv_wpiSELGhrU1aEGAY4RubeRQ85zLxfFg2QW0waByYHiKBhThZpE8LKPkZ4miiS8wjmpbJN5GsC0nUGZOMvuH6Z1JbREJQWhlG2WGG10s8b1CjTvbOuQHz5i1NIJ1G6zzwgQiLZP_PrgtWaEY67CN7Ro-d2ItYV3I3OmmKLMHeNOM1jyrN7lDO8dWsIkglEJjDT346zrUtFFFnloW4GEV1Ab8KPepth1YUIZJhdhlHF655hqCNv6OeLzZBLrUWxLDmvUlUm6tRfbWPLqLIvvvCQ3bFpOd3knitUVRCyYGOQDOcZThf_Cjh2W0mq5uFfU5qC2oks5zba4-S1bv3txz0zpEppPlIwzGqWpvkxi337hoPsK3ITH1_KJsIaw0adMVvLvICOqzMqF6kz0dJ0ZPWY0zNRF3jnTkipjORm5R1ZRRwDmI4xmBnBYZEhy6pXf7SNvDpNP1sQWn3U-UaVSVts0BA-REjjBmFwNf_MAEkmQ1xF21J8hkOrwMZXMiS6AxL5KYXqBDsU8fG6KuUKHBh6od_JUARsk5YwkuNL-m6VgJlYOTMdK7tClAS-uMLEivSANxpTUDP2bhh4HX-rKNZepWHpBII5uQ3xc7g3VhC7GVlRVca8kSSn-N-ncrqu_Umw7-PW4RVO2knLOvjZoVdTpjrRC8cHbGOZqpEKJkSfzMJW-zLAjpPsUnkz-mSiAxCcjnrQjNMHqQIZXzPIm7csuCB8DsUXjO39aGQggRshQh2hl-Xe_aKPEG4xc1vrsYRC_kuCiBvQ2c3yBB_4OljIQ4WWSHEzVW58uexFToqa4BfVM9AB30YU9YyawX2uEPHXOgPTP8HTnumhd80synIsfeeqbI57HcJCBBYk-cv3hdRauzsXZNaTrvzNObSCKBiJyUiVx5KJCRhDcKUgHFBg-6sOtlvygCxf0-CU6yOouqNIPTGzXtjqdSPcNzukRvLNOWyQZTHKb_Cfd8szR3gAImr1h8H4oAxiSIQFKYCpXr6C9ADXzt8wnQbKCbNCJ7OBPZv8bWO_ldxgm9jbPlGPLrC9fzCE4cSfGV1e5aS3hBOd8VvqJU_Rh5E2m9vBo9C63UT4WeJ2gyLEnmkW7SuBgjLpD9BoKMi0yKxVTLaMl12FTn33GqmwT_n9buH47UNKirdXsfZaQKHjrRNoZFHKR4UIgXQdnxMCFQdQBYJPpfw9E_qKxT7_OMXf9RMt8VYAE6WeEy9I2JdmSy9U3DZNg4wd-y2c8NUTSy7qoA2H2q-Pwc3teURlvKurCE8zpjZs_asBQLWluhdpoRcwNbcQGECBQJ9YG2rZbsIkYuIM1kkxQhrh0xjC-ZrHUZXcGRP1z9owUs8q8CD9u94MSHVGYEPBsWS3Jx3m_2j0LJeLf3uHcLhJoNanIzDy14U-QSV1oHdTovW9sN8l-XbAD7TBJEQJbVAno5BRsZ9NJpSHjKorxgTwRM2YawapYjyMl613x54pa8lo3TiEvuF78CVT_diIN4FaEnzIRbWzdlpgmDgHmvaESsbzGtyjU7MsaYUsIx1FpCMuGmjbcj36nRkd_nCbOj3oVBFivGIrxYvbY4n67DeKAY71N1y6qcd0Gt6Z_C7cT0RS15zLp1tz-_0349BWd7v84QSxDYkAzBRxjNkTMMERd-sNJAcUgzK-KA&cid=CAQSOwDICaaNh9xmN-dIFEukHbhi9qV88XOkip3ZtczJ71G4Tw_1rIEwLQ2Mo8lQ5Mq6cBHt1TXtW9dLEdC2GAE&dv3_ver=m202309260101&rfl=https%3A%2F%2Fcybernews.com&ds=l&xdt=1&iif=1&cor=2710221900013710300&adk=2857193498&idt=77&cac=0&dtd=14

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

435db380c9936c0970dcd3d9941eab6aec2fcf2a38c3e2b4e02d957e8e76bd1f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://4d058c42d22747ed1f386191f2385802.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 24 Nov 2023 18:05:08 GMT
content-encoding: br
x-content-type-options: nosniff
age: 426218
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13937
x-xss-protection: 0
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 23 Nov 2024 18:05:08 GMT

GET
H2 200 attribution_src_register;crd=cXVlcnlfZXZlbnRfaWQgewogIHRpbWVfdXNlYzogMTcwMTI3NTMyNjg5OTg1OAogIHNlcnZlcl9pcDogMTgyNDUzMjQ5CiAgcHJvY2Vzc19pZDogMzAwMzQzOTc0OQp9CmZsb29kbGlnaHRfY29uZmlnX2lkOiAxMTg2ODk0...
ad.doubleclick.net/ddm/activity/ Frame FE32 0
858 B 87ms
54ms Image
image/png 172.217.16.134
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ad.doubleclick.net/ddm/activity/attribution_src_register;crd=cXVlcnlfZXZlbnRfaWQgewogIHRpbWVfdXNlYzogMTcwMTI3NTMyNjg5OTg1OAogIHNlcnZlcl9pcDogMTgyNDUzMjQ5CiAgcHJvY2Vzc19pZDogMzAwMzQzOTc0OQp9CmZsb29kbGlnaHRfY29uZmlnX2lkOiAxMTg2ODk0MwphZHZlcnRpc2VyX2RvbWFpbjogImh0dHBzOi8vcmVkaW50ZWxsaWdlbmNlLm5ldCIKeGZhX2F0dHJpYnV0aW9uX2ludGVyYWN0aW9uX3R5cGU6IFZJRVcKaW1wcmVzc2lvbl9wcmlvcml0eTogMAppbXByZXNzaW9uX2V4cGlyeV9pbl9kYXlzOiAzMApldmVudF9pbXByZXNzaW9uX2lkOiA0NzE3NjY4MzYzNzYyNzgyMQpkZWJ1Z19rZXk6IDE3Mjg4OTk2MjQyMzY0NjE0MjQ3CmltcHJlc3Npb25fbWVhc3VyZW1lbnRfZGltZW5zaW9uc19kYXRhIHsKICBtZWFzdXJlbWVudF9kaW1lbnNpb246IElNUFJFU1NJT05fRElNRU5TSU9OX1BST0RVQ1RfVFlQRQogIG1lYXN1cmVtZW50X2RpbWVuc2lvbl92YWx1ZSB7CiAgICBpbnQ2NF92YWx1ZTogMgogIH0KfQppbXByZXNzaW9uX21lYXN1cmVtZW50X2RpbWVuc2lvbnNfZGF0YSB7CiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uOiBJTVBSRVNTSU9OX0RJTUVOU0lPTl9JTlRFUkFDVElPTl9UWVBFCiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uX3ZhbHVlIHsKICAgIGludDY0X3ZhbHVlOiAzCiAgfQp9CmltcHJlc3Npb25fbWVhc3VyZW1lbnRfZGltZW5zaW9uc19kYXRhIHsKICBtZWFzdXJlbWVudF9kaW1lbnNpb246IElNUFJFU1NJT05fRElNRU5TSU9OX0lOVEVSQUNUSU9OX0RBVEUKICBtZWFzdXJlbWVudF9kaW1lbnNpb25fdmFsdWUgewogICAgc3RyaW5nX3ZhbHVlOiAiMjAyMy0xMS0yOSIKICB9Cn0KaW1wcmVzc2lvbl9tZWFzdXJlbWVudF9kaW1lbnNpb25zX2RhdGEgewogIG1lYXN1cmVtZW50X2RpbWVuc2lvbjogSU1QUkVTU0lPTl9ESU1FTlNJT05fRkxPT0RMSUdIVF9DT05GSUdfSUQKICBtZWFzdXJlbWVudF9kaW1lbnNpb25fdmFsdWUgewogICAgaW50NjRfdmFsdWU6IDExODY4OTQzCiAgfQp9CmltcHJlc3Npb25fbWVhc3VyZW1lbnRfZGltZW5zaW9uc19kYXRhIHsKICBtZWFzdXJlbWVudF9kaW1lbnNpb246IElNUFJFU1NJT05fRElNRU5TSU9OX0NPUkVfUExBVEZPUk1fU0VSVklDRQogIG1lYXN1cmVtZW50X2RpbWVuc2lvbl92YWx1ZSB7CiAgICBpbnQ2NF92YWx1ZTogMAogIH0KfQppbXByZXNzaW9uX21lYXN1cmVtZW50X2RpbWVuc2lvbnNfZGF0YSB7CiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uOiBJTVBSRVNTSU9OX0RJTUVOU0lPTl9QTEFURk9STV9UWVBFCiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uX3ZhbHVlIHsKICAgIGludDY0X3ZhbHVlOiAwCiAgfQp9CmltcHJlc3Npb25fbWVhc3VyZW1lbnRfZGltZW5zaW9uc19kYXRhIHsKICBtZWFzdXJlbWVudF9kaW1lbnNpb246IElNUFJFU1NJT05fRElNRU5TSU9OX1FVRVJZX0NPVU5UUlkKICBtZWFzdXJlbWVudF9kaW1lbnNpb25fdmFsdWUgewogICAgc3RyaW5nX3ZhbHVlOiAiVVMiCiAgfQp9CmltcHJlc3Npb25fbWVhc3VyZW1lbnRfZGltZW5zaW9uc19kYXRhIHsKICBtZWFzdXJlbWVudF9kaW1lbnNpb246IElNUFJFU1NJT05fRElNRU5TSU9OX1BMQUNFTUVOVF9JRAogIG1lYXN1cmVtZW50X2RpbWVuc2lvbl92YWx1ZSB7CiAgICBpbnQ2NF92YWx1ZTogMzMyMTYwNDE2CiAgfQp9CmltcHJlc3Npb25fbWVhc3VyZW1lbnRfZGltZW5zaW9uc19kYXRhIHsKICBtZWFzdXJlbWVudF9kaW1lbnNpb246IElNUFJFU1NJT05fRElNRU5TSU9OX0RWM19BRFZFUlRJU0VSX0lECiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uX3ZhbHVlIHsKICAgIGludDY0X3ZhbHVlOiA4NzgyNDM2OTYKICB9Cn0KaW1wcmVzc2lvbl9tZWFzdXJlbWVudF9kaW1lbnNpb25zX2RhdGEgewogIG1lYXN1cmVtZW50X2RpbWVuc2lvbjogSU1QUkVTU0lPTl9ESU1FTlNJT05fRFYzX0xJTkVfSVRFTV9JRAogIG1lYXN1cmVtZW50X2RpbWVuc2lvbl92YWx1ZSB7CiAgICBpbnQ2NF92YWx1ZTogMTY2NjAxNDIwNjMKICB9Cn0KaW1wcmVzc2lvbl9tZWFzdXJlbWVudF9kaW1lbnNpb25zX2RhdGEgewogIG1lYXN1cmVtZW50X2RpbWVuc2lvbjogSU1QUkVTU0lPTl9ESU1FTlNJT05fRFYzX0NSRUFUSVZFX0lECiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uX3ZhbHVlIHsKICAgIGludDY0X3ZhbHVlOiA0MTYyMTY5ODYKICB9Cn0KYXJjaGV0eXBlX2lkOiAxMgphcmNoZXR5cGVfaWQ6IDEzCmFyY2hldHlwZV9pZDogMTQKYXJjaGV0eXBlX2lkOiAxNQphZHZlcnRpc2VyX2NvbnZlcnNpb25fZG9tYWluczogImh0dHBzOi8vcmVkaW50ZWxsaWdlbmNlLm5ldCIKYWR2ZXJ0aXNlcl9jb252ZXJzaW9uX2RvbWFpbnM6ICJodHRwczovL2FkLXNydi5uZXQiCmFkdmVydGlzZXJfY29udmVyc2lvbl9kb21haW5zOiAiaHR0cHM6Ly9rbGljay13ZWx0LmRlIgppbXByZXNzaW9uX2V2ZW50X3JlcG9ydGluZ193aW5kb3dfZGF5czogNApicm93c2VyX2F0dHJpYnV0aW9uX2FwaV9yZXF1ZXN0X3Byb2Nlc3NpbmdfYml0czogNzM4MTk3NTA0Cg

Requested by

Host: 4d058c42d22747ed1f386191f2385802.safeframe.googlesyndication.com
URL: https://4d058c42d22747ed1f386191f2385802.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.16.134 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://4d058c42d22747ed1f386191f2385802.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 29 Nov 2023 16:28:47 GMT
x-content-type-options: nosniff
attribution-reporting-register-source: {"aggregation_keys":{"12":"0xdcef201938bdf00c0000000000000000","13":"0x944de669759348fb0000000000000000","14":"0x78c55fa5da1cfd1f0000000000000000","15":"0xba30a4998eff6d8d0000000000000000"},"debug_key":"17288996242364614247","debug_reporting":true,"destination":"https://redintelligence.net","event_report_window":"345600","expiry":"2592000","filter_data":{"14":[],"8":["11868943"]},"priority":"0","source_event_id":"47176683637627821"}
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type: image/png
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK jf2y0amzcvu0 Show response
hal9000.redintelligence.net/zone/ Frame FE32 12 KB
4 KB 41ms
13ms Script
text/html 144.76.104.53
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal9000.redintelligence.net/zone/jf2y0amzcvu0?subid=&gdpr=&gdpr_consent=&rnd=1701275326327859&extVar[]=DV360_SSP:1&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCLr7XvmZnZbOBFIW6juwP_M2viASm5b2gab2YnKfJD_AuEAEgz9DbnQFglcL-gZQHyAEJqQK-F5vFC2qyPqgDAcgDmwSqBKQCT9BP2bjbtNn7wyG7v6pisWwyu-xOVtIqcg7Bb5XXMM7TXSR2_uNE8TxUEVCj0W2YtF-tO0r6kqqze7Mh0KkdCE7FoasBqvADJ-zlJi7adKu46zn8_36Lx_JLsW0XbxP6n9_mMAw5Npwsx-shIatno4D4iFjGy7YTpFiUDu-KNhDQAeoQK_QbHjaG6QrOJaAoChGJpp066LUg_DDP6niplQl_OQxTzYdI_R5jgKbheQOt7sWurYSsf2zQSymnKy5cdlugLChTgC8VlwoIcAq8Pr4SQFuQfdtiX14AQS3ghqUhCfH5cpkjN9S1DWoihkOZK7MU5VGhT4osxLudV1m-1chISXdF1NJCP4jYJo_5WxTo-AfXcEmPRHdU2a_-iz-t4HT0YMAE64_8jvcD4AQDiAXvr5aIPpAGAaAGTYAHrK31nwOoB9m2sQKoB47OG6gHk9gbqAfulrECqAf-nrECqAfVyRuoB6a-G6gHmgaoB_PRG6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggfCIDhgBAQARgdMgKqAjoCgEBIvf3BOljYo_S70OmCA4AKA5gLAcgLAYAMAaIMGCoWChTktLEC7rWxArW4sQLktLEC7rWxAqoNAkRF4g0TCLDe9LvQ6YIDFQWdgwcd_OYLQbATh--xFdATANgTA4gUAdgUAdAVAfgWAYAXAQ%26ae%3D1%26num%3D1%26cid%3DCAQSOwDICaaNh9xmN-dIFEukHbhi9qV88XOkip3ZtczJ71G4Tw_1rIEwLQ2Mo8lQ5Mq6cBHt1TXtW9dLEdC2GAE%26sig%3DAOD64_23IV2h6bJtfOzcuLpI2EOJGZlOXQ%26client%3Dca-pub-4647811890505995%26dbm_c%3DAKAmf-D1a9cBWzq3vWnSdQBdY4nujpPwrzfFctyYM6XULtN9zAwhBUgoMkWzA2LvEKLBglMXHrXT-c5x91CCMtY_kJ02saJM5tvvSeVMsOCSgn3Yp1SK3WS1E5tRf75BGR9EJSJ8qfMkwcV_zmNfr4kAUFEvfim7uQ3v9qDPcYGTiJlZZI40LDo%26cry%3D1%26dbm_d%3DAKAmf-DjkJIJGChlVludpu2KKtBOY510Sglq96LCJV0dSrgMr2VKABSeagreOyN-gNiV8HU5h3EAPsfzratwvmfookI9mlcFLb4nYXvrE4-N4dcXX2wT9vqYvYgzPxotffjrOr0hB9KIaCzfFP3BdjP_w_0SyKNsblpA_Aq4lnSbehoVMGwA01Yzlt3pL3khHaevZPAVW6kxN2Czk2gnlEWZJKsRKVDWHNaY8IT5cJug36XFaaMg9H1iioWqwT8VYaMCoxBpahNGT9jXaC4KjNISbjsIoeObMXFIxOsK5DwKvnpo19GW8gQYN6YDDHKM4akNTbcBXFXRbY84wKrY_Itdh9mCOi1BfCwZrh3doBLTvXqSUS5DEpbNiPh90yXOKsGmpEkamuGxHqOzxvtNrv4G1F_yvypfFx4BjxIQbSFSsQ3wKadIoWFckSC-tKDYT-Zgg-E8gflMXO9yNaQvSUcA0dkmbgaztNFihqq1QXDFKEqjwqQhOcrQ3mdXKWHnK2g6whqVmNn2Sem-PfGqQNTAG8QJVBxLQsi8Whe--PU4y5IzDoilD86my8FOyJ0KMWx6pTL_mcw9F3iRlkWcxMlhrqZpJxB51Q%26adurl%3D
Requested by: Host: 4d058c42d22747ed1f386191f2385802.safeframe.googlesyndication.com
URL: https://4d058c42d22747ed1f386191f2385802.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 144.76.104.53 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.53.104.76.144.clients.your-server.de
Software: Apache /
Resource Hash: 7dfb547a94545c5c3ddf7837b517f1b982131ce2974024dfac75c0e56d807645

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://4d058c42d22747ed1f386191f2385802.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Date: Wed, 29 Nov 2023 16:28:46 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 4272
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8

GET
DATA 200
OK truncated
/ Frame 00FC 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e34faa31e79483a3faeb57b728e81d712f18f72affceb48aeaafdec5afda2203

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Content-Type: image/png

GET
H2

200

/
r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/ Frame 0748
Redirect Chain

https://ad.turn.com/r/cs?pid=3&google_gid=CAESEAtb4BlhgvkEBmErBimcRjM&google_cver=1&google_push=AXcoOmRIVcEpM0b5Z81_aROHmRchDv6JKitRcOksQ2U2XiaqvX0BqPFDSs7WH4XAtKiahWO7gVKS688nFDr_nAO42wH0W6_djCFqfGc
https://cm.g.doubleclick.net/pixel?google_nid=turn1&google_cm&google_sc&google_hm=ODU4ODc3MDA1NDU4MDcyNjExMw==&gdpr=&gdpr_consent=
https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESEAtb4BlhgvkEBmErBimcRjM&google_cver=1

43 B
398 B

16ms
15ms

Image
image/gif

2001:678:cb4:bbbb::11
AMOBEE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESEAtb4BlhgvkEBmErBimcRjM&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5928161074779380&output=html&h=280&slotname=2732825802&adk=652042997&adf=2125223602&pi=t.ma~as.2732825802&w=749&fwrn=4&fwrnh=100&lmt=1701248518&rafmt=1&format=749x280&url=https%3A%2F%2Fcybernews.com%2Fsecurity%2Fappscook-data-leak%2F&ea=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1701275325689&bpp=1&bdt=200&idt=219&shv=r20231109&mjsv=m202311150101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=2559682454802&frm=20&pv=1&ga_vid=169331770.1701275325&ga_sid=1701275326&ga_hid=2118992224&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=226&ady=1117&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C42532605%2C31078020%2C31079758%2C44809315%2C31078301%2C31079722%2C44806140%2C44807764%2C44808148%2C44808285%2C44809071&oid=2&pvsid=1049970428930962&tmod=678715320&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpEe%7C&abl=CS&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&fsb=1&dtd=222
Protocol: H2
Server: 2001:678:cb4:bbbb::11 , United Kingdom, ASN56396 (AMOBEE, GB),
Reverse DNS
Software: /
Resource Hash: 48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

content-type: image/gif
pragma: no-cache
date: Wed, 29 Nov 2023 16:28:46 GMT
cache-control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
content-length: 43
p3p: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"

Redirect headers

pragma: no-cache
date: Wed, 29 Nov 2023 16:28:47 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESEAtb4BlhgvkEBmErBimcRjM&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 329
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 204 current
dclk-match.dotomi.com/match/bounce/ Frame 0748 0
103 B 15ms
12ms Image
text/plain 2a02:fa8:8806:12::1370
VCLK-EU-SE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dclk-match.dotomi.com/match/bounce/current?networkId=14000&version=1&google_gid=CAESELSNo5OuErJzQ6SNZPKt1-I&google_cver=1&google_push=AXcoOmS7ZuXS1UWAiyZ_xcSPIJKdvyq4fUOIsCqOolCqesvESS3AEdQ9wBU7aUN5KiGUpg_AH2m0YzG4-sn6ZVgMj3xz3qyz_ykR0Q
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5928161074779380&output=html&h=280&slotname=2732825802&adk=652042997&adf=2125223602&pi=t.ma~as.2732825802&w=749&fwrn=4&fwrnh=100&lmt=1701248518&rafmt=1&format=749x280&url=https%3A%2F%2Fcybernews.com%2Fsecurity%2Fappscook-data-leak%2F&ea=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1701275325689&bpp=1&bdt=200&idt=219&shv=r20231109&mjsv=m202311150101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=2559682454802&frm=20&pv=1&ga_vid=169331770.1701275325&ga_sid=1701275326&ga_hid=2118992224&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=226&ady=1117&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C42532605%2C31078020%2C31079758%2C44809315%2C31078301%2C31079722%2C44806140%2C44807764%2C44808148%2C44808285%2C44809071&oid=2&pvsid=1049970428930962&tmod=678715320&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpEe%7C&abl=CS&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&fsb=1&dtd=222
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2a02:fa8:8806:12::1370 , Singapore, ASN41041 (VCLK-EU-SE, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 29 Nov 2023 16:28:46 GMT
cache-control: no-cache, private, max-age=0, no-store
server: nginx
expires: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 0748
Redirect Chain

https://um.simpli.fi/gp_match?google_gid=CAESEC-RPK1fVfc9R_h1e3d5QF0&google_cver=1&google_push=AXcoOmSvSoXdtSPN2UbTIQ10sCIxGrSjD8i_VNDHDJiRoHtAMuRzen6CsWpnZsTQjxOkuuF8ft_atHpU6rg7PEcvCMk7n1i3byCkzEE
https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=BEA96BD1890C40DC9A16A2628BA9DEF9&google_push=AXcoOmSvSoXdtSPN2UbTIQ10sCIxGrSjD8i_VNDHDJiRoHtAMuRzen6CsWpnZsTQjxOkuuF8ft_atHpU6rg7PEc...

170 B
188 B

24ms
24ms

Image
image/png

142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=BEA96BD1890C40DC9A16A2628BA9DEF9&google_push=AXcoOmSvSoXdtSPN2UbTIQ10sCIxGrSjD8i_VNDHDJiRoHtAMuRzen6CsWpnZsTQjxOkuuF8ft_atHpU6rg7PEcvCMk7n1i3byCkzEE

Requested by

Protocol

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 29 Nov 2023 16:28:47 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Wed, 29 Nov 2023 16:28:47 GMT
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-content-type-options: nosniff
server: openresty
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/html
location: https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=BEA96BD1890C40DC9A16A2628BA9DEF9&google_push=AXcoOmSvSoXdtSPN2UbTIQ10sCIxGrSjD8i_VNDHDJiRoHtAMuRzen6CsWpnZsTQjxOkuuF8ft_atHpU6rg7PEcvCMk7n1i3byCkzEE
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length: 142
expires: Tue, 28 Nov 2023 16:28:47 GMT

GET
H2 200 google
match.adsrvr.org/track/cmf/ Frame 0748 70 B
148 B 96ms
30ms Image
image/gif 15.197.193.217
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/google?google_gid=CAESEBjAWLxcF_ulzk-4Sp8yPFo&google_cver=1&google_push=AXcoOmSLx3JUS3ptXr9pknwy7H0fTvFRuA5SP2MpJvHF9QGOXrdaFVLKSYGOZCBCoW-GQPj6RsnFPNX79MIx4m14XBj8ZRMtgV9_pYY
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5928161074779380&output=html&h=280&slotname=2732825802&adk=652042997&adf=2125223602&pi=t.ma~as.2732825802&w=749&fwrn=4&fwrnh=100&lmt=1701248518&rafmt=1&format=749x280&url=https%3A%2F%2Fcybernews.com%2Fsecurity%2Fappscook-data-leak%2F&ea=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1701275325689&bpp=1&bdt=200&idt=219&shv=r20231109&mjsv=m202311150101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=2559682454802&frm=20&pv=1&ga_vid=169331770.1701275325&ga_sid=1701275326&ga_hid=2118992224&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=226&ady=1117&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C42532605%2C31078020%2C31079758%2C44809315%2C31078301%2C31079722%2C44806140%2C44807764%2C44808148%2C44808285%2C44809071&oid=2&pvsid=1049970428930962&tmod=678715320&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpEe%7C&abl=CS&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&fsb=1&dtd=222
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 15.197.193.217 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a12b7a488abeaa9e4.awsglobalaccelerator.com
Software: Kestrel /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Wed, 29 Nov 2023 16:28:47 GMT
server: Kestrel
content-length: 70
content-type: image/gif

GET
H2 200 sync
x.bidswitch.net/ Frame 0748 43 B
145 B 49ms
16ms Image
image/gif 18.184.108.41
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://x.bidswitch.net/sync?ssp=google_jp&google_gid=CAESEHQpUaMX3ehAFfSrEuWSc1I&google_cver=1&google_push=AXcoOmTFZJm2uWtMVyPi9QNsNQ3oU5pHZmMh3Z9-VT5F9Yih6y4vrIfbX9_oEx-LNSTeYd7XxCNzSvHF8SWxJn8AqrtH0zjYNrzISw
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5928161074779380&output=html&h=280&slotname=2732825802&adk=652042997&adf=2125223602&pi=t.ma~as.2732825802&w=749&fwrn=4&fwrnh=100&lmt=1701248518&rafmt=1&format=749x280&url=https%3A%2F%2Fcybernews.com%2Fsecurity%2Fappscook-data-leak%2F&ea=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1701275325689&bpp=1&bdt=200&idt=219&shv=r20231109&mjsv=m202311150101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=2559682454802&frm=20&pv=1&ga_vid=169331770.1701275325&ga_sid=1701275326&ga_hid=2118992224&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=226&ady=1117&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C42532605%2C31078020%2C31079758%2C44809315%2C31078301%2C31079722%2C44806140%2C44807764%2C44808148%2C44808285%2C44809071&oid=2&pvsid=1049970428930962&tmod=678715320&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpEe%7C&abl=CS&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&fsb=1&dtd=222
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.184.108.41 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-184-108-41.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Wed, 29 Nov 2023 16:28:47 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 43
content-type: image/gif

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 0748
Redirect Chain

https://c1.adform.net/serving/cookie/match/?party=1&google_gid=CAESEEoDVWdDAVav1--afzglvUQ&google_cver=1&google_push=AXcoOmRDBXFbp1BSB64UPUeZRlXfZ76-mw9Ui9nLbU68KLbW-h-I9DF-wGoPDMpN-7G9iUOfHeuOPK22...
https://c1.adform.net/serving/cookie/match/?CC=1&party=1&google_gid=CAESEEoDVWdDAVav1--afzglvUQ&google_cver=1&google_push=AXcoOmRDBXFbp1BSB64UPUeZRlXfZ76-mw9Ui9nLbU68KLbW-h-I9DF-wGoPDMpN-7G9iUOfHeu...
https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=MTI0NzA1NzQ5OTA4ODg2Mjc5Mw&google_push=AXcoOmRDBXFbp1BSB64UPUeZRlXfZ76-mw9Ui9nLbU68KLbW-h-I9DF-wGoPDMpN-7G9iUOfHeuOPK...

170 B
188 B

24ms
24ms

Image
image/png

142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=MTI0NzA1NzQ5OTA4ODg2Mjc5Mw&google_push=AXcoOmRDBXFbp1BSB64UPUeZRlXfZ76-mw9Ui9nLbU68KLbW-h-I9DF-wGoPDMpN-7G9iUOfHeuOPK22c-Z5IOb5JgmgZGYzDdJoxQ

Requested by

Protocol

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 29 Nov 2023 16:28:47 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 29 Nov 2023 16:28:47 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
access-control-max-age: 86400
access-control-allow-methods: GET
location: https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=MTI0NzA1NzQ5OTA4ODg2Mjc5Mw&google_push=AXcoOmRDBXFbp1BSB64UPUeZRlXfZ76-mw9Ui9nLbU68KLbW-h-I9DF-wGoPDMpN-7G9iUOfHeuOPK22c-Z5IOb5JgmgZGYzDdJoxQ
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length: 0
expires: -1

GET
H2

200

report
sync.teads.tv/um/ Frame 0748
Redirect Chain

https://sync.teads.tv/um?ssb_provider_id=3&uid=&google_nid=teadstv_ab&fb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dteadstv_ab%26google_hm%3D%5BVID_B64%5D&google_gid=CAESEE4zaABL1qLp...
https://cm.g.doubleclick.net/pixel?google_nid=teadstv_ab&google_hm=&google_push=AXcoOmS_nhnlXocM4ERr4MSx-XFuOnWWweUMjYbmvpwq-lqqRpg-DVnxaIJ9InJfBFLgSNlpmqSNvizFqE9rnr6QN-8ARoH9UyC747g
https://sync.teads.tv/um/report?eid=3&google_nid=teadstv_ab

23 B
163 B

34ms
33ms

Image
image/gif

23.32.185.35
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.teads.tv/um/report?eid=3&google_nid=teadstv_ab
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5928161074779380&output=html&h=280&slotname=2732825802&adk=652042997&adf=2125223602&pi=t.ma~as.2732825802&w=749&fwrn=4&fwrnh=100&lmt=1701248518&rafmt=1&format=749x280&url=https%3A%2F%2Fcybernews.com%2Fsecurity%2Fappscook-data-leak%2F&ea=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1701275325689&bpp=1&bdt=200&idt=219&shv=r20231109&mjsv=m202311150101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=2559682454802&frm=20&pv=1&ga_vid=169331770.1701275325&ga_sid=1701275326&ga_hid=2118992224&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=226&ady=1117&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C42532605%2C31078020%2C31079758%2C44809315%2C31078301%2C31079722%2C44806140%2C44807764%2C44808148%2C44808285%2C44809071&oid=2&pvsid=1049970428930962&tmod=678715320&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpEe%7C&abl=CS&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&fsb=1&dtd=222
Protocol: H2
Server: 23.32.185.35 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-32-185-35.deploy.static.akamaitechnologies.com
Software: pekko-http/1.0.0 /
Resource Hash: 328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

expires: Wed, 29 Nov 2023 16:28:47 GMT
pragma: no-cache
date: Wed, 29 Nov 2023 16:28:47 GMT
cache-control: max-age=0, no-cache, no-store
server: pekko-http/1.0.0
content-length: 23
content-type: image/gif

Redirect headers

pragma: no-cache
date: Wed, 29 Nov 2023 16:28:47 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://sync.teads.tv/um/report?eid=3&google_nid=teadstv_ab
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 260
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame 0748 0
12 B 23ms
23ms Image
text/html 142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13KWcoOLMvOngM30A4xLKhVB4R5wimi9pZjnk0sZm9-wXjGDq0GMUSMINfPeLcjkDZ3_OAhpjg

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

1005.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Wed, 29 Nov 2023 16:28:46 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 0F33
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
17 B

22ms
22ms

Document
text/html

2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 29 Nov 2023 16:28:47 GMT
expires: Wed, 29 Nov 2023 16:28:47 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 29 Nov 2023 16:28:46 GMT
location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3

200

rum
dsum-sec.casalemedia.com/ Frame 2DF0
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEAfDMTBqhrvD59IMo3FdTfg&google_cver=1

43 B
729 B

27ms
27ms

Image
image/gif

104.18.36.155
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEAfDMTBqhrvD59IMo3FdTfg&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxjT7bvGATAB&v=APEucNWR71OrWyGuUOUk4B_FoOqyvVFmTNzeLbw3sCqI422DUJzkREA9GskRH0fvuNoqan1BsfPfitBDzKfTYGYwsaOYOecm34t1KSh4fwclUl83Ac-1nEHNcB3sE-riMjzUF-m4fXT_ln1rsvxm6_vOKv05AKSs_PFV1mabY8dbgfDDc_FrJw8
Protocol: H3
Server: 104.18.36.155 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 29 Nov 2023 16:28:47 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zLVWcuCbD3tho2u1xHFPLbkv57y5BHtmrWlHqCpch5ljukbjBULJcptWAl9hXQ4z7rcH4hwxS8z23qzeQzdC%2F7wmL0Tla6KLwCeWCSRBJtDwVNNxcKpYtw1ds3szzIuCFAnWBa3aPixTmA%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 82dc39c9bdfe039a-FRA
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Wed, 29 Nov 2023 16:28:46 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEAfDMTBqhrvD59IMo3FdTfg&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

rum
dsum-sec.casalemedia.com/ Frame 2DF0
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZWdmvry7jmzwDZNiu4Da5QAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEAfDMTBqhrvD59IMo3FdTfg&google_cver=1

43 B
729 B

26ms
25ms

Image
image/gif

104.18.36.155
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEAfDMTBqhrvD59IMo3FdTfg&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxjT7bvGATAB&v=APEucNWR71OrWyGuUOUk4B_FoOqyvVFmTNzeLbw3sCqI422DUJzkREA9GskRH0fvuNoqan1BsfPfitBDzKfTYGYwsaOYOecm34t1KSh4fwclUl83Ac-1nEHNcB3sE-riMjzUF-m4fXT_ln1rsvxm6_vOKv05AKSs_PFV1mabY8dbgfDDc_FrJw8
Protocol: H3
Server: 104.18.36.155 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 29 Nov 2023 16:28:47 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=17BiRQVdg1xnT8OED8A9LM17AgRRDXfVCOFbobScb2N2rEdkapu4MPASpgwD7Jxyvzbgh39Fbrekkr0mbYcKl87CIexPJ4BGfUENIp3lu67%2B0l4f0DKJf9kYF9nUXZ8bixd9rRs6ZKaNOQ%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 82dc39ca0e5e039a-FRA
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Wed, 29 Nov 2023 16:28:47 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEAfDMTBqhrvD59IMo3FdTfg&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

setuid
ib.adnxs.com/ Frame 2DF0
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEPfi8ud8ksLtKuFmG_HtjR4&google_cver=1

43 B
846 B

7ms
7ms

Image
image/gif

37.252.171.52
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESEPfi8ud8ksLtKuFmG_HtjR4&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxjT7bvGATAB&v=APEucNWR71OrWyGuUOUk4B_FoOqyvVFmTNzeLbw3sCqI422DUJzkREA9GskRH0fvuNoqan1BsfPfitBDzKfTYGYwsaOYOecm34t1KSh4fwclUl83Ac-1nEHNcB3sE-riMjzUF-m4fXT_ln1rsvxm6_vOKv05AKSs_PFV1mabY8dbgfDDc_FrJw8

Protocol

Server

37.252.171.52 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

Software

nginx/1.23.4 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 29 Nov 2023 16:28:47 GMT
an-x-request-uuid: 581eeb6a-e788-49bd-bae2-5af9679e6478
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: image/gif
cache-control: no-store, no-cache, private
x-proxy-origin: 37.58.58.249; 37.58.58.249; 1005.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
content-length: 43
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 29 Nov 2023 16:28:46 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://ib.adnxs.com/setuid?entity=101&code=CAESEPfi8ud8ksLtKuFmG_HtjR4&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 2DF0
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MzY4MDA2NTQ2MzE5ODY5Njg1NQ%3D%3D

170 B
188 B

32ms
31ms

Image
image/png

142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MzY4MDA2NTQ2MzE5ODY5Njg1NQ%3D%3D

Requested by

Protocol

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 29 Nov 2023 16:28:47 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 29 Nov 2023 16:28:46 GMT
an-x-request-uuid: e5e742eb-9d7c-49fb-9273-5f56e41f4642
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MzY4MDA2NTQ2MzE5ODY5Njg1NQ%3D%3D
x-proxy-origin: 37.58.58.249; 37.58.58.249; 1005.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2

200

sd
us-u.openx.net/w/1.0/ Frame C607
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_dbm
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEGrmvBIfIzrFR3XbnT5zrpQ&google_cver=1

43 B
114 B

213ms
33ms

Image
image/gif

34.98.64.218
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEGrmvBIfIzrFR3XbnT5zrpQ&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxjT7bvGATAB&v=APEucNUItSmTkldCPdZz8DqguRJz5f5F1PKEEd5c7JkIMFmc4IfdCcVtjc2oA-j4lZIMiabB-2b-SPS4tq5hw4gClke0IyVPHZcq5LRuBW-YlbprJWxE2lH7qXiFRfzLkiJPWS5D5TjjIAmzZ-oJdAchF0VOaK1j_B7hFHWZOV3dfHL4bX3Jx3s
Protocol: H2
Server: 34.98.64.218 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/0.0.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 29 Nov 2023 16:28:47 GMT
via: 1.1 google
server: OXGW/0.0.0
vary: Accept
content-type: image/gif
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 29 Nov 2023 16:28:46 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEGrmvBIfIzrFR3XbnT5zrpQ&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 295
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 cm
us-u.openx.net/w/1.0/ Frame C607 43 B
295 B 240ms
32ms Image
image/gif 34.98.64.218
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/cm?id=9ca165a9-d9fe-2ff6-d83d-d145a80b0d37&r=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dopenx%26google_hm%3D%7Bopenx_uuid_base64%7D
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxjT7bvGATAB&v=APEucNUItSmTkldCPdZz8DqguRJz5f5F1PKEEd5c7JkIMFmc4IfdCcVtjc2oA-j4lZIMiabB-2b-SPS4tq5hw4gClke0IyVPHZcq5LRuBW-YlbprJWxE2lH7qXiFRfzLkiJPWS5D5TjjIAmzZ-oJdAchF0VOaK1j_B7hFHWZOV3dfHL4bX3Jx3s
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.64.218 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/0.0.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 29 Nov 2023 16:28:47 GMT
content-encoding: gzip
via: 1.1 google
server: OXGW/0.0.0
vary: Accept, Accept-Encoding
content-type: image/gif
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 56
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2

200

um
sync.teads.tv/ Frame C607
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_cm&google_dbm
https://sync.teads.tv/um?eid=3&uid=CAESEEJsEMB30IDqD3yPebb4sD8&google_cver=1

23 B
163 B

37ms
37ms

Image
image/gif

23.32.185.35
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.teads.tv/um?eid=3&uid=CAESEEJsEMB30IDqD3yPebb4sD8&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxjT7bvGATAB&v=APEucNUItSmTkldCPdZz8DqguRJz5f5F1PKEEd5c7JkIMFmc4IfdCcVtjc2oA-j4lZIMiabB-2b-SPS4tq5hw4gClke0IyVPHZcq5LRuBW-YlbprJWxE2lH7qXiFRfzLkiJPWS5D5TjjIAmzZ-oJdAchF0VOaK1j_B7hFHWZOV3dfHL4bX3Jx3s
Protocol: H2
Server: 23.32.185.35 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-32-185-35.deploy.static.akamaitechnologies.com
Software: pekko-http/1.0.0 /
Resource Hash: 328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

expires: Wed, 29 Nov 2023 16:28:47 GMT
pragma: no-cache
date: Wed, 29 Nov 2023 16:28:47 GMT
cache-control: max-age=0, no-cache, no-store
server: pekko-http/1.0.0
content-length: 23
content-type: image/gif

Redirect headers

pragma: no-cache
date: Wed, 29 Nov 2023 16:28:46 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://sync.teads.tv/um?eid=3&uid=CAESEEJsEMB30IDqD3yPebb4sD8&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 281
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 um
sync.teads.tv/ Frame C607 23 B
163 B 38ms
35ms Image
image/gif 23.32.185.35
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.teads.tv/um?eid=3&uid=&fb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dteadstv_dbm%26google_hm%3D%5BVID_B64%5D
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxjT7bvGATAB&v=APEucNUItSmTkldCPdZz8DqguRJz5f5F1PKEEd5c7JkIMFmc4IfdCcVtjc2oA-j4lZIMiabB-2b-SPS4tq5hw4gClke0IyVPHZcq5LRuBW-YlbprJWxE2lH7qXiFRfzLkiJPWS5D5TjjIAmzZ-oJdAchF0VOaK1j_B7hFHWZOV3dfHL4bX3Jx3s
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.32.185.35 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-32-185-35.deploy.static.akamaitechnologies.com
Software: pekko-http/1.0.0 /
Resource Hash: 328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

expires: Wed, 29 Nov 2023 16:28:47 GMT
pragma: no-cache
date: Wed, 29 Nov 2023 16:28:47 GMT
cache-control: max-age=0, no-cache, no-store
server: pekko-http/1.0.0
content-length: 23
content-type: image/gif

GET
H2

200

i.match
s.tribalfusion.com/z/ Frame 0B38
Redirect Chain

https://a.tribalfusion.com/i.match?p=b6&u=CAESEDsRKB4qV60ZyPgGdJDs20Q&google_cver=1&google_push=AXcoOmS0Kjjoy6ht-ZVruqBK7WR9ws9-nBjuu_KL1e2yVj0ICxwUGEtlkgTFdTR_ObyHyGGGdN2Q3rZnx305CAdHietqihLpkHbDL...
https://s.tribalfusion.com/z/i.match?p=b6&u=CAESEDsRKB4qV60ZyPgGdJDs20Q&google_cver=1&google_push=AXcoOmS0Kjjoy6ht-ZVruqBK7WR9ws9-nBjuu_KL1e2yVj0ICxwUGEtlkgTFdTR_ObyHyGGGdN2Q3rZnx305CAdHietqihLpkHb...

43 B
426 B

160ms
160ms

Image
image/gif

2606:4700::6812:18ad
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s.tribalfusion.com/z/i.match?p=b6&u=CAESEDsRKB4qV60ZyPgGdJDs20Q&google_cver=1&google_push=AXcoOmS0Kjjoy6ht-ZVruqBK7WR9ws9-nBjuu_KL1e2yVj0ICxwUGEtlkgTFdTR_ObyHyGGGdN2Q3rZnx305CAdHietqihLpkHbDLw&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAXcoOmS0Kjjoy6ht-ZVruqBK7WR9ws9-nBjuu_KL1e2yVj0ICxwUGEtlkgTFdTR_ObyHyGGGdN2Q3rZnx305CAdHietqihLpkHbDLw%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24
Requested by: Host: cybernews.com
URL: https://cybernews.com/security/appscook-data-leak/
Protocol: H2
Server: 2606:4700::6812:18ad , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 29 Nov 2023 16:28:47 GMT
cf-cache-status: DYNAMIC
x-function: 302
server: cloudflare
content-type: image/gif; charset=utf-8
p3p: CP="NOI DEVo TAIa OUR BUS"
cache-control: no-cache, private
cf-ray: 82dc39cb2b643a3d-FRA
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 29 Nov 2023 16:28:47 GMT
cf-cache-status: DYNAMIC
x-function: 206
server: cloudflare
x-reuse-index: 145
content-type: text/html
location: https://s.tribalfusion.com/z/i.match?p=b6&u=CAESEDsRKB4qV60ZyPgGdJDs20Q&google_cver=1&google_push=AXcoOmS0Kjjoy6ht-ZVruqBK7WR9ws9-nBjuu_KL1e2yVj0ICxwUGEtlkgTFdTR_ObyHyGGGdN2Q3rZnx305CAdHietqihLpkHbDLw&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAXcoOmS0Kjjoy6ht-ZVruqBK7WR9ws9-nBjuu_KL1e2yVj0ICxwUGEtlkgTFdTR_ObyHyGGGdN2Q3rZnx305CAdHietqihLpkHbDLw%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24
p3p: CP="NOI DEVo TAIa OUR BUS"
cache-control: no-cache, private
cf-ray: 82dc39c9c9493a3d-FRA
alt-svc: h3=":443"; ma=86400
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 0B38
Redirect Chain

https://um.simpli.fi/gp_match?google_gid=CAESEIncWRdgrpfQkGXrSIhWarQ&google_cver=1&google_push=AXcoOmRH-kbqAIaQbhSqojBxppw8Vp1ueKxuU7TbL5aFMEVCasOoGXyXLOncIlYohGkxF4k4vjFCmWU89KKfeSj6yW2txhN4SiQY
https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=E33D4836CBD0486DA1AA366A67373F8A&google_push=AXcoOmRH-kbqAIaQbhSqojBxppw8Vp1ueKxuU7TbL5aFMEVCasOoGXyXLOncIlYohGkxF4k4vjFCmWU89KKfeSj...

170 B
188 B

23ms
22ms

Image
image/png

142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=E33D4836CBD0486DA1AA366A67373F8A&google_push=AXcoOmRH-kbqAIaQbhSqojBxppw8Vp1ueKxuU7TbL5aFMEVCasOoGXyXLOncIlYohGkxF4k4vjFCmWU89KKfeSj6yW2txhN4SiQY

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 29 Nov 2023 16:28:47 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Wed, 29 Nov 2023 16:28:47 GMT
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-content-type-options: nosniff
server: openresty
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/html
location: https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=E33D4836CBD0486DA1AA366A67373F8A&google_push=AXcoOmRH-kbqAIaQbhSqojBxppw8Vp1ueKxuU7TbL5aFMEVCasOoGXyXLOncIlYohGkxF4k4vjFCmWU89KKfeSj6yW2txhN4SiQY
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length: 142
expires: Tue, 28 Nov 2023 16:28:47 GMT

GET
H2 204 AdxPixel
tr.blismedia.com/v1/api/sync/ Frame 0B38 0
174 B 49ms
19ms Image
text/plain 34.96.105.8
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tr.blismedia.com/v1/api/sync/AdxPixel?google_gid=CAESELngFcAIvIPceuizqXdw5Rg&google_cver=1&google_push=AXcoOmSrYqPS37j1i2r3pN5sT74chz7edUmpViF3npc-poVwdIdBD9V3uAW3j0fk8gc3Z1alaMLip5Mnjyf75v6PReFZfSVUpg57
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.96.105.8 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 8.105.96.34.bc.googleusercontent.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Wed, 29 Nov 2023 16:28:47 GMT
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

GET
H2 200 sync
x.bidswitch.net/ Frame 0B38 43 B
146 B 27ms
15ms Image
image/gif 18.184.108.41
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://x.bidswitch.net/sync?ssp=google_jp&google_gid=CAESEITIHlU4YVBKCbBBhPwuud4&google_cver=1&google_push=AXcoOmT1y-lwFynR_ElPq6W0gdx2a49_R1MirqHmFNPVxMcrJRi-L011ypv7yOkBXV5MupnOTBWvalMvlm5FMzrIujjik0_zypfopg
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.184.108.41 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-184-108-41.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Wed, 29 Nov 2023 16:28:47 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 43
content-type: image/gif

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 0B38
Redirect Chain

https://c1.adform.net/serving/cookie/match/?party=1&google_gid=CAESEOutusRLQJNENapFaTmL2_M&google_cver=1&google_push=AXcoOmS1zvdu_rELKE2-uIkbZqBH14tvTfgYQMdX2xAHt9YGgjkCbGrc-Xll6NUfHdTdGEa9Jk2NIzu4...
https://c1.adform.net/serving/cookie/match/?CC=1&party=1&google_gid=CAESEOutusRLQJNENapFaTmL2_M&google_cver=1&google_push=AXcoOmS1zvdu_rELKE2-uIkbZqBH14tvTfgYQMdX2xAHt9YGgjkCbGrc-Xll6NUfHdTdGEa9Jk2...
https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=MTgwNjcyNzAzNTg3MDk1ODEyNQ&google_push=AXcoOmS1zvdu_rELKE2-uIkbZqBH14tvTfgYQMdX2xAHt9YGgjkCbGrc-Xll6NUfHdTdGEa9Jk2NIz...

170 B
188 B

24ms
24ms

Image
image/png

142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=MTgwNjcyNzAzNTg3MDk1ODEyNQ&google_push=AXcoOmS1zvdu_rELKE2-uIkbZqBH14tvTfgYQMdX2xAHt9YGgjkCbGrc-Xll6NUfHdTdGEa9Jk2NIzu4fJfXJRJF2h8-Sstvctae

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 29 Nov 2023 16:28:47 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 29 Nov 2023 16:28:47 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
access-control-max-age: 86400
access-control-allow-methods: GET
location: https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=MTgwNjcyNzAzNTg3MDk1ODEyNQ&google_push=AXcoOmS1zvdu_rELKE2-uIkbZqBH14tvTfgYQMdX2xAHt9YGgjkCbGrc-Xll6NUfHdTdGEa9Jk2NIzu4fJfXJRJF2h8-Sstvctae
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length: 0
expires: -1

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 0B38
Redirect Chain

https://c1.adform.net/serving/cookie/match/?party=1&google_gid=CAESEOutusRLQJNENapFaTmL2_M&google_cver=1&google_push=AXcoOmTINfxHxpS7LanFI11PYfgnrFcpNymvYr9mx2uVbY3Fjg1q7ZuQadWeA1wIueeBojenIScZbpoA...
https://c1.adform.net/serving/cookie/match/?CC=1&party=1&google_gid=CAESEOutusRLQJNENapFaTmL2_M&google_cver=1&google_push=AXcoOmTINfxHxpS7LanFI11PYfgnrFcpNymvYr9mx2uVbY3Fjg1q7ZuQadWeA1wIueeBojenISc...
https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=NTcxNDUzMzEzMjU1OTc2Njk0OA&google_push=AXcoOmTINfxHxpS7LanFI11PYfgnrFcpNymvYr9mx2uVbY3Fjg1q7ZuQadWeA1wIueeBojenIScZbp...

170 B
188 B

23ms
23ms

Image
image/png

142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=NTcxNDUzMzEzMjU1OTc2Njk0OA&google_push=AXcoOmTINfxHxpS7LanFI11PYfgnrFcpNymvYr9mx2uVbY3Fjg1q7ZuQadWeA1wIueeBojenIScZbpoAhlnvVDLJXOvjPmIV8duiEQ

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 29 Nov 2023 16:28:47 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 29 Nov 2023 16:28:47 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
access-control-max-age: 86400
access-control-allow-methods: GET
location: https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=NTcxNDUzMzEzMjU1OTc2Njk0OA&google_push=AXcoOmTINfxHxpS7LanFI11PYfgnrFcpNymvYr9mx2uVbY3Fjg1q7ZuQadWeA1wIueeBojenIScZbpoAhlnvVDLJXOvjPmIV8duiEQ
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length: 0
expires: -1

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 0B38
Redirect Chain

https://onetag-sys.com/match/?int_id=19&redir=1&google_gid=CAESEAXL3dK71Mlu1V5KM1TJpb4&google_cver=1&google_push=AXcoOmRXN1L8Ks6Bt4NUPCWLsTWJb1N3loaH1G3DWdn_tXujeRVvJCGJyHPmNL34-75nZR3GoqeBDUv_vuoB...
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=AXcoOmRXN1L8Ks6Bt4NUPCWLsTWJb1N3loaH1G3DWdn_tXujeRVvJCGJyHPmNL34-75nZR3GoqeBDUv_vuoBNg9Uul0gX--2M7VTdA

170 B
188 B

26ms
26ms

Image
image/png

142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=AXcoOmRXN1L8Ks6Bt4NUPCWLsTWJb1N3loaH1G3DWdn_tXujeRVvJCGJyHPmNL34-75nZR3GoqeBDUv_vuoBNg9Uul0gX--2M7VTdA

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 29 Nov 2023 16:28:47 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=AXcoOmRXN1L8Ks6Bt4NUPCWLsTWJb1N3loaH1G3DWdn_tXujeRVvJCGJyHPmNL34-75nZR3GoqeBDUv_vuoBNg9Uul0gX--2M7VTdA
strict-transport-security: max-age=15552000
cache-control: no-transform, no-cache
alt-svc: h3=":443"; ma=900, h3-29=":443"; ma=900
content-length: 0
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame 0B38 0
12 B 22ms
21ms Image
text/html 142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13JZ3CYfpnxWHBe37-I1mj7_JPhqfVSgJp2K-cvp0s6bvSdYwj5wWMvZbwCfyWKhCLoqyXia

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Wed, 29 Nov 2023 16:28:46 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
content-type: text/html

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 3D32 0
20 B 47ms
47ms Ping
image/gif 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=760289074116&version=m202309260101

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 29 Nov 2023 16:28:47 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 3D32 0
20 B 48ms
48ms Ping
image/gif 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=760289074116&version=m202309260101&ct=77&x=1&cor=3956431064532319000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 29 Nov 2023 16:28:47 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 3D32 20 KB
14 KB 300ms
300ms Script
text/javascript 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-CjKydxY5KieqUXVyUVqiCJukXJlP6t5ql72WRH9CcvcOImQ92_Dq0lpsMr7-JsNXhbAq4F7CRaYk60X214km2BKoAhmZgDs8_rVXRcaFt1grOYgzzhDHBjXg4NLFcsYci0aekYik-R-CUlGyWRRnrMCQIDa-x1LIgXnhr7UueprMUMvxc&cry=1&dbm_d=AKAmf-BgWnRJBbYnzCgkk4bwo5CTdqnYnt9w9CQncO5l-LTgU0R2omgcB_iijznZULg7w7pxzBbug3hIt1J5C8DRk99HT5B6QPoUQv-aoXBszyw9HpBU-BmGGn4HG5CW4KjSHXm4ysZRZdsic4hiLD5cMsGYVTppgTl-qOrg0ZrjIsgp91rZj3eqRiSDP05rgFJSLeFk1DX9ZBOnWVHVfAFnwMI8Cc-vlVrHN3OcUbbiq1V53BNQonrlxi5mKLxvM7zCLak7qv64112i0H_U_zF_QMPAesC11MMe-Hxz2CKInr1zBVmLQefM6fU5qCxn71FX5SseVxf7Zeh4bnsFJVh1x0wiX4NVssnnACbcpAhyKpPRhkuIxUtBzOjWRplGzOu-wkJ14-lVE1MRXZMEXpp6w8mZzmNqsVe4HjCgeo8jirLglqD5QSLeb3y7Ir_9ZivLx7Pq4nOWgCZa9eBhudv2EK1ou7FDwClV4dvX7ZBurqxzmKaNrn4l0KwL0FGgLMcyQmvW8-ppWKsMwtwGh5tPRIQ4xnQjuz8hGFgsVl2UhvjhcyNJbhlKDMZ9KwI-J5O7jX-LzEtdc7dyYE_ZMqInIUlvkNFEIwvKeZnOl2eknYo3p4jfHtqBC7aCt0d8Ab63-2it-www1BpROJZ600XdUpYyt9gQDKWNsHtFUBm2LfadDzPn0VxnvfzIhns4Bprj_oqrSCDVl00gCLckC3RWLxBHjotaelQ92W1pCZ_McWyCRhrOQ4uplEcCvvyTKwGjhR33IgKiX_jjHiHgk387X4gfisnpUNQDkmPxSg_vgsgN3-F_Lg-juCCEKxARdBsu4S8nPrG7RlZ20ChDUYZseZwo34dXC1qwF0-TvPAk3Xavw3soec8N1i_moADIUbaDZuKg91uN0Bnz-OWfiKXa63eEVTeTRV6i7l7OyrJzpaQtS0tCh9ftHggim_iPtgZOJo5Z-YTosi6a5FaDeNuqC-5miaU4e9pdni28NCIsQP1yy5biliKQ4e67sgUgl3lBxK77splLXmOTM0BSmyercG6gxPKCLXNnxgWMDfGLPU9k7PqiVYyzutgnmrfbvrqYhAd5P0fHVBhMnGW56qmMCM9ZcyQL2AqsDf_ZDrY7Lqs16MgEfEx2mVQhfsMioSXCaLdXXmCPDonXPheSFKjWvnN1gPA5vsZzQMPkJ00qz_TsKneOsol4OEVN3ysbGNWRo-DQ3Ojb6KFB_7Tkv3ubwMsGlwALfgooRoxnCVIOlUxeBUz85L8g81EALePIYtge8pQ9wLxxzZlbEUy0SFBOxBbKdvfkbRR3uAF3xJYYKGL3LxanIWNJTWK0T95N0si3QrmuQ-_6DFzi0Au_wmG-rhXNAg1asWtJecWPZvZN91v9B8r79niP1w3BVja7ObVUBU_axIYKTU2Cdvn786m7YsMNCpHMNjVwR2lBY3m8sb9lkiOXyxwWefZxilONeJ0dj2bmKCZx5Qb0pnju4YjNbrV4hzbEAXmpZlnP8PU7uHMdVkFJSwuTW_g5y1zA1ipfLeDVj2MvLPol9fPzxFDT0rC-BJ0lPwLnFsAtsbGhTlSgIqcvanhty13Ot4YRQ63X705AoQt7XQBX3MlvjaTgBl7hfSGUX-qhMrRxslsQYUjGjSyL5aFTH0QZKuLoS2sDJ49QFz-zfgay5MsezrxROl3vxGJFxdauTcd27r1UMcZsyQcT5VY5ysfgc1nSi28DnYGC0hZ1GrjUkzQf-T6Bo-74aWCFeqkZ0qLPkfjYAMZnGNRxVjLrEVLJ5eh7BXJJKceJXrqLuTv3JPHPlgIBw2GtSb0BJ-6MDPjlb_AjAQWRFwqElHRydYFA08W2wDtcjO5cOBsu4ogBjgheATvXfihBmdr3-cpDZpmrK1lEqGa-RHjBYQFBHfQF3F1Q8CCw9JL8n2Gc2wrTO3LzY-xXBNHam8fcAZMVP8c9VO-oDDib3EW1DwIlVIj89beiVZFSDcmab9p_cI1B6mZrBFmbSVQG1zD3pFE0plV6EM3Q03o0yZK2p1caFaKfPN9iUk6zzsMU3wuUnRHAm2pmEIvZiWLuGn7GPBJqADBT_qD_e88_M7EstFDB6245FiubGqkthxdKybb5jFgEKCcT20F7higyyKQ0LMYGKihffeaoZJEgNWLg-KlcegKciH0FyXIygQHQf8eDT8_cBaO3rngtqlvv3HEok64OZdhaXKuStPEOZtYT5_pwVQC6AuxD52XmjDktdU45R9Bta1YBV31JfB-rX2Slix718eEmg7AYsY54YR7fo8BLo2bWroAS94HtvwR0NISOj5jS-3meaPJ2MHnYFyroH6IiKlGdGXitlCsFzu8n4yEuMxAGDNlzlR1g7fXHoZntPnpwGL6wEPHhKOmxyq6Kn85OPozwL-tdl37W4T5nfd7xQlVC5pEDJk2sDVWlhBdtJn_XSTgNay7eDiTkmVPqaMc_nKv0w2L_lGeyB32fO5f-_kfIpZMNggusD7JXbQIHoPLcxLCoXG3aNrqtEeLPcJ8URdNz3qceiU8SFbzeSgDQgEuzFUKyQWTZA61LsJnOci1SDjoStsWtjpcmN4kS97ioYFVGbdMjliZxKv_tvQJ3ODwM8zMP7_Z0Y_BgeiD_z6gEU9jSZvRW2feQlfZJmns8z-7bSNJFQErevn7yf_3wCWvX-R4AQi2TOBP34Eg2ANQfQjaDTvubJj3BGp5TbHR09wve2B7VH9I9n-qGsl4D_Q4NGnZH8wp8fnHoiSFEQRhWrLoahC4emwjKn2haT2C0PjinVPpKtVHtv6yMQTdQzq13hFxcwYJ7cUGUK7mdXzTVzL0g1duEgf2Do-olUYiDVbezZZXXqoFRc4-rCeShuTowHrVCSnLbgYuRmH6odx-5diefCsfvqsrBlFcZpYgswZTCT-aXmIOW7nc63F_-DkwysiXdWUf3pDLzCjRSOSBwusBNhy9vySkDbcU8AFQJpXd0COcbawQus3l75DbEkh_VPuZT8lcVyrquUtp9TWflUqFeAbG6WeZFoixkXAUE0OJ6sCd4XAJF4RsfW_riFimfgF533q_tjVhmNPrHZzE7bqdARYWwS2IoIijuj4Ad0obAkr3WzZTJbw0FdN2R8obkYa7tHgqzhe74WqdDhZKfSFyUtHeG0tYFeNdgzZ-jyVpS2QBE82yxF0fA9-v-NvvurMNkPXktP5z2F3TIEpyJuRCEzdHO-EZGS4cKp58ToQXilCNl8gjt-5kYviC-BnzmPtSpIST2a33AvB1NoMHcf0Ni0Utavf10ou2M3mXAY5tjmlNqYTMAfKCX3_EYNy-fC-ZVhG_2th6sVR_D85S3o5lmARJODlk-Uy0Bcyk3qDpS2cRo2gP8JL8TWtPkpo7_5LOLCVbFoXX3lFNc9t7K2ZSK2ZV3iljT-LkA2zIJW6St8hWWEwtojpMERV7ymOLDumhYi_DlSN2Pqxmqnh78gBsDxFBDgQ524cmc8lH2VQG6A5Okdk9Ao1Yxjkr34-U0L7mx7CnIY5rUYIkaIbEnldlbXQ8Hv7LgVrXhtQ8RnQhSdnPUL4F_2K5BDzb214CMNkuvGYuA2C6I6GzefQzl98KLrQdmJLbjHTxxHlqO3Rpw3JukrUSP_pldzSyUTObADiZkqhtzZODvhvak5tjfTDHb_xJjgO-2-pTHLlPTT1VtB1bUSlH4QfOKYp2GJ22LcUx0EUyJVcMV-Z1gtPsOommF5z5FujjG3-RJ0t9HRdy6V2K7PGVbp6zYn5Y8Pbs4Q6WWGBVw5c_37i-dXIXljSrzlRRNtVBJ6J2lOtGH4D_IrNVlae3haRkQgQP7tYrL0mMpm7TKq62PyLwNnHWPOVVNAjNNXfeHMc_B_ZnStgmj9y0hCPJRUXEUugsMXzA4MtAOAqQKNZ-XzwpK8Cjp2egE8KP0bMe57tdtcRs-2mMxYrE86LDIw4GDXTOV7SxQkfhab4nXYX7DlB9D6JAEmRxICY-FjoYUIW3ZWN0W4ZI352nrELzIjlGLW6E&cid=CAQSOwDICaaNrCmSD7__gs0hTIlSa3ZchGv7cN7_oDfeLwU-eTyxO36L-cGNljrC_0upaeAH47kNpojhJYWkGAE&dv3_ver=m202309260101&rfl=https%3A%2F%2Fcybernews.com&ds=l&xdt=1&iif=1&cor=3956431064532319000&adk=2988274607&idt=73&cac=0&dtd=6

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3885936dee7883abc483a2745672201e026a96962b89dc66db0638ea462e7cc3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 29 Nov 2023 16:28:47 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13849
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 56F3
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
17 B

25ms
25ms

Document
text/html

2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 29 Nov 2023 16:28:47 GMT
expires: Wed, 29 Nov 2023 16:28:47 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 29 Nov 2023 16:28:47 GMT
location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 62bHydCX.html Show response
tpc.googlesyndication.com/sodar/ Frame B1AD 38 KB
13 KB 25ms
25ms Document
text/html 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/62bHydCX.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

eb66c7c9d097d5ba414230f422484c17fa6f37157d30e1ded2cc5f65a9667987

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://4d058c42d22747ed1f386191f2385802.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 306607
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: br
content-length: 13045
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Sun, 26 Nov 2023 03:18:40 GMT
expires: Mon, 25 Nov 2024 03:18:40 GMT
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H/1.1

200
OK

request.php Show response
hal90004.redintelligence.net/ Frame FE32
Redirect Chain

https://hal90004.redintelligence.net/request.php?zone=jf2y0amzcvu0&nw=20&renderingType=javascript&namespace=d5c91ad52a&subid=&uid=be72f0a41dc53b3f&screenSize=1600x1200&screenSizeAvail=1600x1200&cli...
https://hal90004.redintelligence.net/request.php?zone=jf2y0amzcvu0&nw=20&renderingType=javascript&namespace=d5c91ad52a&subid=&uid=be72f0a41dc53b3f&screenSize=1600x1200&screenSizeAvail=1600x1200&cli...

4 KB
2 KB

108ms
85ms

Script
application/x-javascript

138.201.63.116
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal90004.redintelligence.net/request.php?zone=jf2y0amzcvu0&nw=20&renderingType=javascript&namespace=d5c91ad52a&subid=&uid=be72f0a41dc53b3f&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=300x600&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCLr7XvmZnZbOBFIW6juwP_M2viASm5b2gab2YnKfJD_AuEAEgz9DbnQFglcL-gZQHyAEJqQK-F5vFC2qyPqgDAcgDmwSqBKQCT9BP2bjbtNn7wyG7v6pisWwyu-xOVtIqcg7Bb5XXMM7TXSR2_uNE8TxUEVCj0W2YtF-tO0r6kqqze7Mh0KkdCE7FoasBqvADJ-zlJi7adKu46zn8_36Lx_JLsW0XbxP6n9_mMAw5Npwsx-shIatno4D4iFjGy7YTpFiUDu-KNhDQAeoQK_QbHjaG6QrOJaAoChGJpp066LUg_DDP6niplQl_OQxTzYdI_R5jgKbheQOt7sWurYSsf2zQSymnKy5cdlugLChTgC8VlwoIcAq8Pr4SQFuQfdtiX14AQS3ghqUhCfH5cpkjN9S1DWoihkOZK7MU5VGhT4osxLudV1m-1chISXdF1NJCP4jYJo_5WxTo-AfXcEmPRHdU2a_-iz-t4HT0YMAE64_8jvcD4AQDiAXvr5aIPpAGAaAGTYAHrK31nwOoB9m2sQKoB47OG6gHk9gbqAfulrECqAf-nrECqAfVyRuoB6a-G6gHmgaoB_PRG6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggfCIDhgBAQARgdMgKqAjoCgEBIvf3BOljYo_S70OmCA4AKA5gLAcgLAYAMAaIMGCoWChTktLEC7rWxArW4sQLktLEC7rWxAqoNAkRF4g0TCLDe9LvQ6YIDFQWdgwcd_OYLQbATh--xFdATANgTA4gUAdgUAdAVAfgWAYAXAQ%26ae%3D1%26num%3D1%26cid%3DCAQSOwDICaaNh9xmN-dIFEukHbhi9qV88XOkip3ZtczJ71G4Tw_1rIEwLQ2Mo8lQ5Mq6cBHt1TXtW9dLEdC2GAE%26sig%3DAOD64_23IV2h6bJtfOzcuLpI2EOJGZlOXQ%26client%3Dca-pub-4647811890505995%26dbm_c%3DAKAmf-D1a9cBWzq3vWnSdQBdY4nujpPwrzfFctyYM6XULtN9zAwhBUgoMkWzA2LvEKLBglMXHrXT-c5x91CCMtY_kJ02saJM5tvvSeVMsOCSgn3Yp1SK3WS1E5tRf75BGR9EJSJ8qfMkwcV_zmNfr4kAUFEvfim7uQ3v9qDPcYGTiJlZZI40LDo%26cry%3D1%26dbm_d%3DAKAmf-DjkJIJGChlVludpu2KKtBOY510Sglq96LCJV0dSrgMr2VKABSeagreOyN-gNiV8HU5h3EAPsfzratwvmfookI9mlcFLb4nYXvrE4-N4dcXX2wT9vqYvYgzPxotffjrOr0hB9KIaCzfFP3BdjP_w_0SyKNsblpA_Aq4lnSbehoVMGwA01Yzlt3pL3khHaevZPAVW6kxN2Czk2gnlEWZJKsRKVDWHNaY8IT5cJug36XFaaMg9H1iioWqwT8VYaMCoxBpahNGT9jXaC4KjNISbjsIoeObMXFIxOsK5DwKvnpo19GW8gQYN6YDDHKM4akNTbcBXFXRbY84wKrY_Itdh9mCOi1BfCwZrh3doBLTvXqSUS5DEpbNiPh90yXOKsGmpEkamuGxHqOzxvtNrv4G1F_yvypfFx4BjxIQbSFSsQ3wKadIoWFckSC-tKDYT-Zgg-E8gflMXO9yNaQvSUcA0dkmbgaztNFihqq1QXDFKEqjwqQhOcrQ3mdXKWHnK2g6whqVmNn2Sem-PfGqQNTAG8QJVBxLQsi8Whe--PU4y5IzDoilD86my8FOyJ0KMWx6pTL_mcw9F3iRlkWcxMlhrqZpJxB51Q%26adurl%3D&documentReferer=https%3A%2F%2F4d058c42d22747ed1f386191f2385802.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-40%2Fhtml%2Fcontainer.html&ancestorOrigins=https%3A%2F%2Fcybernews.com&random=4235163504229&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1
Requested by: Host: 4d058c42d22747ed1f386191f2385802.safeframe.googlesyndication.com
URL: https://4d058c42d22747ed1f386191f2385802.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: HTTP/1.1
Server: 138.201.63.116 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.116.63.201.138.clients.your-server.de
Software: Apache /
Resource Hash: e90fd0ae6192762a438ccd64e815f8716b3fa30f316d13800c2a3af3e7815fbe

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://4d058c42d22747ed1f386191f2385802.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 29 Nov 2023 16:28:47 GMT
Content-Encoding: gzip
Server: Apache
Vary: Accept-Encoding
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: application/x-javascript; charset=utf-8
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
X-NEORY-SubId: 61389200112753804444978012523004
Connection: close
Content-Length: 1338
Expires: Wed, 29 Nov 2023 16:28:47 +0100

Redirect headers

Pragma: no-cache
Date: Wed, 29 Nov 2023 16:28:47 GMT
Server: Apache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Location: request.php?zone=jf2y0amzcvu0&nw=20&renderingType=javascript&namespace=d5c91ad52a&subid=&uid=be72f0a41dc53b3f&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=300x600&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCLr7XvmZnZbOBFIW6juwP_M2viASm5b2gab2YnKfJD_AuEAEgz9DbnQFglcL-gZQHyAEJqQK-F5vFC2qyPqgDAcgDmwSqBKQCT9BP2bjbtNn7wyG7v6pisWwyu-xOVtIqcg7Bb5XXMM7TXSR2_uNE8TxUEVCj0W2YtF-tO0r6kqqze7Mh0KkdCE7FoasBqvADJ-zlJi7adKu46zn8_36Lx_JLsW0XbxP6n9_mMAw5Npwsx-shIatno4D4iFjGy7YTpFiUDu-KNhDQAeoQK_QbHjaG6QrOJaAoChGJpp066LUg_DDP6niplQl_OQxTzYdI_R5jgKbheQOt7sWurYSsf2zQSymnKy5cdlugLChTgC8VlwoIcAq8Pr4SQFuQfdtiX14AQS3ghqUhCfH5cpkjN9S1DWoihkOZK7MU5VGhT4osxLudV1m-1chISXdF1NJCP4jYJo_5WxTo-AfXcEmPRHdU2a_-iz-t4HT0YMAE64_8jvcD4AQDiAXvr5aIPpAGAaAGTYAHrK31nwOoB9m2sQKoB47OG6gHk9gbqAfulrECqAf-nrECqAfVyRuoB6a-G6gHmgaoB_PRG6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggfCIDhgBAQARgdMgKqAjoCgEBIvf3BOljYo_S70OmCA4AKA5gLAcgLAYAMAaIMGCoWChTktLEC7rWxArW4sQLktLEC7rWxAqoNAkRF4g0TCLDe9LvQ6YIDFQWdgwcd_OYLQbATh--xFdATANgTA4gUAdgUAdAVAfgWAYAXAQ%26ae%3D1%26num%3D1%26cid%3DCAQSOwDICaaNh9xmN-dIFEukHbhi9qV88XOkip3ZtczJ71G4Tw_1rIEwLQ2Mo8lQ5Mq6cBHt1TXtW9dLEdC2GAE%26sig%3DAOD64_23IV2h6bJtfOzcuLpI2EOJGZlOXQ%26client%3Dca-pub-4647811890505995%26dbm_c%3DAKAmf-D1a9cBWzq3vWnSdQBdY4nujpPwrzfFctyYM6XULtN9zAwhBUgoMkWzA2LvEKLBglMXHrXT-c5x91CCMtY_kJ02saJM5tvvSeVMsOCSgn3Yp1SK3WS1E5tRf75BGR9EJSJ8qfMkwcV_zmNfr4kAUFEvfim7uQ3v9qDPcYGTiJlZZI40LDo%26cry%3D1%26dbm_d%3DAKAmf-DjkJIJGChlVludpu2KKtBOY510Sglq96LCJV0dSrgMr2VKABSeagreOyN-gNiV8HU5h3EAPsfzratwvmfookI9mlcFLb4nYXvrE4-N4dcXX2wT9vqYvYgzPxotffjrOr0hB9KIaCzfFP3BdjP_w_0SyKNsblpA_Aq4lnSbehoVMGwA01Yzlt3pL3khHaevZPAVW6kxN2Czk2gnlEWZJKsRKVDWHNaY8IT5cJug36XFaaMg9H1iioWqwT8VYaMCoxBpahNGT9jXaC4KjNISbjsIoeObMXFIxOsK5DwKvnpo19GW8gQYN6YDDHKM4akNTbcBXFXRbY84wKrY_Itdh9mCOi1BfCwZrh3doBLTvXqSUS5DEpbNiPh90yXOKsGmpEkamuGxHqOzxvtNrv4G1F_yvypfFx4BjxIQbSFSsQ3wKadIoWFckSC-tKDYT-Zgg-E8gflMXO9yNaQvSUcA0dkmbgaztNFihqq1QXDFKEqjwqQhOcrQ3mdXKWHnK2g6whqVmNn2Sem-PfGqQNTAG8QJVBxLQsi8Whe--PU4y5IzDoilD86my8FOyJ0KMWx6pTL_mcw9F3iRlkWcxMlhrqZpJxB51Q%26adurl%3D&documentReferer=https%3A%2F%2F4d058c42d22747ed1f386191f2385802.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-40%2Fhtml%2Fcontainer.html&ancestorOrigins=https%3A%2F%2Fcybernews.com&random=4235163504229&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1
Content-Type: text/html; charset=UTF-8
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Connection: close
Content-Length: 0
Expires: Wed, 29 Nov 2023 16:28:47 +0100

GET sync.php
pixel.rubiconproject.com/ 0
0

GET
H2 200 KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ Frame FF16 16 KB
16 KB 63ms
28ms Font
font/woff2 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A400%2C500

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Sat, 25 Nov 2023 08:19:38 GMT
x-content-type-options: nosniff
age: 374949
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15920
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:45 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 24 Nov 2024 08:19:38 GMT

GET
H2 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v30/ Frame FF16 15 KB
16 KB 58ms
24ms Font
font/woff2 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A400%2C500

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Sat, 25 Nov 2023 13:37:09 GMT
x-content-type-options: nosniff
age: 355898
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15744
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:48 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 24 Nov 2024 13:37:09 GMT

GET
H3

200

/
www.googleadservices.com/pagead/ar-adview/ Frame FF16
Redirect Chain

https://googleads.g.doubleclick.net/pagead/adview?ai=Cno_KvmZnZaeEBYaQid4P0tKC0AP45u-3dMSPu_GeEv39rfafQRABILbX6XtglcL-gZQHoAGlvY3KA8gBCakCvhebxQtqsj6oAwHIA8sEqgStAk_QtfI7JggwDj7Vabzaj_6Th3nFEV22xk5...
https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%228752366147714398171%22,%22debug_reporting%22:true,%22destination%22:%22https://myskywind.com%22,%22event_report_window%22:...

0
0

78ms
49ms

Fetch
text/css

142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%228752366147714398171%22,%22debug_reporting%22:true,%22destination%22:%22https://myskywind.com%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%22960716453%22],%224%22:[%2211-29%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%223238228920255133873%22}&andc=true

Requested by

Host: cybernews.com
URL: https://cybernews.com/security/appscook-data-leak/

Protocol

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Wed, 29 Nov 2023 16:28:47 GMT
x-content-type-options: nosniff
attribution-reporting-register-source: {"debug_key":"8752366147714398171","debug_reporting":true,"destination":"https://myskywind.com","event_report_window":"259200","expiry":"2592000","filter_data":{"2":["960716453"],"4":["11-29"],"6":["true"]},"priority":"500","source_event_id":"3238228920255133873"}
server: cafe
content-type: text/css; charset=UTF-8
access-control-allow-origin: https://googleads.g.doubleclick.net
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Wed, 29 Nov 2023 16:28:47 GMT

Redirect headers

content-security-policy: script-src 'none'; object-src 'none'
date: Wed, 29 Nov 2023 16:28:47 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
location: https://www.googleadservices.com/pagead/ar-adview/?nrh={"debug_key":"8752366147714398171","debug_reporting":true,"destination":"https://myskywind.com","event_report_window":"259200","expiry":"2592000","filter_data":{"2":["960716453"],"4":["11-29"],"6":["true"]},"priority":"500","source_event_id":"3238228920255133873"}&andc=true
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3 200 GOa2ZK97xVqw-WOSDw2lqG4V8l_qTiI5JNj0tnI6N88.js Show response
pagead2.googlesyndication.com/bg/ Frame B1AD 39 KB
15 KB 13ms
13ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/GOa2ZK97xVqw-WOSDw2lqG4V8l_qTiI5JNj0tnI6N88.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/62bHydCX.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

18e6b664af7bc55ab0f963920f0da5a86e15f25fea4e223924d8f4b6723a37cf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Wed, 29 Nov 2023 12:42:36 GMT
content-encoding: br
x-content-type-options: nosniff
age: 13571
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15296
x-xss-protection: 0
last-modified: Mon, 06 Nov 2023 16:38:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 28 Nov 2024 12:42:36 GMT

GET
H3 200 6h7OZzYWuChAMW0yNvwaAqN_brH89lOBLHEXo8EbMVo.js Show response
pagead2.googlesyndication.com/bg/ Frame 25C2 39 KB
15 KB 14ms
14ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/6h7OZzYWuChAMW0yNvwaAqN_brH89lOBLHEXo8EbMVo.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ea1ece673616b82840316d3236fc1a02a37f6eb1fcf653812c7117a3c11b315a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 24 Nov 2023 00:36:09 GMT
content-encoding: br
x-content-type-options: nosniff
age: 489158
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15097
x-xss-protection: 0
last-modified: Mon, 06 Nov 2023 16:38:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 23 Nov 2024 00:36:09 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 1196 0
20 B 48ms
48ms Ping
image/gif 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=4412955269431&version=m202309260101

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 29 Nov 2023 16:28:47 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 1196 0
20 B 47ms
47ms Ping
image/gif 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=4412955269431&version=m202309260101&ct=77&x=1&cor=6078281579516912000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 29 Nov 2023 16:28:47 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 1196 20 KB
14 KB 302ms
302ms Script
text/javascript 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-DNSKCI_Yew_jQRvgv_z9FwjuvCAHtNq_oWxsRnq5gJy03949BvoJboNDz8H_hCe2b45h4jloDcwQMIsBbldXWaKk5d3Ss6E5_RXo1E7_luO3-ch3wqGo_kLaRro1MlPhK0UQrF4n9SDTqwhTyp7hO72xfmQclef3uRuzfnyS8j7E70ebQ&cry=1&dbm_d=AKAmf-AoNOUeGFh58Y-rX57URjtiTdUmLnPigJLO1O2UbV9qObff9DRfkCgOyLbu2-aSqxjBhbw_HyslgP1a17IraVB_IVSpTuOybU2IiC4PVxAHRvPE-tdkMyRBn4bIru47GLvlKRoVpyDlcrF4nsa8Fd-rcCX5BD9CFANC2OoR2qssTEK1wTloonKG6RxtSUkqg255Ts6zGp1P5XwhT3wo2JkJ1zGcMxz4OkcXXY56-dE9QlWPAF4As8v_Gsu1XWTKUCHWuzG1gOSmcJiXnDCxlGmw6cm35hvw7xaJ0BW9mbDGlQ4KmXNcsvS5mzc7AaiSTWQFybQDYDZmxZkKqI8l_LGH-B60wD5AOpTi0D7z1V2FUXX4Z5i_7om5m7_RtVbA01xFes8rqNzG5RgAoGTs7zUAQ0DuvhwtRVAdjk3KXuufwS-m5By5CdWrEmjhLmghI4QIVy5Nrh9gq3cskJwxzfAIKcVixULuuPEvl3MHeThMKWEZsEwinJJ5iu8xNSySIaw_E6nO9LJv_nuAVj_a0Y3SD0gxTtSFtVqzOatyApj5EXBTcIHXZhhldWE5APJddUSeK07957XgJNdPDKe9ris-EusPCjhKfi6KRbf8NKoznzoFXFepDQpwE3CIgIz81jHUbkw8SvUi592KjfAyxaJiZipaWgRcNSGNGgmwRjrrTaUZ1zBBXPSVf9taEXe2dWIhOtkIIMvGA5LTHw8EmEcKyhgTwqY4mu0iXEzJXUkCsNCWMES2Lm9tHDkSKG1M-dEp6-8zO-4icZVrU8TR-mFt8M1zMmmUwU-15vg6p6Qci0Y7W16dJXhq6E5CcCoGfW5oLqAZdtCL-Y345J3p0-1-667siIPzuaWB15oOkAuNzTCR0Brbsbo5q9PQbPnfN1o4eKyovtHWEIBYBvhipG5jl87d7jMc0-FTGtVXCwz2O6_1NXmKtvsaqIsk5wOxlBsyJcyOu4Zhv84F0ef1Bz-bLJ3vYWXR74gZicseI9lnR5rppDeHbpvvDlyrqoD-OiMqe1IIEQlEhG8KgUAtrz4KbcmBdWyGl7pHq4J2No9VcxXwWfrQiQIp-ZFLqxy01P-ocINElOfIR8_bLClz8NkClCeXA3eK3iqtC4s6psIVJBwKCFCy3b3FFXXBqIin3s14Fh3RUZ03RC8VzMB7WLdL8EezcRRxOuQDnXMb8SzWFnLxBMUu3iVAL8R_gyBPQiZeqDw6ZBbbzQ6bdYp3zzhyfUU66aytGiugkeYptEiJpYwkfNflfRQmPSwEebkPz-QkiLnvgWox3F3UghcB5Ztm1Y39wbKzwyKNr8x5YZ0EonZcM1UZvHOXxvXTtOTeB1jxljo0TbZnbrEq6TDEdnE2AtKy0X_b-vO3lmEFbfRalm8Ddb9g2owrbgnX-YC5VPpx7hn8fAR_KTJ2a3si4No0C2v4lyNrUqynkfES3ij6Uht8PSNiHjx7_JudmHy-Dq2Ex4Rae_tXs4KHcSiYzqW4vGwxkDgvUc839mwWk4n-orVe905d1KkyKdmN6kgAUbZLN2SUwkYvkD_8N32p_genJxbqcYvU2tWHxVQ46plFpp6XGay_1e5tQBz7ztuYZPeEAImcOVjTzEPsMQqOzMttmGgdlCsESUtqF8JWU7EYi0VuHas2DPwfm7k6LoGFmk7-M2TFswWtixlnLXFaeI_BtePVvKxKJiUhN51dXjqw-hmCBW5FyDLphjEkVPEInuzqFj2Acvx0zt57MI31W-zq57w0Ekd3ge7uj_iGYZjBV22jX2mgXMbFsKyFmef4X9x17yNlFkhxw_gQY2AgU-u5-CIetUCXzKa-dezDWXYAIyLutYmgcOuzmNWWrYdJCRCtBP8uCnln0LHzYtA2rCwdzs7-KqvCVeRg5Iz7yfxeJkxz0-V4_FlNU01N42dCJ4H0snEk0LMC59jTysSqT7vNwuadQ8jtKUUKSYidpmZiXNJRB4A2LotQvgP3lVNYbUwwh3X02whfxk817oTgVK-mJJrQUGetIy4Kzul-yw30fTd56UnLhagQtxCjRFfS38a5lDpc_DJqsK_8SP5hMK_GnpeWVD1EU1AAxcWz6CLMoMycPdsSwlZfXonuG7Lr06TGpmgAINUPnWs56rTPnlCtCC_Gdt0QPB-dHB3dUTg32e7pxeSY5RROkvIzhI42hLkhJhGOhTE-YpfvqvR1IX07PEMZIxOzDp1f0KgNiuSJ9WD6LCvG2jwdFxGtnUdJYY77Jw3DdePzjcjUOCw2w0cF7Ma_c4cg1NRjVAJfHIcFjQ2LFmrKXmMotYQVPtCyj5A2MEzY2-cxiJL2TU4-tDZCAJAkudZ8uj0SvGjs64RkKDsRrBMxLLrOAPNeYYLnyN8SsSUeIo4Aqw4ifImICVDyg5RZTk_zhazIjcPIKsk789al7hoMnZq-DECheW0cVyRB6d88AXZ6sRs9Vee5_02-cn6pnW8ovQQ2oVDV3YFRv8seM53DAwDlBjpSLIZeu5o6d51mzRzi4V7LC_553uzngTPOQBGvBwpN1hKwupPQHkC12qAGCKM0Y-1xnMJ4R3cvGcrYpaWNL_yKPq_iyNzFEH29nOV4VJjdPdPxyH9xC_vGVLEWRF4AH6918pwL-ihvj6wpGfvF7Op53c15rqWiRF33SdwdyaYTMps44vEfLws3VeYe0kFIQo4HJirL5SuJQhtoLG-PUYvTliRO_U9kqSpgWZwd0dRIHAFlYYIc-ox3yFF2icB0HRX-s16uU2rHI5SlPZ_60saFIREGY5Z5Fojh0P0UZost_IpYD0swszn1iKy4ql6y99n9k_uu12ITZ5hL0IGLD2a6LdrFSpx_BEd4kLRZv7RdERijuLlKdndB8e-YPmVxBAG2zYVYyqiKC2QTMeW9cOmfIAIdZ7iTwW85_wlfzeBdCR1whoPcre_waReHBVXwsdsHN7F1kjpFyvyKTCwS6zG3MCSofqT8A3C4KDPy2yvFAlPQd95vptKbvHz_CNDouDTpNV6oQi4fCaYpkvSXAIaPYXxjTq9N0paSBmv9SDG0Mk703hs0pD0fN_h_peTgXvd4sSM1GRQW7q7SIqFXYN1POabo0RlZZgkXSF-VYptjvK7rlP5UDgFE-RXNtqeBDdcq6Imy_xjNb8aeYRXrehEoadEiZjCPBwKj4Ys9UQat7A2HlJUWfV6i2uq7kesO-c407OYyCyxoRNbO9DcDXrpwpQd8zythHHaNn24VXkNs0y0lcRPxEPCwiDyzxkFMTJTAe4FN7lxlpByyjkTSGBY_rCrsG5OmCzrGFupmNU_W4_ejee64ZjaPgkLGpvme-8QQ5Xm4cuSfZhlBFpTDZ4L6wuLchyw-h4f8jYr5lifgtqLen-ukt9lEFWjvZ8jXWXByWY7VZe0nMRlOgZSSVvf3YDn6Vqv2o_YTs-jnypOQr_ymoNHdAwwCQCcTj5axhCUT2iph-AYuIw5gSGXxYLc5dJk4pO7xfljhpc_cx8fj24S9V63uBAfhKfxaThPEb9HYF4gt3w5K_7az-UZ1hXXwhv8VehKWxY79npHXf3z-viNYl30jTtCtUiZ7Ltx832y82v7PrdBDZdOOFpQO26FiwES7aMdtMeqbdt4Dz7ojn2wVOPmm5UDw8soQhtK_newW1d8gDqfR94jXj9-_pmOgdXSTz9Ft8MecB5_LiWMYpxYW6NA1eUvWii04Z3oXuXJiIJ-jdvk49UuKz1t3ydDGNkF6E2NczeSHD2G0kMpHIyprjs9kuPOoF-cqoteGaHEgQyFJlP5LeweSx_hNCusTcTCRAuQW8RAWm9AnMThudHyuEChchGtMMqSEvsYAXL-z6QpUFBXQMtL3H2gW4YtyYJOKW8n4iXgEMMvHxsb41Wp_zioCUsA_ZDazR3fBISCcRYvRAXs6txb71_MlfYuo-MPsJ5h9xSLLiyh_CoduGatnACQ0Y89nA8KtP9Kep4Y68-8RVDUq5uQaLIdz8tZ2JxfL6_7cq64VjcZ-TckkL-BCOxbKK9Es9xg&cid=CAQSOwDICaaNrCmSD7__gs0hTIlSa3ZchGv7cN7_oDfeLwU-eTyxO36L-cGNljrC_0upaeAH47kNpojhJYWkGAE&dc_eid=31079495&dv3_ver=m202309260101&rfl=https%3A%2F%2Fcybernews.com&ds=l&xdt=1&iif=1&cor=6078281579516912000&adk=2935317967&idt=159&cac=0&dtd=4

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3b871444469394a599f0718099c9400776795873ec5350e975ca84c18a71d00c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 29 Nov 2023 16:28:47 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14040
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

/
www.googleadservices.com/pagead/ar-adview/ Frame 00FC
Redirect Chain

https://googleads.g.doubleclick.net/pagead/adview?ai=C9xnBvmZnZZHZBJaXid4Pip2loA7-jbWTdO3o57_bEafHrI_ZDxABILbX6XtglcL-gZQHoAHZ3YnGA8gBAqkCvhebxQtqsj6oAwHIA8kEqgSXAk_QkOVJSp8dwe9wMJze4z83mtEIl5F9Qhv...
https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%2218035210657938404444%22,%22debug_reporting%22:true,%22destination%22:%22https://hausfrage.de%22,%22event_report_window%22:...

0
0

77ms
49ms

Fetch
text/css

142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%2218035210657938404444%22,%22debug_reporting%22:true,%22destination%22:%22https://hausfrage.de%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%22952266457%22],%224%22:[%2211-29%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%2217619920726351842753%22}&andc=true

Requested by

Host: cybernews.com
URL: https://cybernews.com/security/appscook-data-leak/

Protocol

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Wed, 29 Nov 2023 16:28:47 GMT
x-content-type-options: nosniff
attribution-reporting-register-source: {"debug_key":"18035210657938404444","debug_reporting":true,"destination":"https://hausfrage.de","event_report_window":"259200","expiry":"2592000","filter_data":{"2":["952266457"],"4":["11-29"],"6":["true"]},"priority":"500","source_event_id":"17619920726351842753"}
server: cafe
content-type: text/css; charset=UTF-8
access-control-allow-origin: https://googleads.g.doubleclick.net
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Wed, 29 Nov 2023 16:28:47 GMT

Redirect headers

content-security-policy: script-src 'none'; object-src 'none'
date: Wed, 29 Nov 2023 16:28:47 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
location: https://www.googleadservices.com/pagead/ar-adview/?nrh={"debug_key":"18035210657938404444","debug_reporting":true,"destination":"https://hausfrage.de","event_report_window":"259200","expiry":"2592000","filter_data":{"2":["952266457"],"4":["11-29"],"6":["true"]},"priority":"500","source_event_id":"17619920726351842753"}&andc=true
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3 200 6h7OZzYWuChAMW0yNvwaAqN_brH89lOBLHEXo8EbMVo.js Show response
pagead2.googlesyndication.com/bg/ Frame 5A4E 39 KB
15 KB 13ms
13ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/6h7OZzYWuChAMW0yNvwaAqN_brH89lOBLHEXo8EbMVo.js

Requested by

Host: cybernews.com
URL: https://cybernews.com/security/appscook-data-leak/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ea1ece673616b82840316d3236fc1a02a37f6eb1fcf653812c7117a3c11b315a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 24 Nov 2023 00:36:09 GMT
content-encoding: br
x-content-type-options: nosniff
age: 489158
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15097
x-xss-protection: 0
last-modified: Mon, 06 Nov 2023 16:38:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 23 Nov 2024 00:36:09 GMT

GET
H3 200 6h7OZzYWuChAMW0yNvwaAqN_brH89lOBLHEXo8EbMVo.js Show response
pagead2.googlesyndication.com/bg/ Frame 0FD4 39 KB
15 KB 13ms
13ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/6h7OZzYWuChAMW0yNvwaAqN_brH89lOBLHEXo8EbMVo.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ea1ece673616b82840316d3236fc1a02a37f6eb1fcf653812c7117a3c11b315a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 24 Nov 2023 00:36:09 GMT
content-encoding: br
x-content-type-options: nosniff
age: 489158
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15097
x-xss-protection: 0
last-modified: Mon, 06 Nov 2023 16:38:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 23 Nov 2024 00:36:09 GMT

OPTIONS
H2 204 /
www.googleadservices.com/pagead/ar-adview/ Frame 0
0 83ms
48ms Preflight
text/html 142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: attribution-reporting-eligible
Access-Control-Request-Method: GET
Origin: https://googleads.g.doubleclick.net
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: attribution-reporting-eligible
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-origin: https://googleads.g.doubleclick.net
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
content-type: text/html; charset=UTF-8
date: Wed, 29 Nov 2023 16:28:47 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

OPTIONS
H2 204 /
www.googleadservices.com/pagead/ar-adview/ Frame 0
0 71ms
49ms Preflight
text/html 142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

static.88-198-250-30.clients.your-server.de

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: attribution-reporting-eligible
Access-Control-Request-Method: GET
Origin: https://googleads.g.doubleclick.net
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: attribution-reporting-eligible
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-origin: https://googleads.g.doubleclick.net
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
content-type: text/html; charset=UTF-8
date: Wed, 29 Nov 2023 16:28:47 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2

200

view.aspx Show response
pb.media01.eu/ Frame 948A
Redirect Chain

https://pv.medialead.de/trck/epv/e99aace94e6e5873881d3400993e1e7e?subid=61389200112753804444978012523004&t=htlp&gdpr=1&consent=1&gdpr_consent=
https://pb.media01.eu/view.aspx?trackid=529D4F146E3238B0FD87AE72E1190AD4&dt_subid1=52180&dt_subid2=61389200112753804444978012523004&actionid=879111&produktid=ratenkredit&dt_url=

0
182 B

54ms
54ms

Document
text/html

88.198.250.30
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://pb.media01.eu/view.aspx?trackid=529D4F146E3238B0FD87AE72E1190AD4&dt_subid1=52180&dt_subid2=61389200112753804444978012523004&actionid=879111&produktid=ratenkredit&dt_url=

Requested by

Host: hal90004.redintelligence.net
URL: https://hal90004.redintelligence.net/request.php?zone=jf2y0amzcvu0&nw=20&renderingType=javascript&namespace=d5c91ad52a&subid=&uid=be72f0a41dc53b3f&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=300x600&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCLr7XvmZnZbOBFIW6juwP_M2viASm5b2gab2YnKfJD_AuEAEgz9DbnQFglcL-gZQHyAEJqQK-F5vFC2qyPqgDAcgDmwSqBKQCT9BP2bjbtNn7wyG7v6pisWwyu-xOVtIqcg7Bb5XXMM7TXSR2_uNE8TxUEVCj0W2YtF-tO0r6kqqze7Mh0KkdCE7FoasBqvADJ-zlJi7adKu46zn8_36Lx_JLsW0XbxP6n9_mMAw5Npwsx-shIatno4D4iFjGy7YTpFiUDu-KNhDQAeoQK_QbHjaG6QrOJaAoChGJpp066LUg_DDP6niplQl_OQxTzYdI_R5jgKbheQOt7sWurYSsf2zQSymnKy5cdlugLChTgC8VlwoIcAq8Pr4SQFuQfdtiX14AQS3ghqUhCfH5cpkjN9S1DWoihkOZK7MU5VGhT4osxLudV1m-1chISXdF1NJCP4jYJo_5WxTo-AfXcEmPRHdU2a_-iz-t4HT0YMAE64_8jvcD4AQDiAXvr5aIPpAGAaAGTYAHrK31nwOoB9m2sQKoB47OG6gHk9gbqAfulrECqAf-nrECqAfVyRuoB6a-G6gHmgaoB_PRG6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggfCIDhgBAQARgdMgKqAjoCgEBIvf3BOljYo_S70OmCA4AKA5gLAcgLAYAMAaIMGCoWChTktLEC7rWxArW4sQLktLEC7rWxAqoNAkRF4g0TCLDe9LvQ6YIDFQWdgwcd_OYLQbATh--xFdATANgTA4gUAdgUAdAVAfgWAYAXAQ%26ae%3D1%26num%3D1%26cid%3DCAQSOwDICaaNh9xmN-dIFEukHbhi9qV88XOkip3ZtczJ71G4Tw_1rIEwLQ2Mo8lQ5Mq6cBHt1TXtW9dLEdC2GAE%26sig%3DAOD64_23IV2h6bJtfOzcuLpI2EOJGZlOXQ%26client%3Dca-pub-4647811890505995%26dbm_c%3DAKAmf-D1a9cBWzq3vWnSdQBdY4nujpPwrzfFctyYM6XULtN9zAwhBUgoMkWzA2LvEKLBglMXHrXT-c5x91CCMtY_kJ02saJM5tvvSeVMsOCSgn3Yp1SK3WS1E5tRf75BGR9EJSJ8qfMkwcV_zmNfr4kAUFEvfim7uQ3v9qDPcYGTiJlZZI40LDo%26cry%3D1%26dbm_d%3DAKAmf-DjkJIJGChlVludpu2KKtBOY510Sglq96LCJV0dSrgMr2VKABSeagreOyN-gNiV8HU5h3EAPsfzratwvmfookI9mlcFLb4nYXvrE4-N4dcXX2wT9vqYvYgzPxotffjrOr0hB9KIaCzfFP3BdjP_w_0SyKNsblpA_Aq4lnSbehoVMGwA01Yzlt3pL3khHaevZPAVW6kxN2Czk2gnlEWZJKsRKVDWHNaY8IT5cJug36XFaaMg9H1iioWqwT8VYaMCoxBpahNGT9jXaC4KjNISbjsIoeObMXFIxOsK5DwKvnpo19GW8gQYN6YDDHKM4akNTbcBXFXRbY84wKrY_Itdh9mCOi1BfCwZrh3doBLTvXqSUS5DEpbNiPh90yXOKsGmpEkamuGxHqOzxvtNrv4G1F_yvypfFx4BjxIQbSFSsQ3wKadIoWFckSC-tKDYT-Zgg-E8gflMXO9yNaQvSUcA0dkmbgaztNFihqq1QXDFKEqjwqQhOcrQ3mdXKWHnK2g6whqVmNn2Sem-PfGqQNTAG8QJVBxLQsi8Whe--PU4y5IzDoilD86my8FOyJ0KMWx6pTL_mcw9F3iRlkWcxMlhrqZpJxB51Q%26adurl%3D&documentReferer=https%3A%2F%2F4d058c42d22747ed1f386191f2385802.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-40%2Fhtml%2Fcontainer.html&ancestorOrigins=https%3A%2F%2Fcybernews.com&random=4235163504229&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

88.198.250.30 , Germany, ASN24940 (HETZNER-AS, DE),

Reverse DNS

Software

Microsoft-IIS/10.0 / ASP.NET

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	1; mode=block

Request headers

Referer: https://4d058c42d22747ed1f386191f2385802.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Content-Range, Content-Disposition, Content-Description, X-XSRF-TOKEN, X-Location
access-control-allow-methods: GET,POST
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
content-length: 0
content-type: text/html; charset=UTF-8
date: Wed, 29 Nov 2023 16:28:49 GMT
expires: Mon, 26 Jul 1997 05:00:00 GMT
last-modified: Wed, 29 Nov 2023 05:28:49 GMT
p3p: policyref="https://pb.media01.eu/pb.media01.eu/p3p.xml", CP="NOI NID PSA OUR BUS NAV STA"
pragma: no-cache
server: Microsoft-IIS/10.0
x-aspnet-version: 4.0.30319
x-powered-by: ASP.NET
x-xss-protection: 1; mode=block

Redirect headers

access-control-allow-credentials: true
access-control-allow-origin: *
access-control-expose-headers: X-Request-ID
attribution-reporting-register-source: {"source_event_id":"17200521800104416","destination":"https://trck.easy-m.de","expiry":5184000,"filter_data":{}}
content-length: 0
content-type: application/javascript
date: Wed, 29 Nov 2023 16:28:49 GMT
host: pv.medialead.de
keep-alive: timeout=20
location: https://pb.media01.eu/view.aspx?trackid=529D4F146E3238B0FD87AE72E1190AD4&dt_subid1=52180&dt_subid2=61389200112753804444978012523004&actionid=879111&produktid=ratenkredit&dt_url=
proxy-host: pv.medialead.de
server: nginx/1.17.5
strict-transport-security: max-age=15768000
vary: Origin
x-iplb-instance: 53758
x-iplb-request-id: 253A3AF9:9D6A_91EFC182:01BB_656766BF_433C98:41F0

GET
H2 200 / Show response
adv.office-partner.de/ Frame CF76 930 B
923 B 22ms
7ms Document
text/html 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to

Full URL: https://adv.office-partner.de/?utm_source=webgains&utm_campaign=webgains
Requested by: Host: hal90004.redintelligence.net
URL: https://hal90004.redintelligence.net/request.php?zone=jf2y0amzcvu0&nw=20&renderingType=javascript&namespace=d5c91ad52a&subid=&uid=be72f0a41dc53b3f&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=300x600&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCLr7XvmZnZbOBFIW6juwP_M2viASm5b2gab2YnKfJD_AuEAEgz9DbnQFglcL-gZQHyAEJqQK-F5vFC2qyPqgDAcgDmwSqBKQCT9BP2bjbtNn7wyG7v6pisWwyu-xOVtIqcg7Bb5XXMM7TXSR2_uNE8TxUEVCj0W2YtF-tO0r6kqqze7Mh0KkdCE7FoasBqvADJ-zlJi7adKu46zn8_36Lx_JLsW0XbxP6n9_mMAw5Npwsx-shIatno4D4iFjGy7YTpFiUDu-KNhDQAeoQK_QbHjaG6QrOJaAoChGJpp066LUg_DDP6niplQl_OQxTzYdI_R5jgKbheQOt7sWurYSsf2zQSymnKy5cdlugLChTgC8VlwoIcAq8Pr4SQFuQfdtiX14AQS3ghqUhCfH5cpkjN9S1DWoihkOZK7MU5VGhT4osxLudV1m-1chISXdF1NJCP4jYJo_5WxTo-AfXcEmPRHdU2a_-iz-t4HT0YMAE64_8jvcD4AQDiAXvr5aIPpAGAaAGTYAHrK31nwOoB9m2sQKoB47OG6gHk9gbqAfulrECqAf-nrECqAfVyRuoB6a-G6gHmgaoB_PRG6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggfCIDhgBAQARgdMgKqAjoCgEBIvf3BOljYo_S70OmCA4AKA5gLAcgLAYAMAaIMGCoWChTktLEC7rWxArW4sQLktLEC7rWxAqoNAkRF4g0TCLDe9LvQ6YIDFQWdgwcd_OYLQbATh--xFdATANgTA4gUAdgUAdAVAfgWAYAXAQ%26ae%3D1%26num%3D1%26cid%3DCAQSOwDICaaNh9xmN-dIFEukHbhi9qV88XOkip3ZtczJ71G4Tw_1rIEwLQ2Mo8lQ5Mq6cBHt1TXtW9dLEdC2GAE%26sig%3DAOD64_23IV2h6bJtfOzcuLpI2EOJGZlOXQ%26client%3Dca-pub-4647811890505995%26dbm_c%3DAKAmf-D1a9cBWzq3vWnSdQBdY4nujpPwrzfFctyYM6XULtN9zAwhBUgoMkWzA2LvEKLBglMXHrXT-c5x91CCMtY_kJ02saJM5tvvSeVMsOCSgn3Yp1SK3WS1E5tRf75BGR9EJSJ8qfMkwcV_zmNfr4kAUFEvfim7uQ3v9qDPcYGTiJlZZI40LDo%26cry%3D1%26dbm_d%3DAKAmf-DjkJIJGChlVludpu2KKtBOY510Sglq96LCJV0dSrgMr2VKABSeagreOyN-gNiV8HU5h3EAPsfzratwvmfookI9mlcFLb4nYXvrE4-N4dcXX2wT9vqYvYgzPxotffjrOr0hB9KIaCzfFP3BdjP_w_0SyKNsblpA_Aq4lnSbehoVMGwA01Yzlt3pL3khHaevZPAVW6kxN2Czk2gnlEWZJKsRKVDWHNaY8IT5cJug36XFaaMg9H1iioWqwT8VYaMCoxBpahNGT9jXaC4KjNISbjsIoeObMXFIxOsK5DwKvnpo19GW8gQYN6YDDHKM4akNTbcBXFXRbY84wKrY_Itdh9mCOi1BfCwZrh3doBLTvXqSUS5DEpbNiPh90yXOKsGmpEkamuGxHqOzxvtNrv4G1F_yvypfFx4BjxIQbSFSsQ3wKadIoWFckSC-tKDYT-Zgg-E8gflMXO9yNaQvSUcA0dkmbgaztNFihqq1QXDFKEqjwqQhOcrQ3mdXKWHnK2g6whqVmNn2Sem-PfGqQNTAG8QJVBxLQsi8Whe--PU4y5IzDoilD86my8FOyJ0KMWx6pTL_mcw9F3iRlkWcxMlhrqZpJxB51Q%26adurl%3D&documentReferer=https%3A%2F%2F4d058c42d22747ed1f386191f2385802.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-40%2Fhtml%2Fcontainer.html&ancestorOrigins=https%3A%2F%2Fcybernews.com&random=4235163504229&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),
Reverse DNS
Software: keycdn /
Resource Hash: 384179ee8fb1fd393558e28ea811532ea776e8cd69f9e94f379ddefb78948bd7

Request headers

Referer: https://4d058c42d22747ed1f386191f2385802.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
cache-control: max-age=604800
content-encoding: gzip
content-length: 552
content-type: text/html
date: Wed, 29 Nov 2023 16:28:47 GMT
etag: "3a2-5c1ab16b3be00-gzip"
expires: Wed, 06 Dec 2023 16:28:47 GMT
last-modified: Thu, 06 May 2021 15:37:28 GMT
link: <https://adv-srv.office-partner.de/?utm_source=webgains&utm_campaign=webgains>; rel="canonical"
server: keycdn
vary: Accept-Encoding
x-accel-version: 0.01
x-cache: HIT
x-edge-location: defr

GET
H2

200

htlp Show response
futalis.de/ Frame 2ECB
Redirect Chain

https://cdn.retailads.net/tb.php?t=150337V2172132532M&subid=61389200112753804444978012523004&ra_cnt_active=1&ra_cnt=1
https://futalis.de/htlp?utm_medium=affiliate&utm_source=retailads&utm_campaign=150337&ra_id=3352676751

350 B
401 B

46ms
17ms

Document
text/html

167.233.14.134
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://futalis.de/htlp?utm_medium=affiliate&utm_source=retailads&utm_campaign=150337&ra_id=3352676751
Requested by: Host: hal90004.redintelligence.net
URL: https://hal90004.redintelligence.net/request.php?zone=jf2y0amzcvu0&nw=20&renderingType=javascript&namespace=d5c91ad52a&subid=&uid=be72f0a41dc53b3f&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=300x600&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCLr7XvmZnZbOBFIW6juwP_M2viASm5b2gab2YnKfJD_AuEAEgz9DbnQFglcL-gZQHyAEJqQK-F5vFC2qyPqgDAcgDmwSqBKQCT9BP2bjbtNn7wyG7v6pisWwyu-xOVtIqcg7Bb5XXMM7TXSR2_uNE8TxUEVCj0W2YtF-tO0r6kqqze7Mh0KkdCE7FoasBqvADJ-zlJi7adKu46zn8_36Lx_JLsW0XbxP6n9_mMAw5Npwsx-shIatno4D4iFjGy7YTpFiUDu-KNhDQAeoQK_QbHjaG6QrOJaAoChGJpp066LUg_DDP6niplQl_OQxTzYdI_R5jgKbheQOt7sWurYSsf2zQSymnKy5cdlugLChTgC8VlwoIcAq8Pr4SQFuQfdtiX14AQS3ghqUhCfH5cpkjN9S1DWoihkOZK7MU5VGhT4osxLudV1m-1chISXdF1NJCP4jYJo_5WxTo-AfXcEmPRHdU2a_-iz-t4HT0YMAE64_8jvcD4AQDiAXvr5aIPpAGAaAGTYAHrK31nwOoB9m2sQKoB47OG6gHk9gbqAfulrECqAf-nrECqAfVyRuoB6a-G6gHmgaoB_PRG6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggfCIDhgBAQARgdMgKqAjoCgEBIvf3BOljYo_S70OmCA4AKA5gLAcgLAYAMAaIMGCoWChTktLEC7rWxArW4sQLktLEC7rWxAqoNAkRF4g0TCLDe9LvQ6YIDFQWdgwcd_OYLQbATh--xFdATANgTA4gUAdgUAdAVAfgWAYAXAQ%26ae%3D1%26num%3D1%26cid%3DCAQSOwDICaaNh9xmN-dIFEukHbhi9qV88XOkip3ZtczJ71G4Tw_1rIEwLQ2Mo8lQ5Mq6cBHt1TXtW9dLEdC2GAE%26sig%3DAOD64_23IV2h6bJtfOzcuLpI2EOJGZlOXQ%26client%3Dca-pub-4647811890505995%26dbm_c%3DAKAmf-D1a9cBWzq3vWnSdQBdY4nujpPwrzfFctyYM6XULtN9zAwhBUgoMkWzA2LvEKLBglMXHrXT-c5x91CCMtY_kJ02saJM5tvvSeVMsOCSgn3Yp1SK3WS1E5tRf75BGR9EJSJ8qfMkwcV_zmNfr4kAUFEvfim7uQ3v9qDPcYGTiJlZZI40LDo%26cry%3D1%26dbm_d%3DAKAmf-DjkJIJGChlVludpu2KKtBOY510Sglq96LCJV0dSrgMr2VKABSeagreOyN-gNiV8HU5h3EAPsfzratwvmfookI9mlcFLb4nYXvrE4-N4dcXX2wT9vqYvYgzPxotffjrOr0hB9KIaCzfFP3BdjP_w_0SyKNsblpA_Aq4lnSbehoVMGwA01Yzlt3pL3khHaevZPAVW6kxN2Czk2gnlEWZJKsRKVDWHNaY8IT5cJug36XFaaMg9H1iioWqwT8VYaMCoxBpahNGT9jXaC4KjNISbjsIoeObMXFIxOsK5DwKvnpo19GW8gQYN6YDDHKM4akNTbcBXFXRbY84wKrY_Itdh9mCOi1BfCwZrh3doBLTvXqSUS5DEpbNiPh90yXOKsGmpEkamuGxHqOzxvtNrv4G1F_yvypfFx4BjxIQbSFSsQ3wKadIoWFckSC-tKDYT-Zgg-E8gflMXO9yNaQvSUcA0dkmbgaztNFihqq1QXDFKEqjwqQhOcrQ3mdXKWHnK2g6whqVmNn2Sem-PfGqQNTAG8QJVBxLQsi8Whe--PU4y5IzDoilD86my8FOyJ0KMWx6pTL_mcw9F3iRlkWcxMlhrqZpJxB51Q%26adurl%3D&documentReferer=https%3A%2F%2F4d058c42d22747ed1f386191f2385802.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-40%2Fhtml%2Fcontainer.html&ancestorOrigins=https%3A%2F%2Fcybernews.com&random=4235163504229&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 167.233.14.134 Hallbergmoos, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: lb-2.futalis.de
Software: /
Resource Hash: 582e283baa4cce4006055beb2eb8fe257c1ec5ef573a40f173b880636089e8cd

Request headers

Referer: https://4d058c42d22747ed1f386191f2385802.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

content-length: 350
content-type: text/html; charset=utf-8

Redirect headers

content-length: 0
content-type: text/html; charset=utf-8
date: Wed, 29 Nov 2023 16:28:47 GMT
location: https://futalis.de/htlp?utm_medium=affiliate&utm_source=retailads&utm_campaign=150337&ra_id=3352676751
p3p: policyref="https://www.retailads.net/w3c/p3p.xml",CP="NOI CUR OUR STP"
server: Apache
xphp81: true

GET
H2 200 link.html Show response
track.webgains.com/ Frame FE32 2 KB
2 KB 116ms
72ms Script
text/html 3.11.123.127
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://track.webgains.com/link.html?wglinkid=2513135&wgcampaignid=99582&js=1&viewref=61389200112753804444978012523004&nw=1
Requested by: Host: cybernews.com
URL: https://cybernews.com/security/appscook-data-leak/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.11.123.127 London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-11-123-127.eu-west-2.compute.amazonaws.com
Software: nginx / PHP/7.4.26
Resource Hash: db81fc6727ec4193765d5053e36451b4dbd12b6c310b047aea5c60ab6ba1be7a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://4d058c42d22747ed1f386191f2385802.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Wed, 29 Nov 2023 16:28:47 GMT
last-modified: Wed, 29 Nov 2023 16:28:47 GMT
server: nginx
x-powered-by: PHP/7.4.26
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=60
access-control-allow-headers: Authorization
expires: Wed, 29 Nov 2023 16:29:47 GMT

GET
H2

200

activityi;dc_pre=CPi8s7zQ6YIDFUJJHgIdOg4ExA;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=6558766078668.139 Show response
5994599.fls.doubleclick.net/ Frame E230
Redirect Chain

https://5994599.fls.doubleclick.net/activityi;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=6558766078668.139?
https://5994599.fls.doubleclick.net/activityi;dc_pre=CPi8s7zQ6YIDFUJJHgIdOg4ExA;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=6558766078668.139?

391 B
326 B

61ms
59ms

Document
text/html

172.217.18.102
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://5994599.fls.doubleclick.net/activityi;dc_pre=CPi8s7zQ6YIDFUJJHgIdOg4ExA;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=6558766078668.139?

Requested by

Host: cybernews.com
URL: https://cybernews.com/security/appscook-data-leak/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.18.102 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

zrh04s05-in-f102.1e100.net

Software

cafe /

Resource Hash

de4db6c4e7716d2df2dc29072ee3741b58736829b08e247242334ec6a2d715f0

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://4d058c42d22747ed1f386191f2385802.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=0
content-encoding: br
content-length: 217
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 29 Nov 2023 16:28:47 GMT
expires: Wed, 29 Nov 2023 16:28:47 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
strict-transport-security: max-age=21600
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, must-revalidate
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 29 Nov 2023 16:28:47 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
follow-only-when-prerender-shown: 1
location: https://5994599.fls.doubleclick.net/activityi;dc_pre=CPi8s7zQ6YIDFUJJHgIdOg4ExA;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=6558766078668.139?
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma: no-cache
server: cafe
strict-transport-security: max-age=21600
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H/1.1 200
OK request_content.php Show response
hal90004.redintelligence.net/ Frame D2C8 7 KB
2 KB 35ms
12ms Document
text/html 138.201.63.116
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal90004.redintelligence.net/request_content.php?s=61389200112753804444978012523004&a=00525c9c
Requested by: Host: hal90004.redintelligence.net
URL: https://hal90004.redintelligence.net/request.php?zone=jf2y0amzcvu0&nw=20&renderingType=javascript&namespace=d5c91ad52a&subid=&uid=be72f0a41dc53b3f&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=300x600&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCLr7XvmZnZbOBFIW6juwP_M2viASm5b2gab2YnKfJD_AuEAEgz9DbnQFglcL-gZQHyAEJqQK-F5vFC2qyPqgDAcgDmwSqBKQCT9BP2bjbtNn7wyG7v6pisWwyu-xOVtIqcg7Bb5XXMM7TXSR2_uNE8TxUEVCj0W2YtF-tO0r6kqqze7Mh0KkdCE7FoasBqvADJ-zlJi7adKu46zn8_36Lx_JLsW0XbxP6n9_mMAw5Npwsx-shIatno4D4iFjGy7YTpFiUDu-KNhDQAeoQK_QbHjaG6QrOJaAoChGJpp066LUg_DDP6niplQl_OQxTzYdI_R5jgKbheQOt7sWurYSsf2zQSymnKy5cdlugLChTgC8VlwoIcAq8Pr4SQFuQfdtiX14AQS3ghqUhCfH5cpkjN9S1DWoihkOZK7MU5VGhT4osxLudV1m-1chISXdF1NJCP4jYJo_5WxTo-AfXcEmPRHdU2a_-iz-t4HT0YMAE64_8jvcD4AQDiAXvr5aIPpAGAaAGTYAHrK31nwOoB9m2sQKoB47OG6gHk9gbqAfulrECqAf-nrECqAfVyRuoB6a-G6gHmgaoB_PRG6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggfCIDhgBAQARgdMgKqAjoCgEBIvf3BOljYo_S70OmCA4AKA5gLAcgLAYAMAaIMGCoWChTktLEC7rWxArW4sQLktLEC7rWxAqoNAkRF4g0TCLDe9LvQ6YIDFQWdgwcd_OYLQbATh--xFdATANgTA4gUAdgUAdAVAfgWAYAXAQ%26ae%3D1%26num%3D1%26cid%3DCAQSOwDICaaNh9xmN-dIFEukHbhi9qV88XOkip3ZtczJ71G4Tw_1rIEwLQ2Mo8lQ5Mq6cBHt1TXtW9dLEdC2GAE%26sig%3DAOD64_23IV2h6bJtfOzcuLpI2EOJGZlOXQ%26client%3Dca-pub-4647811890505995%26dbm_c%3DAKAmf-D1a9cBWzq3vWnSdQBdY4nujpPwrzfFctyYM6XULtN9zAwhBUgoMkWzA2LvEKLBglMXHrXT-c5x91CCMtY_kJ02saJM5tvvSeVMsOCSgn3Yp1SK3WS1E5tRf75BGR9EJSJ8qfMkwcV_zmNfr4kAUFEvfim7uQ3v9qDPcYGTiJlZZI40LDo%26cry%3D1%26dbm_d%3DAKAmf-DjkJIJGChlVludpu2KKtBOY510Sglq96LCJV0dSrgMr2VKABSeagreOyN-gNiV8HU5h3EAPsfzratwvmfookI9mlcFLb4nYXvrE4-N4dcXX2wT9vqYvYgzPxotffjrOr0hB9KIaCzfFP3BdjP_w_0SyKNsblpA_Aq4lnSbehoVMGwA01Yzlt3pL3khHaevZPAVW6kxN2Czk2gnlEWZJKsRKVDWHNaY8IT5cJug36XFaaMg9H1iioWqwT8VYaMCoxBpahNGT9jXaC4KjNISbjsIoeObMXFIxOsK5DwKvnpo19GW8gQYN6YDDHKM4akNTbcBXFXRbY84wKrY_Itdh9mCOi1BfCwZrh3doBLTvXqSUS5DEpbNiPh90yXOKsGmpEkamuGxHqOzxvtNrv4G1F_yvypfFx4BjxIQbSFSsQ3wKadIoWFckSC-tKDYT-Zgg-E8gflMXO9yNaQvSUcA0dkmbgaztNFihqq1QXDFKEqjwqQhOcrQ3mdXKWHnK2g6whqVmNn2Sem-PfGqQNTAG8QJVBxLQsi8Whe--PU4y5IzDoilD86my8FOyJ0KMWx6pTL_mcw9F3iRlkWcxMlhrqZpJxB51Q%26adurl%3D&documentReferer=https%3A%2F%2F4d058c42d22747ed1f386191f2385802.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-40%2Fhtml%2Fcontainer.html&ancestorOrigins=https%3A%2F%2Fcybernews.com&random=4235163504229&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.63.116 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.116.63.201.138.clients.your-server.de
Software: Apache /
Resource Hash: 3798a3482fd814d9de23917d948e52b7762654825b29a76f6395de47d2bd0557

Request headers

Referer: https://4d058c42d22747ed1f386191f2385802.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Connection: close
Content-Encoding: gzip
Content-Length: 2041
Content-Type: text/html; charset=utf-8
Date: Wed, 29 Nov 2023 16:28:47 GMT
Expires: Wed, 29 Nov 2023 16:28:47 +0100
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Pragma: no-cache
Server: Apache
Vary: Accept-Encoding

GET
H/1.1

200
OK

e99aace94e6e5873881d3400993e1e7e
pv.medialead.de/trck/eview/ Frame FE32
Redirect Chain

https://medialead.de/trck/eview/e99aace94e6e5873881d3400993e1e7e?subid=61389200112753804444978012523004&t=htlp&gdpr=1&consent=1&gdpr_consent=
https://pv.medialead.de/trck/eview/e99aace94e6e5873881d3400993e1e7e?subid=61389200112753804444978012523004&t=htlp&gdpr=1&consent=1&gdpr_consent=

43 B
664 B

708ms
602ms

Image
image/gif

145.239.193.130
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pv.medialead.de/trck/eview/e99aace94e6e5873881d3400993e1e7e?subid=61389200112753804444978012523004&t=htlp&gdpr=1&consent=1&gdpr_consent=

Requested by

Host: 4d058c42d22747ed1f386191f2385802.safeframe.googlesyndication.com
URL: https://4d058c42d22747ed1f386191f2385802.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

HTTP/1.1

Server

145.239.193.130 , France, ASN16276 (OVH, FR),

Reverse DNS

Software

nginx/1.17.5 /

Resource Hash

548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://4d058c42d22747ed1f386191f2385802.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Wed, 29 Nov 2023 16:28:47 GMT
strict-transport-security: max-age=15768000
attribution-reporting-register-source: {"source_event_id":"17200521800104416","destination":"https://trck.easy-m.de","expiry":5184000,"filter_data":{}}
server: nginx/1.17.5
host: pv.medialead.de
x-iplb-request-id: 253A3AF9:9D64_91EFC182:01BB_656766BF_4320A1:55DF
x-iplb-instance: 53349
vary: Origin
content-type: image/gif
access-control-allow-origin: *
access-control-expose-headers: X-Request-ID
access-control-allow-credentials: true
keep-alive: timeout=20
content-length: 43
proxy-host: pv.medialead.de

Redirect headers

location: https://pv.medialead.de/trck/eview/e99aace94e6e5873881d3400993e1e7e?subid=61389200112753804444978012523004&t=htlp&gdpr=1&consent=1&gdpr_consent=
date: Wed, 29 Nov 2023 16:28:47 GMT
server: nginx
content-length: 138
content-type: text/html

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 5CB0 1 KB
643 B 13ms
13ms Document
text/html 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: 4d058c42d22747ed1f386191f2385802.safeframe.googlesyndication.com
URL: https://4d058c42d22747ed1f386191f2385802.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://4d058c42d22747ed1f386191f2385802.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 637
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 29 Nov 2023 16:18:10 GMT
etag: 48472445140208031
expires: Thu, 30 Nov 2023 16:18:10 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame FE32 210 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 395be472613644e0758bb679ee4a267ec97272768047c5fed5010f516d96d014

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 css
fonts.googleapis.com/ Frame D2C8 5 KB
682 B 24ms
23ms Stylesheet
text/css 2a00:1450:4001:831::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Source+Sans+Pro:400,600

Requested by

Host: hal90004.redintelligence.net
URL: https://hal90004.redintelligence.net/request_content.php?s=61389200112753804444978012523004&a=00525c9c

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e334ca19f092778f57815a534078daf8e3fce269e56f7ea374ab3a117eee92ad

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal90004.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Wed, 29 Nov 2023 16:28:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Wed, 29 Nov 2023 16:25:19 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 29 Nov 2023 16:28:47 GMT

GET
H/1.1 200
OK /
hal9000.redintelligence.net/scale/ Frame D2C8 88 KB
89 KB 39ms
14ms Image
image/png 144.76.104.53
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hal9000.redintelligence.net/scale/?nw=20&mode=bb&width=300&height=150&url=https://cdn.contentspread.net/24i/advertiser/6383/creativesup/produkte-kredite-privatkredit-mann-auf-pferd-teaser-logout-1200x627.jpg
Requested by: Host: hal90004.redintelligence.net
URL: https://hal90004.redintelligence.net/request_content.php?s=61389200112753804444978012523004&a=00525c9c
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 144.76.104.53 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.53.104.76.144.clients.your-server.de
Software: Apache /
Resource Hash: 2e47116fc8c108baca21cd10015e24035aa1ca459886fe491bf17e05c25d68c1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal90004.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Date: Wed, 29 Nov 2023 16:28:47 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Vary: Accept-Encoding
Transfer-Encoding: chunked
Content-Type: image/png

GET
H/1.1 200
OK /
hal9000.redintelligence.net/scale/ Frame D2C8 76 KB
77 KB 43ms
14ms Image
image/png 144.76.104.53
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hal9000.redintelligence.net/scale/?nw=20&mode=bb&width=300&height=150&url=https://cdn.contentspread.net/24i/advertiser/30229/creativesup/1200x627_Office-Partner.jpg
Requested by: Host: hal90004.redintelligence.net
URL: https://hal90004.redintelligence.net/request_content.php?s=61389200112753804444978012523004&a=00525c9c
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 144.76.104.53 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.53.104.76.144.clients.your-server.de
Software: Apache /
Resource Hash: ff9ce95764f3d2977263dfc39dba5a47346f66ea88c22d57e61672df8bd2a4dc

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal90004.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Date: Wed, 29 Nov 2023 16:28:47 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Vary: Accept-Encoding
Transfer-Encoding: chunked
Content-Type: image/png

GET
H/1.1 200
OK /
hal9000.redintelligence.net/scale/ Frame D2C8 64 KB
64 KB 57ms
16ms Image
image/png 144.76.104.53
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hal9000.redintelligence.net/scale/?nw=20&mode=bb&width=300&height=150&url=https://cdn.contentspread.net/24i/advertiser/55487/creativesup/1200x627.jpg
Requested by: Host: hal90004.redintelligence.net
URL: https://hal90004.redintelligence.net/request_content.php?s=61389200112753804444978012523004&a=00525c9c
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 144.76.104.53 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.53.104.76.144.clients.your-server.de
Software: Apache /
Resource Hash: c9f9ceb250963501373f8e0627b4066ba28feb926f5a8ff776661ec73bc56028

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal90004.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Date: Wed, 29 Nov 2023 16:28:47 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 65262
Vary: Accept-Encoding
Content-Type: image/png

GET
H3 200 gtm.js Show response
www.googletagmanager.com/ Frame CF76 174 KB
62 KB 27ms
26ms Script
application/javascript 2a00:1450:4001:80f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-TBMT2SF

Requested by

Host: adv.office-partner.de
URL: https://adv.office-partner.de/?utm_source=webgains&utm_campaign=webgains

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

ced245e1118d807c7c57c20a581109ce7fac58cfcc8dce18d8a983f54acd427f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://adv.office-partner.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Wed, 29 Nov 2023 16:28:47 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 63922
x-xss-protection: 0
last-modified: Wed, 29 Nov 2023 15:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Wed, 29 Nov 2023 16:28:47 GMT

GET
H3 200 Q12zgMmT.js Show response
tpc.googlesyndication.com/sodar/ Frame 3D32 41 KB
14 KB 25ms
24ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-CjKydxY5KieqUXVyUVqiCJukXJlP6t5ql72WRH9CcvcOImQ92_Dq0lpsMr7-JsNXhbAq4F7CRaYk60X214km2BKoAhmZgDs8_rVXRcaFt1grOYgzzhDHBjXg4NLFcsYci0aekYik-R-CUlGyWRRnrMCQIDa-x1LIgXnhr7UueprMUMvxc&cry=1&dbm_d=AKAmf-BgWnRJBbYnzCgkk4bwo5CTdqnYnt9w9CQncO5l-LTgU0R2omgcB_iijznZULg7w7pxzBbug3hIt1J5C8DRk99HT5B6QPoUQv-aoXBszyw9HpBU-BmGGn4HG5CW4KjSHXm4ysZRZdsic4hiLD5cMsGYVTppgTl-qOrg0ZrjIsgp91rZj3eqRiSDP05rgFJSLeFk1DX9ZBOnWVHVfAFnwMI8Cc-vlVrHN3OcUbbiq1V53BNQonrlxi5mKLxvM7zCLak7qv64112i0H_U_zF_QMPAesC11MMe-Hxz2CKInr1zBVmLQefM6fU5qCxn71FX5SseVxf7Zeh4bnsFJVh1x0wiX4NVssnnACbcpAhyKpPRhkuIxUtBzOjWRplGzOu-wkJ14-lVE1MRXZMEXpp6w8mZzmNqsVe4HjCgeo8jirLglqD5QSLeb3y7Ir_9ZivLx7Pq4nOWgCZa9eBhudv2EK1ou7FDwClV4dvX7ZBurqxzmKaNrn4l0KwL0FGgLMcyQmvW8-ppWKsMwtwGh5tPRIQ4xnQjuz8hGFgsVl2UhvjhcyNJbhlKDMZ9KwI-J5O7jX-LzEtdc7dyYE_ZMqInIUlvkNFEIwvKeZnOl2eknYo3p4jfHtqBC7aCt0d8Ab63-2it-www1BpROJZ600XdUpYyt9gQDKWNsHtFUBm2LfadDzPn0VxnvfzIhns4Bprj_oqrSCDVl00gCLckC3RWLxBHjotaelQ92W1pCZ_McWyCRhrOQ4uplEcCvvyTKwGjhR33IgKiX_jjHiHgk387X4gfisnpUNQDkmPxSg_vgsgN3-F_Lg-juCCEKxARdBsu4S8nPrG7RlZ20ChDUYZseZwo34dXC1qwF0-TvPAk3Xavw3soec8N1i_moADIUbaDZuKg91uN0Bnz-OWfiKXa63eEVTeTRV6i7l7OyrJzpaQtS0tCh9ftHggim_iPtgZOJo5Z-YTosi6a5FaDeNuqC-5miaU4e9pdni28NCIsQP1yy5biliKQ4e67sgUgl3lBxK77splLXmOTM0BSmyercG6gxPKCLXNnxgWMDfGLPU9k7PqiVYyzutgnmrfbvrqYhAd5P0fHVBhMnGW56qmMCM9ZcyQL2AqsDf_ZDrY7Lqs16MgEfEx2mVQhfsMioSXCaLdXXmCPDonXPheSFKjWvnN1gPA5vsZzQMPkJ00qz_TsKneOsol4OEVN3ysbGNWRo-DQ3Ojb6KFB_7Tkv3ubwMsGlwALfgooRoxnCVIOlUxeBUz85L8g81EALePIYtge8pQ9wLxxzZlbEUy0SFBOxBbKdvfkbRR3uAF3xJYYKGL3LxanIWNJTWK0T95N0si3QrmuQ-_6DFzi0Au_wmG-rhXNAg1asWtJecWPZvZN91v9B8r79niP1w3BVja7ObVUBU_axIYKTU2Cdvn786m7YsMNCpHMNjVwR2lBY3m8sb9lkiOXyxwWefZxilONeJ0dj2bmKCZx5Qb0pnju4YjNbrV4hzbEAXmpZlnP8PU7uHMdVkFJSwuTW_g5y1zA1ipfLeDVj2MvLPol9fPzxFDT0rC-BJ0lPwLnFsAtsbGhTlSgIqcvanhty13Ot4YRQ63X705AoQt7XQBX3MlvjaTgBl7hfSGUX-qhMrRxslsQYUjGjSyL5aFTH0QZKuLoS2sDJ49QFz-zfgay5MsezrxROl3vxGJFxdauTcd27r1UMcZsyQcT5VY5ysfgc1nSi28DnYGC0hZ1GrjUkzQf-T6Bo-74aWCFeqkZ0qLPkfjYAMZnGNRxVjLrEVLJ5eh7BXJJKceJXrqLuTv3JPHPlgIBw2GtSb0BJ-6MDPjlb_AjAQWRFwqElHRydYFA08W2wDtcjO5cOBsu4ogBjgheATvXfihBmdr3-cpDZpmrK1lEqGa-RHjBYQFBHfQF3F1Q8CCw9JL8n2Gc2wrTO3LzY-xXBNHam8fcAZMVP8c9VO-oDDib3EW1DwIlVIj89beiVZFSDcmab9p_cI1B6mZrBFmbSVQG1zD3pFE0plV6EM3Q03o0yZK2p1caFaKfPN9iUk6zzsMU3wuUnRHAm2pmEIvZiWLuGn7GPBJqADBT_qD_e88_M7EstFDB6245FiubGqkthxdKybb5jFgEKCcT20F7higyyKQ0LMYGKihffeaoZJEgNWLg-KlcegKciH0FyXIygQHQf8eDT8_cBaO3rngtqlvv3HEok64OZdhaXKuStPEOZtYT5_pwVQC6AuxD52XmjDktdU45R9Bta1YBV31JfB-rX2Slix718eEmg7AYsY54YR7fo8BLo2bWroAS94HtvwR0NISOj5jS-3meaPJ2MHnYFyroH6IiKlGdGXitlCsFzu8n4yEuMxAGDNlzlR1g7fXHoZntPnpwGL6wEPHhKOmxyq6Kn85OPozwL-tdl37W4T5nfd7xQlVC5pEDJk2sDVWlhBdtJn_XSTgNay7eDiTkmVPqaMc_nKv0w2L_lGeyB32fO5f-_kfIpZMNggusD7JXbQIHoPLcxLCoXG3aNrqtEeLPcJ8URdNz3qceiU8SFbzeSgDQgEuzFUKyQWTZA61LsJnOci1SDjoStsWtjpcmN4kS97ioYFVGbdMjliZxKv_tvQJ3ODwM8zMP7_Z0Y_BgeiD_z6gEU9jSZvRW2feQlfZJmns8z-7bSNJFQErevn7yf_3wCWvX-R4AQi2TOBP34Eg2ANQfQjaDTvubJj3BGp5TbHR09wve2B7VH9I9n-qGsl4D_Q4NGnZH8wp8fnHoiSFEQRhWrLoahC4emwjKn2haT2C0PjinVPpKtVHtv6yMQTdQzq13hFxcwYJ7cUGUK7mdXzTVzL0g1duEgf2Do-olUYiDVbezZZXXqoFRc4-rCeShuTowHrVCSnLbgYuRmH6odx-5diefCsfvqsrBlFcZpYgswZTCT-aXmIOW7nc63F_-DkwysiXdWUf3pDLzCjRSOSBwusBNhy9vySkDbcU8AFQJpXd0COcbawQus3l75DbEkh_VPuZT8lcVyrquUtp9TWflUqFeAbG6WeZFoixkXAUE0OJ6sCd4XAJF4RsfW_riFimfgF533q_tjVhmNPrHZzE7bqdARYWwS2IoIijuj4Ad0obAkr3WzZTJbw0FdN2R8obkYa7tHgqzhe74WqdDhZKfSFyUtHeG0tYFeNdgzZ-jyVpS2QBE82yxF0fA9-v-NvvurMNkPXktP5z2F3TIEpyJuRCEzdHO-EZGS4cKp58ToQXilCNl8gjt-5kYviC-BnzmPtSpIST2a33AvB1NoMHcf0Ni0Utavf10ou2M3mXAY5tjmlNqYTMAfKCX3_EYNy-fC-ZVhG_2th6sVR_D85S3o5lmARJODlk-Uy0Bcyk3qDpS2cRo2gP8JL8TWtPkpo7_5LOLCVbFoXX3lFNc9t7K2ZSK2ZV3iljT-LkA2zIJW6St8hWWEwtojpMERV7ymOLDumhYi_DlSN2Pqxmqnh78gBsDxFBDgQ524cmc8lH2VQG6A5Okdk9Ao1Yxjkr34-U0L7mx7CnIY5rUYIkaIbEnldlbXQ8Hv7LgVrXhtQ8RnQhSdnPUL4F_2K5BDzb214CMNkuvGYuA2C6I6GzefQzl98KLrQdmJLbjHTxxHlqO3Rpw3JukrUSP_pldzSyUTObADiZkqhtzZODvhvak5tjfTDHb_xJjgO-2-pTHLlPTT1VtB1bUSlH4QfOKYp2GJ22LcUx0EUyJVcMV-Z1gtPsOommF5z5FujjG3-RJ0t9HRdy6V2K7PGVbp6zYn5Y8Pbs4Q6WWGBVw5c_37i-dXIXljSrzlRRNtVBJ6J2lOtGH4D_IrNVlae3haRkQgQP7tYrL0mMpm7TKq62PyLwNnHWPOVVNAjNNXfeHMc_B_ZnStgmj9y0hCPJRUXEUugsMXzA4MtAOAqQKNZ-XzwpK8Cjp2egE8KP0bMe57tdtcRs-2mMxYrE86LDIw4GDXTOV7SxQkfhab4nXYX7DlB9D6JAEmRxICY-FjoYUIW3ZWN0W4ZI352nrELzIjlGLW6E&cid=CAQSOwDICaaNrCmSD7__gs0hTIlSa3ZchGv7cN7_oDfeLwU-eTyxO36L-cGNljrC_0upaeAH47kNpojhJYWkGAE&dv3_ver=m202309260101&rfl=https%3A%2F%2Fcybernews.com&ds=l&xdt=1&iif=1&cor=3956431064532319000&adk=2988274607&idt=73&cac=0&dtd=6

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

435db380c9936c0970dcd3d9941eab6aec2fcf2a38c3e2b4e02d957e8e76bd1f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 24 Nov 2023 18:05:08 GMT
content-encoding: br
x-content-type-options: nosniff
age: 426219
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13937
x-xss-protection: 0
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 23 Nov 2024 18:05:08 GMT

GET
H2 200 attribution_src_register;crd=cXVlcnlfZXZlbnRfaWQgewogIHRpbWVfdXNlYzogMTcwMTI3NTMyNzAxMTkzMQogIHNlcnZlcl9pcDogMTM0MDYxNzQyCiAgcHJvY2Vzc19pZDogMjQ1MDQzOTIwMQp9CmZsb29kbGlnaHRfY29uZmlnX2lkOiAxMTg2ODk0...
ad.doubleclick.net/ddm/activity/ Frame 3D32 0
497 B 53ms
52ms Image
image/png 172.217.16.134
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ad.doubleclick.net/ddm/activity/attribution_src_register;crd=cXVlcnlfZXZlbnRfaWQgewogIHRpbWVfdXNlYzogMTcwMTI3NTMyNzAxMTkzMQogIHNlcnZlcl9pcDogMTM0MDYxNzQyCiAgcHJvY2Vzc19pZDogMjQ1MDQzOTIwMQp9CmZsb29kbGlnaHRfY29uZmlnX2lkOiAxMTg2ODk0MwphZHZlcnRpc2VyX2RvbWFpbjogImh0dHBzOi8vcmVkaW50ZWxsaWdlbmNlLm5ldCIKeGZhX2F0dHJpYnV0aW9uX2ludGVyYWN0aW9uX3R5cGU6IFZJRVcKaW1wcmVzc2lvbl9wcmlvcml0eTogMAppbXByZXNzaW9uX2V4cGlyeV9pbl9kYXlzOiAzMApldmVudF9pbXByZXNzaW9uX2lkOiAxNTA1NzgxMjI0NTE1NDcwNzY1MgpkZWJ1Z19rZXk6IDEyMjE2NzkxMDUyMDAxMzk3NwppbXByZXNzaW9uX21lYXN1cmVtZW50X2RpbWVuc2lvbnNfZGF0YSB7CiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uOiBJTVBSRVNTSU9OX0RJTUVOU0lPTl9QUk9EVUNUX1RZUEUKICBtZWFzdXJlbWVudF9kaW1lbnNpb25fdmFsdWUgewogICAgaW50NjRfdmFsdWU6IDIKICB9Cn0KaW1wcmVzc2lvbl9tZWFzdXJlbWVudF9kaW1lbnNpb25zX2RhdGEgewogIG1lYXN1cmVtZW50X2RpbWVuc2lvbjogSU1QUkVTU0lPTl9ESU1FTlNJT05fSU5URVJBQ1RJT05fVFlQRQogIG1lYXN1cmVtZW50X2RpbWVuc2lvbl92YWx1ZSB7CiAgICBpbnQ2NF92YWx1ZTogMwogIH0KfQppbXByZXNzaW9uX21lYXN1cmVtZW50X2RpbWVuc2lvbnNfZGF0YSB7CiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uOiBJTVBSRVNTSU9OX0RJTUVOU0lPTl9JTlRFUkFDVElPTl9EQVRFCiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uX3ZhbHVlIHsKICAgIHN0cmluZ192YWx1ZTogIjIwMjMtMTEtMjkiCiAgfQp9CmltcHJlc3Npb25fbWVhc3VyZW1lbnRfZGltZW5zaW9uc19kYXRhIHsKICBtZWFzdXJlbWVudF9kaW1lbnNpb246IElNUFJFU1NJT05fRElNRU5TSU9OX0ZMT09ETElHSFRfQ09ORklHX0lECiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uX3ZhbHVlIHsKICAgIGludDY0X3ZhbHVlOiAxMTg2ODk0MwogIH0KfQppbXByZXNzaW9uX21lYXN1cmVtZW50X2RpbWVuc2lvbnNfZGF0YSB7CiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uOiBJTVBSRVNTSU9OX0RJTUVOU0lPTl9DT1JFX1BMQVRGT1JNX1NFUlZJQ0UKICBtZWFzdXJlbWVudF9kaW1lbnNpb25fdmFsdWUgewogICAgaW50NjRfdmFsdWU6IDAKICB9Cn0KaW1wcmVzc2lvbl9tZWFzdXJlbWVudF9kaW1lbnNpb25zX2RhdGEgewogIG1lYXN1cmVtZW50X2RpbWVuc2lvbjogSU1QUkVTU0lPTl9ESU1FTlNJT05fUExBVEZPUk1fVFlQRQogIG1lYXN1cmVtZW50X2RpbWVuc2lvbl92YWx1ZSB7CiAgICBpbnQ2NF92YWx1ZTogMAogIH0KfQppbXByZXNzaW9uX21lYXN1cmVtZW50X2RpbWVuc2lvbnNfZGF0YSB7CiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uOiBJTVBSRVNTSU9OX0RJTUVOU0lPTl9RVUVSWV9DT1VOVFJZCiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uX3ZhbHVlIHsKICAgIHN0cmluZ192YWx1ZTogIlVTIgogIH0KfQppbXByZXNzaW9uX21lYXN1cmVtZW50X2RpbWVuc2lvbnNfZGF0YSB7CiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uOiBJTVBSRVNTSU9OX0RJTUVOU0lPTl9QTEFDRU1FTlRfSUQKICBtZWFzdXJlbWVudF9kaW1lbnNpb25fdmFsdWUgewogICAgaW50NjRfdmFsdWU6IDMzMjE3NTQzNwogIH0KfQppbXByZXNzaW9uX21lYXN1cmVtZW50X2RpbWVuc2lvbnNfZGF0YSB7CiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uOiBJTVBSRVNTSU9OX0RJTUVOU0lPTl9EVjNfQURWRVJUSVNFUl9JRAogIG1lYXN1cmVtZW50X2RpbWVuc2lvbl92YWx1ZSB7CiAgICBpbnQ2NF92YWx1ZTogODc4MjQzNjk2CiAgfQp9CmltcHJlc3Npb25fbWVhc3VyZW1lbnRfZGltZW5zaW9uc19kYXRhIHsKICBtZWFzdXJlbWVudF9kaW1lbnNpb246IElNUFJFU1NJT05fRElNRU5TSU9OX0RWM19MSU5FX0lURU1fSUQKICBtZWFzdXJlbWVudF9kaW1lbnNpb25fdmFsdWUgewogICAgaW50NjRfdmFsdWU6IDE2NjYwMTQyMDYzCiAgfQp9CmltcHJlc3Npb25fbWVhc3VyZW1lbnRfZGltZW5zaW9uc19kYXRhIHsKICBtZWFzdXJlbWVudF9kaW1lbnNpb246IElNUFJFU1NJT05fRElNRU5TSU9OX0RWM19DUkVBVElWRV9JRAogIG1lYXN1cmVtZW50X2RpbWVuc2lvbl92YWx1ZSB7CiAgICBpbnQ2NF92YWx1ZTogNDE2MjE2Nzg3CiAgfQp9CmFyY2hldHlwZV9pZDogMTIKYXJjaGV0eXBlX2lkOiAxMwphcmNoZXR5cGVfaWQ6IDE0CmFyY2hldHlwZV9pZDogMTUKYWR2ZXJ0aXNlcl9jb252ZXJzaW9uX2RvbWFpbnM6ICJodHRwczovL3JlZGludGVsbGlnZW5jZS5uZXQiCmFkdmVydGlzZXJfY29udmVyc2lvbl9kb21haW5zOiAiaHR0cHM6Ly9hZC1zcnYubmV0IgphZHZlcnRpc2VyX2NvbnZlcnNpb25fZG9tYWluczogImh0dHBzOi8va2xpY2std2VsdC5kZSIKaW1wcmVzc2lvbl9ldmVudF9yZXBvcnRpbmdfd2luZG93X2RheXM6IDQKYnJvd3Nlcl9hdHRyaWJ1dGlvbl9hcGlfcmVxdWVzdF9wcm9jZXNzaW5nX2JpdHM6IDczODE5NzUwNAo

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.16.134 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

zrh04s06-in-f134.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 29 Nov 2023 16:28:47 GMT
x-content-type-options: nosniff
attribution-reporting-register-source: {"aggregation_keys":{"12":"0xdcef201938bdf00c0000000000000000","13":"0x944de669759348fb0000000000000000","14":"0x78c55fa5da1cfd1f0000000000000000","15":"0xfd239274922859e00000000000000000"},"debug_key":"122167910520013977","debug_reporting":true,"destination":"https://redintelligence.net","event_report_window":"345600","expiry":"2592000","filter_data":{"14":[],"8":["11868943"]},"priority":"0","source_event_id":"15057812245154707652"}
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type: image/png
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK 33lgkyejwpt3 Show response
hal9000.redintelligence.net/zone/ Frame 3D32 12 KB
4 KB 15ms
13ms Script
text/html 144.76.104.53
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal9000.redintelligence.net/zone/33lgkyejwpt3?subid=&gdpr=&gdpr_consent=&rnd=1701275326073390&extVar[]=DV360_SSP:1&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DC5mBkvmZnZa69BKafid4P0qS8-A-m5b2gaZ2cnKfJD_AuEAEgttfpe2CVwv6BlAfIAQmpAr4Xm8ULarI-qAMByAObBKoEoAJP0EkEFO3PQwN87a8zhEH4jxtIOj8_UM8SVOg0n1gfKOtiV2CMo6Pba4oe9yZqJ2gfLn9yrBJPNxQmz5pGGgRvvtINEEQzCn27Lfe7Uc2zl0jbWfG_tgNLitXxrDoHX5-WrP_xNZa_zKoYpox-0KYg9QuNkKBKcNgTY5YqFwGA85lNIss-2b96HYLB63TaNof18drM15-CGnmbAoDh20qHo2xEoCaR5Zyk_BkJZpo9znAbq0sNeWIKAUQCUEnNJXu38SqX0vW8Osy-4D_U6w_szaGfkIxj1fIEtahtkLsLLBSYqqQU4eUhSvWGh5lMK3mSu_uFEQm5sdu-IUQL3_wxoryAgVXyhdKHOxOq8J84-yMjAp7AU7EoN6xdR8UuUG_ABOuP_I73A-AEA4gF76-WiD6QBgGgBk2AB6yt9Z8DqAfZtrECqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIHwiA4YAQEAEYHzICqgI6AoBASL39wTpY09beu9DpggOACgGYCwHICwGADAGiDBQqEgoQ5LSxAu61sQK1uLECu7uxAqoNAkRFsBOH77EV0BMA2BMDiBQB2BQB0BUB-BYBgBcB%26ae%3D1%26num%3D1%26cid%3DCAQSOwDICaaNrCmSD7__gs0hTIlSa3ZchGv7cN7_oDfeLwU-eTyxO36L-cGNljrC_0upaeAH47kNpojhJYWkGAE%26sig%3DAOD64_383-BaVfQN0912nlmt-YigdY8dSA%26client%3Dca-pub-5928161074779380%26dbm_c%3DAKAmf-A1vCU8o8hfwoSa1n0Ma9sGQV3D2GVrzXbvjRURzFS5wIi3RVV5EOIjLZ8LzmswRXXoWAsqh2oYvCyIcQ-YCJ3y7UXrCLX0_GwcrwirB0FIZSW64SPno79_-YICXJne8yPiQ0Pt8xu0hOG6nrZciACbiLpTlb7sUScITWGMY5e7g7cYFmY%26cry%3D1%26dbm_d%3DAKAmf-AW2A8KZHGkzYZquoD_7oo6V6ddMfT2juLLyJpLrYhhhnCKw7c7T-A5-vDqktAfhEsqegVZZPND-4dxRotI9pQlNwzyuL2jx-QkLy24kkn0fB13SiLGVnmVjVX2_o1ey_sg0V7p6iGooIrpWeyIf7XojSNk6IZNYRSDz1iKYKthyX0eOz5n5RxeYkX_buRMpJo_BxVFhla8UYK_yP_UM4Gg2h2JaZXuwb3yEHdCeIEXRR8lVIOTM-X06vzMxwE7HmD0ttdUcg1gbe-uuru2Vbwiw2Kfb_v_K2oR2atzqyvlfpRMXzI6L76c_VBPR8ANjNn9Vmio0kmlaVp2hPiT5KlIeY2N4IFR330IC7U7wMdciZLcTTg8YPbtkUv_uwyTN106DrXLYeWibzwNOyXD0HZ8bYYKddyoA2W_EOdQAhAfWUrBFl8a5lSuRe8--JbufR2MrOPQ30vQu_iI-GEAgJ_0LARBV3ikh853L5ceKP1RP-aTNZALa6MHM-CGCbd5Z4Q5-HjAQiGuhiy97SsJSPT0NkmiwgyOKsQ5oKsnTR2iJ-oY2dn9v_lqd4hftCd8XbsKt4OtgvIpzk07iV0ygMBOxClK3w%26adurl%3D
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 144.76.104.53 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.53.104.76.144.clients.your-server.de
Software: Apache /
Resource Hash: aa56d9a80699b0bf2186c2fe1908eb4e67ed420df86b6cd2baaaf778afdc7063

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Date: Wed, 29 Nov 2023 16:28:47 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 4245
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8

GET
H2

200

/
r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/ Frame 5CB0
Redirect Chain

https://ad.turn.com/r/cs?pid=3&google_gid=CAESEPPrHPE16AwkvKiT9u_-aiI&google_cver=1&google_push=AXcoOmRJin3C5PGAqaqSVFNkesUD3fpBXntqUDDCtYxj1rjxkXenCbRYsjkfOdwa8IWbiBaqrEHDIvyT2_4wRePVfrxKx9Tbs3uZEg
https://cm.g.doubleclick.net/pixel?google_nid=turn1&google_cm&google_sc&google_hm=ODU4ODc3MDA1NDU4MDcyNjExMw==&gdpr=&gdpr_consent=
https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESEAtb4BlhgvkEBmErBimcRjM&google_cver=1

43 B
398 B

18ms
17ms

Image
image/gif

2001:678:cb4:bbbb::11
AMOBEE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESEAtb4BlhgvkEBmErBimcRjM&google_cver=1
Requested by: Host: 4d058c42d22747ed1f386191f2385802.safeframe.googlesyndication.com
URL: https://4d058c42d22747ed1f386191f2385802.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H2
Server: 2001:678:cb4:bbbb::11 , United Kingdom, ASN56396 (AMOBEE, GB),
Reverse DNS
Software: /
Resource Hash: 48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

content-type: image/gif
pragma: no-cache
date: Wed, 29 Nov 2023 16:28:47 GMT
cache-control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
content-length: 43
p3p: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"

Redirect headers

pragma: no-cache
date: Wed, 29 Nov 2023 16:28:47 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESEAtb4BlhgvkEBmErBimcRjM&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 329
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 5CB0
Redirect Chain

https://pm.w55c.net/ping_match.gif?ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESEGRNlbDCfe-y-d7VtqeLxKg&google_cve...
https://pm.w55c.net/ping_match.gif?scc=1&ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESEGRNlbDCfe-y-d7VtqeLxKg&goog...
https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=elN5c0lZeTUxUjhucUQ1&google_gid=CAESEGRNlbDCfe-y-d7VtqeLxKg&google_cver=1&google_push=AXcoOmRa6w5E63zTe03lEJzXpAZd3xjXy-on8IdexDjqIiY...

170 B
188 B

26ms
25ms

Image
image/png

142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=elN5c0lZeTUxUjhucUQ1&google_gid=CAESEGRNlbDCfe-y-d7VtqeLxKg&google_cver=1&google_push=AXcoOmRa6w5E63zTe03lEJzXpAZd3xjXy-on8IdexDjqIiYKki676FygWga32QoWtySSMRGcQ_1LNpDGVx4pLSvkyABuNFA4uUEr

Requested by

Host: 4d058c42d22747ed1f386191f2385802.safeframe.googlesyndication.com
URL: https://4d058c42d22747ed1f386191f2385802.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 29 Nov 2023 16:28:47 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Wed, 29 Nov 2023 16:28:46 GMT
Strict-Transport-Security: max-age=2592000; includeSubDomains
Server: PingMatch/v2.0.30-795-gb641a57#rel-ec2-master i-0f7f5cc7c951f6e61@eu-central-1b@dxedge-app-eu-central-1-prod-asg
Location: https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=elN5c0lZeTUxUjhucUQ1&google_gid=CAESEGRNlbDCfe-y-d7VtqeLxKg&google_cver=1&google_push=AXcoOmRa6w5E63zTe03lEJzXpAZd3xjXy-on8IdexDjqIiYKki676FygWga32QoWtySSMRGcQ_1LNpDGVx4pLSvkyABuNFA4uUEr
Cache-Control: no-cache, must-revalidate
Connection: keep-alive
Content-Length: 0
Expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 5CB0
Redirect Chain

https://gcm.ctnsnet.com/int/cm?exc=1&acc=crimtan&google_gid=CAESEAiipNOE2WcuaElmQiPn-oI&google_cver=1&google_push=AXcoOmT9HsOatPHuDt4X1mWZcHC1pVMrmoyTS45qQjh0OSqs2nDuh0RcbCnENgtsq5mAarAQTgs6HKiShYI...
https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=AXcoOmT9HsOatPHuDt4X1mWZcHC1pVMrmoyTS45qQjh0OSqs2nDuh0RcbCnENgtsq5mAarAQTgs6HKiShYIPht7BpS3sqmMmqfgE6g&google_hm=P4apKmbvTiCWKmASgU...

170 B
188 B

23ms
23ms

Image
image/png

142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=AXcoOmT9HsOatPHuDt4X1mWZcHC1pVMrmoyTS45qQjh0OSqs2nDuh0RcbCnENgtsq5mAarAQTgs6HKiShYIPht7BpS3sqmMmqfgE6g&google_hm=P4apKmbvTiCWKmASgUkd5vk

Requested by

Host: 4d058c42d22747ed1f386191f2385802.safeframe.googlesyndication.com
URL: https://4d058c42d22747ed1f386191f2385802.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 29 Nov 2023 16:28:47 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 29 Nov 2023 16:28:46 GMT
via: 1.1 google
server: Apache-Coyote/1.1
p3p: CP="NOI DSP COR NID CUR OUR NOR"
status: 302
location: https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=AXcoOmT9HsOatPHuDt4X1mWZcHC1pVMrmoyTS45qQjh0OSqs2nDuh0RcbCnENgtsq5mAarAQTgs6HKiShYIPht7BpS3sqmMmqfgE6g&google_hm=P4apKmbvTiCWKmASgUkd5vk
content-type: text/html;charset=UTF-8
cache-control: no-cache, must-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 1; mode=block
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 usersync.aspx
dis.criteo.com/dis/ Frame 5CB0 43 B
362 B 18ms
15ms Image
image/gif 178.250.1.9
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dis.criteo.com/dis/usersync.aspx?r=4&p=14&cp=google&cu=1&url=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcjp%26google_hm%3D%40%40CRITEO_USERID%40%40%26google_push%3DAXcoOmRvCvJb1r3BpP7gc1MRZKyo8lSCTA-Gzyhqr5I4LNMR9s950fCaO38uX5dQhk8YOUFWCD5DA1JGHC2IhYLuwFKTpXYKg4wKYg&google_gid=CAESEMLx6l5i7yey76Mh8cHASWg&google_cver=1

Requested by

Host: 4d058c42d22747ed1f386191f2385802.safeframe.googlesyndication.com
URL: https://4d058c42d22747ed1f386191f2385802.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.1.9 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 29 Nov 2023 16:28:46 GMT
x-errorlevel: 0
strict-transport-security: max-age=31536000; preload;
server: Kestrel
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
content-type: image/gif
cache-control: no-cache
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 216094
expires: Wed, 29 Nov 2023 00:00:00 GMT

GET
H2 200 UCookieSetPug
image6.pubmatic.com/AdServer/ Frame 5CB0 0
166 B 50ms
16ms Image
text/html 198.47.127.19
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEG9VMPuS9SXMSRMnaJzeTMc&google_cver=1&google_push=AXcoOmTpE9oTZR7fttFwcsJySO-Td4vh_aDBHk8lLEPd8ftPFIjjpfdj3h0ZT5dIxWtn4myacLb5jXvGVtZFIXwaLXv-GNnPjuGr3w
Requested by: Host: 4d058c42d22747ed1f386191f2385802.safeframe.googlesyndication.com
URL: https://4d058c42d22747ed1f386191f2385802.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 198.47.127.19 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
date: Wed, 29 Nov 2023 16:28:47 GMT
content-length: 0
content-type: text/html; charset=UTF-8

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 5CB0
Redirect Chain

https://sync.1rx.io/usersync2/rmpssp?sub=google&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dr1%26google_push%3D%5BRX_SPD%5D%26google_hm%3D%5BRX_UUID_B64_BIN%5D&google_gid=CAESEE...
https://sync.1rx.io/usersync2/rmpssp?sub=google&zcc=1&google_push=AXcoOmQ4FBtJn7cJ_CJ13FP2yihQznNziG6hGA2-3BZT9zaf45o6CpDbnebX_VoW8AHoaO3FtwRS8CvaLEnm-4Y1XFdB8pSDuXL0&redir=https%3A%2F%2Fcm.g.doubl...
https://sync.targeting.unrulymedia.com/csync/RX-9190863a-8c51-445a-834e-0117d6deb39b-003?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dr1%26google_push%3DAXcoOmQ4FBtJn7cJ_CJ13FP2y...
https://cm.g.doubleclick.net/pixel?google_nid=r1&google_push=AXcoOmQ4FBtJn7cJ_CJ13FP2yihQznNziG6hGA2-3BZT9zaf45o6CpDbnebX_VoW8AHoaO3FtwRS8CvaLEnm-4Y1XFdB8pSDuXL0&google_hm=A5GQhjqMUURag04BF9bes5s

170 B
188 B

25ms
24ms

Image
image/png

142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=r1&google_push=AXcoOmQ4FBtJn7cJ_CJ13FP2yihQznNziG6hGA2-3BZT9zaf45o6CpDbnebX_VoW8AHoaO3FtwRS8CvaLEnm-4Y1XFdB8pSDuXL0&google_hm=A5GQhjqMUURag04BF9bes5s

Requested by

Host: 4d058c42d22747ed1f386191f2385802.safeframe.googlesyndication.com
URL: https://4d058c42d22747ed1f386191f2385802.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 29 Nov 2023 16:28:47 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=r1&google_push=AXcoOmQ4FBtJn7cJ_CJ13FP2yihQznNziG6hGA2-3BZT9zaf45o6CpDbnebX_VoW8AHoaO3FtwRS8CvaLEnm-4Y1XFdB8pSDuXL0&google_hm=A5GQhjqMUURag04BF9bes5s
date: Wed, 29 Nov 2023 16:28:47 GMT
p3p: CP="This is not a P3P policy! See https://www.rhythmone.com/p3p to learn why"
etag: RX9190863a8c51445a834e0117d6deb39b003
content-type: text/html

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 5CB0
Redirect Chain

https://eb2.3lift.com/ebda?sync=1&google_gid=CAESELnBFZPhSWVp-s3ujG1dHhY&google_cver=1&google_push=AXcoOmQL-LUVSOf7JAKs6oGqy2E-M_cojbFLAtqcs-eQEb9onmoRdTjoagO8nxsOQnXaqgHrU1kpbZsLxYpg1-lLUOVWnv_TPg...
https://eb2.3lift.com/sync/google/supply?ld=1&gdpr=1&gdpr_consent=&us_privacy=&sync=1&google_push=AXcoOmQL-LUVSOf7JAKs6oGqy2E-M_cojbFLAtqcs-eQEb9onmoRdTjoagO8nxsOQnXaqgHrU1kpbZsLxYpg1-lLUOVWnv_TPgV...
https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=MjQ4MTQzNTExODAwNTk0NzI2MjM4OA%3D%3D&google_push=AXcoOmQL-LUVSOf7JAKs6oGqy2E-M_cojbFLAtqcs-eQEb9onmoRdTjo...

170 B
188 B

24ms
24ms

Image
image/png

142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=MjQ4MTQzNTExODAwNTk0NzI2MjM4OA%3D%3D&google_push=AXcoOmQL-LUVSOf7JAKs6oGqy2E-M_cojbFLAtqcs-eQEb9onmoRdTjoagO8nxsOQnXaqgHrU1kpbZsLxYpg1-lLUOVWnv_TPgVTRQ

Requested by

Host: 4d058c42d22747ed1f386191f2385802.safeframe.googlesyndication.com
URL: https://4d058c42d22747ed1f386191f2385802.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 29 Nov 2023 16:28:47 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=MjQ4MTQzNTExODAwNTk0NzI2MjM4OA%3D%3D&google_push=AXcoOmQL-LUVSOf7JAKs6oGqy2E-M_cojbFLAtqcs-eQEb9onmoRdTjoagO8nxsOQnXaqgHrU1kpbZsLxYpg1-lLUOVWnv_TPgVTRQ
date: Wed, 29 Nov 2023 16:28:47 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame 5CB0 0
12 B 23ms
22ms Image
text/html 142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13JsArA4e_9u8WoMRvB3WXLGa9dTlN3TJX3QMCh40MXZ_yaKXl8PaQa43f-lzrMV4Il-X0yu

Requested by

Host: 4d058c42d22747ed1f386191f2385802.safeframe.googlesyndication.com
URL: https://4d058c42d22747ed1f386191f2385802.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

zrh04s06-in-f134.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Wed, 29 Nov 2023 16:28:47 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H/1.1 200
OK viewability Show response
hal90004.redintelligence.net/ Frame D2C8 0
150 B 40ms
15ms Script
text/html 138.201.63.116
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal90004.redintelligence.net/viewability?s=61389200112753804444978012523004&a=cd853b6a&vb=m
Requested by: Host: hal90004.redintelligence.net
URL: https://hal90004.redintelligence.net/request_content.php?s=61389200112753804444978012523004&a=00525c9c
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.63.116 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.116.63.201.138.clients.your-server.de
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal90004.redintelligence.net/request_content.php?s=61389200112753804444978012523004&a=00525c9c
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Date: Wed, 29 Nov 2023 16:28:47 GMT
Server: Apache
Connection: close
Content-Length: 0
Content-Type: text/html; charset=UTF-8

GET
H2 200 6xKydSBYKcSV-LCoeQqfX1RYOo3i54rwlxdu.woff2
fonts.gstatic.com/s/sourcesanspro/v22/ Frame D2C8 14 KB
15 KB 27ms
27ms Font
font/woff2 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3i54rwlxdu.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Source+Sans+Pro:400,600

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ca57b79a870bbf54700730858603a70d79743779c1b059922ec401bfddc5adc9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://hal90004.redintelligence.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Sat, 25 Nov 2023 12:44:49 GMT
x-content-type-options: nosniff
age: 359038
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14824
x-xss-protection: 0
last-modified: Thu, 01 Jun 2023 22:52:55 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 24 Nov 2024 12:44:49 GMT

GET
H2 200 6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2
fonts.gstatic.com/s/sourcesanspro/v22/ Frame D2C8 15 KB
15 KB 29ms
29ms Font
font/woff2 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/sourcesanspro/v22/6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Source+Sans+Pro:400,600

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7b348b30ea1fe43857e68fc462c29e5c6e63c97666af75135c4396a272e54762

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://hal90004.redintelligence.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Sat, 25 Nov 2023 20:59:44 GMT
x-content-type-options: nosniff
age: 329343
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14892
x-xss-protection: 0
last-modified: Thu, 01 Jun 2023 22:52:56 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 24 Nov 2024 20:59:44 GMT

GET
H2 200 ts.js Show response
cdn.retailads.net/ Frame 2ECB 5 KB
5 KB 12ms
11ms Script
application/javascript 2a01:4f8:d0a:2321::2
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.retailads.net/ts.js
Requested by: Host: futalis.de
URL: https://futalis.de/htlp?utm_medium=affiliate&utm_source=retailads&utm_campaign=150337&ra_id=3352676751
Protocol: H2
Security: TLS 1.3, , CHACHA20_POLY1305
Server: 2a01:4f8:d0a:2321::2 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
Software: Apache /
Resource Hash: 525e7c89461afb3f73ea7030fbceba4f9e9383570159926acee637b4f86b8148

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://futalis.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Wed, 29 Nov 2023 16:28:47 GMT
last-modified: Wed, 05 Apr 2023 20:14:46 GMT
server: Apache
etag: "1416-5f89c717cdc2f"
content-type: application/javascript
xphp81: true
accept-ranges: bytes
content-length: 5142

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame B1AD 0
20 B 51ms
50ms Image
image/gif 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=44&t=2&bgai=BgsSlvmZnZZL2NoGIgAeFtZOYCwAAAAA4AeAEAg&bg=!ZGelZyjNAAZxrfrxUa07ADQBe5WfOPcRzaSCXgb4zRZi2qyePjDLnV6l85BpDMlemPDbFK9nATkiVXgbnEZzzsGxm-jMAgAAALJSAAAAAWgBB5kDA5h9F9jzbqsqb_1QSPf1r1nLRAwchA5WHgpt0n-V7oECdSdmdGQTZiqTN9wXc15NLk6Jv-MMd1pdN6Hl_WnhJrHQ4b0WNI1X5jdYpnMoob5Qe4qJZT9Qyislv5-3PRmoNVdNxeLipzdFXZnpZV2qm694NXy4IdE-p1uo2J5lzA3zhw7t12XkL4YQSjsEmXcAc8QXBxfnrfo5cqzP7WQtZZEE1amqL042ydDQrHvoOizP7n2mj7V73nYvSst9_61UGft9YYmP-3aVqMBrmoXuu_SUApSHJR4xb2nSA-uy1Ln0pcIgaBXfN2nlsPdUqF9taLscocwq_Uref-Nw7bsB0QK8xxYpqErkl7NDdneeUYJU5L6-0e17-7uzhdu8W2-7AtlQIC4KKTxPcsmOs-5EbMxecPhGmmfxJVz68cZMZjKjH2jtasHEn4U9hrxwIksj_5TsvQrzI14npP5GgUFnD7SbS3HNriBD63krf6p88nJAjdb4aMfhz9o7uX7zVnC2CtVuF_6h9wulgyCJ7bM6mCLoveGgFnsbESrVVolpcebQbSh-UjwKfbk5tVxKDcF9Oj58Usc_1bVVBkzSywlV6uNfr3XsVjAtjeLSaQ1Yw0chTWTHyhC_RPQ0i2uYlqiYcXsIbgMYx-GrzMQ7KQW8rJkerFwLb_hJn3RIg2rmXBFMjU3inxnBlOZlH4w_knFmWdlrYUZaRyWyExyHDYg31vCmR3uzgWBFCKkBbmxtmMiNZTyipU0NBILLtVW0DznRzi_1E0Gw8TVkm2UHtuxNVUWRID3WcjITfT6wIpyu0BkEn1EkcXZlphUPXGwzAfqA0iNyAgu244FrkzjATtF1IongFPBXdsdrwzXAslLLqUzK-kn5RIflli6_hNALQ2S0X06HNWRy0GhOa41TGIpVoJ94ntWuvIKefpJ0LPSQ7fnfSLk7Xk4DZRCeud7ZQim20hMBAbt6ncCVrcRLMznMOXSQ1rUss820m7AGMPOAN4MNWAXG5x5UqG0m1a9GleM0SHPMWw

Requested by

Host: 4d058c42d22747ed1f386191f2385802.safeframe.googlesyndication.com
URL: https://4d058c42d22747ed1f386191f2385802.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 29 Nov 2023 16:28:47 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK request.php Show response
hal90001.redintelligence.net/ Frame 3D32 3 KB
2 KB 126ms
90ms Script
application/x-javascript 46.4.10.49
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal90001.redintelligence.net/request.php?zone=33lgkyejwpt3&nw=20&renderingType=javascript&namespace=bb04321330&subid=&uid=6bd824666208648a&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=0x0&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DC5mBkvmZnZa69BKafid4P0qS8-A-m5b2gaZ2cnKfJD_AuEAEgttfpe2CVwv6BlAfIAQmpAr4Xm8ULarI-qAMByAObBKoEoAJP0EkEFO3PQwN87a8zhEH4jxtIOj8_UM8SVOg0n1gfKOtiV2CMo6Pba4oe9yZqJ2gfLn9yrBJPNxQmz5pGGgRvvtINEEQzCn27Lfe7Uc2zl0jbWfG_tgNLitXxrDoHX5-WrP_xNZa_zKoYpox-0KYg9QuNkKBKcNgTY5YqFwGA85lNIss-2b96HYLB63TaNof18drM15-CGnmbAoDh20qHo2xEoCaR5Zyk_BkJZpo9znAbq0sNeWIKAUQCUEnNJXu38SqX0vW8Osy-4D_U6w_szaGfkIxj1fIEtahtkLsLLBSYqqQU4eUhSvWGh5lMK3mSu_uFEQm5sdu-IUQL3_wxoryAgVXyhdKHOxOq8J84-yMjAp7AU7EoN6xdR8UuUG_ABOuP_I73A-AEA4gF76-WiD6QBgGgBk2AB6yt9Z8DqAfZtrECqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIHwiA4YAQEAEYHzICqgI6AoBASL39wTpY09beu9DpggOACgGYCwHICwGADAGiDBQqEgoQ5LSxAu61sQK1uLECu7uxAqoNAkRFsBOH77EV0BMA2BMDiBQB2BQB0BUB-BYBgBcB%26ae%3D1%26num%3D1%26cid%3DCAQSOwDICaaNrCmSD7__gs0hTIlSa3ZchGv7cN7_oDfeLwU-eTyxO36L-cGNljrC_0upaeAH47kNpojhJYWkGAE%26sig%3DAOD64_383-BaVfQN0912nlmt-YigdY8dSA%26client%3Dca-pub-5928161074779380%26dbm_c%3DAKAmf-A1vCU8o8hfwoSa1n0Ma9sGQV3D2GVrzXbvjRURzFS5wIi3RVV5EOIjLZ8LzmswRXXoWAsqh2oYvCyIcQ-YCJ3y7UXrCLX0_GwcrwirB0FIZSW64SPno79_-YICXJne8yPiQ0Pt8xu0hOG6nrZciACbiLpTlb7sUScITWGMY5e7g7cYFmY%26cry%3D1%26dbm_d%3DAKAmf-AW2A8KZHGkzYZquoD_7oo6V6ddMfT2juLLyJpLrYhhhnCKw7c7T-A5-vDqktAfhEsqegVZZPND-4dxRotI9pQlNwzyuL2jx-QkLy24kkn0fB13SiLGVnmVjVX2_o1ey_sg0V7p6iGooIrpWeyIf7XojSNk6IZNYRSDz1iKYKthyX0eOz5n5RxeYkX_buRMpJo_BxVFhla8UYK_yP_UM4Gg2h2JaZXuwb3yEHdCeIEXRR8lVIOTM-X06vzMxwE7HmD0ttdUcg1gbe-uuru2Vbwiw2Kfb_v_K2oR2atzqyvlfpRMXzI6L76c_VBPR8ANjNn9Vmio0kmlaVp2hPiT5KlIeY2N4IFR330IC7U7wMdciZLcTTg8YPbtkUv_uwyTN106DrXLYeWibzwNOyXD0HZ8bYYKddyoA2W_EOdQAhAfWUrBFl8a5lSuRe8--JbufR2MrOPQ30vQu_iI-GEAgJ_0LARBV3ikh853L5ceKP1RP-aTNZALa6MHM-CGCbd5Z4Q5-HjAQiGuhiy97SsJSPT0NkmiwgyOKsQ5oKsnTR2iJ-oY2dn9v_lqd4hftCd8XbsKt4OtgvIpzk07iV0ygMBOxClK3w%26adurl%3D&documentReferer=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fhtml%2Fr20231109%2Fr20110914%2Fzrt_lookup_fy2021.html%3Ffsb%3D1%23RS-1-%26adk%3D1812271804%26client%3Dca-pub-5928161074779380%26fa%3D4%26ifi%3D7%26uci%3Da!7%26btvi%3D2&ancestorOrigins=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Chttps%3A%2F%2Fcybernews.com&random=13243148252&isIframe=1&container=&adPos=0x0&adPosCheck=0x0&adtagId=0
Requested by: Host: hal9000.redintelligence.net
URL: https://hal9000.redintelligence.net/zone/33lgkyejwpt3?subid=&gdpr=&gdpr_consent=&rnd=1701275326073390&extVar[]=DV360_SSP:1&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DC5mBkvmZnZa69BKafid4P0qS8-A-m5b2gaZ2cnKfJD_AuEAEgttfpe2CVwv6BlAfIAQmpAr4Xm8ULarI-qAMByAObBKoEoAJP0EkEFO3PQwN87a8zhEH4jxtIOj8_UM8SVOg0n1gfKOtiV2CMo6Pba4oe9yZqJ2gfLn9yrBJPNxQmz5pGGgRvvtINEEQzCn27Lfe7Uc2zl0jbWfG_tgNLitXxrDoHX5-WrP_xNZa_zKoYpox-0KYg9QuNkKBKcNgTY5YqFwGA85lNIss-2b96HYLB63TaNof18drM15-CGnmbAoDh20qHo2xEoCaR5Zyk_BkJZpo9znAbq0sNeWIKAUQCUEnNJXu38SqX0vW8Osy-4D_U6w_szaGfkIxj1fIEtahtkLsLLBSYqqQU4eUhSvWGh5lMK3mSu_uFEQm5sdu-IUQL3_wxoryAgVXyhdKHOxOq8J84-yMjAp7AU7EoN6xdR8UuUG_ABOuP_I73A-AEA4gF76-WiD6QBgGgBk2AB6yt9Z8DqAfZtrECqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIHwiA4YAQEAEYHzICqgI6AoBASL39wTpY09beu9DpggOACgGYCwHICwGADAGiDBQqEgoQ5LSxAu61sQK1uLECu7uxAqoNAkRFsBOH77EV0BMA2BMDiBQB2BQB0BUB-BYBgBcB%26ae%3D1%26num%3D1%26cid%3DCAQSOwDICaaNrCmSD7__gs0hTIlSa3ZchGv7cN7_oDfeLwU-eTyxO36L-cGNljrC_0upaeAH47kNpojhJYWkGAE%26sig%3DAOD64_383-BaVfQN0912nlmt-YigdY8dSA%26client%3Dca-pub-5928161074779380%26dbm_c%3DAKAmf-A1vCU8o8hfwoSa1n0Ma9sGQV3D2GVrzXbvjRURzFS5wIi3RVV5EOIjLZ8LzmswRXXoWAsqh2oYvCyIcQ-YCJ3y7UXrCLX0_GwcrwirB0FIZSW64SPno79_-YICXJne8yPiQ0Pt8xu0hOG6nrZciACbiLpTlb7sUScITWGMY5e7g7cYFmY%26cry%3D1%26dbm_d%3DAKAmf-AW2A8KZHGkzYZquoD_7oo6V6ddMfT2juLLyJpLrYhhhnCKw7c7T-A5-vDqktAfhEsqegVZZPND-4dxRotI9pQlNwzyuL2jx-QkLy24kkn0fB13SiLGVnmVjVX2_o1ey_sg0V7p6iGooIrpWeyIf7XojSNk6IZNYRSDz1iKYKthyX0eOz5n5RxeYkX_buRMpJo_BxVFhla8UYK_yP_UM4Gg2h2JaZXuwb3yEHdCeIEXRR8lVIOTM-X06vzMxwE7HmD0ttdUcg1gbe-uuru2Vbwiw2Kfb_v_K2oR2atzqyvlfpRMXzI6L76c_VBPR8ANjNn9Vmio0kmlaVp2hPiT5KlIeY2N4IFR330IC7U7wMdciZLcTTg8YPbtkUv_uwyTN106DrXLYeWibzwNOyXD0HZ8bYYKddyoA2W_EOdQAhAfWUrBFl8a5lSuRe8--JbufR2MrOPQ30vQu_iI-GEAgJ_0LARBV3ikh853L5ceKP1RP-aTNZALa6MHM-CGCbd5Z4Q5-HjAQiGuhiy97SsJSPT0NkmiwgyOKsQ5oKsnTR2iJ-oY2dn9v_lqd4hftCd8XbsKt4OtgvIpzk07iV0ygMBOxClK3w%26adurl%3D
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 46.4.10.49 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.49.10.4.46.clients.your-server.de
Software: Apache /
Resource Hash: 106b65da19794d8506108243da5633f7e83d6562f67d8f6a7b59dd90e7cf089c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 29 Nov 2023 16:28:47 GMT
Content-Encoding: gzip
Server: Apache
Vary: Accept-Encoding
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: application/x-javascript; charset=utf-8
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
X-NEORY-SubId: 72816100134992804444556012523001
Connection: close
Content-Length: 1094
Expires: Wed, 29 Nov 2023 16:28:47 +0100

GET
H3 200 62bHydCX.html Show response
tpc.googlesyndication.com/sodar/ Frame 9923 38 KB
13 KB 28ms
27ms Document
text/html 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/62bHydCX.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

eb66c7c9d097d5ba414230f422484c17fa6f37157d30e1ded2cc5f65a9667987

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 306607
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: br
content-length: 13045
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Sun, 26 Nov 2023 03:18:40 GMT
expires: Mon, 25 Nov 2024 03:18:40 GMT
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ Frame CF76 273 KB
91 KB 22ms
22ms Script
application/javascript 2a00:1450:4001:80f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-Q7C756EV6G&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TBMT2SF

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

89d184a593ccc33952838029fb12555deda79106244f026bca102216446ce144

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://adv.office-partner.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Wed, 29 Nov 2023 16:28:47 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 92921
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Wed, 29 Nov 2023 16:28:47 GMT

GET
H2 200 pvClk.min.js Show response
analytics.webgains.io/ Frame FE32 53 KB
19 KB 49ms
16ms Script
application/javascript 108.138.36.48
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.webgains.io/pvClk.min.js
Requested by: Host: track.webgains.com
URL: https://track.webgains.com/link.html?wglinkid=2513135&wgcampaignid=99582&js=1&viewref=61389200112753804444978012523004&nw=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.138.36.48 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-138-36-48.muc50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: fbc6bed540723f219a878e5735ae8cb1c05aa9f7012bf21870cd79e41af25bcd

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://4d058c42d22747ed1f386191f2385802.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Wed, 29 Nov 2023 16:26:54 GMT
content-encoding: gzip
via: 1.1 f52fb277cecd3d7de14d996c1f683de2.cloudfront.net (CloudFront)
last-modified: Thu, 23 Nov 2023 16:26:10 GMT
server: AmazonS3
x-amz-cf-pop: MUC50-P2
age: 114
x-amz-server-side-encryption: AES256
etag: W/"1180a1bfee0aad979766ecd6180b923e"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
x-amz-cf-id: CcEE06Ht3tOJ-WKWCIhJPgflw44aWhrlBMIiHzxKxKHtJPlSTQYYLQ==

GET
H2 200 1x1.png
cdn.track.production.webgains.team/7121/ Frame FE32 3 KB
3 KB 35ms
8ms Image
image/png 99.86.4.94
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.track.production.webgains.team/7121/1x1.png?Expires=1701275627&Signature=oGJTp3b-ujS4j5MCcD2~APEjNQmoBUOZWmoAN00SjgytegZpVp0hqe1Xmtv8iRIseTRWr8trdC7yqq9dySXvbpqjA8cgjhEfReHnunn095lU5jmE6O5YB6fqusxIu1AfqPA4Lb0N504QvL-Q40zz5JizNsOpn-4KAX5d7Kki7DVwXZrgU-6uJ5yHjz-3aszDlIABzDzaBCS0tWpJxsXgCjQb3MIP-UerSQqx29AoL6SD3Nj96mSmkNXLVjZlUaBcN9pW66~T1QGzG7YScywVRibYfxRF6whN4NWAZ6Gr8UVjQmncr7qQz2a1gsZp3j38j~YOgbW9Kim7O7hKqYPTqw__&Key-Pair-Id=K28VXAGA7VWE0O
Requested by: Host: 4d058c42d22747ed1f386191f2385802.safeframe.googlesyndication.com
URL: https://4d058c42d22747ed1f386191f2385802.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.86.4.94 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-4-94.fra6.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 232d3fbf590a584138bb563319747dbef0c9e41db91f19ff45d41e785a5f4f98

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://4d058c42d22747ed1f386191f2385802.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

x-amz-version-id: null
date: Wed, 29 Nov 2023 07:14:33 GMT
via: 1.1 92ab13182d4b89ed20b3b5c10adc4f22.cloudfront.net (CloudFront)
last-modified: Fri, 06 May 2022 11:40:06 GMT
server: AmazonS3
x-amz-cf-pop: FRA6-C1
age: 33255
etag: "4e57de0506fbdb487ffcd53b450caee1"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: image/png
accept-ranges: bytes
content-length: 2808
x-amz-cf-id: jKGmQ_cQGFjPzs6D-83BqeKKvEwauwwfqkwghKrITcetxR44PJR-aw==

GET
H3 200 GOa2ZK97xVqw-WOSDw2lqG4V8l_qTiI5JNj0tnI6N88.js Show response
pagead2.googlesyndication.com/bg/ Frame 9923 39 KB
15 KB 14ms
13ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/GOa2ZK97xVqw-WOSDw2lqG4V8l_qTiI5JNj0tnI6N88.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/62bHydCX.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

18e6b664af7bc55ab0f963920f0da5a86e15f25fea4e223924d8f4b6723a37cf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Wed, 29 Nov 2023 12:42:36 GMT
content-encoding: br
x-content-type-options: nosniff
age: 13571
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15296
x-xss-protection: 0
last-modified: Mon, 06 Nov 2023 16:38:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 28 Nov 2024 12:42:36 GMT

GET
H3 200 Q12zgMmT.js Show response
tpc.googlesyndication.com/sodar/ Frame 1196 41 KB
14 KB 27ms
25ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-DNSKCI_Yew_jQRvgv_z9FwjuvCAHtNq_oWxsRnq5gJy03949BvoJboNDz8H_hCe2b45h4jloDcwQMIsBbldXWaKk5d3Ss6E5_RXo1E7_luO3-ch3wqGo_kLaRro1MlPhK0UQrF4n9SDTqwhTyp7hO72xfmQclef3uRuzfnyS8j7E70ebQ&cry=1&dbm_d=AKAmf-AoNOUeGFh58Y-rX57URjtiTdUmLnPigJLO1O2UbV9qObff9DRfkCgOyLbu2-aSqxjBhbw_HyslgP1a17IraVB_IVSpTuOybU2IiC4PVxAHRvPE-tdkMyRBn4bIru47GLvlKRoVpyDlcrF4nsa8Fd-rcCX5BD9CFANC2OoR2qssTEK1wTloonKG6RxtSUkqg255Ts6zGp1P5XwhT3wo2JkJ1zGcMxz4OkcXXY56-dE9QlWPAF4As8v_Gsu1XWTKUCHWuzG1gOSmcJiXnDCxlGmw6cm35hvw7xaJ0BW9mbDGlQ4KmXNcsvS5mzc7AaiSTWQFybQDYDZmxZkKqI8l_LGH-B60wD5AOpTi0D7z1V2FUXX4Z5i_7om5m7_RtVbA01xFes8rqNzG5RgAoGTs7zUAQ0DuvhwtRVAdjk3KXuufwS-m5By5CdWrEmjhLmghI4QIVy5Nrh9gq3cskJwxzfAIKcVixULuuPEvl3MHeThMKWEZsEwinJJ5iu8xNSySIaw_E6nO9LJv_nuAVj_a0Y3SD0gxTtSFtVqzOatyApj5EXBTcIHXZhhldWE5APJddUSeK07957XgJNdPDKe9ris-EusPCjhKfi6KRbf8NKoznzoFXFepDQpwE3CIgIz81jHUbkw8SvUi592KjfAyxaJiZipaWgRcNSGNGgmwRjrrTaUZ1zBBXPSVf9taEXe2dWIhOtkIIMvGA5LTHw8EmEcKyhgTwqY4mu0iXEzJXUkCsNCWMES2Lm9tHDkSKG1M-dEp6-8zO-4icZVrU8TR-mFt8M1zMmmUwU-15vg6p6Qci0Y7W16dJXhq6E5CcCoGfW5oLqAZdtCL-Y345J3p0-1-667siIPzuaWB15oOkAuNzTCR0Brbsbo5q9PQbPnfN1o4eKyovtHWEIBYBvhipG5jl87d7jMc0-FTGtVXCwz2O6_1NXmKtvsaqIsk5wOxlBsyJcyOu4Zhv84F0ef1Bz-bLJ3vYWXR74gZicseI9lnR5rppDeHbpvvDlyrqoD-OiMqe1IIEQlEhG8KgUAtrz4KbcmBdWyGl7pHq4J2No9VcxXwWfrQiQIp-ZFLqxy01P-ocINElOfIR8_bLClz8NkClCeXA3eK3iqtC4s6psIVJBwKCFCy3b3FFXXBqIin3s14Fh3RUZ03RC8VzMB7WLdL8EezcRRxOuQDnXMb8SzWFnLxBMUu3iVAL8R_gyBPQiZeqDw6ZBbbzQ6bdYp3zzhyfUU66aytGiugkeYptEiJpYwkfNflfRQmPSwEebkPz-QkiLnvgWox3F3UghcB5Ztm1Y39wbKzwyKNr8x5YZ0EonZcM1UZvHOXxvXTtOTeB1jxljo0TbZnbrEq6TDEdnE2AtKy0X_b-vO3lmEFbfRalm8Ddb9g2owrbgnX-YC5VPpx7hn8fAR_KTJ2a3si4No0C2v4lyNrUqynkfES3ij6Uht8PSNiHjx7_JudmHy-Dq2Ex4Rae_tXs4KHcSiYzqW4vGwxkDgvUc839mwWk4n-orVe905d1KkyKdmN6kgAUbZLN2SUwkYvkD_8N32p_genJxbqcYvU2tWHxVQ46plFpp6XGay_1e5tQBz7ztuYZPeEAImcOVjTzEPsMQqOzMttmGgdlCsESUtqF8JWU7EYi0VuHas2DPwfm7k6LoGFmk7-M2TFswWtixlnLXFaeI_BtePVvKxKJiUhN51dXjqw-hmCBW5FyDLphjEkVPEInuzqFj2Acvx0zt57MI31W-zq57w0Ekd3ge7uj_iGYZjBV22jX2mgXMbFsKyFmef4X9x17yNlFkhxw_gQY2AgU-u5-CIetUCXzKa-dezDWXYAIyLutYmgcOuzmNWWrYdJCRCtBP8uCnln0LHzYtA2rCwdzs7-KqvCVeRg5Iz7yfxeJkxz0-V4_FlNU01N42dCJ4H0snEk0LMC59jTysSqT7vNwuadQ8jtKUUKSYidpmZiXNJRB4A2LotQvgP3lVNYbUwwh3X02whfxk817oTgVK-mJJrQUGetIy4Kzul-yw30fTd56UnLhagQtxCjRFfS38a5lDpc_DJqsK_8SP5hMK_GnpeWVD1EU1AAxcWz6CLMoMycPdsSwlZfXonuG7Lr06TGpmgAINUPnWs56rTPnlCtCC_Gdt0QPB-dHB3dUTg32e7pxeSY5RROkvIzhI42hLkhJhGOhTE-YpfvqvR1IX07PEMZIxOzDp1f0KgNiuSJ9WD6LCvG2jwdFxGtnUdJYY77Jw3DdePzjcjUOCw2w0cF7Ma_c4cg1NRjVAJfHIcFjQ2LFmrKXmMotYQVPtCyj5A2MEzY2-cxiJL2TU4-tDZCAJAkudZ8uj0SvGjs64RkKDsRrBMxLLrOAPNeYYLnyN8SsSUeIo4Aqw4ifImICVDyg5RZTk_zhazIjcPIKsk789al7hoMnZq-DECheW0cVyRB6d88AXZ6sRs9Vee5_02-cn6pnW8ovQQ2oVDV3YFRv8seM53DAwDlBjpSLIZeu5o6d51mzRzi4V7LC_553uzngTPOQBGvBwpN1hKwupPQHkC12qAGCKM0Y-1xnMJ4R3cvGcrYpaWNL_yKPq_iyNzFEH29nOV4VJjdPdPxyH9xC_vGVLEWRF4AH6918pwL-ihvj6wpGfvF7Op53c15rqWiRF33SdwdyaYTMps44vEfLws3VeYe0kFIQo4HJirL5SuJQhtoLG-PUYvTliRO_U9kqSpgWZwd0dRIHAFlYYIc-ox3yFF2icB0HRX-s16uU2rHI5SlPZ_60saFIREGY5Z5Fojh0P0UZost_IpYD0swszn1iKy4ql6y99n9k_uu12ITZ5hL0IGLD2a6LdrFSpx_BEd4kLRZv7RdERijuLlKdndB8e-YPmVxBAG2zYVYyqiKC2QTMeW9cOmfIAIdZ7iTwW85_wlfzeBdCR1whoPcre_waReHBVXwsdsHN7F1kjpFyvyKTCwS6zG3MCSofqT8A3C4KDPy2yvFAlPQd95vptKbvHz_CNDouDTpNV6oQi4fCaYpkvSXAIaPYXxjTq9N0paSBmv9SDG0Mk703hs0pD0fN_h_peTgXvd4sSM1GRQW7q7SIqFXYN1POabo0RlZZgkXSF-VYptjvK7rlP5UDgFE-RXNtqeBDdcq6Imy_xjNb8aeYRXrehEoadEiZjCPBwKj4Ys9UQat7A2HlJUWfV6i2uq7kesO-c407OYyCyxoRNbO9DcDXrpwpQd8zythHHaNn24VXkNs0y0lcRPxEPCwiDyzxkFMTJTAe4FN7lxlpByyjkTSGBY_rCrsG5OmCzrGFupmNU_W4_ejee64ZjaPgkLGpvme-8QQ5Xm4cuSfZhlBFpTDZ4L6wuLchyw-h4f8jYr5lifgtqLen-ukt9lEFWjvZ8jXWXByWY7VZe0nMRlOgZSSVvf3YDn6Vqv2o_YTs-jnypOQr_ymoNHdAwwCQCcTj5axhCUT2iph-AYuIw5gSGXxYLc5dJk4pO7xfljhpc_cx8fj24S9V63uBAfhKfxaThPEb9HYF4gt3w5K_7az-UZ1hXXwhv8VehKWxY79npHXf3z-viNYl30jTtCtUiZ7Ltx832y82v7PrdBDZdOOFpQO26FiwES7aMdtMeqbdt4Dz7ojn2wVOPmm5UDw8soQhtK_newW1d8gDqfR94jXj9-_pmOgdXSTz9Ft8MecB5_LiWMYpxYW6NA1eUvWii04Z3oXuXJiIJ-jdvk49UuKz1t3ydDGNkF6E2NczeSHD2G0kMpHIyprjs9kuPOoF-cqoteGaHEgQyFJlP5LeweSx_hNCusTcTCRAuQW8RAWm9AnMThudHyuEChchGtMMqSEvsYAXL-z6QpUFBXQMtL3H2gW4YtyYJOKW8n4iXgEMMvHxsb41Wp_zioCUsA_ZDazR3fBISCcRYvRAXs6txb71_MlfYuo-MPsJ5h9xSLLiyh_CoduGatnACQ0Y89nA8KtP9Kep4Y68-8RVDUq5uQaLIdz8tZ2JxfL6_7cq64VjcZ-TckkL-BCOxbKK9Es9xg&cid=CAQSOwDICaaNrCmSD7__gs0hTIlSa3ZchGv7cN7_oDfeLwU-eTyxO36L-cGNljrC_0upaeAH47kNpojhJYWkGAE&dc_eid=31079495&dv3_ver=m202309260101&rfl=https%3A%2F%2Fcybernews.com&ds=l&xdt=1&iif=1&cor=6078281579516912000&adk=2935317967&idt=159&cac=0&dtd=4

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

435db380c9936c0970dcd3d9941eab6aec2fcf2a38c3e2b4e02d957e8e76bd1f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 24 Nov 2023 18:05:08 GMT
content-encoding: br
x-content-type-options: nosniff
age: 426219
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13937
x-xss-protection: 0
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 23 Nov 2024 18:05:08 GMT

GET
H3 200 attribution_src_register;crd=cXVlcnlfZXZlbnRfaWQgewogIHRpbWVfdXNlYzogMTcwMTI3NTMyNzEwMTI0NgogIHNlcnZlcl9pcDogMTI2MDY1ODM4CiAgcHJvY2Vzc19pZDogMTAyMzc1NTExMgp9CmZsb29kbGlnaHRfY29uZmlnX2lkOiAxMTg2ODk0...
ad.doubleclick.net/ddm/activity/ Frame 1196 0
22 B 53ms
51ms Image
image/png 172.217.16.134
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ad.doubleclick.net/ddm/activity/attribution_src_register;crd=cXVlcnlfZXZlbnRfaWQgewogIHRpbWVfdXNlYzogMTcwMTI3NTMyNzEwMTI0NgogIHNlcnZlcl9pcDogMTI2MDY1ODM4CiAgcHJvY2Vzc19pZDogMTAyMzc1NTExMgp9CmZsb29kbGlnaHRfY29uZmlnX2lkOiAxMTg2ODk0MwphZHZlcnRpc2VyX2RvbWFpbjogImh0dHBzOi8vcmVkaW50ZWxsaWdlbmNlLm5ldCIKeGZhX2F0dHJpYnV0aW9uX2ludGVyYWN0aW9uX3R5cGU6IFZJRVcKaW1wcmVzc2lvbl9wcmlvcml0eTogMAppbXByZXNzaW9uX2V4cGlyeV9pbl9kYXlzOiAzMApldmVudF9pbXByZXNzaW9uX2lkOiA5NTI3OTM4MTM5NzMxNzY3MjU5CmRlYnVnX2tleTogMTkwNDAzMDYwNDIxNDI1MjY4MgppbXByZXNzaW9uX21lYXN1cmVtZW50X2RpbWVuc2lvbnNfZGF0YSB7CiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uOiBJTVBSRVNTSU9OX0RJTUVOU0lPTl9QUk9EVUNUX1RZUEUKICBtZWFzdXJlbWVudF9kaW1lbnNpb25fdmFsdWUgewogICAgaW50NjRfdmFsdWU6IDIKICB9Cn0KaW1wcmVzc2lvbl9tZWFzdXJlbWVudF9kaW1lbnNpb25zX2RhdGEgewogIG1lYXN1cmVtZW50X2RpbWVuc2lvbjogSU1QUkVTU0lPTl9ESU1FTlNJT05fSU5URVJBQ1RJT05fVFlQRQogIG1lYXN1cmVtZW50X2RpbWVuc2lvbl92YWx1ZSB7CiAgICBpbnQ2NF92YWx1ZTogMwogIH0KfQppbXByZXNzaW9uX21lYXN1cmVtZW50X2RpbWVuc2lvbnNfZGF0YSB7CiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uOiBJTVBSRVNTSU9OX0RJTUVOU0lPTl9JTlRFUkFDVElPTl9EQVRFCiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uX3ZhbHVlIHsKICAgIHN0cmluZ192YWx1ZTogIjIwMjMtMTEtMjkiCiAgfQp9CmltcHJlc3Npb25fbWVhc3VyZW1lbnRfZGltZW5zaW9uc19kYXRhIHsKICBtZWFzdXJlbWVudF9kaW1lbnNpb246IElNUFJFU1NJT05fRElNRU5TSU9OX0ZMT09ETElHSFRfQ09ORklHX0lECiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uX3ZhbHVlIHsKICAgIGludDY0X3ZhbHVlOiAxMTg2ODk0MwogIH0KfQppbXByZXNzaW9uX21lYXN1cmVtZW50X2RpbWVuc2lvbnNfZGF0YSB7CiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uOiBJTVBSRVNTSU9OX0RJTUVOU0lPTl9DT1JFX1BMQVRGT1JNX1NFUlZJQ0UKICBtZWFzdXJlbWVudF9kaW1lbnNpb25fdmFsdWUgewogICAgaW50NjRfdmFsdWU6IDAKICB9Cn0KaW1wcmVzc2lvbl9tZWFzdXJlbWVudF9kaW1lbnNpb25zX2RhdGEgewogIG1lYXN1cmVtZW50X2RpbWVuc2lvbjogSU1QUkVTU0lPTl9ESU1FTlNJT05fUExBVEZPUk1fVFlQRQogIG1lYXN1cmVtZW50X2RpbWVuc2lvbl92YWx1ZSB7CiAgICBpbnQ2NF92YWx1ZTogMAogIH0KfQppbXByZXNzaW9uX21lYXN1cmVtZW50X2RpbWVuc2lvbnNfZGF0YSB7CiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uOiBJTVBSRVNTSU9OX0RJTUVOU0lPTl9RVUVSWV9DT1VOVFJZCiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uX3ZhbHVlIHsKICAgIHN0cmluZ192YWx1ZTogIlVTIgogIH0KfQppbXByZXNzaW9uX21lYXN1cmVtZW50X2RpbWVuc2lvbnNfZGF0YSB7CiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uOiBJTVBSRVNTSU9OX0RJTUVOU0lPTl9QTEFDRU1FTlRfSUQKICBtZWFzdXJlbWVudF9kaW1lbnNpb25fdmFsdWUgewogICAgaW50NjRfdmFsdWU6IDMzMjE3NTQzNwogIH0KfQppbXByZXNzaW9uX21lYXN1cmVtZW50X2RpbWVuc2lvbnNfZGF0YSB7CiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uOiBJTVBSRVNTSU9OX0RJTUVOU0lPTl9EVjNfQURWRVJUSVNFUl9JRAogIG1lYXN1cmVtZW50X2RpbWVuc2lvbl92YWx1ZSB7CiAgICBpbnQ2NF92YWx1ZTogODc4MjQzNjk2CiAgfQp9CmltcHJlc3Npb25fbWVhc3VyZW1lbnRfZGltZW5zaW9uc19kYXRhIHsKICBtZWFzdXJlbWVudF9kaW1lbnNpb246IElNUFJFU1NJT05fRElNRU5TSU9OX0RWM19MSU5FX0lURU1fSUQKICBtZWFzdXJlbWVudF9kaW1lbnNpb25fdmFsdWUgewogICAgaW50NjRfdmFsdWU6IDE2NjYwMTQyMDYzCiAgfQp9CmltcHJlc3Npb25fbWVhc3VyZW1lbnRfZGltZW5zaW9uc19kYXRhIHsKICBtZWFzdXJlbWVudF9kaW1lbnNpb246IElNUFJFU1NJT05fRElNRU5TSU9OX0RWM19DUkVBVElWRV9JRAogIG1lYXN1cmVtZW50X2RpbWVuc2lvbl92YWx1ZSB7CiAgICBpbnQ2NF92YWx1ZTogNDE2MjE2Nzg3CiAgfQp9CmFyY2hldHlwZV9pZDogMTIKYXJjaGV0eXBlX2lkOiAxMwphcmNoZXR5cGVfaWQ6IDE0CmFyY2hldHlwZV9pZDogMTUKYWR2ZXJ0aXNlcl9jb252ZXJzaW9uX2RvbWFpbnM6ICJodHRwczovL3JlZGludGVsbGlnZW5jZS5uZXQiCmFkdmVydGlzZXJfY29udmVyc2lvbl9kb21haW5zOiAiaHR0cHM6Ly9hZC1zcnYubmV0IgphZHZlcnRpc2VyX2NvbnZlcnNpb25fZG9tYWluczogImh0dHBzOi8va2xpY2std2VsdC5kZSIKaW1wcmVzc2lvbl9ldmVudF9yZXBvcnRpbmdfd2luZG93X2RheXM6IDQKYnJvd3Nlcl9hdHRyaWJ1dGlvbl9hcGlfcmVxdWVzdF9wcm9jZXNzaW5nX2JpdHM6IDczODE5NzUwNAo

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.16.134 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 29 Nov 2023 16:28:47 GMT
x-content-type-options: nosniff
attribution-reporting-register-source: {"aggregation_keys":{"12":"0xdcef201938bdf00c0000000000000000","13":"0x944de669759348fb0000000000000000","14":"0x78c55fa5da1cfd1f0000000000000000","15":"0xfd239274922859e00000000000000000"},"debug_key":"1904030604214252682","debug_reporting":true,"destination":"https://redintelligence.net","event_report_window":"345600","expiry":"2592000","filter_data":{"14":[],"8":["11868943"]},"priority":"0","source_event_id":"9527938139731767259"}
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type: image/png
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK 33lgkyejwpt3 Show response
hal9000.redintelligence.net/zone/ Frame 1196 12 KB
4 KB 36ms
14ms Script
text/html 144.76.104.53
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal9000.redintelligence.net/zone/33lgkyejwpt3?subid=&gdpr=&gdpr_consent=&rnd=1701275326073391&extVar[]=DV360_SSP:1&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCGZspvmZnZa-9BKafid4P0qS8-A-m5b2gaZ2cnKfJD_AuEAEgttfpe2CVwv6BlAfIAQmpAr4Xm8ULarI-qAMByAObBKoEoAJP0F79aagIoM22wLNciEaXsjW8ViriZhVVw1KUY4EFKdlHLNMj54jbc9DurcOUV1sTKMEAy4bq8RGGOGyVHicHG4xLeEfEM5uvfz_5fVgbO1ti3A65KEF8_ACy_Jlq8681_V0IezxDLqWx763MUrBZP5KNBNYOVitBDBUW9fOMY2B7686VScE8HYxgUQfb7KkzXpEJFdR7nQvapRawJCv67-uJGPNpUUXhE4-b8RW-WcRIdWpq3tnqej-FlK10kRYEhXwVHDEuDiTcWsFfhnWWataGIlpbRqrHO5ylJdFxkfCGRFQ6vbEaeVwFM2aRs2cY8TAvVdtmaO6r_MjxoPf7F7mTjzigUZQ93vJZ_HTd7YqJLDKC6DKov_5Zombdc9rABOuP_I73A-AEA4gF76-WiD6QBgGgBk2AB6yt9Z8DqAfZtrECqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIHwiA4YAQEAEYHzICqgI6AoBASL39wTpY09beu9DpggOACgGYCwHICwGADAGiDBQqEgoQ5LSxAu61sQK1uLECu7uxAqoNAkRFsBOH77EV0BMA2BMDiBQB2BQB0BUB-BYBgBcB%26ae%3D1%26num%3D1%26cid%3DCAQSOwDICaaNrCmSD7__gs0hTIlSa3ZchGv7cN7_oDfeLwU-eTyxO36L-cGNljrC_0upaeAH47kNpojhJYWkGAE%26sig%3DAOD64_3zBRQeUWmFVswbKDWFXYJZThjEfA%26client%3Dca-pub-5928161074779380%26dbm_c%3DAKAmf-C3tB1OwtSMpEZKcgDKUq6o41ZdyqE_OYAJDRbpHcIwB7oyTzcW_-ZrBdfqLFsCs60fNldQ-37XbofGojd5vKWC1KylDTdqqAMMbhC5_lPwCngCBweTmx1qU65ZyD21bGj9TCy_gj0rmwpaYiU0UmHl7wt5GdaZLD9JGbZ5f6L2C6xickE%26cry%3D1%26dbm_d%3DAKAmf-BC80feK9s9qbM3s-j1CuFllb4-gy3sBK9E5RqxlSdtCt4aEv_jPcUU7jbUA3IhsEPOq9dC0b2j_IHV29FZAzKN2-TaOYPTZK4lIvWsZMHAAgnEdMNIoEk0yt5EOA2RwEfHgV7q_lJT0GFMwMkEsR6OGRco33-QO5PEi2SRzY-LmF7TFFO1eXbENJXoT1yHy3F1jS6XHhnQ6gpBqMsDevKRLUJDlLHf-V1v84WwG3MA7DIlbI23wUijW4dCjB5vfc1CKYZjdUV0i3CCwdt_mpwSWI-xe176C5JU0mC1vZ0ZxiICbLiLYYgNO7SVxtnFGZbIULsW-dJkKjyxq3_xb50reDA345sYl3PQ9GZZRj6g26Wj7rnIxbV1F8qXpsahpH1eSFB-ncWxE6X6g5ntSNGR7udz0CuwT91gg1TbRZO0wIga_t5KIIlJQfFNgan4OYyPegPmaDsVgrK8i3rJleF5KVQElmCC9LPjR5SZ0JhipOEa0oRt1v4wNQMJK4mlxnLlyU1_EzE2MT8-o8GYT8Y8jpOpMqLU5WCimgbsOTvycSc4mHYbA91M9NbZqb8M-AwVsxBWMGlS6SEd1v_UkEAhNe3opA%26adurl%3D
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 144.76.104.53 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.53.104.76.144.clients.your-server.de
Software: Apache /
Resource Hash: 16ea92867ab0909a5fdeb4898db67f0523fbed12fd813bde7d8c212276eb4568

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Date: Wed, 29 Nov 2023 16:28:47 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 4249
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8

GET
H2 200 dc_pre=CPi8s7zQ6YIDFUJJHgIdOg4ExA;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=6558766078668.139
adservice.google.com/ddm/fls/z/ Frame E230 42 B
401 B 87ms
52ms Image
image/gif 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://adservice.google.com/ddm/fls/z/dc_pre=CPi8s7zQ6YIDFUJJHgIdOg4ExA;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=6558766078668.139

Requested by

Host: 5994599.fls.doubleclick.net
URL: https://5994599.fls.doubleclick.net/activityi;dc_pre=CPi8s7zQ6YIDFUJJHgIdOg4ExA;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=6558766078668.139?

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://5994599.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 29 Nov 2023 16:28:47 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK request.php Show response
hal900016.redintelligence.net/ Frame 1196 2 KB
1 KB 141ms
106ms Script
application/x-javascript 138.201.220.30
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900016.redintelligence.net/request.php?zone=33lgkyejwpt3&nw=20&renderingType=javascript&namespace=5193e9d042&subid=&uid=ced283c9cd816aab&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=0x0&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCGZspvmZnZa-9BKafid4P0qS8-A-m5b2gaZ2cnKfJD_AuEAEgttfpe2CVwv6BlAfIAQmpAr4Xm8ULarI-qAMByAObBKoEoAJP0F79aagIoM22wLNciEaXsjW8ViriZhVVw1KUY4EFKdlHLNMj54jbc9DurcOUV1sTKMEAy4bq8RGGOGyVHicHG4xLeEfEM5uvfz_5fVgbO1ti3A65KEF8_ACy_Jlq8681_V0IezxDLqWx763MUrBZP5KNBNYOVitBDBUW9fOMY2B7686VScE8HYxgUQfb7KkzXpEJFdR7nQvapRawJCv67-uJGPNpUUXhE4-b8RW-WcRIdWpq3tnqej-FlK10kRYEhXwVHDEuDiTcWsFfhnWWataGIlpbRqrHO5ylJdFxkfCGRFQ6vbEaeVwFM2aRs2cY8TAvVdtmaO6r_MjxoPf7F7mTjzigUZQ93vJZ_HTd7YqJLDKC6DKov_5Zombdc9rABOuP_I73A-AEA4gF76-WiD6QBgGgBk2AB6yt9Z8DqAfZtrECqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIHwiA4YAQEAEYHzICqgI6AoBASL39wTpY09beu9DpggOACgGYCwHICwGADAGiDBQqEgoQ5LSxAu61sQK1uLECu7uxAqoNAkRFsBOH77EV0BMA2BMDiBQB2BQB0BUB-BYBgBcB%26ae%3D1%26num%3D1%26cid%3DCAQSOwDICaaNrCmSD7__gs0hTIlSa3ZchGv7cN7_oDfeLwU-eTyxO36L-cGNljrC_0upaeAH47kNpojhJYWkGAE%26sig%3DAOD64_3zBRQeUWmFVswbKDWFXYJZThjEfA%26client%3Dca-pub-5928161074779380%26dbm_c%3DAKAmf-C3tB1OwtSMpEZKcgDKUq6o41ZdyqE_OYAJDRbpHcIwB7oyTzcW_-ZrBdfqLFsCs60fNldQ-37XbofGojd5vKWC1KylDTdqqAMMbhC5_lPwCngCBweTmx1qU65ZyD21bGj9TCy_gj0rmwpaYiU0UmHl7wt5GdaZLD9JGbZ5f6L2C6xickE%26cry%3D1%26dbm_d%3DAKAmf-BC80feK9s9qbM3s-j1CuFllb4-gy3sBK9E5RqxlSdtCt4aEv_jPcUU7jbUA3IhsEPOq9dC0b2j_IHV29FZAzKN2-TaOYPTZK4lIvWsZMHAAgnEdMNIoEk0yt5EOA2RwEfHgV7q_lJT0GFMwMkEsR6OGRco33-QO5PEi2SRzY-LmF7TFFO1eXbENJXoT1yHy3F1jS6XHhnQ6gpBqMsDevKRLUJDlLHf-V1v84WwG3MA7DIlbI23wUijW4dCjB5vfc1CKYZjdUV0i3CCwdt_mpwSWI-xe176C5JU0mC1vZ0ZxiICbLiLYYgNO7SVxtnFGZbIULsW-dJkKjyxq3_xb50reDA345sYl3PQ9GZZRj6g26Wj7rnIxbV1F8qXpsahpH1eSFB-ncWxE6X6g5ntSNGR7udz0CuwT91gg1TbRZO0wIga_t5KIIlJQfFNgan4OYyPegPmaDsVgrK8i3rJleF5KVQElmCC9LPjR5SZ0JhipOEa0oRt1v4wNQMJK4mlxnLlyU1_EzE2MT8-o8GYT8Y8jpOpMqLU5WCimgbsOTvycSc4mHYbA91M9NbZqb8M-AwVsxBWMGlS6SEd1v_UkEAhNe3opA%26adurl%3D&documentReferer=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fhtml%2Fr20231109%2Fr20110914%2Fzrt_lookup_fy2021.html%3Ffsb%3D1%23RS-2-%26adk%3D1812271803%26client%3Dca-pub-5928161074779380%26fa%3D3%26ifi%3D8%26uci%3Da!8%26btvi%3D3&ancestorOrigins=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Chttps%3A%2F%2Fcybernews.com&random=3286066360420&isIframe=1&container=&adPos=0x0&adPosCheck=0x0&adtagId=0
Requested by: Host: hal9000.redintelligence.net
URL: https://hal9000.redintelligence.net/zone/33lgkyejwpt3?subid=&gdpr=&gdpr_consent=&rnd=1701275326073391&extVar[]=DV360_SSP:1&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCGZspvmZnZa-9BKafid4P0qS8-A-m5b2gaZ2cnKfJD_AuEAEgttfpe2CVwv6BlAfIAQmpAr4Xm8ULarI-qAMByAObBKoEoAJP0F79aagIoM22wLNciEaXsjW8ViriZhVVw1KUY4EFKdlHLNMj54jbc9DurcOUV1sTKMEAy4bq8RGGOGyVHicHG4xLeEfEM5uvfz_5fVgbO1ti3A65KEF8_ACy_Jlq8681_V0IezxDLqWx763MUrBZP5KNBNYOVitBDBUW9fOMY2B7686VScE8HYxgUQfb7KkzXpEJFdR7nQvapRawJCv67-uJGPNpUUXhE4-b8RW-WcRIdWpq3tnqej-FlK10kRYEhXwVHDEuDiTcWsFfhnWWataGIlpbRqrHO5ylJdFxkfCGRFQ6vbEaeVwFM2aRs2cY8TAvVdtmaO6r_MjxoPf7F7mTjzigUZQ93vJZ_HTd7YqJLDKC6DKov_5Zombdc9rABOuP_I73A-AEA4gF76-WiD6QBgGgBk2AB6yt9Z8DqAfZtrECqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIHwiA4YAQEAEYHzICqgI6AoBASL39wTpY09beu9DpggOACgGYCwHICwGADAGiDBQqEgoQ5LSxAu61sQK1uLECu7uxAqoNAkRFsBOH77EV0BMA2BMDiBQB2BQB0BUB-BYBgBcB%26ae%3D1%26num%3D1%26cid%3DCAQSOwDICaaNrCmSD7__gs0hTIlSa3ZchGv7cN7_oDfeLwU-eTyxO36L-cGNljrC_0upaeAH47kNpojhJYWkGAE%26sig%3DAOD64_3zBRQeUWmFVswbKDWFXYJZThjEfA%26client%3Dca-pub-5928161074779380%26dbm_c%3DAKAmf-C3tB1OwtSMpEZKcgDKUq6o41ZdyqE_OYAJDRbpHcIwB7oyTzcW_-ZrBdfqLFsCs60fNldQ-37XbofGojd5vKWC1KylDTdqqAMMbhC5_lPwCngCBweTmx1qU65ZyD21bGj9TCy_gj0rmwpaYiU0UmHl7wt5GdaZLD9JGbZ5f6L2C6xickE%26cry%3D1%26dbm_d%3DAKAmf-BC80feK9s9qbM3s-j1CuFllb4-gy3sBK9E5RqxlSdtCt4aEv_jPcUU7jbUA3IhsEPOq9dC0b2j_IHV29FZAzKN2-TaOYPTZK4lIvWsZMHAAgnEdMNIoEk0yt5EOA2RwEfHgV7q_lJT0GFMwMkEsR6OGRco33-QO5PEi2SRzY-LmF7TFFO1eXbENJXoT1yHy3F1jS6XHhnQ6gpBqMsDevKRLUJDlLHf-V1v84WwG3MA7DIlbI23wUijW4dCjB5vfc1CKYZjdUV0i3CCwdt_mpwSWI-xe176C5JU0mC1vZ0ZxiICbLiLYYgNO7SVxtnFGZbIULsW-dJkKjyxq3_xb50reDA345sYl3PQ9GZZRj6g26Wj7rnIxbV1F8qXpsahpH1eSFB-ncWxE6X6g5ntSNGR7udz0CuwT91gg1TbRZO0wIga_t5KIIlJQfFNgan4OYyPegPmaDsVgrK8i3rJleF5KVQElmCC9LPjR5SZ0JhipOEa0oRt1v4wNQMJK4mlxnLlyU1_EzE2MT8-o8GYT8Y8jpOpMqLU5WCimgbsOTvycSc4mHYbA91M9NbZqb8M-AwVsxBWMGlS6SEd1v_UkEAhNe3opA%26adurl%3D
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.220.30 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.30.220.201.138.clients.your-server.de
Software: Apache /
Resource Hash: d349de5c76f4edeba0566920e8fd41c7e695ca7a3aac66fda794f8a5acaaaa23

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 29 Nov 2023 16:28:47 GMT
Content-Encoding: gzip
Server: Apache
Vary: Accept-Encoding
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: application/x-javascript; charset=utf-8
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
X-NEORY-SubId: 56330400132188904444556012523016
Connection: close
Content-Length: 861
Expires: Wed, 29 Nov 2023 16:28:47 +0100

GET
H3 200 62bHydCX.html Show response
tpc.googlesyndication.com/sodar/ Frame 8DA0 38 KB
13 KB 24ms
24ms Document
text/html 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/62bHydCX.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

eb66c7c9d097d5ba414230f422484c17fa6f37157d30e1ded2cc5f65a9667987

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 306607
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: br
content-length: 13045
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Sun, 26 Nov 2023 03:18:40 GMT
expires: Mon, 25 Nov 2024 03:18:40 GMT
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2

200

view.aspx Show response
pb.media01.eu/ Frame 34E4
Redirect Chain

https://pv.medialead.de/trck/epv/89f7480c0afa0150827cf163f8728151?subid=72816100134992804444556012523001&t=htlp&gdpr=1&consent=1&gdpr_consent=
https://pb.media01.eu/view.aspx?trackid=FCAFEED7E361667AB6C39756DB56E118&dt_subid1=656766bf6daf2092667aa0dd&dt_subid2=&actionid=56481&produktid=&bannerID=FYRSTDisplay&dt_url=

0
629 B

46ms
21ms

Document
text/html

88.198.250.30
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://pb.media01.eu/view.aspx?trackid=FCAFEED7E361667AB6C39756DB56E118&dt_subid1=656766bf6daf2092667aa0dd&dt_subid2=&actionid=56481&produktid=&bannerID=FYRSTDisplay&dt_url=

Requested by

Host: hal90001.redintelligence.net
URL: https://hal90001.redintelligence.net/request.php?zone=33lgkyejwpt3&nw=20&renderingType=javascript&namespace=bb04321330&subid=&uid=6bd824666208648a&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=0x0&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DC5mBkvmZnZa69BKafid4P0qS8-A-m5b2gaZ2cnKfJD_AuEAEgttfpe2CVwv6BlAfIAQmpAr4Xm8ULarI-qAMByAObBKoEoAJP0EkEFO3PQwN87a8zhEH4jxtIOj8_UM8SVOg0n1gfKOtiV2CMo6Pba4oe9yZqJ2gfLn9yrBJPNxQmz5pGGgRvvtINEEQzCn27Lfe7Uc2zl0jbWfG_tgNLitXxrDoHX5-WrP_xNZa_zKoYpox-0KYg9QuNkKBKcNgTY5YqFwGA85lNIss-2b96HYLB63TaNof18drM15-CGnmbAoDh20qHo2xEoCaR5Zyk_BkJZpo9znAbq0sNeWIKAUQCUEnNJXu38SqX0vW8Osy-4D_U6w_szaGfkIxj1fIEtahtkLsLLBSYqqQU4eUhSvWGh5lMK3mSu_uFEQm5sdu-IUQL3_wxoryAgVXyhdKHOxOq8J84-yMjAp7AU7EoN6xdR8UuUG_ABOuP_I73A-AEA4gF76-WiD6QBgGgBk2AB6yt9Z8DqAfZtrECqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIHwiA4YAQEAEYHzICqgI6AoBASL39wTpY09beu9DpggOACgGYCwHICwGADAGiDBQqEgoQ5LSxAu61sQK1uLECu7uxAqoNAkRFsBOH77EV0BMA2BMDiBQB2BQB0BUB-BYBgBcB%26ae%3D1%26num%3D1%26cid%3DCAQSOwDICaaNrCmSD7__gs0hTIlSa3ZchGv7cN7_oDfeLwU-eTyxO36L-cGNljrC_0upaeAH47kNpojhJYWkGAE%26sig%3DAOD64_383-BaVfQN0912nlmt-YigdY8dSA%26client%3Dca-pub-5928161074779380%26dbm_c%3DAKAmf-A1vCU8o8hfwoSa1n0Ma9sGQV3D2GVrzXbvjRURzFS5wIi3RVV5EOIjLZ8LzmswRXXoWAsqh2oYvCyIcQ-YCJ3y7UXrCLX0_GwcrwirB0FIZSW64SPno79_-YICXJne8yPiQ0Pt8xu0hOG6nrZciACbiLpTlb7sUScITWGMY5e7g7cYFmY%26cry%3D1%26dbm_d%3DAKAmf-AW2A8KZHGkzYZquoD_7oo6V6ddMfT2juLLyJpLrYhhhnCKw7c7T-A5-vDqktAfhEsqegVZZPND-4dxRotI9pQlNwzyuL2jx-QkLy24kkn0fB13SiLGVnmVjVX2_o1ey_sg0V7p6iGooIrpWeyIf7XojSNk6IZNYRSDz1iKYKthyX0eOz5n5RxeYkX_buRMpJo_BxVFhla8UYK_yP_UM4Gg2h2JaZXuwb3yEHdCeIEXRR8lVIOTM-X06vzMxwE7HmD0ttdUcg1gbe-uuru2Vbwiw2Kfb_v_K2oR2atzqyvlfpRMXzI6L76c_VBPR8ANjNn9Vmio0kmlaVp2hPiT5KlIeY2N4IFR330IC7U7wMdciZLcTTg8YPbtkUv_uwyTN106DrXLYeWibzwNOyXD0HZ8bYYKddyoA2W_EOdQAhAfWUrBFl8a5lSuRe8--JbufR2MrOPQ30vQu_iI-GEAgJ_0LARBV3ikh853L5ceKP1RP-aTNZALa6MHM-CGCbd5Z4Q5-HjAQiGuhiy97SsJSPT0NkmiwgyOKsQ5oKsnTR2iJ-oY2dn9v_lqd4hftCd8XbsKt4OtgvIpzk07iV0ygMBOxClK3w%26adurl%3D&documentReferer=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fhtml%2Fr20231109%2Fr20110914%2Fzrt_lookup_fy2021.html%3Ffsb%3D1%23RS-1-%26adk%3D1812271804%26client%3Dca-pub-5928161074779380%26fa%3D4%26ifi%3D7%26uci%3Da!7%26btvi%3D2&ancestorOrigins=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Chttps%3A%2F%2Fcybernews.com&random=13243148252&isIframe=1&container=&adPos=0x0&adPosCheck=0x0&adtagId=0

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

88.198.250.30 , Germany, ASN24940 (HETZNER-AS, DE),

Reverse DNS

static.88-198-250-30.clients.your-server.de

Software

Microsoft-IIS/10.0 / ASP.NET

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	1; mode=block

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Content-Range, Content-Disposition, Content-Description, X-XSRF-TOKEN, X-Location
access-control-allow-methods: GET,POST
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
content-length: 0
content-type: text/html; charset=UTF-8
date: Wed, 29 Nov 2023 16:28:46 GMT
expires: Mon, 26 Jul 1997 05:00:00 GMT
last-modified: Wed, 29 Nov 2023 05:28:47 GMT
p3p: policyref="https://pb.media01.eu/pb.media01.eu/p3p.xml", CP="NOI NID PSA OUR BUS NAV STA"
pragma: no-cache
server: Microsoft-IIS/10.0
x-aspnet-version: 4.0.30319
x-powered-by: ASP.NET
x-xss-protection: 1; mode=block

Redirect headers

access-control-allow-credentials: true
access-control-allow-origin: *
access-control-expose-headers: X-Request-ID
attribution-reporting-register-source: {"source_event_id":"25200521800103636","destination":"https://trck.easy-m.de","expiry":5184000,"filter_data":{}}
content-length: 0
content-type: application/javascript
date: Wed, 29 Nov 2023 16:28:47 GMT
host: pv.medialead.de
keep-alive: timeout=20
location: https://pb.media01.eu/view.aspx?trackid=FCAFEED7E361667AB6C39756DB56E118&dt_subid1=656766bf6daf2092667aa0dd&dt_subid2=&actionid=56481&produktid=&bannerID=FYRSTDisplay&dt_url=
proxy-host: pv.medialead.de
server: nginx/1.17.5
strict-transport-security: max-age=15768000
vary: Origin
x-iplb-instance: 53349
x-iplb-request-id: 253A3AF9:9D70_91EFC182:01BB_656766BF_4320CF:55DF

GET
H3

200

activityi;dc_pre=CPHAvbzQ6YIDFepgwgodvVsHAg;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=3732407320144.3774 Show response
8019191.fls.doubleclick.net/ Frame C2FD
Redirect Chain

https://8019191.fls.doubleclick.net/activityi;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=3732407320144.3774?
https://8019191.fls.doubleclick.net/activityi;dc_pre=CPHAvbzQ6YIDFepgwgodvVsHAg;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=3732407320144.3774?

392 B
240 B

60ms
58ms

Document
text/html

172.217.18.102
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://8019191.fls.doubleclick.net/activityi;dc_pre=CPHAvbzQ6YIDFepgwgodvVsHAg;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=3732407320144.3774?

Requested by

Host: cybernews.com
URL: https://cybernews.com/security/appscook-data-leak/

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.18.102 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

zrh04s05-in-f102.1e100.net

Software

cafe /

Resource Hash

a889aca5f8fa8eb0c2076e8be164cbbaf9c301c2c52cbc56d80ac3f233c3cd52

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=0
content-encoding: br
content-length: 217
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 29 Nov 2023 16:28:47 GMT
expires: Wed, 29 Nov 2023 16:28:47 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
strict-transport-security: max-age=21600
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, must-revalidate
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 29 Nov 2023 16:28:47 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
follow-only-when-prerender-shown: 1
location: https://8019191.fls.doubleclick.net/activityi;dc_pre=CPHAvbzQ6YIDFepgwgodvVsHAg;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=3732407320144.3774?
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma: no-cache
server: cafe
strict-transport-security: max-age=21600
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H/1.1 200
OK request_content.php Show response
hal90001.redintelligence.net/ Frame DD43 7 KB
2 KB 51ms
27ms Document
text/html 46.4.10.49
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal90001.redintelligence.net/request_content.php?s=72816100134992804444556012523001&a=087d8c25
Requested by: Host: hal90001.redintelligence.net
URL: https://hal90001.redintelligence.net/request.php?zone=33lgkyejwpt3&nw=20&renderingType=javascript&namespace=bb04321330&subid=&uid=6bd824666208648a&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=0x0&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DC5mBkvmZnZa69BKafid4P0qS8-A-m5b2gaZ2cnKfJD_AuEAEgttfpe2CVwv6BlAfIAQmpAr4Xm8ULarI-qAMByAObBKoEoAJP0EkEFO3PQwN87a8zhEH4jxtIOj8_UM8SVOg0n1gfKOtiV2CMo6Pba4oe9yZqJ2gfLn9yrBJPNxQmz5pGGgRvvtINEEQzCn27Lfe7Uc2zl0jbWfG_tgNLitXxrDoHX5-WrP_xNZa_zKoYpox-0KYg9QuNkKBKcNgTY5YqFwGA85lNIss-2b96HYLB63TaNof18drM15-CGnmbAoDh20qHo2xEoCaR5Zyk_BkJZpo9znAbq0sNeWIKAUQCUEnNJXu38SqX0vW8Osy-4D_U6w_szaGfkIxj1fIEtahtkLsLLBSYqqQU4eUhSvWGh5lMK3mSu_uFEQm5sdu-IUQL3_wxoryAgVXyhdKHOxOq8J84-yMjAp7AU7EoN6xdR8UuUG_ABOuP_I73A-AEA4gF76-WiD6QBgGgBk2AB6yt9Z8DqAfZtrECqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIHwiA4YAQEAEYHzICqgI6AoBASL39wTpY09beu9DpggOACgGYCwHICwGADAGiDBQqEgoQ5LSxAu61sQK1uLECu7uxAqoNAkRFsBOH77EV0BMA2BMDiBQB2BQB0BUB-BYBgBcB%26ae%3D1%26num%3D1%26cid%3DCAQSOwDICaaNrCmSD7__gs0hTIlSa3ZchGv7cN7_oDfeLwU-eTyxO36L-cGNljrC_0upaeAH47kNpojhJYWkGAE%26sig%3DAOD64_383-BaVfQN0912nlmt-YigdY8dSA%26client%3Dca-pub-5928161074779380%26dbm_c%3DAKAmf-A1vCU8o8hfwoSa1n0Ma9sGQV3D2GVrzXbvjRURzFS5wIi3RVV5EOIjLZ8LzmswRXXoWAsqh2oYvCyIcQ-YCJ3y7UXrCLX0_GwcrwirB0FIZSW64SPno79_-YICXJne8yPiQ0Pt8xu0hOG6nrZciACbiLpTlb7sUScITWGMY5e7g7cYFmY%26cry%3D1%26dbm_d%3DAKAmf-AW2A8KZHGkzYZquoD_7oo6V6ddMfT2juLLyJpLrYhhhnCKw7c7T-A5-vDqktAfhEsqegVZZPND-4dxRotI9pQlNwzyuL2jx-QkLy24kkn0fB13SiLGVnmVjVX2_o1ey_sg0V7p6iGooIrpWeyIf7XojSNk6IZNYRSDz1iKYKthyX0eOz5n5RxeYkX_buRMpJo_BxVFhla8UYK_yP_UM4Gg2h2JaZXuwb3yEHdCeIEXRR8lVIOTM-X06vzMxwE7HmD0ttdUcg1gbe-uuru2Vbwiw2Kfb_v_K2oR2atzqyvlfpRMXzI6L76c_VBPR8ANjNn9Vmio0kmlaVp2hPiT5KlIeY2N4IFR330IC7U7wMdciZLcTTg8YPbtkUv_uwyTN106DrXLYeWibzwNOyXD0HZ8bYYKddyoA2W_EOdQAhAfWUrBFl8a5lSuRe8--JbufR2MrOPQ30vQu_iI-GEAgJ_0LARBV3ikh853L5ceKP1RP-aTNZALa6MHM-CGCbd5Z4Q5-HjAQiGuhiy97SsJSPT0NkmiwgyOKsQ5oKsnTR2iJ-oY2dn9v_lqd4hftCd8XbsKt4OtgvIpzk07iV0ygMBOxClK3w%26adurl%3D&documentReferer=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fhtml%2Fr20231109%2Fr20110914%2Fzrt_lookup_fy2021.html%3Ffsb%3D1%23RS-1-%26adk%3D1812271804%26client%3Dca-pub-5928161074779380%26fa%3D4%26ifi%3D7%26uci%3Da!7%26btvi%3D2&ancestorOrigins=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Chttps%3A%2F%2Fcybernews.com&random=13243148252&isIframe=1&container=&adPos=0x0&adPosCheck=0x0&adtagId=0
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 46.4.10.49 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.49.10.4.46.clients.your-server.de
Software: Apache /
Resource Hash: 563b1267605b0e956edce7bc6f15175be3545fe1e304694d117cb51f38264256

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Connection: close
Content-Encoding: gzip
Content-Length: 2013
Content-Type: text/html; charset=utf-8
Date: Wed, 29 Nov 2023 16:28:47 GMT
Expires: Wed, 29 Nov 2023 16:28:47 +0100
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Pragma: no-cache
Server: Apache
Vary: Accept-Encoding

GET
H/1.1 200
OK cshow.php
www.awin1.com/ Frame 3D32 43 B
705 B 92ms
60ms Image
image/gif 23.192.250.178
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.awin1.com/cshow.php?s=3266505&v=11601&q=357526&r=113440&pref1=72816100134992804444556012523001&pv=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

23.192.250.178 Düsseldorf, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-192-250-178.deploy.static.akamaitechnologies.com

Software

Resource Hash

2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 29 Nov 2023 16:28:47 GMT
Strict-Transport-Security: max-age=86400
Node: Helix
Content-Type: image/gif
P3P: policyref="http://www.awin1.com/w3c/p3p.xml", CP="NOI NID CURa ADMa PSAa HISa OUR IND UNI PUR COM NAV"
Cache-Control: no-store, no-cache, max-age=0, must-revalidate
Awin-Akamai-Rule-Set: default
Connection: keep-alive
Content-Length: 43
Expires: 0

GET
H/1.1 200
OK cshow.php
www.awin1.com/ Frame 3D32 43 B
702 B 97ms
53ms Image
image/gif 23.192.250.178
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.awin1.com/cshow.php?s=2874697&v=22610&q=408799&r=296283&pref1=72816100134992804444556012523001&pv=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

23.192.250.178 Düsseldorf, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-192-250-178.deploy.static.akamaitechnologies.com

Software

Resource Hash

2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 29 Nov 2023 16:28:47 GMT
Strict-Transport-Security: max-age=86400
Node: Helix
Content-Type: image/gif
P3P: policyref="http://www.awin1.com/w3c/p3p.xml", CP="NOI NID CURa ADMa PSAa HISa OUR IND UNI PUR COM NAV"
Cache-Control: no-store, no-cache, max-age=0, must-revalidate
Awin-Akamai-Rule-Set: default
Connection: keep-alive
Content-Length: 43
Expires: 0

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 0D64 1 KB
643 B 13ms
13ms Document
text/html 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 637
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 29 Nov 2023 16:18:10 GMT
etag: 48472445140208031
expires: Thu, 30 Nov 2023 16:18:10 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2

200

/
r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/ Frame 0D64
Redirect Chain

https://ad.turn.com/r/cs?pid=3&google_gid=CAESEJoDFVeO-s3NjYItoVJ_EOo&google_cver=1&google_push=AXcoOmTxYlefrO2QkDGmXVIs2rdYwqwNrguZiK2eNq0oBnG2NElwCZ-jxrrw7EjEtg2AGke5DZHiWKXwyhXkIJgP8HMElQ4YgykSakA
https://cm.g.doubleclick.net/pixel?google_nid=turn1&google_cm&google_sc&google_hm=ODU4ODc3MDA1NDU4MDcyNjExMw==&gdpr=&gdpr_consent=
https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESEAtb4BlhgvkEBmErBimcRjM&google_cver=1

43 B
398 B

15ms
15ms

Image
image/gif

2001:678:cb4:bbbb::11
AMOBEE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESEAtb4BlhgvkEBmErBimcRjM&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1
Protocol: H2
Server: 2001:678:cb4:bbbb::11 , United Kingdom, ASN56396 (AMOBEE, GB),
Reverse DNS
Software: /
Resource Hash: 48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

content-type: image/gif
pragma: no-cache
date: Wed, 29 Nov 2023 16:28:47 GMT
cache-control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
content-length: 43
p3p: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"

Redirect headers

pragma: no-cache
date: Wed, 29 Nov 2023 16:28:47 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESEAtb4BlhgvkEBmErBimcRjM&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 329
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 0D64
Redirect Chain

https://um.simpli.fi/gp_match?google_gid=CAESEIncWRdgrpfQkGXrSIhWarQ&google_cver=1&google_push=AXcoOmSRCpcPj4CXnjn2vxsGf_PfjykrBDiaYYy1Y52fnYUSpapg_G5xMvRX4fvqvG-uqIer_n9hJyy579sxN_TH8p1ue0EQDSEJjss
https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=E33D4836CBD0486DA1AA366A67373F8A&google_push=AXcoOmSRCpcPj4CXnjn2vxsGf_PfjykrBDiaYYy1Y52fnYUSpapg_G5xMvRX4fvqvG-uqIer_n9hJyy579sxN_T...

170 B
188 B

27ms
26ms

Image
image/png

142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=E33D4836CBD0486DA1AA366A67373F8A&google_push=AXcoOmSRCpcPj4CXnjn2vxsGf_PfjykrBDiaYYy1Y52fnYUSpapg_G5xMvRX4fvqvG-uqIer_n9hJyy579sxN_TH8p1ue0EQDSEJjss

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 29 Nov 2023 16:28:47 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Wed, 29 Nov 2023 16:28:47 GMT
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-content-type-options: nosniff
server: openresty
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/html
location: https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=E33D4836CBD0486DA1AA366A67373F8A&google_push=AXcoOmSRCpcPj4CXnjn2vxsGf_PfjykrBDiaYYy1Y52fnYUSpapg_G5xMvRX4fvqvG-uqIer_n9hJyy579sxN_TH8p1ue0EQDSEJjss
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length: 142
expires: Tue, 28 Nov 2023 16:28:47 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 0D64
Redirect Chain

https://ipac.ctnsnet.com/int/cm?exc=1&acc=crimtan_au&google_gid=CAESELeOAjqgqC7n1R0Dmq9Qvbo&google_cver=1&google_push=AXcoOmQ0qcGDBwQgfe0yy5b_hIEwnHthqjkHbd5I1DWr5HSVhkgf1A63KDagZ3vj5gp_e53RCtc6Adj...
https://cm.g.doubleclick.net/pixel?google_nid=crimtan_au&google_push=AXcoOmQ0qcGDBwQgfe0yy5b_hIEwnHthqjkHbd5I1DWr5HSVhkgf1A63KDagZ3vj5gp_e53RCtc6AdjrczJER0lObizowonsj-GveBM&google_hm=P4apKmbvTiCWKm...

170 B
188 B

35ms
35ms

Image
image/png

142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=crimtan_au&google_push=AXcoOmQ0qcGDBwQgfe0yy5b_hIEwnHthqjkHbd5I1DWr5HSVhkgf1A63KDagZ3vj5gp_e53RCtc6AdjrczJER0lObizowonsj-GveBM&google_hm=P4apKmbvTiCWKmASgUkd5vk

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 29 Nov 2023 16:28:47 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 29 Nov 2023 16:28:47 GMT
via: 1.1 google
server: Apache-Coyote/1.1
p3p: CP="NOI DSP COR NID CUR OUR NOR"
status: 302
location: https://cm.g.doubleclick.net/pixel?google_nid=crimtan_au&google_push=AXcoOmQ0qcGDBwQgfe0yy5b_hIEwnHthqjkHbd5I1DWr5HSVhkgf1A63KDagZ3vj5gp_e53RCtc6AdjrczJER0lObizowonsj-GveBM&google_hm=P4apKmbvTiCWKmASgUkd5vk
content-type: text/html;charset=UTF-8
cache-control: no-cache, must-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 1; mode=block
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 0D64
Redirect Chain

https://e.dlx.addthis.com/e/a-1189/s-3614?redirect_provider_id=3614&ru=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Ddatalogix_dmp%26google_hm%3D%3CNA_ID%3E%26google_push%3DAXcoOmS1O1HI...
https://e.dlx.addthis.com/e/a-1189/s-3614?redirect_provider_id=3614&ru=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Ddatalogix_dmp%26google_hm%3D%3CNA_ID%3E%26google_push%3DAXcoOmS1O1HI...
https://cm.g.doubleclick.net/pixel?google_nid=datalogix_dmp&google_hm=MjAyMzExMjkxNjI4NDcwMDA1MDI2MDI3MzA5NQ%3D%3D&google_push=AXcoOmS1O1HIEuHhGQXSMxWyYJQdat4bmQYbFIju2R7mlbgHGg_cL4jDtVVXq-HURs9_FP...

170 B
188 B

25ms
25ms

Image
image/png

142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=datalogix_dmp&google_hm=MjAyMzExMjkxNjI4NDcwMDA1MDI2MDI3MzA5NQ%3D%3D&google_push=AXcoOmS1O1HIEuHhGQXSMxWyYJQdat4bmQYbFIju2R7mlbgHGg_cL4jDtVVXq-HURs9_FP1onQ499724xnKmbnDHDUv3OCToCF1AGXI

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 29 Nov 2023 16:28:47 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=datalogix_dmp&google_hm=MjAyMzExMjkxNjI4NDcwMDA1MDI2MDI3MzA5NQ%3D%3D&google_push=AXcoOmS1O1HIEuHhGQXSMxWyYJQdat4bmQYbFIju2R7mlbgHGg_cL4jDtVVXq-HURs9_FP1onQ499724xnKmbnDHDUv3OCToCF1AGXI
pragma: no-cache
date: Wed, 29 Nov 2023 16:28:47 GMT
cache-control: max-age=0, no-cache, no-store
strict-transport-security: max-age=2628000
content-length: 0
expires: Wed, 29 Nov 2023 16:28:47 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 0D64
Redirect Chain

https://pr-bh.ybp.yahoo.com/sync/adx?google_gid=CAESEHuevRvPcXZhz6GrNQGTbwk&google_cver=1&google_push=AXcoOmRWr7E4NGRwZRIny_0pwkIksipBe2hO9cbq60o3WJeZNcbZIL6Ni6u5v2pB4vvar3LaWaXDIR9hlnWOtagk6uMi_r4...
https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AXcoOmRWr7E4NGRwZRIny_0pwkIksipBe2hO9cbq60o3WJeZNcbZIL6Ni6u5v2pB4vvar3LaWaXDIR9hlnWOtagk6uMi_r4LBK4AKfo&google_hm=eS1aSkxPNzBoRTJwSFQ...

170 B
188 B

30ms
30ms

Image
image/png

142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AXcoOmRWr7E4NGRwZRIny_0pwkIksipBe2hO9cbq60o3WJeZNcbZIL6Ni6u5v2pB4vvar3LaWaXDIR9hlnWOtagk6uMi_r4LBK4AKfo&google_hm=eS1aSkxPNzBoRTJwSFQxLlQ2VG1LZkp6bzc5UGg3WDhDN35B

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 29 Nov 2023 16:28:47 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Wed, 29 Nov 2023 16:28:47 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
server: ATS
content-security-policy: sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-frame-options: DENY
location: https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AXcoOmRWr7E4NGRwZRIny_0pwkIksipBe2hO9cbq60o3WJeZNcbZIL6Ni6u5v2pB4vvar3LaWaXDIR9hlnWOtagk6uMi_r4LBK4AKfo&google_hm=eS1aSkxPNzBoRTJwSFQxLlQ2VG1LZkp6bzc5UGg3WDhDN35B
content-length: 0

GET
H2 200 usersync.aspx
dis.criteo.com/dis/ Frame 0D64 43 B
362 B 19ms
17ms Image
image/gif 178.250.1.9
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dis.criteo.com/dis/usersync.aspx?r=4&p=14&cp=google&cu=1&url=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcjp%26google_hm%3D%40%40CRITEO_USERID%40%40%26google_push%3DAXcoOmSZerFqcdw4aPJYsOYK7CbJ4bLaG3T7mb8jB9w86wekwCnI5NGTN_jz0VU1UvqvKtPN5yaGCC8dfIy6BmxUzsg04ilSTKHFa6w&google_gid=CAESEEauWM0mIT0RRPsuuWuEA88&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.1.9 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 29 Nov 2023 16:28:47 GMT
x-errorlevel: 0
strict-transport-security: max-age=31536000; preload;
server: Kestrel
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
content-type: image/gif
cache-control: no-cache
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 262162
expires: Wed, 29 Nov 2023 00:00:00 GMT

GET
H2

200

report
sync.teads.tv/um/ Frame 0D64
Redirect Chain

https://sync.teads.tv/um?ssb_provider_id=3&uid=&google_nid=teadstv_ab&fb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dteadstv_ab%26google_hm%3D%5BVID_B64%5D&google_gid=CAESEF-8kzB-LAKw...
https://cm.g.doubleclick.net/pixel?google_nid=teadstv_ab&google_hm=&google_push=AXcoOmQmRMvucPkJcECnlpeNG9PYsLnggUlq1UKlBPYK9izpwqRC9vfRxBSFa382Pqpnq2QQtAtFgkiNOtx2iX7uz7xPNhSmhKph2ZSS
https://sync.teads.tv/um/report?eid=3&google_nid=teadstv_ab

23 B
163 B

36ms
36ms

Image
image/gif

23.32.185.35
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.teads.tv/um/report?eid=3&google_nid=teadstv_ab
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1
Protocol: H2
Server: 23.32.185.35 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-32-185-35.deploy.static.akamaitechnologies.com
Software: pekko-http/1.0.0 /
Resource Hash: 328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

expires: Wed, 29 Nov 2023 16:28:47 GMT
pragma: no-cache
date: Wed, 29 Nov 2023 16:28:47 GMT
cache-control: max-age=0, no-cache, no-store
server: pekko-http/1.0.0
content-length: 23
content-type: image/gif

Redirect headers

pragma: no-cache
date: Wed, 29 Nov 2023 16:28:47 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://sync.teads.tv/um/report?eid=3&google_nid=teadstv_ab
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 260
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame 0D64 0
12 B 26ms
25ms Image
text/html 142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13Jqo6Iz7gKIyDKfo8DdqaQ-pjs59LN5sBW8n6pFejUtZa666nfWA-zdiQ4F4-xR6ijmyvYMrA

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

a23-192-250-178.deploy.static.akamaitechnologies.com

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Wed, 29 Nov 2023 16:28:47 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3 200 GOa2ZK97xVqw-WOSDw2lqG4V8l_qTiI5JNj0tnI6N88.js Show response
pagead2.googlesyndication.com/bg/ Frame 8DA0 39 KB
15 KB 23ms
22ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/GOa2ZK97xVqw-WOSDw2lqG4V8l_qTiI5JNj0tnI6N88.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/62bHydCX.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

18e6b664af7bc55ab0f963920f0da5a86e15f25fea4e223924d8f4b6723a37cf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Wed, 29 Nov 2023 12:42:36 GMT
content-encoding: br
x-content-type-options: nosniff
age: 13571
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15296
x-xss-protection: 0
last-modified: Mon, 06 Nov 2023 16:38:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 28 Nov 2024 12:42:36 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 9923 0
20 B 52ms
51ms Image
image/gif 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=44&t=2&bgai=BQrCFv2ZnZZtdrr327w-h-LqQCQAAAAA4AeAEAg&bg=!bm2lbSLNAAZxrfrxUa07ADQBe5WfOFN5BHXm3aOC2AN4cc-x3yzIQftIIH_5uFssx_AYXjyBJEJwd-xXefNdTBYILKxUAgAAAGVSAAAAAWgBB5kDB8-wOD4R6sdj4Mlcr6bWCKJ9likXwRtHnzDxVnuxbTKEZM9Wi79Yh-a8thwMVn1Rb9TdkiH257eFVirIe8MqOG9dU8kEr6yegDPJyfecQ03OWnRneAk1Qzk51z09bmiigdymUfj9_jIZRuWr2bbZPb84BJKilrg5wfFnIFwFkeitvSIsLgFd6fJp9wb7cPxuX6TfzdEj9i-0AnUNOOa36k45-8Gb3ecMgbSRLXi21tj6dMnK91mQkEtTUMfwYm4iOXHsAvaiAupdOsLU79h9u1I9rPAoZ3mqPgn9cpzPM1AO3A6eWF8NARZdXVzPLDk0-d3KZtzrAy-2_oZXPKN1HwBTRIijwf6gVJgWhUZ7hQvjcc0QlOBIjnjN3vV5q5SF5k0UN4gqkk6Bw_2B_29J2y2q_hSm9RZu4X92iAaZ2Kyaj6iHtFfFEVls8jakEbtFe9O4swRh_8gRBa-Ph2xiL-VQX6cCqtb8hbeAREaq4yJqPJzd37FMuXgFOQ_wdvyhj-KGAzU7y5Y01p-AXR-2BgiMCwPfGw9DUxsSksD1JDiZQjqwT0jaXvsNxXqrAsNmG8tP31ObrtsO4_b4_KhGDxT8U33zGgDbuep15kesQ4DX6h5PbIWFgZEnm0iqqf1HIW1IlO4pBbKOIeiG-FKszwM42H_TtvMfw0pvf-2apcRJ8ev00f9OMIB4aqaEpNReqiyYduSi1iH8SeKJiOz_Eato9MA2aP9uVd4-D6hzFk6xybN4gREPx41T-xE1miuzBPpPJv8eBR1fnuT_EqRFzq9MUBW7guyullXD8ORGiJmqRF8mEf9MT7vz1Lqx0_-EnY3dP2NyiI_iiOIuQZUzKQCVnsKgYml_mhfOGPfzHXxrNpfKeZya0bXwm7bz4p77-08fbkdd6Yk_7hkOAFz42LfNTlMKrBqW8VlDYW9qR7T-k5ONZG0CCT2SK03Yn117mmuy0NHAaQXbnyuB0pi4xEnY3Ss2fFGPWdP_dXP5I9_p_3HrIFFOG1mHrofnHZ6hwPEmYRPo1QU

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 29 Nov 2023 16:28:47 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 css
fonts.googleapis.com/ Frame DD43 5 KB
682 B 31ms
23ms Stylesheet
text/css 2a00:1450:4001:831::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Source+Sans+Pro:400,600

Requested by

Host: hal90001.redintelligence.net
URL: https://hal90001.redintelligence.net/request_content.php?s=72816100134992804444556012523001&a=087d8c25

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e334ca19f092778f57815a534078daf8e3fce269e56f7ea374ab3a117eee92ad

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal90001.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Wed, 29 Nov 2023 16:28:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Wed, 29 Nov 2023 16:27:01 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 29 Nov 2023 16:28:47 GMT

GET
H/1.1 200
OK /
hal9000.redintelligence.net/scale/ Frame DD43 16 KB
17 KB 42ms
18ms Image
image/png 144.76.104.53
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hal9000.redintelligence.net/scale/?nw=20&mode=bb&width=150&height=90&url=https://cdn.contentspread.net/24i/advertiser/36340/creativesup/native2.png
Requested by: Host: hal90001.redintelligence.net
URL: https://hal90001.redintelligence.net/request_content.php?s=72816100134992804444556012523001&a=087d8c25
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 144.76.104.53 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.53.104.76.144.clients.your-server.de
Software: Apache /
Resource Hash: 1ce1aea63404e64faa2fd2070270c63fecd6f352524a48b5feeee7a3d3e1db48

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal90001.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Date: Wed, 29 Nov 2023 16:28:47 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 16833
Vary: Accept-Encoding
Content-Type: image/png

GET
H/1.1 200
OK /
hal9000.redintelligence.net/scale/ Frame DD43 19 KB
19 KB 38ms
14ms Image
image/png 144.76.104.53
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hal9000.redintelligence.net/scale/?nw=20&mode=bb&width=150&height=90&url=https://cdn.contentspread.net/24i/advertiser/50502/creativesup/Fyrst-1200x627.jpg
Requested by: Host: hal90001.redintelligence.net
URL: https://hal90001.redintelligence.net/request_content.php?s=72816100134992804444556012523001&a=087d8c25
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 144.76.104.53 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.53.104.76.144.clients.your-server.de
Software: Apache /
Resource Hash: 40d4e53f1da3ff7887ecf92aef7a16ea05a45b16ce2f3eda10da9697cff12f2d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal90001.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Date: Wed, 29 Nov 2023 16:28:47 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 19696
Vary: Accept-Encoding
Content-Type: image/png

GET
H/1.1 200
OK /
hal9000.redintelligence.net/scale/ Frame DD43 27 KB
27 KB 40ms
16ms Image
image/png 144.76.104.53
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hal9000.redintelligence.net/scale/?nw=20&mode=bb&width=150&height=90&url=https://cdn.contentspread.net/24i/advertiser/59171/creativesup/vega-1200x627.jpg
Requested by: Host: hal90001.redintelligence.net
URL: https://hal90001.redintelligence.net/request_content.php?s=72816100134992804444556012523001&a=087d8c25
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 144.76.104.53 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.53.104.76.144.clients.your-server.de
Software: Apache /
Resource Hash: 2fe03779b12f5ff624deadc479e39e006b80cc5548680efd86b2291714b0bb7c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal90001.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Date: Wed, 29 Nov 2023 16:28:47 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 27269
Vary: Accept-Encoding
Content-Type: image/png

GET
H/1.1 200
OK viewability Show response
hal90001.redintelligence.net/ Frame DD43 0
150 B 36ms
13ms Script
text/html 46.4.10.49
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal90001.redintelligence.net/viewability?s=72816100134992804444556012523001&a=ef388768&vb=m
Requested by: Host: hal90001.redintelligence.net
URL: https://hal90001.redintelligence.net/request_content.php?s=72816100134992804444556012523001&a=087d8c25
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 46.4.10.49 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.49.10.4.46.clients.your-server.de
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal90001.redintelligence.net/request_content.php?s=72816100134992804444556012523001&a=087d8c25
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Date: Wed, 29 Nov 2023 16:28:47 GMT
Server: Apache
Connection: close
Content-Length: 0
Content-Type: text/html; charset=UTF-8

GET
H/1.1 200
OK request_content.php Show response
hal900016.redintelligence.net/ Frame 8BB2 7 KB
2 KB 35ms
12ms Document
text/html 138.201.220.30
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900016.redintelligence.net/request_content.php?s=56330400132188904444556012523016&a=b7928ff7
Requested by: Host: hal900016.redintelligence.net
URL: https://hal900016.redintelligence.net/request.php?zone=33lgkyejwpt3&nw=20&renderingType=javascript&namespace=5193e9d042&subid=&uid=ced283c9cd816aab&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=0x0&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCGZspvmZnZa-9BKafid4P0qS8-A-m5b2gaZ2cnKfJD_AuEAEgttfpe2CVwv6BlAfIAQmpAr4Xm8ULarI-qAMByAObBKoEoAJP0F79aagIoM22wLNciEaXsjW8ViriZhVVw1KUY4EFKdlHLNMj54jbc9DurcOUV1sTKMEAy4bq8RGGOGyVHicHG4xLeEfEM5uvfz_5fVgbO1ti3A65KEF8_ACy_Jlq8681_V0IezxDLqWx763MUrBZP5KNBNYOVitBDBUW9fOMY2B7686VScE8HYxgUQfb7KkzXpEJFdR7nQvapRawJCv67-uJGPNpUUXhE4-b8RW-WcRIdWpq3tnqej-FlK10kRYEhXwVHDEuDiTcWsFfhnWWataGIlpbRqrHO5ylJdFxkfCGRFQ6vbEaeVwFM2aRs2cY8TAvVdtmaO6r_MjxoPf7F7mTjzigUZQ93vJZ_HTd7YqJLDKC6DKov_5Zombdc9rABOuP_I73A-AEA4gF76-WiD6QBgGgBk2AB6yt9Z8DqAfZtrECqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIHwiA4YAQEAEYHzICqgI6AoBASL39wTpY09beu9DpggOACgGYCwHICwGADAGiDBQqEgoQ5LSxAu61sQK1uLECu7uxAqoNAkRFsBOH77EV0BMA2BMDiBQB2BQB0BUB-BYBgBcB%26ae%3D1%26num%3D1%26cid%3DCAQSOwDICaaNrCmSD7__gs0hTIlSa3ZchGv7cN7_oDfeLwU-eTyxO36L-cGNljrC_0upaeAH47kNpojhJYWkGAE%26sig%3DAOD64_3zBRQeUWmFVswbKDWFXYJZThjEfA%26client%3Dca-pub-5928161074779380%26dbm_c%3DAKAmf-C3tB1OwtSMpEZKcgDKUq6o41ZdyqE_OYAJDRbpHcIwB7oyTzcW_-ZrBdfqLFsCs60fNldQ-37XbofGojd5vKWC1KylDTdqqAMMbhC5_lPwCngCBweTmx1qU65ZyD21bGj9TCy_gj0rmwpaYiU0UmHl7wt5GdaZLD9JGbZ5f6L2C6xickE%26cry%3D1%26dbm_d%3DAKAmf-BC80feK9s9qbM3s-j1CuFllb4-gy3sBK9E5RqxlSdtCt4aEv_jPcUU7jbUA3IhsEPOq9dC0b2j_IHV29FZAzKN2-TaOYPTZK4lIvWsZMHAAgnEdMNIoEk0yt5EOA2RwEfHgV7q_lJT0GFMwMkEsR6OGRco33-QO5PEi2SRzY-LmF7TFFO1eXbENJXoT1yHy3F1jS6XHhnQ6gpBqMsDevKRLUJDlLHf-V1v84WwG3MA7DIlbI23wUijW4dCjB5vfc1CKYZjdUV0i3CCwdt_mpwSWI-xe176C5JU0mC1vZ0ZxiICbLiLYYgNO7SVxtnFGZbIULsW-dJkKjyxq3_xb50reDA345sYl3PQ9GZZRj6g26Wj7rnIxbV1F8qXpsahpH1eSFB-ncWxE6X6g5ntSNGR7udz0CuwT91gg1TbRZO0wIga_t5KIIlJQfFNgan4OYyPegPmaDsVgrK8i3rJleF5KVQElmCC9LPjR5SZ0JhipOEa0oRt1v4wNQMJK4mlxnLlyU1_EzE2MT8-o8GYT8Y8jpOpMqLU5WCimgbsOTvycSc4mHYbA91M9NbZqb8M-AwVsxBWMGlS6SEd1v_UkEAhNe3opA%26adurl%3D&documentReferer=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fhtml%2Fr20231109%2Fr20110914%2Fzrt_lookup_fy2021.html%3Ffsb%3D1%23RS-2-%26adk%3D1812271803%26client%3Dca-pub-5928161074779380%26fa%3D3%26ifi%3D8%26uci%3Da!8%26btvi%3D3&ancestorOrigins=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Chttps%3A%2F%2Fcybernews.com&random=3286066360420&isIframe=1&container=&adPos=0x0&adPosCheck=0x0&adtagId=0
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.220.30 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.30.220.201.138.clients.your-server.de
Software: Apache /
Resource Hash: a1fcc7e84661fc5aee38b2dc8df61d33d88253c4093df496cb48adfb1a7aa05b

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Connection: close
Content-Encoding: gzip
Content-Length: 2050
Content-Type: text/html; charset=utf-8
Date: Wed, 29 Nov 2023 16:28:47 GMT
Expires: Wed, 29 Nov 2023 16:28:47 +0100
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Pragma: no-cache
Server: Apache
Vary: Accept-Encoding

GET
H/1.1 200
OK cshow.php
www.awin1.com/ Frame 1196 43 B
702 B 50ms
49ms Image
image/gif 23.192.250.178
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.awin1.com/cshow.php?s=3502280&v=23861&q=476504&r=296283&pref1=56330400132188904444556012523016&pv=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

23.192.250.178 Düsseldorf, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

Software

Resource Hash

2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 29 Nov 2023 16:28:47 GMT
Strict-Transport-Security: max-age=86400
Node: Helix
Content-Type: image/gif
P3P: policyref="http://www.awin1.com/w3c/p3p.xml", CP="NOI NID CURa ADMa PSAa HISa OUR IND UNI PUR COM NAV"
Cache-Control: no-store, no-cache, max-age=0, must-revalidate
Awin-Akamai-Rule-Set: default
Connection: keep-alive
Content-Length: 43
Expires: 0

GET
H2 200 impression.php
t23.intelliad.de/ Frame 1196 43 B
557 B 89ms
24ms Image
image/gif 52.29.112.162
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://t23.intelliad.de/impression.php?cl=2353636373136323131303&cp=101&ag=248&bm=100&bmcl=5373735313236323131303&crid=101&timestamp=1701275327&co=
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.29.112.162 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-29-112-162.eu-central-1.compute.amazonaws.com
Software: Apache /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 29 Nov 2023 16:28:47 GMT
server: Apache
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR LAW NID PSAo PSDo OUR STP OTC"
content-type: image/gif
cache-control: no-store, no-cache, max-age=0, must-revalidate
content-length: 43
expires: Sat, 26 Jul 1997 05:00:00 GMT

GET
H/1.1 200
OK cshow.php
www.awin1.com/ Frame 1196 43 B
702 B 52ms
52ms Image
image/gif 23.192.250.178
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.awin1.com/cshow.php?s=2229232&v=11671&q=344795&r=296283&pref1=56330400132188904444556012523016&pv=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

23.192.250.178 Düsseldorf, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-192-250-178.deploy.static.akamaitechnologies.com

Software

Resource Hash

2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 29 Nov 2023 16:28:47 GMT
Strict-Transport-Security: max-age=86400
Node: Helix
Content-Type: image/gif
P3P: policyref="http://www.awin1.com/w3c/p3p.xml", CP="NOI NID CURa ADMa PSAa HISa OUR IND UNI PUR COM NAV"
Cache-Control: no-store, no-cache, max-age=0, must-revalidate
Awin-Akamai-Rule-Set: default
Connection: keep-alive
Content-Length: 43
Expires: 0

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 0AA4 1 KB
643 B 13ms
13ms Document
text/html 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 637
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 29 Nov 2023 16:18:10 GMT
etag: 48472445140208031
expires: Thu, 30 Nov 2023 16:18:10 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 dc_pre=CPHAvbzQ6YIDFepgwgodvVsHAg;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=3732407320144.3774
adservice.google.com/ddm/fls/z/ Frame C2FD 42 B
107 B 52ms
52ms Image
image/gif 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://adservice.google.com/ddm/fls/z/dc_pre=CPHAvbzQ6YIDFepgwgodvVsHAg;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=3732407320144.3774

Requested by

Host: 8019191.fls.doubleclick.net
URL: https://8019191.fls.doubleclick.net/activityi;dc_pre=CPHAvbzQ6YIDFepgwgodvVsHAg;src=8019191;type=invmedia;cat=1up4h04i;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=3732407320144.3774?

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://8019191.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 29 Nov 2023 16:28:47 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

/
r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/ Frame 0AA4
Redirect Chain

https://ad.turn.com/r/cs?pid=3&google_gid=CAESEJoDFVeO-s3NjYItoVJ_EOo&google_cver=1&google_push=AXcoOmQ1NffjJ4MELIay6EKKvfyyriJDFcIJczWz_uyaC8vjeOFGMXgi4Y0veujSlPlO0b4Nf_YofVWpJ3M7zkRzPBPOAE9feQlArdI
https://cm.g.doubleclick.net/pixel?google_nid=turn1&google_cm&google_sc&google_hm=ODU4ODc3MDA1NDU4MDcyNjExMw==&gdpr=&gdpr_consent=
https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESEAtb4BlhgvkEBmErBimcRjM&google_cver=1

43 B
398 B

15ms
14ms

Image
image/gif

2001:678:cb4:bbbb::11
AMOBEE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESEAtb4BlhgvkEBmErBimcRjM&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1
Protocol: H2
Server: 2001:678:cb4:bbbb::11 , United Kingdom, ASN56396 (AMOBEE, GB),
Reverse DNS
Software: /
Resource Hash: 48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

content-type: image/gif
pragma: no-cache
date: Wed, 29 Nov 2023 16:28:47 GMT
cache-control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
content-length: 43
p3p: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"

Redirect headers

pragma: no-cache
date: Wed, 29 Nov 2023 16:28:47 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESEAtb4BlhgvkEBmErBimcRjM&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 329
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 i.match
a.tribalfusion.com/ Frame 0AA4 43 B
399 B 191ms
189ms Image
image/gif 2606:4700::6812:18ad
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://a.tribalfusion.com/i.match?p=b6&u=CAESEDsRKB4qV60ZyPgGdJDs20Q&google_cver=1&google_push=AXcoOmSPN6u3R0e9a6Xi7inEwZuHtp7QsIAX30Nagj-Eq9HJRw8ME7hYC8VyHHoDMaZD1_3XuJNcjnjMvEeFv3tIbx4jyH0ZONP6Xg&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAXcoOmSPN6u3R0e9a6Xi7inEwZuHtp7QsIAX30Nagj-Eq9HJRw8ME7hYC8VyHHoDMaZD1_3XuJNcjnjMvEeFv3tIbx4jyH0ZONP6Xg%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:18ad , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 29 Nov 2023 16:28:47 GMT
cf-cache-status: DYNAMIC
x-function: 302
server: cloudflare
content-type: image/gif; charset=utf-8
p3p: CP="NOI DEVo TAIa OUR BUS"
cache-control: no-cache, private
cf-ray: 82dc39cd9eab3a3d-FRA
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 0AA4
Redirect Chain

https://ipac.ctnsnet.com/int/cm?exc=1&acc=crimtan_au&google_gid=CAESELeOAjqgqC7n1R0Dmq9Qvbo&google_cver=1&google_push=AXcoOmQH9jGrZQraNy91ZWnpbCu2sgy4sg1eCO2vh13a5Wq2Xl2gclm3En7CYamNkhKKiXVYlyfQhnR...
https://cm.g.doubleclick.net/pixel?google_nid=crimtan_au&google_push=AXcoOmQH9jGrZQraNy91ZWnpbCu2sgy4sg1eCO2vh13a5Wq2Xl2gclm3En7CYamNkhKKiXVYlyfQhnRktzo2F_yPVGDqjTu60i3IoYg&google_hm=P4apKmbvTiCWKm...

170 B
188 B

25ms
25ms

Image
image/png

142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=crimtan_au&google_push=AXcoOmQH9jGrZQraNy91ZWnpbCu2sgy4sg1eCO2vh13a5Wq2Xl2gclm3En7CYamNkhKKiXVYlyfQhnRktzo2F_yPVGDqjTu60i3IoYg&google_hm=P4apKmbvTiCWKmASgUkd5vk

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 29 Nov 2023 16:28:47 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 29 Nov 2023 16:28:47 GMT
via: 1.1 google
server: Apache-Coyote/1.1
p3p: CP="NOI DSP COR NID CUR OUR NOR"
status: 302
location: https://cm.g.doubleclick.net/pixel?google_nid=crimtan_au&google_push=AXcoOmQH9jGrZQraNy91ZWnpbCu2sgy4sg1eCO2vh13a5Wq2Xl2gclm3En7CYamNkhKKiXVYlyfQhnRktzo2F_yPVGDqjTu60i3IoYg&google_hm=P4apKmbvTiCWKmASgUkd5vk
content-type: text/html;charset=UTF-8
cache-control: no-cache, must-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 1; mode=block
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 0AA4
Redirect Chain

https://tr.blismedia.com/v1/api/sync/AdxPixel?google_gid=CAESELngFcAIvIPceuizqXdw5Rg&google_cver=1&google_push=AXcoOmRaclCQ0_if1xN5n72zF4NIDfKrGHuIQae-FHpScMVJFWJxn9tpLGk4P03i-7QoVu6gVntWhhDsuY1WQV...
https://cm.g.doubleclick.net/pixel?google_nid=blismobile&google_push=AXcoOmRaclCQ0_if1xN5n72zF4NIDfKrGHuIQae-FHpScMVJFWJxn9tpLGk4P03i-7QoVu6gVntWhhDsuY1WQVQwVeRuhPP9jRBnmw&google_hm=hmVnZr_8uP6ZmT0...

170 B
188 B

29ms
28ms

Image
image/png

142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=blismobile&google_push=AXcoOmRaclCQ0_if1xN5n72zF4NIDfKrGHuIQae-FHpScMVJFWJxn9tpLGk4P03i-7QoVu6gVntWhhDsuY1WQVQwVeRuhPP9jRBnmw&google_hm=hmVnZr_8uP6ZmT0WIw&google_redir=https%3A%2F%2Ftr.blismedia.com%2Fv1%2Fredirect%2FAdxPixel%3F%25%25GOOGLE_ERROR_PAIR%25%25%26partner_device_id%3D656766BFFCB8FE99993D1623BLIS

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 29 Nov 2023 16:28:47 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=blismobile&google_push=AXcoOmRaclCQ0_if1xN5n72zF4NIDfKrGHuIQae-FHpScMVJFWJxn9tpLGk4P03i-7QoVu6gVntWhhDsuY1WQVQwVeRuhPP9jRBnmw&google_hm=hmVnZr_8uP6ZmT0WIw&google_redir=https%3A%2F%2Ftr.blismedia.com%2Fv1%2Fredirect%2FAdxPixel%3F%25%25GOOGLE_ERROR_PAIR%25%25%26partner_device_id%3D656766BFFCB8FE99993D1623BLIS
date: Wed, 29 Nov 2023 16:28:47 GMT
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H2 200 sync
x.bidswitch.net/ Frame 0AA4 43 B
145 B 16ms
15ms Image
image/gif 18.184.108.41
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://x.bidswitch.net/sync?ssp=google&google_gid=CAESEITIHlU4YVBKCbBBhPwuud4&google_cver=1&google_push=AXcoOmRFczBwTCNh_c4ZC78eScQvYthwHDFsZfgVj--GKkECfPiH95MNRpmRAN5LHwpPbkaDL2yZ_XJY45Ikpd1mzm0VZTgpbu4YCw
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.184.108.41 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-184-108-41.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Wed, 29 Nov 2023 16:28:47 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 43
content-type: image/gif

GET
H2 200 sync
x.bidswitch.net/ Frame 0AA4 43 B
145 B 17ms
16ms Image
image/gif 18.184.108.41
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://x.bidswitch.net/sync?ssp=google_jp&google_gid=CAESEITIHlU4YVBKCbBBhPwuud4&google_cver=1&google_push=AXcoOmR4rFVgfwfcsJaYqpEe9N-j68dK4_dUiqnxSQd8E0eWNo4SCVM66QqQ8XXv1nRq3vsiomd_BDbWBgnCu6Rot5Bjrm5KKfa4wQ
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.184.108.41 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-184-108-41.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Wed, 29 Nov 2023 16:28:47 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 43
content-type: image/gif

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 0AA4
Redirect Chain

https://onetag-sys.com/match/?int_id=19&redir=1&google_gid=CAESEAXL3dK71Mlu1V5KM1TJpb4&google_cver=1&google_push=AXcoOmTNrcYDIkjyZoQdezhePBAum5D8bvdlLwmDLrb2qbCSZacFrI-ePjhRufxyDMCiv2RJ3ve7msvBYQGH...
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=AXcoOmTNrcYDIkjyZoQdezhePBAum5D8bvdlLwmDLrb2qbCSZacFrI-ePjhRufxyDMCiv2RJ3ve7msvBYQGHRq0OKgiOMEklhIwJF9Q

170 B
188 B

28ms
26ms

Image
image/png

142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=AXcoOmTNrcYDIkjyZoQdezhePBAum5D8bvdlLwmDLrb2qbCSZacFrI-ePjhRufxyDMCiv2RJ3ve7msvBYQGHRq0OKgiOMEklhIwJF9Q

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 29 Nov 2023 16:28:47 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=AXcoOmTNrcYDIkjyZoQdezhePBAum5D8bvdlLwmDLrb2qbCSZacFrI-ePjhRufxyDMCiv2RJ3ve7msvBYQGHRq0OKgiOMEklhIwJF9Q
strict-transport-security: max-age=15552000
cache-control: no-transform, no-cache
alt-svc: h3=":443"; ma=900, h3-29=":443"; ma=900
content-length: 0
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame 0AA4 0
12 B 25ms
24ms Image
text/html 142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13IIyJ252cVqHIdg9iW8QCfiBzCY4SLG7d1w9UfgQlEZr_GhGXaIRMIfXcOQ75t2KCD7eDUT

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS