www.up-4ever.net Open in urlscan Pro
2606:4700:3035::ac43:d8bc  Public Scan

5 Outgoing links

These are links going to different origins than the main page.

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 42

• https://accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail HTTP 302
• https://accounts.google.com/InteractiveLogin?continue=https://www.google.com/favicon.ico&hl=en&passive=true&service=mail&uilel=3&ifkv=AVQVeyzdtqac6InC-6Z-ZUBodS64uR9gdmYaizDitEUK4J_0IPDm46BJCyQ-B9Ud_HLdUotaG3Xy HTTP 302
• https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&ifkv=AVQVeywetBpbZVxJDdIJhPiShNxNvJghASfVXGsnCne7mIN2xHk3iEgoPTQrwNVb5p_x_jgrPVPG&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-1911655402%3A1700410904233813&theme=glif

Request Chain 43

• https://accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube HTTP 302
• https://accounts.google.com/InteractiveLogin?continue=https://www.youtube.com/favicon.ico&hl=en&passive=true&service=youtube&uilel=3&ifkv=AVQVeyzlAi6RjRdwXoJMJtddfiYC8fFMBO32A_lU4MgVBqloKwvDJ6_-ShxDIkLIZ_GfFPg3TE2b HTTP 302
• https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&ifkv=AVQVeyzCy8GpUTNo6HKktjzQ_QYQlRO_PY3Uo29uNJSbJD_7O9YLoIwqH6dFKfuVGzA-iDLycc0n&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S973514414%3A1700410904183004&theme=glif

Request Chain 90

• https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
• https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEOQ-rm4A0otRi23ZKLlPtCA&google_cver=1

Request Chain 91

• https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
• https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
• https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZVo2GUrdTCkiSdX4cfYmZQAA HTTP 302
• https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEOQ-rm4A0otRi23ZKLlPtCA&google_cver=1

Request Chain 92

• https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
• https://ib.adnxs.com/setuid?entity=101&code=CAESEIrHwiLG2bbl8EBd4YyNOZw&google_cver=1 HTTP 307
• https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEIrHwiLG2bbl8EBd4YyNOZw%26google_cver%3D1

Request Chain 93

• https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
• https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
• https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=Mzc1NDUyMjI2ODI2NDk5NTU0NA%3D%3D

Request Chain 94

• https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
• https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEOQ-rm4A0otRi23ZKLlPtCA&google_cver=1

Request Chain 95

• https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
• https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
• https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZVo2GUrdTCkiSdX4cfYmZQAA HTTP 302
• https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEOQ-rm4A0otRi23ZKLlPtCA&google_cver=1

Request Chain 96

• https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
• https://ib.adnxs.com/setuid?entity=101&code=CAESEIrHwiLG2bbl8EBd4YyNOZw&google_cver=1 HTTP 307
• https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEIrHwiLG2bbl8EBd4YyNOZw%26google_cver%3D1

Request Chain 97

• https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
• https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
• https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NDc3MTA4NjQyMjg1MTcyNDU4NQ%3D%3D

Request Chain 112

• https://hal900016.redintelligence.net/request.php?zone=33lgkyejwpt3&nw=20&renderingType=javascript&namespace=7589270768&subid=&uid=8da3e8ccc3c0981e&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=0x0&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCZXKrGDZaZcXkEojvn88PsKOW8A-m5b2gaZ2cnKfJD_AuEAEgrr-nmwFglYKAgLgHyAEJqQImacesD1CyPqgDAcgDmwSqBOoBT9AUom0bgBw3ocb7Hm3zzzJH6_EzzPIDQOEgg2XlVgA0Rlnn94GlSw6neBhphzdSCF2-rmnzOyTQavRmwcAhJDX7_atiZTyZDzxuzY7kfUSpsaHJCdoV4567XCJ9eUgwn7naMlaAh4D-14QLMKmT063mvsssR8bOq52vlENy6pdiJZQCYV2CiAn9j049aMrtDIZMNAjycyMwBy7qt4zxLJS88RbyiSCff3Zc-7rgsUny2Z0lbQQRCeuEidhqks2a7TrsBJyN8krcS72JB2tKsHnSMW3ZwE8Dn7PSCSwAumvbmqoyI8q_b1HYwATrj_yO9wPgBAOIBe-vlog-kAYBoAZNgAesrfWfA6gH2baxAqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBYIgOGAEBABGB8yAqoCOgKAQEi9_cE6gAoBmAsByAsBgAwBogwYKhYKFOS0sQLutbECtbixAuS0sQLutbECqg0CREWwE4fvsRXQEwDYEwOIFAHYFAHQFQH4FgGAFwE%26ae%3D1%26num%3D1%26cid%3DCAQSTwDICaaNAdVTiH2hLcoqEHHslJSU2SDO4ZDvaTlU1HcRwfBF4CSJ9O8DmAL2_SVkGemA9Y86sVls-DrW-v2g1wfxQYokCWUyj2pO5glutiYYAQ%26sig%3DAOD64_0j-KyWiHBrosPjNBZfH1QuNTDMaQ%26client%3Dca-pub-6001787570359789%26dbm_c%3DAKAmf-Bb_vKoPPX6CQ89iRlMoMmM4FafTMrl6YWOgEy1VY5wMFNPtlExyCmh1inq7aIV5FVIZ9WMUWisiHlvSBur1U3lB5ymTNkh-UzmOMnLjPJ9ZOTSq0MpaAaZRsQ4vLU_JXR_5z_2tJyaAAC3hkhdnmRURT527nKgm12Ak_Ru6jERpnz3w-s%26cry%3D1%26dbm_d%3DAKAmf-D_iqa7DXwexZurPptjCXJxSU203Jm9pI6OOgYOwKOv8mJIbTrFMC7NAb5wIXoOpipVrDOEIpg3TmI1uEZ7P-WJu4dzmJ0Fpck8krVCdFUQwgxycoT_lGEyM1b97xnk0sgIAZmIBwxNslDFeiAruzyHVX0BTQTGSWIbkFDCgqH5e0HRO-v5tgSFZLlNjyCWn-N5Mu5Ouj6ZP0eh-UD-lgZp2jyJ5KvKySwzgaboSCDW6HZxYklxJB35N9BNW-hvocBC_TabNqkC6v7u87AhlJ9953GUgIZ-AQCuzGo2WjPp6BWh37DoSLALUGTIZqsS3PycMUOCPdKkYoaQz69DEUIGM4QqhsWUif51unapatpx3BTbJXOOJG5Kca8qhwV4tHw2_EgbGfqFuP5qJx8UGRd1ghefo82OyZcjFqGRZQ6nIkikrfEEA80-1jl1hKUfZ8W7xzV_X059ttD-M6qe7CkMAVzPYBPwV1-E9TwcZSg2He95odxlhBCzCtoYzIHaY_hTuqZLzoNYUlEeQQM0cZfoVeG8pliTt6Ytthp-56376Bz8Ym4lJrpoEJ2eW3HZAOIZBuxX%26adurl%3D&documentReferer=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fhtml%2Fr20231109%2Fr20110914%2Fzrt_lookup_fy2021.html%3Ffsb%3D1%23RS-1-%26adk%3D1812271804%26client%3Dca-pub-6001787570359789%26fa%3D4%26ifi%3D3%26uci%3Da!3%26btvi%3D1&ancestorOrigins=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Chttps%3A%2F%2Fwww.up-4ever.net&random=6456852358007&isIframe=1&container=&adPos=0x0&adPosCheck=0x0&adtagId=0 HTTP 302
• https://hal900016.redintelligence.net/request.php?zone=33lgkyejwpt3&nw=20&renderingType=javascript&namespace=7589270768&subid=&uid=8da3e8ccc3c0981e&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=0x0&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCZXKrGDZaZcXkEojvn88PsKOW8A-m5b2gaZ2cnKfJD_AuEAEgrr-nmwFglYKAgLgHyAEJqQImacesD1CyPqgDAcgDmwSqBOoBT9AUom0bgBw3ocb7Hm3zzzJH6_EzzPIDQOEgg2XlVgA0Rlnn94GlSw6neBhphzdSCF2-rmnzOyTQavRmwcAhJDX7_atiZTyZDzxuzY7kfUSpsaHJCdoV4567XCJ9eUgwn7naMlaAh4D-14QLMKmT063mvsssR8bOq52vlENy6pdiJZQCYV2CiAn9j049aMrtDIZMNAjycyMwBy7qt4zxLJS88RbyiSCff3Zc-7rgsUny2Z0lbQQRCeuEidhqks2a7TrsBJyN8krcS72JB2tKsHnSMW3ZwE8Dn7PSCSwAumvbmqoyI8q_b1HYwATrj_yO9wPgBAOIBe-vlog-kAYBoAZNgAesrfWfA6gH2baxAqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBYIgOGAEBABGB8yAqoCOgKAQEi9_cE6gAoBmAsByAsBgAwBogwYKhYKFOS0sQLutbECtbixAuS0sQLutbECqg0CREWwE4fvsRXQEwDYEwOIFAHYFAHQFQH4FgGAFwE%26ae%3D1%26num%3D1%26cid%3DCAQSTwDICaaNAdVTiH2hLcoqEHHslJSU2SDO4ZDvaTlU1HcRwfBF4CSJ9O8DmAL2_SVkGemA9Y86sVls-DrW-v2g1wfxQYokCWUyj2pO5glutiYYAQ%26sig%3DAOD64_0j-KyWiHBrosPjNBZfH1QuNTDMaQ%26client%3Dca-pub-6001787570359789%26dbm_c%3DAKAmf-Bb_vKoPPX6CQ89iRlMoMmM4FafTMrl6YWOgEy1VY5wMFNPtlExyCmh1inq7aIV5FVIZ9WMUWisiHlvSBur1U3lB5ymTNkh-UzmOMnLjPJ9ZOTSq0MpaAaZRsQ4vLU_JXR_5z_2tJyaAAC3hkhdnmRURT527nKgm12Ak_Ru6jERpnz3w-s%26cry%3D1%26dbm_d%3DAKAmf-D_iqa7DXwexZurPptjCXJxSU203Jm9pI6OOgYOwKOv8mJIbTrFMC7NAb5wIXoOpipVrDOEIpg3TmI1uEZ7P-WJu4dzmJ0Fpck8krVCdFUQwgxycoT_lGEyM1b97xnk0sgIAZmIBwxNslDFeiAruzyHVX0BTQTGSWIbkFDCgqH5e0HRO-v5tgSFZLlNjyCWn-N5Mu5Ouj6ZP0eh-UD-lgZp2jyJ5KvKySwzgaboSCDW6HZxYklxJB35N9BNW-hvocBC_TabNqkC6v7u87AhlJ9953GUgIZ-AQCuzGo2WjPp6BWh37DoSLALUGTIZqsS3PycMUOCPdKkYoaQz69DEUIGM4QqhsWUif51unapatpx3BTbJXOOJG5Kca8qhwV4tHw2_EgbGfqFuP5qJx8UGRd1ghefo82OyZcjFqGRZQ6nIkikrfEEA80-1jl1hKUfZ8W7xzV_X059ttD-M6qe7CkMAVzPYBPwV1-E9TwcZSg2He95odxlhBCzCtoYzIHaY_hTuqZLzoNYUlEeQQM0cZfoVeG8pliTt6Ytthp-56376Bz8Ym4lJrpoEJ2eW3HZAOIZBuxX%26adurl%3D&documentReferer=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fhtml%2Fr20231109%2Fr20110914%2Fzrt_lookup_fy2021.html%3Ffsb%3D1%23RS-1-%26adk%3D1812271804%26client%3Dca-pub-6001787570359789%26fa%3D4%26ifi%3D3%26uci%3Da!3%26btvi%3D1&ancestorOrigins=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Chttps%3A%2F%2Fwww.up-4ever.net&random=6456852358007&isIframe=1&container=&adPos=0x0&adPosCheck=0x0&adtagId=0&uidRedirect=1

Request Chain 115

• https://hal900026.redintelligence.net/request.php?zone=33lgkyejwpt3&nw=20&renderingType=javascript&namespace=6bf4c2393c&subid=&uid=2056731acc78e908&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=0x0&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCi9FBGDZaZcbkEojvn88PsKOW8A-m5b2gaZ2cnKfJD_AuEAEgrr-nmwFglYKAgLgHyAEJqQImacesD1CyPqgDAcgDmwSqBOoBT9A3ISbxwVuxvIWZcW6RKBrnK2wZnaqJnKcPCU8mhJ4XbK1_QdXBU2OTRoWsdpux5Ys6NPftMveYf3WexHBQSNVBb-bpuZr0GkksXYZOpTsqm3KrtqG-9XrRes8LMoQZJvuhJ5eyfyL6FebIpflcDYK4lriLNqszTqTnbnIx-Z-Wt6GUWJIIn9JjoCE7O2x0FEh_8MS1ZznX_nuHk1-E9gDWBNvDfwfEKIC6fL5cV5pU0_LRLpCMhquc1NXeJgxSfip4ZDHO2v5y2hDRMnnQciIBp9nibX26w9Yc0Z_ykY7jA3TfNzYP2DN-wATrj_yO9wPgBAOIBe-vlog-kAYBoAZNgAesrfWfA6gH2baxAqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBYIgOGAEBABGB8yAqoCOgKAQEi9_cE6gAoBmAsByAsBgAwBogwYKhYKFOS0sQLutbECtbixAuS0sQLutbECqg0CREWwE4fvsRXQEwDYEwOIFAHYFAHQFQH4FgGAFwE%26ae%3D1%26num%3D1%26cid%3DCAQSTwDICaaNAdVTiH2hLcoqEHHslJSU2SDO4ZDvaTlU1HcRwfBF4CSJ9O8DmAL2_SVkGemA9Y86sVls-DrW-v2g1wfxQYokCWUyj2pO5glutiYYAQ%26sig%3DAOD64_2DMs-EI1cGkGVqOC1GTyFGqQmQ4w%26client%3Dca-pub-6001787570359789%26dbm_c%3DAKAmf-CrowXLgC9YfyPPOtldapeHZXcdViB4b5FJpXT4f-YyqUiFbD2gvVD6EK1fO9lsFnqa46wcnP9pafnSRn8iqIT_fmglzFolCy2Rp-rC-y7hu0i6FTSkfqYfcwv_0ghX3DiWNd28TN5P-2GU6h06Lp2BEYqiKhHdFb9y0YVnoznGiUTixa8%26cry%3D1%26dbm_d%3DAKAmf-DAJ-XuRz3U-RPaNnnNgxtDX4PDKhwxViGOk4Xqemy-htnZSLhKQPapi_Gyu3bUKNeeOVsKr-pKsVcbhqsPUZKmZnDuQT_27myTcvSkO-4OE9VGETaECOI_OAwZSrfq51kxql6_1rUD2uA_l7wjR_IsDANB6SC4uNBYRZrRlIEVvzXUq_WOhTVEsl4gGa0-v2nU1PCfaxbNKO7c8JLs1lpiCpCovQMszeUDNUfpEJOhSBnR0A0TK0g2Kp-qbUXIxwcVjbg18gazoRQD1ypiYxxRPSOPcIe9vq1QJWEwWqyBSPMy6zQF-pG5y_eOEcen9aGjaNnYP6XGilFF8Q0UJoASUC7Az0ywB7EojpLngq0BU5LZrOUkt9_8FjjBbfp-cfAVJ69WhjT96gr0MpN6r0LYqFAo3tWau3yeRcrAbA5uQZ9KopZu7fI-ILyhNHxSvToHFelKZ6HhEt4MpZpUJw0oSOeUwoVIjFrCp1QwsmFTZecvANkWmsLNM2ZPuEMMdAfntXwshLiWhTAv2E44OwD2s0blZ3RZ5qpRIX5jyo0oNucQ9IXmexwM7Ph6lMnc4eQU0x54%26adurl%3D&documentReferer=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fhtml%2Fr20231109%2Fr20110914%2Fzrt_lookup_fy2021.html%3Ffsb%3D1%23RS-2-%26adk%3D1812271803%26client%3Dca-pub-6001787570359789%26fa%3D3%26ifi%3D4%26uci%3Da!4%26btvi%3D2&ancestorOrigins=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Chttps%3A%2F%2Fwww.up-4ever.net&random=9145879072423&isIframe=1&container=&adPos=0x0&adPosCheck=0x0&adtagId=0 HTTP 302
• https://hal900026.redintelligence.net/request.php?zone=33lgkyejwpt3&nw=20&renderingType=javascript&namespace=6bf4c2393c&subid=&uid=2056731acc78e908&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=0x0&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCi9FBGDZaZcbkEojvn88PsKOW8A-m5b2gaZ2cnKfJD_AuEAEgrr-nmwFglYKAgLgHyAEJqQImacesD1CyPqgDAcgDmwSqBOoBT9A3ISbxwVuxvIWZcW6RKBrnK2wZnaqJnKcPCU8mhJ4XbK1_QdXBU2OTRoWsdpux5Ys6NPftMveYf3WexHBQSNVBb-bpuZr0GkksXYZOpTsqm3KrtqG-9XrRes8LMoQZJvuhJ5eyfyL6FebIpflcDYK4lriLNqszTqTnbnIx-Z-Wt6GUWJIIn9JjoCE7O2x0FEh_8MS1ZznX_nuHk1-E9gDWBNvDfwfEKIC6fL5cV5pU0_LRLpCMhquc1NXeJgxSfip4ZDHO2v5y2hDRMnnQciIBp9nibX26w9Yc0Z_ykY7jA3TfNzYP2DN-wATrj_yO9wPgBAOIBe-vlog-kAYBoAZNgAesrfWfA6gH2baxAqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBYIgOGAEBABGB8yAqoCOgKAQEi9_cE6gAoBmAsByAsBgAwBogwYKhYKFOS0sQLutbECtbixAuS0sQLutbECqg0CREWwE4fvsRXQEwDYEwOIFAHYFAHQFQH4FgGAFwE%26ae%3D1%26num%3D1%26cid%3DCAQSTwDICaaNAdVTiH2hLcoqEHHslJSU2SDO4ZDvaTlU1HcRwfBF4CSJ9O8DmAL2_SVkGemA9Y86sVls-DrW-v2g1wfxQYokCWUyj2pO5glutiYYAQ%26sig%3DAOD64_2DMs-EI1cGkGVqOC1GTyFGqQmQ4w%26client%3Dca-pub-6001787570359789%26dbm_c%3DAKAmf-CrowXLgC9YfyPPOtldapeHZXcdViB4b5FJpXT4f-YyqUiFbD2gvVD6EK1fO9lsFnqa46wcnP9pafnSRn8iqIT_fmglzFolCy2Rp-rC-y7hu0i6FTSkfqYfcwv_0ghX3DiWNd28TN5P-2GU6h06Lp2BEYqiKhHdFb9y0YVnoznGiUTixa8%26cry%3D1%26dbm_d%3DAKAmf-DAJ-XuRz3U-RPaNnnNgxtDX4PDKhwxViGOk4Xqemy-htnZSLhKQPapi_Gyu3bUKNeeOVsKr-pKsVcbhqsPUZKmZnDuQT_27myTcvSkO-4OE9VGETaECOI_OAwZSrfq51kxql6_1rUD2uA_l7wjR_IsDANB6SC4uNBYRZrRlIEVvzXUq_WOhTVEsl4gGa0-v2nU1PCfaxbNKO7c8JLs1lpiCpCovQMszeUDNUfpEJOhSBnR0A0TK0g2Kp-qbUXIxwcVjbg18gazoRQD1ypiYxxRPSOPcIe9vq1QJWEwWqyBSPMy6zQF-pG5y_eOEcen9aGjaNnYP6XGilFF8Q0UJoASUC7Az0ywB7EojpLngq0BU5LZrOUkt9_8FjjBbfp-cfAVJ69WhjT96gr0MpN6r0LYqFAo3tWau3yeRcrAbA5uQZ9KopZu7fI-ILyhNHxSvToHFelKZ6HhEt4MpZpUJw0oSOeUwoVIjFrCp1QwsmFTZecvANkWmsLNM2ZPuEMMdAfntXwshLiWhTAv2E44OwD2s0blZ3RZ5qpRIX5jyo0oNucQ9IXmexwM7Ph6lMnc4eQU0x54%26adurl%3D&documentReferer=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fhtml%2Fr20231109%2Fr20110914%2Fzrt_lookup_fy2021.html%3Ffsb%3D1%23RS-2-%26adk%3D1812271803%26client%3Dca-pub-6001787570359789%26fa%3D3%26ifi%3D4%26uci%3Da!4%26btvi%3D2&ancestorOrigins=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Chttps%3A%2F%2Fwww.up-4ever.net&random=9145879072423&isIframe=1&container=&adPos=0x0&adPosCheck=0x0&adtagId=0&uidRedirect=1

Request Chain 119

• https://pv.medialead.de/trck/epv/e99aace94e6e5873881d3400993e1e7e?subid=65579000083252404444556012513016&t=htlp&gdpr=1&consent=1&gdpr_consent= HTTP 302
• https://pb.media01.eu/view.aspx?trackid=529D4F146E3238B0FD87AE72E1190AD4&dt_subid1=52180&dt_subid2=65579000083252404444556012513016&actionid=879111&produktid=ratenkredit&dt_url=

Request Chain 123

• https://medialead.de/trck/eview/e99aace94e6e5873881d3400993e1e7e?subid=65579000083252404444556012513016&t=htlp&gdpr=1&consent=1&gdpr_consent= HTTP 302
• https://pv.medialead.de/trck/eview/e99aace94e6e5873881d3400993e1e7e?subid=65579000083252404444556012513016&t=htlp&gdpr=1&consent=1&gdpr_consent=

Request Chain 125

• https://pv.medialead.de/trck/epv/e99aace94e6e5873881d3400993e1e7e?subid=68478800076149004444556012513026&t=htlp&gdpr=1&consent=1&gdpr_consent= HTTP 302
• https://pb.media01.eu/view.aspx?trackid=529D4F146E3238B0FD87AE72E1190AD4&dt_subid1=52180&dt_subid2=68478800076149004444556012513026&actionid=879111&produktid=ratenkredit&dt_url=

Request Chain 129

• https://medialead.de/trck/eview/e99aace94e6e5873881d3400993e1e7e?subid=68478800076149004444556012513026&t=htlp&gdpr=1&consent=1&gdpr_consent= HTTP 302
• https://pv.medialead.de/trck/eview/e99aace94e6e5873881d3400993e1e7e?subid=68478800076149004444556012513026&t=htlp&gdpr=1&consent=1&gdpr_consent=

172 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
2 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request 169wh99mvv5x Show response www.up-4ever.net/	78 KB 32 KB	171ms 84ms	Document text/html	2606:4700:3035::ac43:d8bc CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://www.up-4ever.net/169wh99mvv5x Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3035::ac43:d8bc , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 1da225c2b8f1294282b2223f740f1ff541d1faece09a9e12f5bcd867d809d304 Security Headers Name Value Strict-Transport-Security max-age=0;includeSubDomains; Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers alt-svc h3=":443"; ma=86400 cf-cache-status DYNAMIC cf-ray 8289c9b31b6f1c93-AMS content-encoding br content-type text/html; charset=UTF-8 date Sun, 19 Nov 2023 16:21:43 GMT expires Sat, 18 Nov 2023 16:21:43 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hyB93icET2wskBgvvXcWPKvfqHL6n4CbnvqfQqAludKG%2FtcJlKVWkgfrsZqtL1wYAbkDsuAhioFDia6rBhhNWBv3r8AblXfg%2BHMr8QrBHfUeoWJCu7kG6EuKJTNAvvH%2B5fBZi5xioF2LuRv3%2FwAo"}],"group":"cf-nel","max_age":604800} server cloudflare strict-transport-security max-age=0;includeSubDomains;
GET H2	200	adsbygoogle.js Show response pagead2.googlesyndication.com/pagead/js/	155 KB 52 KB	150ms 82ms	Script text/javascript	2a00:1450:4001:810::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-6001787570359789 Requested by Host: www.up-4ever.net URL: https://www.up-4ever.net/169wh99mvv5x Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash 99629494a81c723f7a8c89d7cd6228dda613e9d733aa220a2dab2dd0569631b3 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://www.up-4ever.net/ Origin https://www.up-4ever.net accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36 Response headers date Sun, 19 Nov 2023 16:21:43 GMT content-encoding br x-content-type-options nosniff p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 53233 x-xss-protection 0 server cafe etag 16083199132385988065 vary Accept-Encoding content-type text/javascript; charset=UTF-8 access-control-allow-origin * cache-control private, max-age=3600 timing-allow-origin * expires Sun, 19 Nov 2023 16:21:43 GMT
GET H2	200	all.css www.up-4ever.net/assets/packages/fontawesome/css/	63 KB 13 KB	76ms 73ms	Stylesheet text/css	2606:4700:3035::ac43:d8bc CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://www.up-4ever.net/assets/packages/fontawesome/css/all.css Requested by Host: www.up-4ever.net URL: https://www.up-4ever.net/169wh99mvv5x Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3035::ac43:d8bc , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 99c53397eb2217df916d67abfb55ed71b9db9d9b80d0ffa7813efe1c932bc91f Request headers accept-language de-DE,de;q=0.9 Referer https://www.up-4ever.net/169wh99mvv5x User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36 Response headers date Sun, 19 Nov 2023 16:21:43 GMT content-encoding br cf-cache-status HIT cf-bgj minify last-modified Thu, 23 May 2019 00:36:20 GMT server cloudflare age 376 cf-polished origSize=64831 nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2Rprx%2BNMAm8VxGzFc9V7Fr51GmD1IrMIykO5qlzZw3sVU99uHaqNyJ3DdoHsVLHuGtJTWDxjuzqXq35gykdkyehhXcJ03sOkHWP%2BIPsyC6CIp5Y7DHqsgOnALkSVQkfCGsluePLIwwBFtRMTOViT"}],"group":"cf-nel","max_age":604800} content-type text/css cache-control max-age=14400 cf-ray 8289c9b3ac291c93-AMS alt-svc h3=":443"; ma=86400
GET H2	200	bootstrap.min.css www.up-4ever.net/assets/css/	138 KB 22 KB	57ms 54ms	Stylesheet text/css	2606:4700:3035::ac43:d8bc CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://www.up-4ever.net/assets/css/bootstrap.min.css?ver=20 Requested by Host: www.up-4ever.net URL: https://www.up-4ever.net/169wh99mvv5x Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3035::ac43:d8bc , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash c9adb52c42b2966ed05d4e7eda2695e67285e19546bccfd14eae3c77ad760d5a Request headers accept-language de-DE,de;q=0.9 Referer https://www.up-4ever.net/169wh99mvv5x User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36 Response headers date Sun, 19 Nov 2023 16:21:43 GMT content-encoding br cf-cache-status HIT last-modified Thu, 23 May 2019 00:35:58 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare age 516 vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6ez5gjcFetgcFwySc2RC0dJ1FXe9FP0lnTxze6UW3T2T7b71LiTi%2F8kVcsCseQOPICWG%2BK0kKmmYWDRwChUo7zInZvjeXReSM0cAQB3HsqOLgNjn7%2FMVKSG6rVTX1RT%2Bw9EIRj51S3WIAjwObGtw"}],"group":"cf-nel","max_age":604800} content-type text/css cache-control max-age=14400 cf-ray 8289c9b3ac2b1c93-AMS alt-svc h3=":443"; ma=86400
GET H2	200	mdb.min.css www.up-4ever.net/assets/css/	521 KB 62 KB	64ms 62ms	Stylesheet text/css	2606:4700:3035::ac43:d8bc CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://www.up-4ever.net/assets/css/mdb.min.css?ver=25 Requested by Host: www.up-4ever.net URL: https://www.up-4ever.net/169wh99mvv5x Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3035::ac43:d8bc , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 2d3e15995e3bcde2055bfc93d2523a0160d10386e9bf3a7c7ffc2b278ecb7c91 Request headers accept-language de-DE,de;q=0.9 Referer https://www.up-4ever.net/169wh99mvv5x User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36 Response headers date Sun, 19 Nov 2023 16:21:43 GMT content-encoding br cf-cache-status HIT last-modified Tue, 23 Jun 2020 07:33:15 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare age 2664 vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=95CGQ9zkO0INTayd%2Bx1fuuV%2FzE%2F6eCVnXaVhYs33vfH4q%2FvFodDCT5DmNyGoe%2B1fRd8tusu3h3LnWkIHITQOPwfVwJSGePMtoObna0ySvUWmoH3t4j6Jbni07T1qrx0sFiQuAkJJxtE%2FTQlPs1p%2B"}],"group":"cf-nel","max_age":604800} content-type text/css cache-control max-age=14400 cf-ray 8289c9b3ac2c1c93-AMS alt-svc h3=":443"; ma=86400
GET H2	200	style.css www.up-4ever.net/assets/css/	6 KB 2 KB	42ms 40ms	Stylesheet text/css	2606:4700:3035::ac43:d8bc CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://www.up-4ever.net/assets/css/style.css?ver=34 Requested by Host: www.up-4ever.net URL: https://www.up-4ever.net/169wh99mvv5x Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3035::ac43:d8bc , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 361956d1f211151543ff2f654ac6b7ce9fbe31b3eaa08832a693f5a18a8a6ad7 Request headers accept-language de-DE,de;q=0.9 Referer https://www.up-4ever.net/169wh99mvv5x User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36 Response headers date Sun, 19 Nov 2023 16:21:43 GMT content-encoding br cf-cache-status HIT cf-bgj minify last-modified Mon, 27 May 2019 05:05:41 GMT server cloudflare age 2664 cf-polished origSize=6769 nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FVns0DV6bmdyCL0iAEuIoUv9TWlokxaJb%2FYzdiG04oQD7u0kYg7NFiX2Jlmf5%2BrBP9fmhcJYIHY5mP%2FBf98%2BmKVFxtXuu%2BkOdrU8NS%2Bm6kBQSoLG9nUS6gsJzOV0Vi48jKerI1fByhdCVkJBM0Zy"}],"group":"cf-nel","max_age":604800} content-type text/css cache-control max-age=14400 cf-ray 8289c9b3ac2f1c93-AMS alt-svc h3=":443"; ma=86400
GET H2	200	jquery-3.3.1.min.js Show response www.up-4ever.net/assets/js/	85 KB 31 KB	46ms 44ms	Script application/javascript	2606:4700:3035::ac43:d8bc CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://www.up-4ever.net/assets/js/jquery-3.3.1.min.js Requested by Host: www.up-4ever.net URL: https://www.up-4ever.net/169wh99mvv5x Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3035::ac43:d8bc , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef Request headers accept-language de-DE,de;q=0.9 Referer https://www.up-4ever.net/169wh99mvv5x User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36 Response headers date Sun, 19 Nov 2023 16:21:43 GMT content-encoding br cf-cache-status HIT last-modified Thu, 23 May 2019 00:36:01 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare age 924 vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MA95ihUXSTlbXOjpWnM%2BhAxRluRLZDqOCJs3k3pXzsJAjszalT9GCTvrq1nRKOzaZT3GnsjnzWRF60cUNCLh2EeLIH88kDReThYWJiq8v8rPHB3OFjaLw3t25NlNn8XjyTaKvyg4ZtZMUY8m1h7M"}],"group":"cf-nel","max_age":604800} content-type application/javascript cache-control max-age=14400 cf-ray 8289c9b3ac301c93-AMS alt-svc h3=":443"; ma=86400
GET H2	200	js Show response www.googletagmanager.com/gtag/	236 KB 83 KB	91ms 38ms	Script application/javascript	2a00:1450:4001:80e::2008 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.googletagmanager.com/gtag/js?id=G-BH3KCF6H24 Requested by Host: www.up-4ever.net URL: https://www.up-4ever.net/169wh99mvv5x Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:80e::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Google Tag Manager / Resource Hash 07ad1d703f57a7b1bc199828929613b033d2c0b0b2d5bb98e968c4c27098c149 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://www.up-4ever.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36 Response headers date Sun, 19 Nov 2023 16:21:43 GMT content-encoding br strict-transport-security max-age=31536000; includeSubDomains server Google Tag Manager vary Accept-Encoding content-type application/javascript; charset=UTF-8 access-control-allow-origin * cache-control private, max-age=900 access-control-allow-credentials true cross-origin-resource-policy cross-origin access-control-allow-headers Cache-Control content-length 84712 x-xss-protection 0 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 expires Sun, 19 Nov 2023 16:21:43 GMT
GET H2	200	jquery.paging.js Show response www.up-4ever.net/js/	19 KB 5 KB	45ms 43ms	Script application/javascript	2606:4700:3035::ac43:d8bc CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://www.up-4ever.net/js/jquery.paging.js Requested by Host: www.up-4ever.net URL: https://www.up-4ever.net/169wh99mvv5x Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3035::ac43:d8bc , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash c8ecfe747c979fbd87624913200a9237343679923b495885bced089b80fc84f6 Request headers accept-language de-DE,de;q=0.9 Referer https://www.up-4ever.net/169wh99mvv5x User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36 Response headers date Sun, 19 Nov 2023 16:21:43 GMT content-encoding br cf-cache-status HIT last-modified Thu, 23 May 2019 00:40:06 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare age 149 vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1bQLLrHGgK7QPGjKUKCt2tWrm0DsSleKmQyVCiFXAr3r3xvhbMZkEzMhOWnAk1klBmGskQAeFMLxUQmW8q%2FV%2BoiVTj5NisZM7Qeuy%2FeaPMrMRhuiZE3KIZj7OeCeeZCzf9l0uFJGJShuzpQ%2BNE7D"}],"group":"cf-nel","max_age":604800} content-type application/javascript cache-control max-age=14400 cf-ray 8289c9b3ac321c93-AMS alt-svc h3=":443"; ma=86400
GET H2	200	jquery.cookie.js Show response www.up-4ever.net/js/	3 KB 2 KB	41ms 39ms	Script application/javascript	2606:4700:3035::ac43:d8bc CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://www.up-4ever.net/js/jquery.cookie.js Requested by Host: www.up-4ever.net URL: https://www.up-4ever.net/169wh99mvv5x Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3035::ac43:d8bc , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash c4fb91befcf134b81ecfa1c586e1f9d6426c8f4fc1f6c130ac1fddb49ab5df96 Request headers accept-language de-DE,de;q=0.9 Referer https://www.up-4ever.net/169wh99mvv5x User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36 Response headers date Sun, 19 Nov 2023 16:21:43 GMT content-encoding br cf-cache-status HIT last-modified Wed, 25 Nov 2020 04:27:31 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare age 2664 vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Nll%2BXqcdnNdw5exz8uU%2FGYmrwnpyMaVEY3xuP9WianvfhIBReHiMvBr5sLlExHiczAYQ7PtMvodqky5DyolZfH166RLCDtzjheHp1o3kxeFIs9rk2hxCvQlWwfQjVdCpeECCLKZDhQm9fW%2FX%2BqVU"}],"group":"cf-nel","max_age":604800} content-type application/javascript cache-control max-age=14400 cf-ray 8289c9b3ac341c93-AMS alt-svc h3=":443"; ma=86400
GET H2	200	paging.js Show response www.up-4ever.net/js/	2 KB 994 B	54ms 53ms	Script application/javascript	2606:4700:3035::ac43:d8bc CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://www.up-4ever.net/js/paging.js?ver=8 Requested by Host: www.up-4ever.net URL: https://www.up-4ever.net/169wh99mvv5x Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3035::ac43:d8bc , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 20bc222f73096f80397fe7b936bf6c6ca21f77dc5eb9ae91244154a98a207a64 Request headers accept-language de-DE,de;q=0.9 Referer https://www.up-4ever.net/169wh99mvv5x User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36 Response headers date Sun, 19 Nov 2023 16:21:43 GMT content-encoding br cf-cache-status HIT last-modified Mon, 27 May 2019 03:32:02 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare age 348 vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FDpBoRbLV2KswY8p%2FJly6f3OMC2Cwo5hSbAJsM9ivJ5RDSan4l4913mNGqHTqwCjUO03z7hzLidjDLaF3utyTNcOf9sMncbH%2FfWj5bJ%2FDxqd8ehRffHXEnt7IUmpZ50vOqzi7bYjanwFBR8pJ26k"}],"group":"cf-nel","max_age":604800} content-type application/javascript cache-control max-age=14400 cf-ray 8289c9b3ac351c93-AMS alt-svc h3=":443"; ma=86400
GET H2	200	logo.png www.up-4ever.net/assets/image/	4 KB 5 KB	42ms 41ms	Image image/png	2606:4700:3035::ac43:d8bc CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://www.up-4ever.net/assets/image/logo.png Requested by Host: www.up-4ever.net URL: https://www.up-4ever.net/169wh99mvv5x Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3035::ac43:d8bc , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash a9e78b0bfceeaad1dc5d2a5a1a8a08da46dc4164dd7f3303924741a675f8db79 Request headers accept-language de-DE,de;q=0.9 Referer https://www.up-4ever.net/169wh99mvv5x User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36 Response headers date Sun, 19 Nov 2023 16:21:43 GMT cf-cache-status HIT last-modified Thu, 23 May 2019 00:36:03 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare age 5224 vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1MPgvrsZ5QeOkA2hhmOhff3MdbMQOh9Kde1Y5oOqnDTF84fUKwooPWhGb7%2FPm3zPor%2BghkwjAxyI7d0BgduEngTFNheMqHqkPes5Jc4GXMCouxzrvQKOwIEZFwxAVTuRZIcd4SQ9QYteaOCc8q%2Fi"}],"group":"cf-nel","max_age":604800} content-type image/png cache-control max-age=14400 accept-ranges bytes cf-ray 8289c9b3ac371c93-AMS alt-svc h3=":443"; ma=86400 content-length 4569
GET H2	200	/ Show response d1spc7iz1ls2b1.cloudfront.net/	354 KB 116 KB	292ms 191ms	Script text/plain	2600:9000:2204:de00:1c:63e0:eb40:21 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://d1spc7iz1ls2b1.cloudfront.net/?icpsd=1001972 Requested by Host: www.up-4ever.net URL: https://www.up-4ever.net/169wh99mvv5x Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:2204:de00:1c:63e0:eb40:21 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software / Resource Hash 661d500c3850a843228ffa414d424739f10505388d5777371c86bef239236354 Request headers accept-language de-DE,de;q=0.9 Referer https://www.up-4ever.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36 Response headers pragma no-cache date Sun, 19 Nov 2023 16:21:43 GMT content-encoding gzip via 1.1 0b3cd120321973f1462a42e82c43c1cc.cloudfront.net (CloudFront) x-amz-cf-pop AMS50-C1 x-cache Miss from cloudfront access-control-allow-origin * cache-control no-store, no-cache, proxy-revalidate, must-revalidate, private, no-transform content-length 117726 x-amz-cf-id 0Tt7R9aVHTVFwTxsNBuwX97R0KNhoxlsdMQGyGI1dY26Zka-EXjmNQ==
GET H2	200	z-6683946 Show response www.up-4ever.net/	2 KB 2 KB	55ms 55ms	Script text/plain	2606:4700:3035::ac43:d8bc CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://www.up-4ever.net/z-6683946 Requested by Host: www.up-4ever.net URL: https://www.up-4ever.net/169wh99mvv5x Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3035::ac43:d8bc , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash b5310161a6843c54fc4d5a5493bbb580229629783b8b3ebccc9058c9615b3343 Request headers accept-language de-DE,de;q=0.9 Referer https://www.up-4ever.net/169wh99mvv5x User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36 Response headers date Sun, 19 Nov 2023 16:21:43 GMT cf-cache-status DYNAMIC last-modified Sun, 19 Nov 2023 16:01:01 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9hzhs0F%2BokJKPsHXikimDbXK6IN7lJM2DaudNeI%2F6w6hxHLzibEz6Jvh9HCf%2B6V1ABghhdKFQxsOfTgtXspdfHHKW%2BOZtOCrk6iBc8KSa9YaJ3O6Vc4%2BN85KuAebrDV0vd26hAo%2B65TxiMKwmckW"}],"group":"cf-nel","max_age":604800} accept-ranges bytes cf-ray 8289c9b3fc7a1c93-AMS alt-svc h3=":443"; ma=86400 content-length 1733
GET H3	200	popper.min.js Show response www.up-4ever.net/assets/js/	20 KB 8 KB	56ms 55ms	Script application/javascript	2606:4700:3035::ac43:d8bc CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://www.up-4ever.net/assets/js/popper.min.js?ver=10 Requested by Host: www.up-4ever.net URL: https://www.up-4ever.net/169wh99mvv5x Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3035::ac43:d8bc , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 58cb6a78afc204b7165e947c965cbce6296ee0e587fbab3e12c0d2b6378e9004 Request headers accept-language de-DE,de;q=0.9 Referer https://www.up-4ever.net/169wh99mvv5x User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36 Response headers date Sun, 19 Nov 2023 16:21:43 GMT content-encoding br cf-cache-status HIT last-modified Thu, 23 May 2019 00:36:02 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare age 619 vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dlDtSNLiTZztcRzoExsAEQT0%2BlTei9jnYlWv2hSSnMCnc1%2FYwoam%2BvSKHwZ6s2Sf0JQPlyrDdPQdxddENXGY%2BZ5MtYBs5SdSE%2BHLlRyTdxKTU%2BnVxjsWEa%2BC49h5JayWeuA6MvGb0fNTDS5C%2FPI4"}],"group":"cf-nel","max_age":604800} content-type application/javascript cache-control max-age=14400 cf-ray 8289c9b4582bbbf1-FRA alt-svc h3=":443"; ma=86400
GET H3	200	bootstrap.min.js Show response www.up-4ever.net/assets/js/	50 KB 15 KB	33ms 32ms	Script application/javascript	2606:4700:3035::ac43:d8bc CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://www.up-4ever.net/assets/js/bootstrap.min.js?ver=10 Requested by Host: www.up-4ever.net URL: https://www.up-4ever.net/169wh99mvv5x Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3035::ac43:d8bc , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 56c12a125b021d21a69e61d7190cefa168d6c28ce715265cea1b3b0112d169c4 Request headers accept-language de-DE,de;q=0.9 Referer https://www.up-4ever.net/169wh99mvv5x User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36 Response headers date Sun, 19 Nov 2023 16:21:43 GMT content-encoding br cf-cache-status HIT last-modified Thu, 23 May 2019 00:36:02 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare age 2642 vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2G7fcV224rmluW0HYKV%2BMKt1V%2FD9bFWXNpISU70wNHGI9%2F205p%2Fn1QHcLS6nxyzi%2Fe2U2pTYz2%2BCetO7OXqc1CRaxZ4hcrT3HKi0554JbEoOEwRAKC9YeehZX%2FydPyFCF6hU%2Bx3OkzJrD1MpbrpE"}],"group":"cf-nel","max_age":604800} content-type application/javascript cache-control max-age=14400 cf-ray 8289c9b4582cbbf1-FRA alt-svc h3=":443"; ma=86400
GET H3	200	mdb.min.js Show response www.up-4ever.net/assets/js/	410 KB 124 KB	57ms 56ms	Script application/javascript	2606:4700:3035::ac43:d8bc CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://www.up-4ever.net/assets/js/mdb.min.js?ver=15 Requested by Host: www.up-4ever.net URL: https://www.up-4ever.net/169wh99mvv5x Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3035::ac43:d8bc , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash b6e658cbd1f64eba1b117f37d463588e91d21469fbf2cb2332b5d68f4e4b0fee Request headers accept-language de-DE,de;q=0.9 Referer https://www.up-4ever.net/169wh99mvv5x User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36 Response headers date Sun, 19 Nov 2023 16:21:43 GMT content-encoding br cf-cache-status HIT last-modified Thu, 23 May 2019 00:36:02 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare age 2642 vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=62a8Q%2B2evoL%2FeGsZFr%2Fyo0s%2BbGfJz1oNXO5db4PWnqkN61I2uXFexgsz0sSGLiVRvKTPzwZAW%2FBAFvSkAc2eF9RSln%2FNQvLd%2FE4dfiEErqydkxuuiT4bjSm%2BJ0BZkaE4ERfMpN0SSHkR2rxxU%2F7t"}],"group":"cf-nel","max_age":604800} content-type application/javascript cache-control max-age=14400 cf-ray 8289c9b4582dbbf1-FRA alt-svc h3=":443"; ma=86400
GET H3	200	interface.js Show response www.up-4ever.net/assets/js/	135 B 559 B	105ms 104ms	Script application/javascript	2606:4700:3035::ac43:d8bc CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://www.up-4ever.net/assets/js/interface.js?ver=11 Requested by Host: www.up-4ever.net URL: https://www.up-4ever.net/169wh99mvv5x Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3035::ac43:d8bc , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 0a61490d8aeb374bac98abdad64f4d036b7117d850c740dc4ebd5be7c0708e22 Request headers accept-language de-DE,de;q=0.9 Referer https://www.up-4ever.net/169wh99mvv5x User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36 Response headers date Sun, 19 Nov 2023 16:21:43 GMT content-encoding br cf-cache-status HIT last-modified Sat, 06 Feb 2021 14:49:51 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare age 2642 vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3zxeeEg7UNkEG8n8DWA3g90zZiFIIsRuApfmtLrFR%2BaEx4oflLQdgJG6nLBPfwYux%2BJd1aa2CGODb6tEUwoHGtfhrYh9Evu6NoZ6sjFzBG7sz%2B9pBm%2F0E8HK6Tik6GegtTUKyQXq6QCmdT%2FEG1JL"}],"group":"cf-nel","max_age":604800} content-type application/javascript cache-control max-age=14400 cf-ray 8289c9b4582ebbf1-FRA alt-svc h3=":443"; ma=86400
GET H3	200	perfect-scrollbar.min.js Show response www.up-4ever.net/assets/js/	18 KB 6 KB	106ms 105ms	Script application/javascript	2606:4700:3035::ac43:d8bc CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://www.up-4ever.net/assets/js/perfect-scrollbar.min.js Requested by Host: www.up-4ever.net URL: https://www.up-4ever.net/169wh99mvv5x Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3035::ac43:d8bc , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash a4ec9d558eeb7bc7359fe7c4820deea2c951fdd8bd34cb0e15727412c7f6c634 Request headers accept-language de-DE,de;q=0.9 Referer https://www.up-4ever.net/169wh99mvv5x User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36 Response headers date Sun, 19 Nov 2023 16:21:43 GMT content-encoding br cf-cache-status HIT last-modified Sat, 06 Feb 2021 14:52:57 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare age 2642 vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Uam0ErYSvJ7ehE9VHf6oR3LN1FHV6tTWRGfhBB1KmZnoFPleYQSEsDQHuOxl48QSdWKZc9tKxlsApHjp8dXDygDahCUJ3enjV%2FnxAGsbH2dsY6P1sDavNbPSJjncGjjKhHT3beKO6Nh2ZdB60GUo"}],"group":"cf-nel","max_age":604800} content-type application/javascript cache-control max-age=14400 cf-ray 8289c9b4582fbbf1-FRA alt-svc h3=":443"; ma=86400
GET H3	200	bootstrap-confirm.js Show response www.up-4ever.net/js/	3 KB 2 KB	107ms 106ms	Script application/javascript	2606:4700:3035::ac43:d8bc CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://www.up-4ever.net/js/bootstrap-confirm.js Requested by Host: www.up-4ever.net URL: https://www.up-4ever.net/169wh99mvv5x Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3035::ac43:d8bc , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash ecf662e9f1d25bd142e6b4e5618012a3af7af1a2cd7504d67b90d59ca344ef2f Request headers accept-language de-DE,de;q=0.9 Referer https://www.up-4ever.net/169wh99mvv5x User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36 Response headers date Sun, 19 Nov 2023 16:21:43 GMT content-encoding br cf-cache-status HIT last-modified Thu, 23 May 2019 00:40:05 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare age 2642 vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LmugCITAjtvoVUWEizzxDxUZjz1Dwi0ck7tD69%2FoDA5UGANd8RGVUoInS392JcjPNM9kZoZO4rErBMY90INQ5ljCoF1BT%2BKIKxCFIakxT%2FCCkHp1s5h%2BNu9p%2FZMIUDnjTKGBFGAIwfgLnvUPtO3x"}],"group":"cf-nel","max_age":604800} content-type application/javascript cache-control max-age=14400 cf-ray 8289c9b45830bbf1-FRA alt-svc h3=":443"; ma=86400
GET H3	200	dialogs.js Show response www.up-4ever.net/js/	2 KB 1 KB	108ms 107ms	Script application/javascript	2606:4700:3035::ac43:d8bc CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://www.up-4ever.net/js/dialogs.js Requested by Host: www.up-4ever.net URL: https://www.up-4ever.net/169wh99mvv5x Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3035::ac43:d8bc , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 71fea8e764130d6d3e79297c3c69a3f30ba91e929ef79753dc6fd807d04bc03d Request headers accept-language de-DE,de;q=0.9 Referer https://www.up-4ever.net/169wh99mvv5x User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36 Response headers date Sun, 19 Nov 2023 16:21:43 GMT content-encoding br cf-cache-status HIT last-modified Thu, 23 May 2019 00:40:07 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare age 4692 vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IMOlWajxMYU3PCFd5CtpzQwYLeckns4iK%2FyD7SOCCFZD6VdtV1zq1LFHO30xR5YfFEP%2FmuSLKyx1JlFi%2FoQApmvoQT9ESjHq7Y8Q4PLaRawBq%2F80pFCoAVAI5T3dC8TU3fHZBc5XTRi9zZNVHZUW"}],"group":"cf-nel","max_age":604800} content-type application/javascript cache-control max-age=14400 cf-ray 8289c9b45831bbf1-FRA alt-svc h3=":443"; ma=86400
GET H3	200	flags.png www.up-4ever.net/assets/image/	15 KB 15 KB	99ms 99ms	Image image/png	2606:4700:3035::ac43:d8bc CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://www.up-4ever.net/assets/image/flags.png Requested by Host: www.up-4ever.net URL: https://www.up-4ever.net/assets/css/style.css?ver=34 Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3035::ac43:d8bc , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 0787e30d6145bc8b8b92ed329f664bcc3012162ccba9ef943d7ada480afb74e9 Request headers accept-language de-DE,de;q=0.9 Referer https://www.up-4ever.net/assets/css/style.css?ver=34 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36 Response headers date Sun, 19 Nov 2023 16:21:43 GMT cf-cache-status HIT last-modified Thu, 23 May 2019 00:36:04 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare age 2642 vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xyFHfjlTlURems06btGIBNEqrBvLxwOocQBJwO4nenFIEXmvFYfbfPxQY2QJueRLL7MPpp4na6D%2FRpkaHpMN7hEth33lK1VtoekEx4JtZVitU4aABrM63jNO1j8FN%2B7lRZtEQuHRGm7Ok0mQ%2FRE3"}],"group":"cf-nel","max_age":604800} content-type image/png cache-control max-age=14400 accept-ranges bytes cf-ray 8289c9b46843bbf1-FRA alt-svc h3=":443"; ma=86400 content-length 15180
GET H3	200	Roboto-Bold.woff2 www.up-4ever.net/assets/font/roboto/	49 KB 49 KB	113ms 112ms	Font font/woff2	2606:4700:3035::ac43:d8bc CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://www.up-4ever.net/assets/font/roboto/Roboto-Bold.woff2 Requested by Host: www.up-4ever.net URL: https://www.up-4ever.net/assets/css/mdb.min.css?ver=25 Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3035::ac43:d8bc , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 8b84b2abc336ee61f48a28a697b6ace2333ea5f1868aa15d5aeb2c7beac6d716 Request headers Referer https://www.up-4ever.net/assets/css/mdb.min.css?ver=25 Origin https://www.up-4ever.net accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36 Response headers date Sun, 19 Nov 2023 16:21:43 GMT cf-cache-status HIT last-modified Thu, 23 May 2019 00:36:35 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare age 4692 vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zSK%2FY1qhLHTyQhcocO12K3IhHx7NHs7An1Fp2Aa3TbU1%2BqY46gk%2B5ZXCohNTXJ42eRoC7Qcov6qzRN3YbrIQyOi3RPcQdF4jC%2Fgm%2FW7Kkv8HDcmC6jqQDIMkyCebmTTu81IWP52i2yA15i7IQbOr"}],"group":"cf-nel","max_age":604800} content-type font/woff2 cache-control max-age=14400 accept-ranges bytes cf-ray 8289c9b46845bbf1-FRA alt-svc h3=":443"; ma=86400 content-length 49976
GET H3	200	Roboto-Light.woff2 www.up-4ever.net/assets/font/roboto/	48 KB 49 KB	114ms 113ms	Font font/woff2	2606:4700:3035::ac43:d8bc CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://www.up-4ever.net/assets/font/roboto/Roboto-Light.woff2 Requested by Host: www.up-4ever.net URL: https://www.up-4ever.net/assets/css/mdb.min.css?ver=25 Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3035::ac43:d8bc , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 94a0ac8d73bb60a9cbe27a4fa36669104f6ffa37c8ff2df29313a6c0d3b64a75 Request headers Referer https://www.up-4ever.net/assets/css/mdb.min.css?ver=25 Origin https://www.up-4ever.net accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36 Response headers date Sun, 19 Nov 2023 16:21:43 GMT cf-cache-status HIT last-modified Thu, 23 May 2019 00:36:13 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare age 2144 vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9aNhi%2FEEoG3JCeEfO7UgP9WU5lJZCgLsirdN8zOkvI5MLlGyS%2BKXAvluVKCV5ad6UPkOoOKeEi009p4tl5neUGmjr%2BmbJHkOklarjkMJFKAhPlu5EZxUqSjGEs1qskEQF12n3GtCaL5UCv5PM8fv"}],"group":"cf-nel","max_age":604800} content-type font/woff2 cache-control max-age=14400 accept-ranges bytes cf-ray 8289c9b46848bbf1-FRA alt-svc h3=":443"; ma=86400 content-length 49380
GET H3	200	Roboto-Regular.woff2 www.up-4ever.net/assets/font/roboto/	48 KB 49 KB	115ms 115ms	Font font/woff2	2606:4700:3035::ac43:d8bc CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://www.up-4ever.net/assets/font/roboto/Roboto-Regular.woff2 Requested by Host: www.up-4ever.net URL: https://www.up-4ever.net/assets/css/mdb.min.css?ver=25 Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3035::ac43:d8bc , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash b5c9c23bd12593523a46d79dd0aee80e3226bbde4c9ac05fc30a95e2c1510de0 Request headers Referer https://www.up-4ever.net/assets/css/mdb.min.css?ver=25 Origin https://www.up-4ever.net accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36 Response headers date Sun, 19 Nov 2023 16:21:43 GMT cf-cache-status HIT last-modified Thu, 23 May 2019 00:36:13 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare age 2144 vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=645DhoQ4atCVYd45yrITT5XIomL0U%2FPHOV%2F2%2BipqA7%2BKbJ%2Fq7AXJMGIPKBDatQbyN3adIKpZIdzIKx3gn0AHvbu8jR04SjBhkHQ5zxT4K0a3nWVmQvvtsukn21F5xIVucfKlLGYkhCEjQ8led1Bs"}],"group":"cf-nel","max_age":604800} content-type font/woff2 cache-control max-age=14400 accept-ranges bytes cf-ray 8289c9b46849bbf1-FRA alt-svc h3=":443"; ma=86400 content-length 49236
GET H3	200	Roboto-Medium.woff2 www.up-4ever.net/assets/font/roboto/	49 KB 50 KB	124ms 123ms	Font font/woff2	2606:4700:3035::ac43:d8bc CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://www.up-4ever.net/assets/font/roboto/Roboto-Medium.woff2 Requested by Host: www.up-4ever.net URL: https://www.up-4ever.net/assets/css/mdb.min.css?ver=25 Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3035::ac43:d8bc , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 1cd5c4b37938d932110ec043ce1cc766d18cacf7a4e7cffa6a539855d5bdc08d Request headers Referer https://www.up-4ever.net/assets/css/mdb.min.css?ver=25 Origin https://www.up-4ever.net accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36 Response headers date Sun, 19 Nov 2023 16:21:43 GMT cf-cache-status HIT last-modified Thu, 23 May 2019 00:36:13 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare age 3922 vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ofyfQ7yIkfEvGvuYJX2e6Suh77WzVnLYK2ZlewKYqtwvBeGvdLGM69pcToP9OCp3dHeK4IwSJb7wNXk%2BmAkmZO1vfZ1uHSCr1csouTxJL7xaODvr9nQ5tGDwNJ0q%2F4N8PpNyJXNO3lj%2F8%2FjuOC2V"}],"group":"cf-nel","max_age":604800} content-type font/woff2 cache-control max-age=14400 accept-ranges bytes cf-ray 8289c9b4684bbbf1-FRA alt-svc h3=":443"; ma=86400 content-length 50224
GET H3	200	fa-light-300.woff2 www.up-4ever.net/assets/packages/fontawesome/webfonts/	115 KB 116 KB	135ms 134ms	Font font/woff2	2606:4700:3035::ac43:d8bc CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://www.up-4ever.net/assets/packages/fontawesome/webfonts/fa-light-300.woff2 Requested by Host: www.up-4ever.net URL: https://www.up-4ever.net/assets/packages/fontawesome/css/all.css Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3035::ac43:d8bc , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 2fc5ace475076f454c946a32e61011a7b8b0ab6fadfb98a73756906b94a5588d Request headers Referer https://www.up-4ever.net/assets/packages/fontawesome/css/all.css Origin https://www.up-4ever.net accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36 Response headers date Sun, 19 Nov 2023 16:21:43 GMT cf-cache-status HIT last-modified Thu, 23 May 2019 00:36:21 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare age 4692 vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rhMAHqJ0hR0cCf%2BVC8iv2TQ9T4io7iRzel9%2BXOvkcg1jxPsvJwnjkxCBpOCB%2BsWlvN9Za3pgLLeX4rSwZLuRFwcn7LCGyUsS7i%2F1VKjwc4p9BNL8EilNLauwEjKmEtmqUPf3LdyvzKReGlpyy7X5"}],"group":"cf-nel","max_age":604800} content-type font/woff2 cache-control max-age=14400 accept-ranges bytes cf-ray 8289c9b4684dbbf1-FRA alt-svc h3=":443"; ma=86400 content-length 117936
GET H3	200	show_ads_impl_with_ama_fy2021.js Show response pagead2.googlesyndication.com/pagead/managed/js/adsense/m202311090101/	400 KB 135 KB	192ms 146ms	Script text/javascript	2a00:1450:4001:810::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202311090101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-6001787570359789&plah=www.up-4ever.net&bust=31079772 Requested by Host: pagead2.googlesyndication.com URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-6001787570359789 Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash cd1904e2f2c9f0c4649eee4c6551b4d760898ac75d4a129303401c1ce45a893a Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://www.up-4ever.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36 Response headers date Sun, 19 Nov 2023 16:21:43 GMT content-encoding br x-content-type-options nosniff p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 138528 x-xss-protection 0 server cafe etag 8016906031426405359 vary Accept-Encoding content-type text/javascript; charset=UTF-8 cache-control private, max-age=3600, stale-while-revalidate=3600 timing-allow-origin * expires Sun, 19 Nov 2023 16:21:43 GMT
GET H2	200	zrt_lookup_fy2021.html Show response googleads.g.doubleclick.net/pagead/html/r20231109/r20190131/ Frame 0C75	9 KB 4 KB	78ms 21ms	Document text/html	2a00:1450:4001:80f::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://googleads.g.doubleclick.net/pagead/html/r20231109/r20190131/zrt_lookup_fy2021.html Requested by Host: pagead2.googlesyndication.com URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-6001787570359789 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash 623c81b092a6116d4d60ff89b14803818efb0b9aebf6e4e2c50241e802f6e016 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://www.up-4ever.net/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers age 31295 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 cache-control public, max-age=1209600 content-encoding br content-length 4118 content-type text/html; charset=UTF-8 cross-origin-resource-policy cross-origin date Sun, 19 Nov 2023 07:40:08 GMT etag 16674218716276178799 expires Sun, 03 Dec 2023 07:40:08 GMT p3p policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" server cafe timing-allow-origin * vary Accept-Encoding x-content-type-options nosniff x-xss-protection 0
POST H2	204	collect region1.analytics.google.com/g/	0 255 B	84ms 30ms	Ping text/plain	2001:4860:4802:32::36 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://region1.analytics.google.com/g/collect?v=2&tid=G-BH3KCF6H24&gtm=45je3b81v9132047618&_p=1700410903728&_gaz=1&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&cid=1410900644.1700410904&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=1&sid=1700410903&sct=1&seg=0&dl=https%3A%2F%2Fwww.up-4ever.net%2F169wh99mvv5x&dt=Download%20gggggggggggggggggg%20torrent&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1&tfd=481 Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtag/js?id=G-BH3KCF6H24 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers accept-language de-DE,de;q=0.9 Referer https://www.up-4ever.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36 Response headers pragma no-cache date Sun, 19 Nov 2023 16:21:43 GMT server Golfe2 content-type text/plain access-control-allow-origin https://www.up-4ever.net cache-control no-cache, no-store, must-revalidate access-control-allow-credentials true cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 0 expires Fri, 01 Jan 1990 00:00:00 GMT
POST H2	204	collect stats.g.doubleclick.net/g/	0 255 B	92ms 30ms	Ping text/plain	2a00:1450:400c:c09::9a GOOGLE
General Check archive.org Show headers Download Go to Full URL https://stats.g.doubleclick.net/g/collect?v=2&tid=G-BH3KCF6H24&cid=1410900644.1700410904&gtm=45je3b81v9132047618&aip=1&dma=1&dma_cps=sypham&gcd=11l1l1l1l1 Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtag/js?id=G-BH3KCF6H24 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:400c:c09::9a Brussels, Belgium, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers accept-language de-DE,de;q=0.9 Referer https://www.up-4ever.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36 Response headers pragma no-cache date Sun, 19 Nov 2023 16:21:43 GMT server Golfe2 content-type text/plain access-control-allow-origin https://www.up-4ever.net cache-control no-cache, no-store, must-revalidate access-control-allow-credentials true cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	ga-audiences www.google.de/ads/	42 B 408 B	111ms 60ms	Image image/gif	2a00:1450:4001:80f::2003 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://www.google.de/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-BH3KCF6H24&cid=1410900644.1700410904&gtm=45je3b81v9132047618&aip=1&dma=1&dma_cps=sypham&gcd=11l1l1l1l1&z=1544612116 Requested by Host: www.up-4ever.net URL: https://www.up-4ever.net/169wh99mvv5x Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://www.up-4ever.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36 Response headers pragma no-cache date Sun, 19 Nov 2023 16:21:44 GMT x-content-type-options nosniff server cafe content-type image/gif p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cache-control no-cache, no-store, must-revalidate cross-origin-resource-policy cross-origin timing-allow-origin * alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 42 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	asd100.bin Show response pogothere.xyz/	100 KB 101 KB	100ms 32ms	Fetch binary/octet-stream	172.64.111.13 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://pogothere.xyz/asd100.bin Requested by Host: d1spc7iz1ls2b1.cloudfront.net URL: https://d1spc7iz1ls2b1.cloudfront.net/?icpsd=1001972 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.64.111.13 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash f627ca4c2c322f15db26152df306bd4f983f0146409b81a4341b9b340c365a16 Request headers accept-language de-DE,de;q=0.9 Referer https://www.up-4ever.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36 Response headers date Sun, 19 Nov 2023 16:21:44 GMT cf-cache-status HIT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} age 218 alt-svc h3=":443"; ma=86400 last-modified Sun, 19 Nov 2023 16:18:06 GMT server cloudflare vary Accept-Encoding access-control-allow-methods GET content-type binary/octet-stream access-control-allow-origin https://www.up-4ever.net report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=A43VXco3PGy%2FWJmBeCgJYaLeMEPmYnh%2BMozgOgRpRAOjM1GHYWuy8m1wJJWcsSG9CGhB6W0oW%2FLsdQqCVjjeL2D0VE5L%2FGBEJLyDo6LQgu84KwGXfp%2FfoAQfL2LAqmI6"}],"group":"cf-nel","max_age":604800} cache-control max-age=14400 access-control-allow-credentials true cf-ray 8289c9b66f604db8-FRA access-control-allow-headers X-Requested-With, content-type
GET H2	200	/ Show response pogothere.xyz/	27 B 376 B	186ms 119ms	Fetch text/plain	172.64.111.13 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://pogothere.xyz/ Requested by Host: d1spc7iz1ls2b1.cloudfront.net URL: https://d1spc7iz1ls2b1.cloudfront.net/?icpsd=1001972 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.64.111.13 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 3f1d6c7fb070a819f7df5a0c7e7e37fd301905f38046650bec847b01ce69d22d Request headers accept-language de-DE,de;q=0.9 Referer https://www.up-4ever.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36 Response headers date Sun, 19 Nov 2023 16:21:44 GMT content-encoding br cf-cache-status DYNAMIC nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gj8Dwc%2FAaKd8h177ZLl7%2Br0KWKnqL3%2BPn%2B7NPfsbn7RA%2B%2BqBAqDtC2YVgPEtJzVLOHR7Nd0RNx4DAuu%2FOFBHUBNS7V1WmJ5vzK%2BgNH8i1vapaI64JuI0e1knKTB3zD3e"}],"group":"cf-nel","max_age":604800} access-control-allow-methods GET access-control-allow-origin https://www.up-4ever.net content-type text/plain access-control-allow-credentials true cf-ray 8289c9b66f5f4db8-FRA access-control-allow-headers X-Requested-With, content-type alt-svc h3=":443"; ma=86400
GET H2	204	utx Show response adiingsinspiri.org/	0 540 B	180ms 115ms	XHR text/plain	143.204.98.95 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://adiingsinspiri.org/utx?cb=Heges1yw0zvL&top=www.up-4ever.net&tid=1001972 Requested by Host: d1spc7iz1ls2b1.cloudfront.net URL: https://d1spc7iz1ls2b1.cloudfront.net/?icpsd=1001972 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 143.204.98.95 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-143-204-98-95.fra50.r.cloudfront.net Software openresty/1.17.8.2 / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers accept-language de-DE,de;q=0.9 Referer https://www.up-4ever.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36 Response headers pragma no-cache date Sun, 19 Nov 2023 16:21:44 GMT via 1.1 f6c241b75ae7d21ac836339454ab90b8.cloudfront.net (CloudFront) server openresty/1.17.8.2 accept-ch DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List x-amz-cf-pop FRA50-C1 x-cache Miss from cloudfront p3p CP="NID DSP ALL COR" access-control-allow-origin https://www.up-4ever.net cache-control no-store, no-cache, must-revalidate, no-transform access-control-allow-credentials true x-amz-cf-id 31NiJU9GyFVFNlAC_jLa5bJP_43G4q8mHPITHRoQiieBXTtHyv-aig==
GET H2	200	E3EVH3wgUHwmLiRDeX4ODwEfHSA2RxofOS5SCyIsP1w9OBoAEic9IhlEcAUXRQADCn8cXwc Show response adiingsinspiri.org/Tk13NE0vLxRZci9wFRI4PCFKEX8IaEVyKX8+B1d6JzdGWD58L0YaLiIiAlArPCIZQGMgKAMRfwg+FQUHPy8zUwAeHCZ/DzY+QHAhCwcvBgcsGyYNKSoMNlIbOQgeYjQqJC9jFCUGNlsIAR41fxkMGEVifH4oNk4ACw4AYgcAOiZkDxh4R3... Frame 4B7B	3 KB 2 KB	241ms 205ms	Document text/html	143.204.98.95 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://adiingsinspiri.org/Tk13NE0vLxRZci9wFRI4PCFKEX8IaEVyKX8+B1d6JzdGWD58L0YaLiIiAlArPCIZQGMgKAMRfwg+FQUHPy8zUwAeHCZ/DzY+QHAhCwcvBgcsGyYNKSoMNlIbOQgeYjQqJC9jFCUGNlsIAR41fxkMGEVifH4oNk4ACw4AYgcAOiZkDxh4R3c6JiwiWRcDCjJTDAEbFFUVOQQNdgw+DjReCA8eHAQCLDoUcBwpFFIGDwwqR1AVHB8RZSomBi5yPQsZAG11Cio5ZAUGKS5sCxcvEwUlLQ4hDXUZJhx4ARYpLmwIdgoncjUXBSFDHBp8Q30LfB8SZh9/KS5TYD0uJHUAfQUmWCwMCQRRHh8iB258Ii8xWDUlGUYABBw3HHcKCBgzUHwpOz9ifCcPEGIZDSMTbRUIdTx5HAsJMmE9KRoQDRwGGUd8Dhx8E3ILOik2YQsnHzFbBBl/E3EVH3wgUHwmLiRDeX4ODwEfHSA2RxofOS5SCyIsP1w9OBoAEic9IhlEcAUXRQADCn8cXwc Requested by Host: d1spc7iz1ls2b1.cloudfront.net URL: https://d1spc7iz1ls2b1.cloudfront.net/?icpsd=1001972 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 143.204.98.95 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-143-204-98-95.fra50.r.cloudfront.net Software openresty/1.17.8.2 / Resource Hash 6140eee5288e6453cce7eaf66353cf24354d66814fcbc0fe1574eec311bdfb11 Request headers Referer https://www.up-4ever.net/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers accept-ch DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List cache-control no-store, no-cache, must-revalidate, no-transform content-encoding gzip content-length 1235 content-type text/html date Sun, 19 Nov 2023 16:21:44 GMT p3p CP="NID DSP ALL COR" pragma no-cache server openresty/1.17.8.2 via 1.1 f6c241b75ae7d21ac836339454ab90b8.cloudfront.net (CloudFront) x-amz-cf-id 0RwZyRY1yK97soHvcqQc9hrTnC3w-xsI8G1FY8hAdmi33w2UwTOUKA== x-amz-cf-pop FRA50-C1 x-cache Miss from cloudfront
GET H2	200	Jj02IyBHYiIOJDUHMTggRBQmLDI1OlUOIzQFJglBQgoxKDseFyEZIlE5FwIfB24AWiVEaw0rQQIaXBpAPCsI Show response adiingsinspiri.org/U2RtcXcyBg4cSDJZD1cCIQhQVEUVQV83E2IXHRJAOh5cHQRhBlxfFD8LGBURIQsDBVk9ARlURRUlCCktOQAoIBYUNV0iEiRUCzNHP1U+JC0AMDU/OQYlBjk8KwcqKR8RHiEkITEsPDs9Eh0dPDpjA1Q2DzsNKSAAGzc1JxEUAyQQPmM2PD... Frame 13F0	3 KB 2 KB	225ms 206ms	Document text/html	143.204.98.95 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://adiingsinspiri.org/U2RtcXcyBg4cSDJZD1cCIQhQVEUVQV83E2IXHRJAOh5cHQRhBlxfFD8LGBURIQsDBVk9ARlURRUlCCktOQAoIBYUNV0iEiRUCzNHP1U+JC0AMDU/OQYlBjk8KwcqKR8RHiEkITEsPDs9Eh0dPDpjA1Q2DzsNKSAAGzc1JxEUAyQQPmM2PDMfPAo/NBMVIj4wFQBVCSI6AQwhNR8gQV8zMhELPTcgFSggNy0yACsJMgZVGgsyEQMlNg0eLzhAMRYvCkAjBjE/QCQFDDkkLzBTOEAxFikVMC4FMS8ZJDk2KiMZAiY8NxM3PTgFMBIDPEExASk4NCQKNyUJWjc2CRtOFzEoPwYADy82JT02PzkmICUmIyEHMTkVHwBUNCE/AFwOJEYVISQJAAUnLwUDCyE/JTEqEyE2Jmc2NCQEJDEGJ04FVDc/Jj02IyBHYiIOJDUHMTggRBQmLDI1OlUOIzQFJglBQgoxKDseFyEZIlE5FwIfB24AWiVEaw0rQQIaXBpAPCsI Requested by Host: d1spc7iz1ls2b1.cloudfront.net URL: https://d1spc7iz1ls2b1.cloudfront.net/?icpsd=1001972 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 143.204.98.95 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-143-204-98-95.fra50.r.cloudfront.net Software openresty/1.17.8.2 / Resource Hash 83d8b69b1721de1818f7f3d0bc2958338c6d84e2de83933ee26c8cd5a194ee49 Request headers Referer https://www.up-4ever.net/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers accept-ch DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List cache-control no-store, no-cache, must-revalidate, no-transform content-encoding gzip content-length 1228 content-type text/html date Sun, 19 Nov 2023 16:21:44 GMT p3p CP="NID DSP ALL COR" pragma no-cache server openresty/1.17.8.2 via 1.1 f6c241b75ae7d21ac836339454ab90b8.cloudfront.net (CloudFront) x-amz-cf-id wZIcbBFoolIjvUwu0IdaCooIlULkKFcPcnQGPX4JY6lDBs7_iVe53A== x-amz-cf-pop FRA50-C1 x-cache Miss from cloudfront
GET H2	200	asd100.bin Show response pogothere.xyz/	100 KB 100 KB	73ms 59ms	Fetch binary/octet-stream	172.64.111.13 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://pogothere.xyz/asd100.bin Requested by Host: d1spc7iz1ls2b1.cloudfront.net URL: https://d1spc7iz1ls2b1.cloudfront.net/?icpsd=1001972 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.64.111.13 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash f627ca4c2c322f15db26152df306bd4f983f0146409b81a4341b9b340c365a16 Request headers accept-language de-DE,de;q=0.9 Referer https://www.up-4ever.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36 Response headers date Sun, 19 Nov 2023 16:21:44 GMT cf-cache-status HIT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} age 218 alt-svc h3=":443"; ma=86400 last-modified Sun, 19 Nov 2023 16:18:06 GMT server cloudflare vary Accept-Encoding access-control-allow-methods GET content-type binary/octet-stream access-control-allow-origin https://www.up-4ever.net report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=td1Ajopwa7xIfyp6p0Jor1jda3hW90p%2Bxp1zuqUnUKqoEFCcY7yXoeiB4mNs3ci8Cw5e8tnVt0Lk8ag4sa9Jobdpi85LAgaNdVT3ZWDB4gQswxdyMNOxyTA0UULRv7jX"}],"group":"cf-nel","max_age":604800} cache-control max-age=14400 access-control-allow-credentials true cf-ray 8289c9b66f614db8-FRA access-control-allow-headers X-Requested-With, content-type
GET H2	200	/ Show response pogothere.xyz/	27 B 350 B	137ms 123ms	Fetch text/plain	172.64.111.13 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://pogothere.xyz/ Requested by Host: d1spc7iz1ls2b1.cloudfront.net URL: https://d1spc7iz1ls2b1.cloudfront.net/?icpsd=1001972 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.64.111.13 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash f5d6e86454e77d9646806d0660906fe4e1ee299847570376a49f141c3b7fc48d Request headers accept-language de-DE,de;q=0.9 Referer https://www.up-4ever.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36 Response headers date Sun, 19 Nov 2023 16:21:44 GMT content-encoding br cf-cache-status DYNAMIC nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=aS%2BGSORZuKp4P4mnWbrOTDT5mc3pVZMy6Yo%2BfSnn2iRKvsq09Ug3iJ3Spog4W1DqT2At%2FdmSr9G7hNZCMnZ%2BdgeA24Btn7a0veW5f3QRy01D5ISXAtk1K0lq1TaTM%2BjE"}],"group":"cf-nel","max_age":604800} access-control-allow-methods GET access-control-allow-origin https://www.up-4ever.net content-type text/plain access-control-allow-credentials true cf-ray 8289c9b66f624db8-FRA access-control-allow-headers X-Requested-With, content-type alt-svc h3=":443"; ma=86400
GET H2	204	utx Show response adiingsinspiri.org/	0 540 B	215ms 204ms	XHR text/plain	143.204.98.95 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://adiingsinspiri.org/utx?cb=wnRrm486sLxQ&top=www.up-4ever.net&tid=1002459 Requested by Host: d1spc7iz1ls2b1.cloudfront.net URL: https://d1spc7iz1ls2b1.cloudfront.net/?icpsd=1001972 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 143.204.98.95 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-143-204-98-95.fra50.r.cloudfront.net Software openresty/1.17.8.2 / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers accept-language de-DE,de;q=0.9 Referer https://www.up-4ever.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36 Response headers pragma no-cache date Sun, 19 Nov 2023 16:21:44 GMT via 1.1 f6c241b75ae7d21ac836339454ab90b8.cloudfront.net (CloudFront) server openresty/1.17.8.2 accept-ch DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List x-amz-cf-pop FRA50-C1 x-cache Miss from cloudfront p3p CP="NID DSP ALL COR" access-control-allow-origin https://www.up-4ever.net cache-control no-store, no-cache, must-revalidate, no-transform access-control-allow-credentials true x-amz-cf-id 8TPRMp2fBzdqj8LcPKnCfmyF3MP__aMQZby1EVAwjxGu-c81xT8CKg==
GET H2	200	OR5qAl12CQMlXjMiHTZEITkyM1UUNysrZ24eMTdMe0YSHW93PCAPUBkZDBFQc0BsPnE7AQkgZHQ8CTZ5DCVjQgQFFzALThomNQBzOUloAQV2Ohcdb3Y7IjEPJxwyX3EXBjIpZQYXOTBzIBcPE0IlJioOYgQjNAUECT0DMEZmQxwBXSwfFw1BNzIeVgQiMCo3bHEja... Show response adiingsinspiri.org/Wmc2Q3E7BVUuTjtaVGUEKAsLZkMcQgQFFWsURiBGMx0HLwJoBQdtEjYIQycXKAhYN180AkJmQxxQYSgJbDFwDkQTH2c6ExlTWgscNg5XLQkTPnEZGzsPdy0hHjYOEQsxVnUrIG0qdQ4BEjFBJDoOUk4QQhNCBAU+Iy5SIikPQgQFODILRh... Frame 5B53	3 KB 2 KB	217ms 217ms	Document text/html	143.204.98.95 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://adiingsinspiri.org/Wmc2Q3E7BVUuTjtaVGUEKAsLZkMcQgQFFWsURiBGMx0HLwJoBQdtEjYIQycXKAhYN180AkJmQxxQYSgJbDFwDkQTH2c6ExlTWgscNg5XLQkTPnEZGzsPdy0hHjYOEQsxVnUrIG0qdQ4BEjFBJDoOUk4QQhNCBAU+Iy5SIikPQgQFODILRhofLRN+KSsvBVssPhAjQTsSCxBMExspDn4ARWgoZRkSEzN8LTgIMkMMGwMAcXA3Mi9+LyQAL2wsFxwuXAwbCwhwEDw9AQV2OhUOUmZDHAFdMx0DVGR7KWgEZCVCbyx/OR5qAl12CQMlXjMiHTZEITkyM1UUNysrZ24eMTdMe0YSHW93PCAPUBkZDBFQc0BsPnE7AQkgZHQ8CTZ5DCVjQgQFFzALThomNQBzOUloAQV2Ohcdb3Y7IjEPJxwyX3EXBjIpZQYXOTBzIBcPE0IlJioOYgQjNAUECT0DMEZmQxwBXSwfFw1BNzIeVgQiMCo3bHEjagEGOwgQClJ6VzAUWS0BZwpQEykbA0YwIA Requested by Host: d1spc7iz1ls2b1.cloudfront.net URL: https://d1spc7iz1ls2b1.cloudfront.net/?icpsd=1001972 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 143.204.98.95 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-143-204-98-95.fra50.r.cloudfront.net Software openresty/1.17.8.2 / Resource Hash 31207e0ad1545a2d83b1b59943eca8098ed86ea9c2c58f72cc02fe515d516fda Request headers Referer https://www.up-4ever.net/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers accept-ch DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List cache-control no-store, no-cache, must-revalidate, no-transform content-encoding gzip content-length 1232 content-type text/html date Sun, 19 Nov 2023 16:21:44 GMT p3p CP="NID DSP ALL COR" pragma no-cache server openresty/1.17.8.2 via 1.1 f6c241b75ae7d21ac836339454ab90b8.cloudfront.net (CloudFront) x-amz-cf-id LhaVegdAmHx5e3nO_-mockMRlEKvQa1LiLVtTV24hQgab8MNJk0BNQ== x-amz-cf-pop FRA50-C1 x-cache Miss from cloudfront
GET H2	204	YVxJQXtnXl8AKzRRSFYxJA0NBTFtXV8ZLDYDRFY0bV1XQ3Z+X01ecnYZREFkJBwYF39hSgkENjxRSEdyYFhIQHtgX0BIeg setitoefanyor.org/cEJQbHlffTMfRCIpGiIuJ3cpCCEiMwdfO0cmBxwaE3ESWyAmG3YYEBR/	0 252 B	190ms 126ms	Image text/plain	188.114.97.3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://setitoefanyor.org/cEJQbHlffTMfRCIpGiIuJ3cpCCEiMwdfO0cmBxwaE3ESWyAmG3YYEBR/YVxJQXtnXl8AKzRRSFYxJA0NBTFtXV8ZLDYDRFY0bV1XQ3Z+X01ecnYZREFkJBwYF39hSgkENjxRSEdyYFhIQHtgX0BIeg Requested by Host: www.up-4ever.net URL: https://www.up-4ever.net/169wh99mvv5x Protocol H2 Security TLS 1.3, , AES_128_GCM Server 188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers accept-language de-DE,de;q=0.9 Referer https://www.up-4ever.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36 Response headers date Sun, 19 Nov 2023 16:21:44 GMT cf-cache-status DYNAMIC nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3SlTvBYHYvhgd%2FqJagzDptojEGRvt%2BJWgKoxWeRQR4c2BnXDeDjCgkFjBIbeLUbncm3lgmhO9br3RKmlHkmO53Wp83cIZQcI4f3fzgLKblXj8%2B%2Bub3EhsKqQN2bjT4hMJ1NCTw%3D%3D"}],"group":"cf-nel","max_age":604800} access-control-allow-origin * cf-ray 8289c9b6de996ae8-FRA alt-svc h3=":443"; ma=86400
GET H2	200	login.php www.facebook.com/	0 0	193ms 145ms	Image text/html	2a03:2880:f176:181:face:b00c:0:25de FACEBOOK
General Check archive.org Show headers Download Go to Show image Full URL https://www.facebook.com/login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp Requested by Host: www.up-4ever.net URL: https://www.up-4ever.net/169wh99mvv5x Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a03:2880:f176:181:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US), Reverse DNS Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers accept-language de-DE,de;q=0.9 Referer https://www.up-4ever.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36 Response headers
GET H3	403	identifier accounts.google.com/v3/signin/ Redirect Chain https://accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail https://accounts.google.com/InteractiveLogin?continue=https://www.google.com/favicon.ico&hl=en&passive=true&service=mail&uilel=3&ifkv=AVQVeyzdtqac6InC-6Z-ZUBodS64uR9gdmYaizDitEUK4J_0IPDm46BJCyQ-B9U... https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&ifkv=AVQVeywetBpbZVxJDdIJhPiShNxNvJghASfVXGsnCne7mIN2xHk3iEgoPTQrwNVb5p_x_jgrPVPG&passive=...	0 0	40ms 39ms	Image text/html	2a00:1450:4001:82a::200d GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&ifkv=AVQVeywetBpbZVxJDdIJhPiShNxNvJghASfVXGsnCne7mIN2xHk3iEgoPTQrwNVb5p_x_jgrPVPG&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-1911655402%3A1700410904233813&theme=glif Requested by Host: www.up-4ever.net URL: https://www.up-4ever.net/169wh99mvv5x Protocol H3 Server 2a00:1450:4001:82a::200d Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers accept-language de-DE,de;q=0.9 Referer https://www.up-4ever.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36 Response headers Redirect headers date Sun, 19 Nov 2023 16:21:44 GMT strict-transport-security max-age=31536000; includeSubDomains content-encoding gzip content-security-policy require-trusted-types-for 'script';report-uri /cspreport, script-src 'report-sample' 'nonce-uokWIL3rOG2zMzJ18EJLdg' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport x-content-type-options nosniff alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 399 x-xss-protection 1; mode=block pragma no-cache server GSE x-frame-options DENY report-to {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]} content-type text/html; charset=UTF-8 location https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&ifkv=AVQVeywetBpbZVxJDdIJhPiShNxNvJghASfVXGsnCne7mIN2xHk3iEgoPTQrwNVb5p_x_jgrPVPG&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-1911655402%3A1700410904233813&theme=glif cache-control no-cache, no-store, max-age=0, must-revalidate cross-origin-opener-policy-report-only same-origin; report-to="coop_gse_qebhlk" expires Mon, 01 Jan 1990 00:00:00 GMT
GET H3	403	identifier accounts.google.com/v3/signin/ Redirect Chain https://accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube https://accounts.google.com/InteractiveLogin?continue=https://www.youtube.com/favicon.ico&hl=en&passive=true&service=youtube&uilel=3&ifkv=AVQVeyzlAi6RjRdwXoJMJtddfiYC8fFMBO32A_lU4MgVBqloKwvDJ6_-Shx... https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&ifkv=AVQVeyzCy8GpUTNo6HKktjzQ_QYQlRO_PY3Uo29uNJSbJD_7O9YLoIwqH6dFKfuVGzA-iDLycc0n&passive...	0 0	37ms 37ms	Image text/html	2a00:1450:4001:82a::200d GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&ifkv=AVQVeyzCy8GpUTNo6HKktjzQ_QYQlRO_PY3Uo29uNJSbJD_7O9YLoIwqH6dFKfuVGzA-iDLycc0n&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S973514414%3A1700410904183004&theme=glif Requested by Host: www.up-4ever.net URL: https://www.up-4ever.net/169wh99mvv5x Protocol H3 Server 2a00:1450:4001:82a::200d Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers accept-language de-DE,de;q=0.9 Referer https://www.up-4ever.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36 Response headers Redirect headers date Sun, 19 Nov 2023 16:21:44 GMT strict-transport-security max-age=31536000; includeSubDomains content-encoding gzip content-security-policy script-src 'report-sample' 'nonce-elIkAnmbW_zGLQHNQzdIpA' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport, require-trusted-types-for 'script';report-uri /cspreport x-content-type-options nosniff alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 404 x-xss-protection 1; mode=block pragma no-cache server GSE x-frame-options DENY report-to {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]} content-type text/html; charset=UTF-8 location https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&ifkv=AVQVeyzCy8GpUTNo6HKktjzQ_QYQlRO_PY3Uo29uNJSbJD_7O9YLoIwqH6dFKfuVGzA-iDLycc0n&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S973514414%3A1700410904183004&theme=glif cache-control no-cache, no-store, max-age=0, must-revalidate cross-origin-opener-policy-report-only same-origin; report-to="coop_gse_qebhlk" expires Mon, 01 Jan 1990 00:00:00 GMT
GET H2	204	dQRcSX91BV5C setitoefanyor.org/cE9BNWxfcCJGUSEYKXYIGxVyYgI+CiUGIhYscX8UFBk1BT0eCmdBBRRycAVcQXZ2AUoAJiUIXUhpMkENBDoyCF1WJi9TA01pNwhdXn9vB0JEaTQIXVY7MVQLTX5nRRgEI3wEW0B/	0 395 B	183ms 120ms	Image text/plain	188.114.97.3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://setitoefanyor.org/cE9BNWxfcCJGUSEYKXYIGxVyYgI+CiUGIhYscX8UFBk1BT0eCmdBBRRycAVcQXZ2AUoAJiUIXUhpMkENBDoyCF1WJi9TA01pNwhdXn9vB0JEaTQIXVY7MVQLTX5nRRgEI3wEW0B/dQRcSX91BV5C Requested by Host: www.up-4ever.net URL: https://www.up-4ever.net/169wh99mvv5x Protocol H2 Security TLS 1.3, , AES_128_GCM Server 188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers accept-language de-DE,de;q=0.9 Referer https://www.up-4ever.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36 Response headers date Sun, 19 Nov 2023 16:21:44 GMT cf-cache-status DYNAMIC nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QJcKjkfeRukzN%2F7W%2Fe2AxuTNrFaLY9oH9bHDm1xKgGg2%2F%2Bg6nnQVtcEVzrJjPbTuFsIwiAqqFXdEE1hy4VXKcPy7587VNj6EZwLcaVO3Agl6kK1tF4uscJV2mwxOnMYIjh3Cxw%3D%3D"}],"group":"cf-nel","max_age":604800} access-control-allow-origin * cf-ray 8289c9b6de9b6ae8-FRA alt-svc h3=":443"; ma=86400
GET H2	204	b3JDMzdATSBACjk6AV5VXzgqYgY9JSdeYS4kFQpANhkFa28BAWVHXgtPcgMHXUZ2ChEfGycOBkkBN1JDGgF+AhEGHCVcCkkEfgIZXEZtAANBQmVGCl5UN0NWCE9yFUcbBi8OBlhCcwcGX0tzBwdbQA setitoefanyor.org/	0 250 B	184ms 121ms	Image text/plain	188.114.97.3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://setitoefanyor.org/b3JDMzdATSBACjk6AV5VXzgqYgY9JSdeYS4kFQpANhkFa28BAWVHXgtPcgMHXUZ2ChEfGycOBkkBN1JDGgF+AhEGHCVcCkkEfgIZXEZtAANBQmVGCl5UN0NWCE9yFUcbBi8OBlhCcwcGX0tzBwdbQA Requested by Host: www.up-4ever.net URL: https://www.up-4ever.net/169wh99mvv5x Protocol H2 Security TLS 1.3, , AES_128_GCM Server 188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers accept-language de-DE,de;q=0.9 Referer https://www.up-4ever.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36 Response headers date Sun, 19 Nov 2023 16:21:44 GMT cf-cache-status DYNAMIC nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cHRcStpzdnyI8WDJluQOAl9Em6%2FpMbe4aND2BCeeqEzQumH07ruIpjuEOovNzXU4qeyIn2TXtWPJledyMEZiFz9OpLOmVXLRX8T2y7V%2B7SzNvW37Avjv0DiTJpMu0CIakZAfRg%3D%3D"}],"group":"cf-nel","max_age":604800} access-control-allow-origin * cf-ray 8289c9b6de976ae8-FRA alt-svc h3=":443"; ma=86400
GET H2	200	/ Show response d1spc7iz1ls2b1.cloudfront.net/	354 KB 116 KB	248ms 192ms	Fetch	2600:9000:2204:de00:1c:63e0:eb40:21 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://d1spc7iz1ls2b1.cloudfront.net/?icpsd=1001972 Requested by Host: www.up-4ever.net URL: https://www.up-4ever.net/169wh99mvv5x Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:2204:de00:1c:63e0:eb40:21 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software / Resource Hash 95c9e382a0fbe9577a1524923d2cc579158b6129c3838033f85e878ca36b251f Request headers accept-language de-DE,de;q=0.9 Referer https://www.up-4ever.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36 Response headers pragma no-cache date Sun, 19 Nov 2023 16:21:44 GMT content-encoding gzip via 1.1 0b3cd120321973f1462a42e82c43c1cc.cloudfront.net (CloudFront) x-amz-cf-pop AMS50-C1 x-cache Miss from cloudfront access-control-allow-origin https://www.up-4ever.net cache-control no-store, no-cache, proxy-revalidate, must-revalidate, private, no-transform access-control-allow-credentials true content-length 117730 x-amz-cf-id USVDVzd7ECRSzsTDwQ1YhQ_qWKY33qWLI9rkY143vnv3YE3hikckgA==
GET H2	200	utils.js Show response btodsjr.com/script/	169 KB 52 KB	138ms 47ms	Script text/javascript	2606:4700:e2::ac40:841f CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://btodsjr.com/script/utils.js Requested by Host: www.up-4ever.net URL: https://www.up-4ever.net/z-6683946 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:e2::ac40:841f , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash c6b514e16ebd71986d6e6157b17f409231c4da04a44c03861e2a5ed589286690 Request headers accept-language de-DE,de;q=0.9 Referer https://www.up-4ever.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36 Response headers date Sun, 19 Nov 2023 16:21:44 GMT content-encoding br cf-cache-status HIT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} age 400 x-guploader-uploadid ABPtcPpdBidEbu15oEQLafCw74adswouR2TLSalnhvKKVCWyhnEqt_aTbxIc52-DhPuFt4YTpAPTLUTCEqER5njNkdh8-qsMFWK7 x-goog-storage-class MULTI_REGIONAL x-goog-metageneration 2 x-goog-stored-content-encoding identity alt-svc h3=":443"; ma=86400 last-modified Fri, 17 Nov 2023 08:17:14 GMT server cloudflare etag W/"ceefaa3404530294456d8c7f7040f331" vary Accept-Encoding x-goog-hash crc32c=nQYzNg==, md5=zu+qNARTApRFbYx/cEDzMQ== x-goog-generation 1700209034874517 content-type text/javascript access-control-allow-origin * cache-control public, max-age=14400 report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4x4dxuixSiWZ4HUFCdFn%2F6kCnagLx7Ib9uaVYi0rV%2FgdZEj%2F%2FPhgxi2qQPh9KpiE2q%2B6Nxd2ez9%2FXiF0nNBAAU9%2Fc1Bj3QWIVN%2Fx%2B73EXHhAnpQ0c%2F%2BlcAS7f0ckua6NBzgE8h0cOLZInQ%3D%3D"}],"group":"cf-nel","max_age":604800} x-goog-stored-content-length 172787 cf-ray 8289c9b7287206d0-AMS expires Sun, 19 Nov 2023 16:28:24 GMT
GET H3	200	fa-brands-400.woff2 www.up-4ever.net/assets/packages/fontawesome/webfonts/	64 KB 64 KB	30ms 30ms	Font font/woff2	2606:4700:3035::ac43:d8bc CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://www.up-4ever.net/assets/packages/fontawesome/webfonts/fa-brands-400.woff2 Requested by Host: www.up-4ever.net URL: https://www.up-4ever.net/assets/packages/fontawesome/css/all.css Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3035::ac43:d8bc , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 974956f1b7b82cecd8ae88a0b685f0d5dfe5c8534c2784e59abeea719eadbbc4 Request headers Referer https://www.up-4ever.net/assets/packages/fontawesome/css/all.css Origin https://www.up-4ever.net accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36 Response headers date Sun, 19 Nov 2023 16:21:44 GMT cf-cache-status HIT last-modified Thu, 23 May 2019 00:36:23 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare age 4692 vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TjH2%2F%2Bq3iAs%2F3pz4ZFtJVX93A040%2BJsF9AeSslevCU11po%2B%2FBoiNjXg%2BtRYrUtczgaR2nMIk0vOTrXZubdZC%2B990KFymY6yOsjJ62cxQzjlMswLeagMLuFeXMK8TAc8sUaXm5bYgYwvP%2FyGUexx2"}],"group":"cf-nel","max_age":604800} content-type font/woff2 cache-control max-age=14400 accept-ranges bytes cf-ray 8289c9b68b26bbf1-FRA alt-svc h3=":443"; ma=86400 content-length 65316
GET H2	200	ads Show response googleads.g.doubleclick.net/pagead/ Frame AD96	294 KB 66 KB	640ms 638ms	Document text/html	2a00:1450:4001:80f::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6001787570359789&output=html&adk=1812271804&adf=3025194257&lmt=1700410904&plat=1%3A16777216%2C2%3A16777216%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&plas=212x810_l%7C212x810_r&format=0x0&url=https%3A%2F%2Fwww.up-4ever.net%2F169wh99mvv5x&ea=0&pra=5&wgl=1&easpi=0&asro=0&asiscm=1&aslmt=0.4&asamt=-1&asedf=0&asefa=1&aseiel=1~2~4&ascmds=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1700410903812&bpp=4&bdt=202&idt=371&shv=r20231109&mjsv=m202311090101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=944718005177&frm=20&pv=2&ga_vid=1410900644.1700410904&ga_sid=1700410904&ga_hid=1153014575&ga_fc=1&u_tz=60&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C42531706%2C31078301%2C31079772%2C44807763%2C44808148%2C44808284%2C44809056&oid=2&pvsid=1015309954588737&tmod=642428483&uas=0&nvt=1&fsapi=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=1&uci=a!1&fsb=1&dtd=389 Requested by Host: pagead2.googlesyndication.com URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202311090101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-6001787570359789&plah=www.up-4ever.net&bust=31079772 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash f565ff1aad259513d1a8d5da5bbaf32bdc2a7a600135ee4b94cde048e32eaf18 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://www.up-4ever.net/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 cache-control private content-encoding br content-length 66892 content-type text/html; charset=UTF-8 cross-origin-resource-policy cross-origin date Sun, 19 Nov 2023 16:21:44 GMT expires Sun, 19 Nov 2023 16:21:44 GMT observe-browsing-topics ?1 p3p policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" server cafe timing-allow-origin * x-content-type-options nosniff x-xss-protection 0
GET H3	204	gen_204 pagead2.googlesyndication.com/pagead/	0 20 B	55ms 55ms	Image image/gif	2a00:1450:4001:810::2002 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://pagead2.googlesyndication.com/pagead/gen_204?id=ach_evt&tn=DIV&id=gdpr-cookie-notice&cls=hide%20appCookieNotice%20pr-5%20pl-5&ign=false&pw=1600&ph=1200&x=0&y=1130.4 Requested by Host: www.up-4ever.net URL: https://www.up-4ever.net/169wh99mvv5x Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://www.up-4ever.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36 Response headers pragma no-cache date Sun, 19 Nov 2023 16:21:44 GMT x-content-type-options nosniff server cafe content-type image/gif p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cache-control no-cache, must-revalidate cross-origin-resource-policy cross-origin timing-allow-origin * alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 0 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H3	204	gen_204 pagead2.googlesyndication.com/pagead/	0 20 B	57ms 55ms	Image image/gif	2a00:1450:4001:810::2002 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://pagead2.googlesyndication.com/pagead/gen_204?id=ach_evt&tn=NAV&cls=navbar%20navbar-expand-lg%20navbar-dark%20fixed-top%20scrolling-navbar%20wow%20fadeIn%20top-navbar%20animated&ign=false&pw=1600&ph=1200&x=0&y=0 Requested by Host: www.up-4ever.net URL: https://www.up-4ever.net/169wh99mvv5x Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://www.up-4ever.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36 Response headers pragma no-cache date Sun, 19 Nov 2023 16:21:44 GMT x-content-type-options nosniff server cafe content-type image/gif p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cache-control no-cache, must-revalidate cross-origin-resource-policy cross-origin timing-allow-origin * alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 0 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	ut.js Show response btodsjr.com/script/	80 KB 29 KB	45ms 44ms	Script text/javascript	2606:4700:e2::ac40:841f CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://btodsjr.com/script/ut.js?cb=1700410904268 Requested by Host: btodsjr.com URL: https://btodsjr.com/script/utils.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:e2::ac40:841f , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 4c554d864880871a5e29b3c0db601eb91e8167ab51295654f3bfeb8877c704e8 Request headers accept-language de-DE,de;q=0.9 Referer https://www.up-4ever.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36 Response headers date Sun, 19 Nov 2023 16:21:44 GMT content-encoding br cf-cache-status HIT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} age 398 x-guploader-uploadid ABPtcPp2l2y4x30raPK17q23jJLkDEbVJsuOJ3jwZjacbbeq_nOFKTeku4OPcShpHGTA7-x5zgZNKmWz-TTuHRowac21qltvrsLK x-goog-storage-class MULTI_REGIONAL x-goog-metageneration 2 x-goog-stored-content-encoding identity alt-svc h3=":443"; ma=86400 last-modified Mon, 13 Nov 2023 12:23:48 GMT server cloudflare etag W/"3cd70505043507aef58472461932ab42" vary Accept-Encoding x-goog-hash crc32c=/bCyOg==, md5=PNcFBQQ1B671hHJGGTKrQg== x-goog-generation 1699878228878469 content-type text/javascript access-control-allow-origin * cache-control public, max-age=14400 report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2B4aNZJz%2F8SdleVJNfb4H%2BkZVsVOPGJ4NMGVtabIVXRHj1wY%2FwG2bF2BBZN%2BSvdOblN5tbcja4ZjE3ZiUBA30MwkXJvpDXIvkxlz3gL4aPTBhsBj4e5A%2FiO9%2FX4CzIzAwOARdk%2B4Me8myrg%3D%3D"}],"group":"cf-nel","max_age":604800} x-goog-stored-content-length 82036 cf-ray 8289c9b7c9a506d0-AMS expires Sun, 19 Nov 2023 16:47:27 GMT
GET H2	200	suv5.js Show response btodsjr.com/script/	95 KB 32 KB	51ms 51ms	Script text/javascript	2606:4700:e2::ac40:841f CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://btodsjr.com/script/suv5.js Requested by Host: btodsjr.com URL: https://btodsjr.com/script/utils.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:e2::ac40:841f , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash a0f8b809f0c0bdc23e35ad533ea1c1e539a81d4324025887db1c66a96e1a9235 Request headers accept-language de-DE,de;q=0.9 Referer https://www.up-4ever.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36 Response headers date Sun, 19 Nov 2023 16:21:44 GMT content-encoding br cf-cache-status HIT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} age 398 x-guploader-uploadid ABPtcPrskOIlIT8AK15CiyXtQNGxgOCAia6DDmck_JEliTtSybxtCllZuQlyUTJMQs3ZdYaJw2rpfgT0wvOOLGkbyTj71g x-goog-storage-class MULTI_REGIONAL x-goog-metageneration 2 x-goog-stored-content-encoding identity alt-svc h3=":443"; ma=86400 last-modified Fri, 17 Nov 2023 08:16:07 GMT server cloudflare etag W/"6a1930b99aa09ee0e6b8f1e23415d9cb" vary Accept-Encoding x-goog-hash crc32c=6TeNMg==, md5=ahkwuZqgnuDmuPHiNBXZyw== x-goog-generation 1700208967291693 content-type text/javascript access-control-allow-origin * cache-control public, max-age=14400 report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DyJwESyvkzwIZzDe2dX7uxKQAB9zYzVrJGHpatLNPHxjkMZ29g233di2DIcDY7sxC4kMaxcli3RQczZ%2FysHmhVPQh0fhDtAS7gAKFlTaZUTSHDL4BhTtign%2BubGFVrlO26xtB0TnQ7u1lg%3D%3D"}],"group":"cf-nel","max_age":604800} x-goog-stored-content-length 97361 cf-ray 8289c9b7c9ac06d0-AMS expires Sun, 19 Nov 2023 16:50:08 GMT
GET H2	200	sb1JqbDgMPQQKBxs7DlEJX2JbVQ9ddAAfVwEiVydiXWYkKAoEOSBKTBU2V10eAzMECwVJNwQPBV50CwhaUmZMGEgAOVcaXwIzBApCCjEASk0ObwcDQgY+Bg0dXRRfQghKYFpETwY8DgNPHHdYXFYbd1hcCV98WkkLLXdYXE8GPFxYHVwQT14IF2ReRR1dYg-scSAM... Show response d1spc7iz1ls2b1.cloudfront.net/ Frame 4B7B	794 B 843 B	179ms 178ms	Script text/plain	2600:9000:2204:de00:1c:63e0:eb40:21 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://d1spc7iz1ls2b1.cloudfront.net/sb1JqbDgMPQQKBxs7DlEJX2JbVQ9ddAAfVwEiVydiXWYkKAoEOSBKTBU2V10eAzMECwVJNwQPBV50CwhaUmZMGEgAOVcaXwIzBApCCjEASk0ObwcDQgY+Bg0dXRRfQghKYFpETwY8DgNPHHdYXFYbd1hcCV98WkkLLXdYXE8GPFxYHVwQT14IF2ReRR1dYg-scSAM3HQlaBDseSQopZ1lbFlxkT14IRzkCGFUDd1gvHV1iBgVTCndYXF8KMQEDEUpgWg9QHT0HCR1dFFtdAUFiRFoIW2dEXQ1Wd1hcSw40Cx5RSmAsWQtYfFlaHhpvWw Requested by Host: adiingsinspiri.org URL: https://adiingsinspiri.org/Tk13NE0vLxRZci9wFRI4PCFKEX8IaEVyKX8+B1d6JzdGWD58L0YaLiIiAlArPCIZQGMgKAMRfwg+FQUHPy8zUwAeHCZ/DzY+QHAhCwcvBgcsGyYNKSoMNlIbOQgeYjQqJC9jFCUGNlsIAR41fxkMGEVifH4oNk4ACw4AYgcAOiZkDxh4R3c6JiwiWRcDCjJTDAEbFFUVOQQNdgw+DjReCA8eHAQCLDoUcBwpFFIGDwwqR1AVHB8RZSomBi5yPQsZAG11Cio5ZAUGKS5sCxcvEwUlLQ4hDXUZJhx4ARYpLmwIdgoncjUXBSFDHBp8Q30LfB8SZh9/KS5TYD0uJHUAfQUmWCwMCQRRHh8iB258Ii8xWDUlGUYABBw3HHcKCBgzUHwpOz9ifCcPEGIZDSMTbRUIdTx5HAsJMmE9KRoQDRwGGUd8Dhx8E3ILOik2YQsnHzFbBBl/E3EVH3wgUHwmLiRDeX4ODwEfHSA2RxofOS5SCyIsP1w9OBoAEic9IhlEcAUXRQADCn8cXwc Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:2204:de00:1c:63e0:eb40:21 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software / Resource Hash 57fd1c0096bbde836b31859ee35fe2e4cafa8db797378ba904005a73deebf30a Request headers accept-language de-DE,de;q=0.9 Referer https://adiingsinspiri.org/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36 Response headers date Sun, 19 Nov 2023 16:21:44 GMT content-encoding gzip via 1.1 0b3cd120321973f1462a42e82c43c1cc.cloudfront.net (CloudFront) x-amz-cf-pop AMS50-C1 x-cache Miss from cloudfront access-control-allow-origin * cache-control max-age=31556926 content-length 567 x-amz-cf-id TrPRSFLGbRM4JO7a7tT20srCJYcypZLksffGV_Yp1w_1-u0K5NIQ8g==
GET H2	200	AeXZjdEQaGQ0Sew0fB0l1SUZSTXNNUAkHKxcGXhBzLUVbHQJJAypMM0g9GxhiDQwHSXVfGgIaI0RQBhonREdFFSAbS1dSMRhLDhs+EBoPFWFLMFZadFxEU1wzEBgHGzMKU1FEKg1TUUR1SVhTUXc7U1FEMxAYVUBhSjRGRnQBQFddYUtGAgQ0FRMUESYSHx-dRdj9... Show response d1spc7iz1ls2b1.cloudfront.net/ Frame 13F0	204 B 474 B	179ms 179ms	Script text/plain	2600:9000:2204:de00:1c:63e0:eb40:21 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://d1spc7iz1ls2b1.cloudfront.net/AeXZjdEQaGQ0Sew0fB0l1SUZSTXNNUAkHKxcGXhBzLUVbHQJJAypMM0g9GxhiDQwHSXVfGgIaI0RQBhonREdFFSAbS1dSMRhLDhs+EBoPFWFLMFZadFxEU1wzEBgHGzMKU1FEKg1TUUR1SVhTUXc7U1FEMxAYVUBhSjRGRnQBQFddYUtGAgQ0FRMUESYSHx-dRdj9DUENqSkBGRnRRHQsAKRVTUTdhS0YPHS8cU1FEIxwVCBttXERTFywLGQ4RYUswUkV9V0ZNQnRNQ01FcUBTUUQ3GBACBi1cRCVBd05YUEJiDEtS Requested by Host: adiingsinspiri.org URL: https://adiingsinspiri.org/U2RtcXcyBg4cSDJZD1cCIQhQVEUVQV83E2IXHRJAOh5cHQRhBlxfFD8LGBURIQsDBVk9ARlURRUlCCktOQAoIBYUNV0iEiRUCzNHP1U+JC0AMDU/OQYlBjk8KwcqKR8RHiEkITEsPDs9Eh0dPDpjA1Q2DzsNKSAAGzc1JxEUAyQQPmM2PDMfPAo/NBMVIj4wFQBVCSI6AQwhNR8gQV8zMhELPTcgFSggNy0yACsJMgZVGgsyEQMlNg0eLzhAMRYvCkAjBjE/QCQFDDkkLzBTOEAxFikVMC4FMS8ZJDk2KiMZAiY8NxM3PTgFMBIDPEExASk4NCQKNyUJWjc2CRtOFzEoPwYADy82JT02PzkmICUmIyEHMTkVHwBUNCE/AFwOJEYVISQJAAUnLwUDCyE/JTEqEyE2Jmc2NCQEJDEGJ04FVDc/Jj02IyBHYiIOJDUHMTggRBQmLDI1OlUOIzQFJglBQgoxKDseFyEZIlE5FwIfB24AWiVEaw0rQQIaXBpAPCsI Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:2204:de00:1c:63e0:eb40:21 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software / Resource Hash 7d00f66bd6d328cc0ee283de05c4ad21752d274fa42cb83f451a75f6bb49cbe6 Request headers accept-language de-DE,de;q=0.9 Referer https://adiingsinspiri.org/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36 Response headers date Sun, 19 Nov 2023 16:21:44 GMT content-encoding gzip via 1.1 0b3cd120321973f1462a42e82c43c1cc.cloudfront.net (CloudFront) x-amz-cf-pop AMS50-C1 x-cache Miss from cloudfront access-control-allow-origin * cache-control max-age=31556926 content-length 198 x-amz-cf-id OkJVpYPDEx9cZekh0U7-82GiL8-uObjL7bbfKGqGwzYp5UawDGc_cw==
GET H2	200	fkonMjwtCD12aApPZ2R0f0xyJmd9 Show response d1spc7iz1ls2b1.cloudfront.net/7Wkx6VFM5IxQybC4lHmlianxIYGZjahAnPDQ8Rzk1ChQ7MCMpHVwgKT5xS3I/OyIdaXU/IhlpYnwtHjZubmoOJDwxcQwzPjsiHC42OSZcITJnIRUuOjYgG3FhHHlUZHZofFIjOjQoFSMgf35KOid/fkplY3R8X2cRf35KIz... Frame 5B53	833 B 872 B	196ms 196ms	Script text/plain	2600:9000:2204:de00:1c:63e0:eb40:21 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://d1spc7iz1ls2b1.cloudfront.net/7Wkx6VFM5IxQybC4lHmlianxIYGZjahAnPDQ8Rzk1ChQ7MCMpHVwgKT5xS3I/OyIdaXU/IhlpYnwtHjZubmoOJDwxcQwzPjsiHC42OSZcITJnIRUuOjYgG3FhHHlUZHZofFIjOjQoFSMgf35KOid/fkplY3R8X2cRf35KIzo0ek5xYBhpSGQrbHhTcWFqLQ-okPz87HzY4MzhfZhVvf016YGxpSGR7MSQOOT9/fjlxYWogEz82f35KMzY5JxV9dmh8GTwhNSEfcWEcfUttfWpiTGRnb2JLYWp/fkonMjwtCD12aApPZ2R0f0xyJmd9 Requested by Host: adiingsinspiri.org URL: https://adiingsinspiri.org/Wmc2Q3E7BVUuTjtaVGUEKAsLZkMcQgQFFWsURiBGMx0HLwJoBQdtEjYIQycXKAhYN180AkJmQxxQYSgJbDFwDkQTH2c6ExlTWgscNg5XLQkTPnEZGzsPdy0hHjYOEQsxVnUrIG0qdQ4BEjFBJDoOUk4QQhNCBAU+Iy5SIikPQgQFODILRhofLRN+KSsvBVssPhAjQTsSCxBMExspDn4ARWgoZRkSEzN8LTgIMkMMGwMAcXA3Mi9+LyQAL2wsFxwuXAwbCwhwEDw9AQV2OhUOUmZDHAFdMx0DVGR7KWgEZCVCbyx/OR5qAl12CQMlXjMiHTZEITkyM1UUNysrZ24eMTdMe0YSHW93PCAPUBkZDBFQc0BsPnE7AQkgZHQ8CTZ5DCVjQgQFFzALThomNQBzOUloAQV2Ohcdb3Y7IjEPJxwyX3EXBjIpZQYXOTBzIBcPE0IlJioOYgQjNAUECT0DMEZmQxwBXSwfFw1BNzIeVgQiMCo3bHEjagEGOwgQClJ6VzAUWS0BZwpQEykbA0YwIA Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:2204:de00:1c:63e0:eb40:21 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software / Resource Hash c616f19c3ebf2a216d4ad58a9a0cd44e4b3dd5ef3f2d872ff854c88ead76d11d Request headers accept-language de-DE,de;q=0.9 Referer https://adiingsinspiri.org/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36 Response headers date Sun, 19 Nov 2023 16:21:44 GMT content-encoding gzip via 1.1 0b3cd120321973f1462a42e82c43c1cc.cloudfront.net (CloudFront) x-amz-cf-pop AMS50-C1 x-cache Miss from cloudfront access-control-allow-origin * cache-control max-age=31556926 content-length 596 x-amz-cf-id bQQdrz89-1Q-3BDfTVPSNOtdwS4AJmx21JqSD2iX8cydZc31MPJztg==
POST H2	204	hb.php youradexchange.com/ut/	0 420 B	288ms 161ms	Ping text/plain	2606:4700:e4::ac40:ab13 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://youradexchange.com/ut/hb.php?cb=0.6598140181805581&v=1 Requested by Host: btodsjr.com URL: https://btodsjr.com/script/ut.js?cb=1700410904268 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:e4::ac40:ab13 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers Referer https://www.up-4ever.net/ accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36 Content-Type text/plain; charset=utf-8 Response headers date Sun, 19 Nov 2023 16:21:44 GMT via 1.1 google cf-cache-status DYNAMIC nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oGI21%2BCTjRckCleKhVsbc5chd6ZxPON0Q%2FcpBr%2BkVfr1c3HtOQdu8IOJRjgD51XIi01Rfx%2F%2FMnAKymxzx7LAANTY3dPh4a%2BV6Cjke4BMOeKYxylFVvmBtlVm1ZxRpxv1nD1%2FVkHDW%2Fm73tVwCVbTvmY%3D"}],"group":"cf-nel","max_age":604800} access-control-allow-origin * cf-ray 8289c9b8f933f18c-CDG alt-svc h3=":443"; ma=86400
GET H2	203	suurl5.php Show response youradexchange.com/script/	1 B 524 B	257ms 172ms	Fetch text/html	2606:4700:e4::ac40:ab13 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://youradexchange.com/script/suurl5.php?r=6683946&chmob=%3F0&cbur=0.49659640908807723&cbiframe=0&cbWidth=1600&cbHeight=1200&cbtitle=Download%20gggggggggggggggggg%20torrent&cbpage=https%3A%2F%2Fwww.up-4ever.net%2F169wh99mvv5x&cbref=&cbdescription=Download%20File%20gggggggggggggggggg%20torrent&cbkeywords=gggggggggggggggggg%2C%20torrent&cbcdn=btodsjr.com&ts=1700410904355&srs=104eb0c6cc26b14daa785a999d722505&atv=38.1-sw-adbl-suv5&abtg=1 Requested by Host: btodsjr.com URL: https://btodsjr.com/script/suv5.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:e4::ac40:ab13 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b Request headers accept-language de-DE,de;q=0.9 Referer https://www.up-4ever.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36 Response headers date Sun, 19 Nov 2023 16:21:44 GMT via 1.1 google cf-cache-status DYNAMIC nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HPRPpr03ge9HzbHuj6YRqrIlqiQwGngEbzk7m5kyD1GtixqOyNiXhZdfTekYOkrprPC1giF7Yb3a%2Btc05pRKqrvtezWRauyGCvhWyxu97wr0sw9nCD4roIK6S9D6C1VBti%2BKpVRy2baenDk9DGDICuw%3D"}],"group":"cf-nel","max_age":604800} access-control-allow-methods GET, POST, OPTIONS access-control-allow-origin * content-type text/html; charset=utf-8 cf-ray 8289c9b8db361cce-AMS access-control-allow-headers Content-Type alt-svc h3=":443"; ma=86400
GET H2	200	popunder.gif setitoefanyor.org/	35 B 398 B	29ms 28ms	Image image/gif	188.114.97.3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://setitoefanyor.org/popunder.gif Requested by Host: www.up-4ever.net URL: https://www.up-4ever.net/169wh99mvv5x Protocol H2 Security TLS 1.3, , AES_128_GCM Server 188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015 Request headers accept-language de-DE,de;q=0.9 Referer https://www.up-4ever.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36 Response headers pragma public date Sun, 19 Nov 2023 16:21:44 GMT cf-cache-status HIT last-modified Fri, 17 Nov 2023 19:17:35 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare age 162249 vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JETOlfcolBrNuyiDZamxBl9SSeS99lRHUqwMjlKWwcXo6ziV12VMsFg93uHDCtkLTzz6mntUcY7%2Fy1Bxw6comj1wx2K11YjTktny2%2F2Fdhg93r0de7YueK8VKavo%2F08CARJnpg%3D%3D"}],"group":"cf-nel","max_age":604800} content-type image/gif access-control-allow-origin * cache-control public, max-age=604800, immutable cf-ray 8289c9b938d56ae8-FRA alt-svc h3=":443"; ma=86400
GET H3	200	reactive_library_fy2021.js Show response pagead2.googlesyndication.com/pagead/managed/js/adsense/m202311090101/	160 KB 55 KB	113ms 112ms	Script text/javascript	2a00:1450:4001:810::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202311090101/reactive_library_fy2021.js?bust=31079772 Requested by Host: pagead2.googlesyndication.com URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202311090101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-6001787570359789&plah=www.up-4ever.net&bust=31079772 Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash ce7dfaa8b6629944ddb8c2746311f1d9c49301c7ddc239794258ca10b255476b Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://www.up-4ever.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36 Response headers date Sun, 19 Nov 2023 16:21:44 GMT content-encoding br x-content-type-options nosniff p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 55804 x-xss-protection 0 server cafe etag 8576049330671397557 vary Accept-Encoding content-type text/javascript; charset=UTF-8 cache-control private, max-age=1209600 timing-allow-origin * expires Sun, 19 Nov 2023 16:21:44 GMT
GET H3	200	zrt_lookup_fy2021.html Show response googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/ Frame 35C4	9 KB 4 KB	23ms 23ms	Document text/html	2a00:1450:4001:80f::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1 Requested by Host: pagead2.googlesyndication.com URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202311090101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-6001787570359789&plah=www.up-4ever.net&bust=31079772 Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash 623c81b092a6116d4d60ff89b14803818efb0b9aebf6e4e2c50241e802f6e016 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://www.up-4ever.net/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers age 68710 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 cache-control public, max-age=1209600 content-encoding br content-length 4118 content-type text/html; charset=UTF-8 cross-origin-resource-policy cross-origin date Sat, 18 Nov 2023 21:16:35 GMT etag 16674218716276178799 expires Sat, 02 Dec 2023 21:16:35 GMT p3p policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" server cafe timing-allow-origin * vary Accept-Encoding x-content-type-options nosniff x-xss-protection 0
GET H3	200	zrt_lookup_fy2021.html Show response googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/ Frame 4A98	9 KB 4 KB	24ms 23ms	Document text/html	2a00:1450:4001:80f::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1 Requested by Host: pagead2.googlesyndication.com URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202311090101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-6001787570359789&plah=www.up-4ever.net&bust=31079772 Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash 623c81b092a6116d4d60ff89b14803818efb0b9aebf6e4e2c50241e802f6e016 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://www.up-4ever.net/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers age 68710 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 cache-control public, max-age=1209600 content-encoding br content-length 4118 content-type text/html; charset=UTF-8 cross-origin-resource-policy cross-origin date Sat, 18 Nov 2023 21:16:35 GMT etag 16674218716276178799 expires Sat, 02 Dec 2023 21:16:35 GMT p3p policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" server cafe timing-allow-origin * vary Accept-Encoding x-content-type-options nosniff x-xss-protection 0
GET H3	200	zrt_lookup_fy2021.html Show response googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/ Frame C23C	9 KB 4 KB	22ms 22ms	Document text/html	2a00:1450:4001:80f::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1 Requested by Host: pagead2.googlesyndication.com URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202311090101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-6001787570359789&plah=www.up-4ever.net&bust=31079772 Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash 623c81b092a6116d4d60ff89b14803818efb0b9aebf6e4e2c50241e802f6e016 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://www.up-4ever.net/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers age 68710 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 cache-control public, max-age=1209600 content-encoding br content-length 4118 content-type text/html; charset=UTF-8 cross-origin-resource-policy cross-origin date Sat, 18 Nov 2023 21:16:35 GMT etag 16674218716276178799 expires Sat, 02 Dec 2023 21:16:35 GMT p3p policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" server cafe timing-allow-origin * vary Accept-Encoding x-content-type-options nosniff x-xss-protection 0
GET H2	200	css2 fonts.googleapis.com/ Frame 35C4	4 KB 1 KB	87ms 33ms	Stylesheet text/css	2a00:1450:4001:829::200a GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.googleapis.com/css2?family=Roboto:wght@400;700&display=swap Requested by Host: googleads.g.doubleclick.net URL: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:829::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software ESF / Resource Hash 2d0922bd18f06df3c7413fcd6a3f1c5ec9545b4b07b131e362f30df7275fc058 Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://googleads.g.doubleclick.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36 Response headers strict-transport-security max-age=31536000 date Sun, 19 Nov 2023 16:21:45 GMT content-encoding gzip x-content-type-options nosniff cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 x-xss-protection 0 last-modified Sun, 19 Nov 2023 15:53:43 GMT server ESF cross-origin-opener-policy same-origin-allow-popups x-frame-options SAMEORIGIN content-type text/css; charset=utf-8 access-control-allow-origin * cache-control private, max-age=86400, stale-while-revalidate=604800 timing-allow-origin * link <https://fonts.gstatic.com>; rel=preconnect; crossorigin expires Sun, 19 Nov 2023 16:21:45 GMT
GET H2	200	feedback_grey600_24dp.png www.gstatic.com/images/icons/material/system/2x/ Frame 35C4	205 B 652 B	74ms 22ms	Image image/png	2a00:1450:4001:813::2003 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://www.gstatic.com/images/icons/material/system/2x/feedback_grey600_24dp.png Requested by Host: googleads.g.doubleclick.net URL: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 4d45982f2dc34f36c9045ee46a75a1943666bb7fd64e103cac8c7429e7012840 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://googleads.g.doubleclick.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36 Response headers date Thu, 16 Nov 2023 23:26:56 GMT x-content-type-options nosniff age 233689 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 205 x-xss-protection 0 last-modified Thu, 20 Jul 2023 22:48:00 GMT server sffe vary Origin report-to {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]} content-type image/png cache-control public, max-age=31536000 accept-ranges bytes cross-origin-opener-policy-report-only same-origin; report-to="static-on-bigtable" expires Fri, 15 Nov 2024 23:26:56 GMT
GET H2	200	settings_grey600_24dp.png www.gstatic.com/images/icons/material/system/2x/ Frame 35C4	604 B 696 B	74ms 23ms	Image image/png	2a00:1450:4001:813::2003 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://www.gstatic.com/images/icons/material/system/2x/settings_grey600_24dp.png Requested by Host: googleads.g.doubleclick.net URL: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 5c4a713ee4250851232be9f9f68d41586be39b299528cfc7266e0b0e7e582e1b Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://googleads.g.doubleclick.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36 Response headers date Fri, 17 Nov 2023 23:27:51 GMT x-content-type-options nosniff age 147234 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 604 x-xss-protection 0 last-modified Thu, 20 Jul 2023 22:48:00 GMT server sffe vary Origin report-to {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]} content-type image/png cache-control public, max-age=31536000 accept-ranges bytes cross-origin-opener-policy-report-only same-origin; report-to="static-on-bigtable" expires Sat, 16 Nov 2024 23:27:51 GMT
GET H2	200	fullscreen_api_adapter_fy2021.js Show response tpc.googlesyndication.com/pagead/js/r20231109/r20110914/elements/html/ Frame 35C4	15 KB 7 KB	134ms 37ms	Script text/javascript	2a00:1450:4001:800::2001 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://tpc.googlesyndication.com/pagead/js/r20231109/r20110914/elements/html/fullscreen_api_adapter_fy2021.js Requested by Host: googleads.g.doubleclick.net URL: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash 2881d8eadc298102d2462e8d32e40792adce37b6cd89d99045f574eb3ecbb748 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://googleads.g.doubleclick.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36 Response headers date Sat, 18 Nov 2023 23:27:01 GMT content-encoding br x-content-type-options nosniff age 60884 p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 6702 x-xss-protection 0 server cafe etag 11213825687312121238 vary Accept-Encoding content-type text/javascript; charset=UTF-8 access-control-allow-origin * cache-control public, max-age=1209600 timing-allow-origin * expires Sat, 02 Dec 2023 23:27:01 GMT
GET H2	200	interstitial_ad_frame_fy2021.js Show response tpc.googlesyndication.com/pagead/js/r20231109/r20110914/elements/html/ Frame 35C4	21 KB 9 KB	144ms 46ms	Script text/javascript	2a00:1450:4001:800::2001 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://tpc.googlesyndication.com/pagead/js/r20231109/r20110914/elements/html/interstitial_ad_frame_fy2021.js Requested by Host: googleads.g.doubleclick.net URL: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash 25b1b4e9934aa4cb8e8bdf5fd7911f6ec67acde6b6b39f1561aec2244f7826af Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://googleads.g.doubleclick.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36 Response headers date Sun, 19 Nov 2023 03:59:33 GMT content-encoding br x-content-type-options nosniff age 44532 p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 8781 x-xss-protection 0 server cafe etag 9666818975682992898 vary Accept-Encoding content-type text/javascript; charset=UTF-8 access-control-allow-origin * cache-control public, max-age=1209600 timing-allow-origin * expires Sun, 03 Dec 2023 03:59:33 GMT
GET H3	200	pixel Show response googleads.g.doubleclick.net/xbbe/ Frame 68C1	624 B 246 B	67ms 65ms	Document text/html	2a00:1450:4001:80f::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxjT7bvGATAB&v=APEucNXp0D4UaAY28Q8bSJb_WqiOfT4gTzdX6_j5nlzK431C0anNAE1f7u_w8FG9DYIo5Ln_decoSu-b7tugpirFiDiKGxA4A8NYpW-G67hTTH9gwuepLpxCBOZgWSq1FfdwSGPvajvobr1nlksCDcXiVKKOoFSQ_lUmQ-GTXOg28lbVrj8YsUA Requested by Host: www.up-4ever.net URL: https://www.up-4ever.net/169wh99mvv5x Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash 9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1 Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 cache-control private content-encoding br content-length 222 content-type text/html; charset=UTF-8 cross-origin-resource-policy cross-origin date Sun, 19 Nov 2023 16:21:45 GMT expires Sun, 19 Nov 2023 16:21:45 GMT p3p policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" server cafe timing-allow-origin * x-content-type-options nosniff x-xss-protection 0
GET H3	200	dv3.js Show response pagead2.googlesyndication.com/pagead/js/ Frame D20B	89 KB 31 KB	72ms 72ms	Script text/javascript	2a00:1450:4001:810::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://pagead2.googlesyndication.com/pagead/js/dv3.js Requested by Host: www.up-4ever.net URL: https://www.up-4ever.net/169wh99mvv5x Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash cf940bd2489897434455528323cf66c4e3aecd5eea963f1d99d96acd452d6dd4 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://googleads.g.doubleclick.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36 Response headers date Sun, 19 Nov 2023 16:21:45 GMT content-encoding br x-content-type-options nosniff p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 31498 x-xss-protection 0 server cafe etag 4296746511219988724 vary Accept-Encoding content-type text/javascript; charset=UTF-8 cache-control private, max-age=600 timing-allow-origin * expires Sun, 19 Nov 2023 16:21:45 GMT
GET H2	200	window_focus_fy2021.js Show response tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/ Frame D20B	3 KB 1 KB	103ms 28ms	Script text/javascript	2a00:1450:4001:800::2001 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/window_focus_fy2021.js Requested by Host: www.up-4ever.net URL: https://www.up-4ever.net/169wh99mvv5x Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash 3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://googleads.g.doubleclick.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36 Response headers date Sun, 19 Nov 2023 10:19:40 GMT content-encoding br x-content-type-options nosniff age 21725 p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 1236 x-xss-protection 0 server cafe etag 15004572836499977866 vary Accept-Encoding content-type text/javascript; charset=UTF-8 access-control-allow-origin * cache-control public, max-age=1209600 timing-allow-origin * expires Sun, 03 Dec 2023 10:19:40 GMT
GET H2	200	qs_click_protection_fy2021.js Show response tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/ Frame D20B	20 KB 9 KB	97ms 22ms	Script text/javascript	2a00:1450:4001:800::2001 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/qs_click_protection_fy2021.js Requested by Host: www.up-4ever.net URL: https://www.up-4ever.net/169wh99mvv5x Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash 3c30eaaa059a466037880c18c01c2fe94183d8e67eaab42061d4d2a180114658 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://googleads.g.doubleclick.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36 Response headers date Sat, 18 Nov 2023 23:16:58 GMT content-encoding br x-content-type-options nosniff age 61487 p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 8541 x-xss-protection 0 server cafe etag 737174102934380276 vary Accept-Encoding content-type text/javascript; charset=UTF-8 access-control-allow-origin * cache-control public, max-age=1209600 timing-allow-origin * expires Sat, 02 Dec 2023 23:16:58 GMT
GET H2	200	ufs_web_display.js Show response www.googletagservices.com/activeview/js/current/ Frame D20B	202 KB 64 KB	217ms 143ms	Script text/javascript	2a00:1450:4001:830::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914 Requested by Host: www.up-4ever.net URL: https://www.up-4ever.net/169wh99mvv5x Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash d00881661ce5e766ce98430f69d6d217ab80bdfa98811e039afc92a327d57a68 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://googleads.g.doubleclick.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36 Response headers date Sun, 19 Nov 2023 16:21:45 GMT content-encoding gzip x-content-type-options nosniff content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 65070 x-xss-protection 0 server sffe cross-origin-opener-policy same-origin; report-to="active-view-scs-read-write-acl" etag "1700193896630564" vary Accept-Encoding report-to {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]} content-type text/javascript cache-control private, max-age=3000 accept-ranges bytes timing-allow-origin * expires Sun, 19 Nov 2023 16:21:45 GMT
GET H3	200	gen_204 pagead2.googlesyndication.com/pagead/ Frame D20B	42 B 63 B	57ms 56ms	Image image/gif	2a00:1450:4001:810::2002 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-B-o0mY-M-U-Fk-heaWYWr8ctHgXlUeL6VJKPahHkOaXURYejipPsTS4Ypdr-REitpE8_9CuBBlyMC_KyPsDnHWCTUTkfYgrCE-gZml0eDfj1_m4mg Requested by Host: www.up-4ever.net URL: https://www.up-4ever.net/169wh99mvv5x Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://googleads.g.doubleclick.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36 Response headers pragma no-cache date Sun, 19 Nov 2023 16:21:45 GMT x-content-type-options nosniff server cafe content-type image/gif p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cache-control no-cache, must-revalidate cross-origin-resource-policy cross-origin timing-allow-origin * alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 42 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H3	204	gen_204 pagead2.googlesyndication.com/pagead/ Frame D20B	0 20 B	57ms 57ms	Image image/gif	2a00:1450:4001:810::2002 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=fetch&cor=15062326055755076417&x=1&ct=77 Requested by Host: www.up-4ever.net URL: https://www.up-4ever.net/169wh99mvv5x Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://googleads.g.doubleclick.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36 Response headers pragma no-cache date Sun, 19 Nov 2023 16:21:45 GMT x-content-type-options nosniff server cafe content-type image/gif p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cache-control no-cache, must-revalidate cross-origin-resource-policy cross-origin timing-allow-origin * alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 0 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H3	200	pixel Show response googleads.g.doubleclick.net/xbbe/ Frame 79CA	624 B 246 B	64ms 63ms	Document text/html	2a00:1450:4001:80f::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxjT7bvGATAB&v=APEucNVlbq8vmFFCLZHrs45I4kFl0jHcUaFtoFjJFMRKgRKdg_xi90Ea5ReWB38TGhPBLdMKROumeD0objk5etmL2wovNcE0jmUIygMyFkQIpMN8TTnQNpFHlN5oPpNJG0drOlyQ8yJusIIodt1mhusqqLZXEYEeu-H8faPXRFbBMnjDTqWXTBc Requested by Host: www.up-4ever.net URL: https://www.up-4ever.net/169wh99mvv5x Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash 9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1 Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 cache-control private content-encoding br content-length 222 content-type text/html; charset=UTF-8 cross-origin-resource-policy cross-origin date Sun, 19 Nov 2023 16:21:45 GMT expires Sun, 19 Nov 2023 16:21:45 GMT p3p policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" server cafe timing-allow-origin * x-content-type-options nosniff x-xss-protection 0
GET H3	200	dv3.js Show response pagead2.googlesyndication.com/pagead/js/ Frame 932D	89 KB 31 KB	139ms 138ms	Script text/javascript	2a00:1450:4001:810::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://pagead2.googlesyndication.com/pagead/js/dv3.js Requested by Host: www.up-4ever.net URL: https://www.up-4ever.net/169wh99mvv5x Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash 38eb0379c855f10a0e69073af6b54582216fa37b7e2b1563a1246bbf1ef49642 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://googleads.g.doubleclick.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36 Response headers date Sun, 19 Nov 2023 16:21:45 GMT content-encoding br x-content-type-options nosniff p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 31485 x-xss-protection 0 server cafe etag 7119415641918660631 vary Accept-Encoding content-type text/javascript; charset=UTF-8 cache-control private, max-age=600 timing-allow-origin * expires Sun, 19 Nov 2023 16:21:45 GMT
GET H2	200	window_focus_fy2021.js Show response tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/ Frame 932D	3 KB 1 KB	84ms 29ms	Script text/javascript	2a00:1450:4001:800::2001 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/window_focus_fy2021.js Requested by Host: www.up-4ever.net URL: https://www.up-4ever.net/169wh99mvv5x Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash 3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://googleads.g.doubleclick.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36 Response headers date Sun, 19 Nov 2023 10:19:40 GMT content-encoding br x-content-type-options nosniff age 21725 p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 1236 x-xss-protection 0 server cafe etag 15004572836499977866 vary Accept-Encoding content-type text/javascript; charset=UTF-8 access-control-allow-origin * cache-control public, max-age=1209600 timing-allow-origin * expires Sun, 03 Dec 2023 10:19:40 GMT
GET H2	200	qs_click_protection_fy2021.js Show response tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/ Frame 932D	20 KB 8 KB	79ms 25ms	Script text/javascript	2a00:1450:4001:800::2001 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/qs_click_protection_fy2021.js Requested by Host: www.up-4ever.net URL: https://www.up-4ever.net/169wh99mvv5x Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash 3c30eaaa059a466037880c18c01c2fe94183d8e67eaab42061d4d2a180114658 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://googleads.g.doubleclick.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36 Response headers date Sat, 18 Nov 2023 23:16:58 GMT content-encoding br x-content-type-options nosniff age 61487 p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 8541 x-xss-protection 0 server cafe etag 737174102934380276 vary Accept-Encoding content-type text/javascript; charset=UTF-8 access-control-allow-origin * cache-control public, max-age=1209600 timing-allow-origin * expires Sat, 02 Dec 2023 23:16:58 GMT
GET H2	200	ufs_web_display.js Show response www.googletagservices.com/activeview/js/current/ Frame 932D	202 KB 64 KB	127ms 73ms	Script text/javascript	2a00:1450:4001:830::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914 Requested by Host: www.up-4ever.net URL: https://www.up-4ever.net/169wh99mvv5x Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash d00881661ce5e766ce98430f69d6d217ab80bdfa98811e039afc92a327d57a68 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://googleads.g.doubleclick.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36 Response headers date Sun, 19 Nov 2023 16:21:45 GMT content-encoding gzip x-content-type-options nosniff content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 65070 x-xss-protection 0 server sffe cross-origin-opener-policy same-origin; report-to="active-view-scs-read-write-acl" etag "1700193896630564" vary Accept-Encoding report-to {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]} content-type text/javascript cache-control private, max-age=3000 accept-ranges bytes timing-allow-origin * expires Sun, 19 Nov 2023 16:21:45 GMT
GET H3	200	gen_204 pagead2.googlesyndication.com/pagead/ Frame 932D	42 B 63 B	58ms 57ms	Image image/gif	2a00:1450:4001:810::2002 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-BXz5h-xfkQEvOPLJVVwT99KkcLZdSJTZvb5YW9Db40VNOgiBpweMNglbx_AgPpjhXyIZJ45C5m5rUJsTINED8g9Wzf_ShF7qPf2hSYMoy2E15ztF4 Requested by Host: www.up-4ever.net URL: https://www.up-4ever.net/169wh99mvv5x Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://googleads.g.doubleclick.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36 Response headers pragma no-cache date Sun, 19 Nov 2023 16:21:45 GMT x-content-type-options nosniff server cafe content-type image/gif p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cache-control no-cache, must-revalidate cross-origin-resource-policy cross-origin timing-allow-origin * alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 42 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H3	204	gen_204 pagead2.googlesyndication.com/pagead/ Frame 932D	0 20 B	58ms 57ms	Image image/gif	2a00:1450:4001:810::2002 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=fetch&cor=1690277075548961083&x=1&ct=77 Requested by Host: www.up-4ever.net URL: https://www.up-4ever.net/169wh99mvv5x Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://googleads.g.doubleclick.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36 Response headers pragma no-cache date Sun, 19 Nov 2023 16:21:45 GMT x-content-type-options nosniff server cafe content-type image/gif p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cache-control no-cache, must-revalidate cross-origin-resource-policy cross-origin timing-allow-origin * alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 0 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	css fonts.googleapis.com/ Frame 7CDB	6 KB 779 B	34ms 33ms	Stylesheet text/css	2a00:1450:4001:829::200a GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.googleapis.com/css?family=Roboto%3A300%2C400%2C700 Requested by Host: googleads.g.doubleclick.net URL: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:829::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software ESF / Resource Hash 9a4eb2c9445287c34cb0a9ed5cc673460362483f0855bc91f8230dfa46a955e1 Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://googleads.g.doubleclick.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36 Response headers strict-transport-security max-age=31536000 date Sun, 19 Nov 2023 16:21:45 GMT content-encoding gzip x-content-type-options nosniff cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 x-xss-protection 0 last-modified Sun, 19 Nov 2023 15:11:46 GMT server ESF cross-origin-opener-policy same-origin-allow-popups x-frame-options SAMEORIGIN content-type text/css; charset=utf-8 access-control-allow-origin * cache-control private, max-age=86400, stale-while-revalidate=604800 timing-allow-origin * link <https://fonts.gstatic.com>; rel=preconnect; crossorigin expires Sun, 19 Nov 2023 16:21:45 GMT
GET H2	200	load_preloaded_resource_fy2021.js Show response tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/ Frame 7CDB	2 KB 902 B	39ms 39ms	Script text/javascript	2a00:1450:4001:800::2001 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/load_preloaded_resource_fy2021.js Requested by Host: googleads.g.doubleclick.net URL: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash 41d2526e9c4595fc1fc747555bda18a041033a863a9b2ed180e7b5836918facd Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://googleads.g.doubleclick.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36 Response headers date Sun, 19 Nov 2023 15:51:29 GMT content-encoding br x-content-type-options nosniff age 1816 p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 795 x-xss-protection 0 server cafe etag 4925184154378345226 vary Accept-Encoding content-type text/javascript; charset=UTF-8 access-control-allow-origin * cache-control public, max-age=1209600 timing-allow-origin * expires Sun, 03 Dec 2023 15:51:29 GMT
GET H2	200	abg_lite_fy2021.js Show response tpc.googlesyndication.com/pagead/js/r20231109/r20110914/ Frame 7CDB	23 KB 9 KB	41ms 39ms	Script text/javascript	2a00:1450:4001:800::2001 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://tpc.googlesyndication.com/pagead/js/r20231109/r20110914/abg_lite_fy2021.js Requested by Host: googleads.g.doubleclick.net URL: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash 8f665ba5c27890ebed553836dee5572ad583c0a65374373741ec0a5309df2b5a Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://googleads.g.doubleclick.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36 Response headers date Sun, 19 Nov 2023 02:17:25 GMT content-encoding br x-content-type-options nosniff age 50660 p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 9282 x-xss-protection 0 server cafe etag 14645652906762492339 vary Accept-Encoding content-type text/javascript; charset=UTF-8 access-control-allow-origin * cache-control public, max-age=1209600 timing-allow-origin * expires Sun, 03 Dec 2023 02:17:25 GMT
GET H2	200	window_focus_fy2021.js Show response tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/ Frame 7CDB	3 KB 1 KB	44ms 42ms	Script text/javascript	2a00:1450:4001:800::2001 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/window_focus_fy2021.js Requested by Host: googleads.g.doubleclick.net URL: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash 3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://googleads.g.doubleclick.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36 Response headers date Sun, 19 Nov 2023 10:19:40 GMT content-encoding br x-content-type-options nosniff age 21725 p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 1236 x-xss-protection 0 server cafe etag 15004572836499977866 vary Accept-Encoding content-type text/javascript; charset=UTF-8 access-control-allow-origin * cache-control public, max-age=1209600 timing-allow-origin * expires Sun, 03 Dec 2023 10:19:40 GMT
GET H2	200	qs_click_protection_fy2021.js Show response tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/ Frame 7CDB	20 KB 8 KB	38ms 36ms	Script text/javascript	2a00:1450:4001:800::2001 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/qs_click_protection_fy2021.js Requested by Host: googleads.g.doubleclick.net URL: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash 3c30eaaa059a466037880c18c01c2fe94183d8e67eaab42061d4d2a180114658 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://googleads.g.doubleclick.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36 Response headers date Sat, 18 Nov 2023 23:16:58 GMT content-encoding br x-content-type-options nosniff age 61487 p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 8541 x-xss-protection 0 server cafe etag 737174102934380276 vary Accept-Encoding content-type text/javascript; charset=UTF-8 access-control-allow-origin * cache-control public, max-age=1209600 timing-allow-origin * expires Sat, 02 Dec 2023 23:16:58 GMT
GET H2	200	ufs_web_display.js Show response www.googletagservices.com/activeview/js/current/ Frame 7CDB	202 KB 64 KB	144ms 142ms	Script text/javascript	2a00:1450:4001:830::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914 Requested by Host: googleads.g.doubleclick.net URL: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash d00881661ce5e766ce98430f69d6d217ab80bdfa98811e039afc92a327d57a68 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://googleads.g.doubleclick.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36 Response headers date Sun, 19 Nov 2023 16:21:45 GMT content-encoding gzip x-content-type-options nosniff content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 65070 x-xss-protection 0 server sffe cross-origin-opener-policy same-origin; report-to="active-view-scs-read-write-acl" etag "1700193896630564" vary Accept-Encoding report-to {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]} content-type text/javascript cache-control private, max-age=3000 accept-ranges bytes timing-allow-origin * expires Sun, 19 Nov 2023 16:21:45 GMT
GET H2	200	a6de5423b7c632060e8f86136bd5d27a.js Show response www.gstatic.com/mysidia/ Frame 7CDB	37 KB 15 KB	23ms 21ms	Script text/javascript	2a00:1450:4001:813::2003 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.gstatic.com/mysidia/a6de5423b7c632060e8f86136bd5d27a.js?tag=mysidia_one_click_handler_one_afma_2019 Requested by Host: googleads.g.doubleclick.net URL: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 0c21f21f7b1658ed6ab5c0461020a21d62f9e0a7cd7cf3d9e6ef61a2c481f31e Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://googleads.g.doubleclick.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36 Response headers date Sat, 18 Nov 2023 19:35:34 GMT content-encoding gzip x-content-type-options nosniff age 74771 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 15478 x-xss-protection 0 last-modified Tue, 14 Nov 2023 14:10:21 GMT server sffe cross-origin-opener-policy same-origin; report-to="mysidia" vary Accept-Encoding report-to {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]} content-type text/javascript cache-control public, max-age=7776000 accept-ranges bytes expires Fri, 16 Feb 2024 19:35:34 GMT
GET H2	200	rum dsum-sec.casalemedia.com/ Frame 68C1 Redirect Chain https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEOQ-rm4A0otRi23ZKLlPtCA&google_cver=1	43 B 331 B	47ms 46ms	Image image/gif	104.18.36.155 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEOQ-rm4A0otRi23ZKLlPtCA&google_cver=1 Requested by Host: googleads.g.doubleclick.net URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxjT7bvGATAB&v=APEucNXp0D4UaAY28Q8bSJb_WqiOfT4gTzdX6_j5nlzK431C0anNAE1f7u_w8FG9DYIo5Ln_decoSu-b7tugpirFiDiKGxA4A8NYpW-G67hTTH9gwuepLpxCBOZgWSq1FfdwSGPvajvobr1nlksCDcXiVKKOoFSQ_lUmQ-GTXOg28lbVrj8YsUA Protocol H2 Server 104.18.36.155 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b Request headers accept-language de-DE,de;q=0.9 Referer https://googleads.g.doubleclick.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36 Response headers pragma no-cache date Sun, 19 Nov 2023 16:21:45 GMT cf-cache-status DYNAMIC nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=iobZtf72eH9CUi9Hs2GGGaUjdPj%2FJ04WJsidqgW%2FCK6ZfcpI538PXBL7Jn5B5OIeuSlJ9R%2FxKcLFbR%2FkPLiY%2F6GIFuExAOOj7tNxgAKm66EWl7FtEvbpdmXpNRTtEZdt9v6XELWRPJzB%2Fg%3D%3D"}],"group":"cf-nel","max_age":604800} p3p policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI" content-type image/gif cache-control no-cache cf-ray 8289c9be29bf2bf5-FRA alt-svc h3=":443"; ma=86400 content-length 43 expires 0 Redirect headers pragma no-cache date Sun, 19 Nov 2023 16:21:45 GMT server HTTP server (unknown) content-type text/html; charset=UTF-8 location https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEOQ-rm4A0otRi23ZKLlPtCA&google_cver=1 p3p policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" cache-control no-cache, must-revalidate cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 313 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H3	200	rum dsum-sec.casalemedia.com/ Frame 68C1 Redirect Chain https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZVo2GUrdTCkiSdX4cfYmZQAA https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEOQ-rm4A0otRi23ZKLlPtCA&google_cver=1	43 B 771 B	41ms 41ms	Image image/gif	104.18.36.155 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEOQ-rm4A0otRi23ZKLlPtCA&google_cver=1 Requested by Host: googleads.g.doubleclick.net URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxjT7bvGATAB&v=APEucNXp0D4UaAY28Q8bSJb_WqiOfT4gTzdX6_j5nlzK431C0anNAE1f7u_w8FG9DYIo5Ln_decoSu-b7tugpirFiDiKGxA4A8NYpW-G67hTTH9gwuepLpxCBOZgWSq1FfdwSGPvajvobr1nlksCDcXiVKKOoFSQ_lUmQ-GTXOg28lbVrj8YsUA Protocol H3 Server 104.18.36.155 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b Request headers accept-language de-DE,de;q=0.9 Referer https://googleads.g.doubleclick.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36 Response headers pragma no-cache date Sun, 19 Nov 2023 16:21:45 GMT cf-cache-status DYNAMIC nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nuM4G4tCc%2B4ilMTYtEhcYBqYEWaCoW5vRVSIRAf%2FQMIBpdThMml2Y6WLLklEMTH7kmMPmWds0AnhC11qoSz17H1pjeBPV4fkg0joDQB%2F3bK8s2X5%2B%2FuPmp2o1QlssrIAYNe8b%2B81Hwh1Xw%3D%3D"}],"group":"cf-nel","max_age":604800} p3p policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI" content-type image/gif cache-control no-cache cf-ray 8289c9beafb63a97-FRA alt-svc h3=":443"; ma=86400 content-length 43 expires 0 Redirect headers pragma no-cache date Sun, 19 Nov 2023 16:21:45 GMT server HTTP server (unknown) content-type text/html; charset=UTF-8 location https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEOQ-rm4A0otRi23ZKLlPtCA&google_cver=1 p3p policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" cache-control no-cache, must-revalidate cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 313 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	bounce ib.adnxs.com/ Frame 68C1 Redirect Chain https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm https://ib.adnxs.com/setuid?entity=101&code=CAESEIrHwiLG2bbl8EBd4YyNOZw&google_cver=1 https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEIrHwiLG2bbl8EBd4YyNOZw%26google_cver%3D1	43 B 889 B	39ms 38ms	Image image/gif	37.252.171.52 ASN-APPNEX
General Check archive.org Show headers Download Go to Show image Full URL https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEIrHwiLG2bbl8EBd4YyNOZw%26google_cver%3D1 Requested by Host: googleads.g.doubleclick.net URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxjT7bvGATAB&v=APEucNXp0D4UaAY28Q8bSJb_WqiOfT4gTzdX6_j5nlzK431C0anNAE1f7u_w8FG9DYIo5Ln_decoSu-b7tugpirFiDiKGxA4A8NYpW-G67hTTH9gwuepLpxCBOZgWSq1FfdwSGPvajvobr1nlksCDcXiVKKOoFSQ_lUmQ-GTXOg28lbVrj8YsUA Protocol H2 Server 37.252.171.52 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US), Reverse DNS 1005.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net Software nginx/1.23.4 / Resource Hash 4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef Security Headers Name Value X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://googleads.g.doubleclick.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36 Response headers pragma no-cache date Sun, 19 Nov 2023 16:21:45 GMT an-x-request-uuid dd7a4c8b-f4c5-443a-b53c-186be38ba314 server nginx/1.23.4 accept-ch Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness p3p policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE" content-type image/gif access-control-allow-origin * cache-control no-store, no-cache, private access-control-allow-credentials true x-proxy-origin 84.19.175.184; 84.19.175.184; 1005.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com content-length 43 x-xss-protection 0 expires Sat, 15 Nov 2008 16:00:00 GMT Redirect headers pragma no-cache date Sun, 19 Nov 2023 16:21:45 GMT an-x-request-uuid dbcce988-0bfb-4cdc-94e8-d1faa777ddec server nginx/1.23.4 accept-ch Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness p3p policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE" content-type text/html; charset=utf-8 location https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEIrHwiLG2bbl8EBd4YyNOZw%26google_cver%3D1 cache-control no-store, no-cache, private x-proxy-origin 84.19.175.184; 84.19.175.184; 1005.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com content-length 0 x-xss-protection 0 expires Sat, 15 Nov 2008 16:00:00 GMT
GET H2	200	pixel cm.g.doubleclick.net/ Frame 68C1 Redirect Chain https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=Mzc1NDUyMjI2ODI2NDk5NTU0NA%3D%3D	170 B 243 B	32ms 32ms	Image image/png	142.250.184.226 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=Mzc1NDUyMjI2ODI2NDk5NTU0NA%3D%3D Requested by Host: googleads.g.doubleclick.net URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxjT7bvGATAB&v=APEucNXp0D4UaAY28Q8bSJb_WqiOfT4gTzdX6_j5nlzK431C0anNAE1f7u_w8FG9DYIo5Ln_decoSu-b7tugpirFiDiKGxA4A8NYpW-G67hTTH9gwuepLpxCBOZgWSq1FfdwSGPvajvobr1nlksCDcXiVKKOoFSQ_lUmQ-GTXOg28lbVrj8YsUA Protocol H2 Server 142.250.184.226 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra24s12-in-f2.1e100.net Software HTTP server (unknown) / Resource Hash 0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5 Security Headers Name Value X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://googleads.g.doubleclick.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36 Response headers pragma no-cache date Sun, 19 Nov 2023 16:21:45 GMT server HTTP server (unknown) content-type image/png cache-control no-cache, must-revalidate cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 170 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT Redirect headers pragma no-cache date Sun, 19 Nov 2023 16:21:45 GMT an-x-request-uuid 797315dd-d869-40d3-8900-a748646c8567 server nginx/1.23.4 accept-ch Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness p3p policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE" content-type text/html; charset=utf-8 access-control-allow-origin * cache-control no-store, no-cache, private access-control-allow-credentials true location https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=Mzc1NDUyMjI2ODI2NDk5NTU0NA%3D%3D x-proxy-origin 84.19.175.184; 84.19.175.184; 1005.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com content-length 0 x-xss-protection 0 expires Sat, 15 Nov 2008 16:00:00 GMT
GET H2	200	rum dsum-sec.casalemedia.com/ Frame 79CA Redirect Chain https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEOQ-rm4A0otRi23ZKLlPtCA&google_cver=1	43 B 341 B	39ms 38ms	Image image/gif	104.18.36.155 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEOQ-rm4A0otRi23ZKLlPtCA&google_cver=1 Requested by Host: googleads.g.doubleclick.net URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxjT7bvGATAB&v=APEucNVlbq8vmFFCLZHrs45I4kFl0jHcUaFtoFjJFMRKgRKdg_xi90Ea5ReWB38TGhPBLdMKROumeD0objk5etmL2wovNcE0jmUIygMyFkQIpMN8TTnQNpFHlN5oPpNJG0drOlyQ8yJusIIodt1mhusqqLZXEYEeu-H8faPXRFbBMnjDTqWXTBc Protocol H2 Server 104.18.36.155 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b Request headers accept-language de-DE,de;q=0.9 Referer https://googleads.g.doubleclick.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36 Response headers pragma no-cache date Sun, 19 Nov 2023 16:21:45 GMT cf-cache-status DYNAMIC nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Tmsn8tq%2BaaZ8P4TIcAsWAkRargiTdGPbTYSqBcQZnFJJR3%2BYltN5zP020dQzPkGJk9wO3cA%2FvLuwvJGA%2BZ4HNwjBRoi%2F22b777ILAEL9UmQIcBpEjD%2B0jPQL3kJKIjgtn8n4utQcC1dukQ%3D%3D"}],"group":"cf-nel","max_age":604800} p3p policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI" content-type image/gif cache-control no-cache cf-ray 8289c9be29bb2bf5-FRA alt-svc h3=":443"; ma=86400 content-length 43 expires 0 Redirect headers pragma no-cache date Sun, 19 Nov 2023 16:21:45 GMT server HTTP server (unknown) content-type text/html; charset=UTF-8 location https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEOQ-rm4A0otRi23ZKLlPtCA&google_cver=1 p3p policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" cache-control no-cache, must-revalidate cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 313 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H3	200	rum dsum-sec.casalemedia.com/ Frame 79CA Redirect Chain https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZVo2GUrdTCkiSdX4cfYmZQAA https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEOQ-rm4A0otRi23ZKLlPtCA&google_cver=1	43 B 737 B	40ms 39ms	Image image/gif	104.18.36.155 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEOQ-rm4A0otRi23ZKLlPtCA&google_cver=1 Requested by Host: googleads.g.doubleclick.net URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxjT7bvGATAB&v=APEucNVlbq8vmFFCLZHrs45I4kFl0jHcUaFtoFjJFMRKgRKdg_xi90Ea5ReWB38TGhPBLdMKROumeD0objk5etmL2wovNcE0jmUIygMyFkQIpMN8TTnQNpFHlN5oPpNJG0drOlyQ8yJusIIodt1mhusqqLZXEYEeu-H8faPXRFbBMnjDTqWXTBc Protocol H3 Server 104.18.36.155 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b Request headers accept-language de-DE,de;q=0.9 Referer https://googleads.g.doubleclick.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36 Response headers pragma no-cache date Sun, 19 Nov 2023 16:21:45 GMT cf-cache-status DYNAMIC nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=n3WsQeb4GO7EhBjfGlDbXOuFHT1vy%2FKF0wyXimV0Jw2TYDpNqwNeXVWeJllkCVRU5vA9%2B9s4%2BZGfpp47WYHmvk0XxWqmJ3PhfO66a%2Brq2bbQSF9ILdOyES5uF2KJq%2BgOHzmySjTczqbRlw%3D%3D"}],"group":"cf-nel","max_age":604800} p3p policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI" content-type image/gif cache-control no-cache cf-ray 8289c9bef8113a97-FRA alt-svc h3=":443"; ma=86400 content-length 43 expires 0 Redirect headers pragma no-cache date Sun, 19 Nov 2023 16:21:45 GMT server HTTP server (unknown) content-type text/html; charset=UTF-8 location https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEOQ-rm4A0otRi23ZKLlPtCA&google_cver=1 p3p policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" cache-control no-cache, must-revalidate cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 313 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	bounce ib.adnxs.com/ Frame 79CA Redirect Chain https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm https://ib.adnxs.com/setuid?entity=101&code=CAESEIrHwiLG2bbl8EBd4YyNOZw&google_cver=1 https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEIrHwiLG2bbl8EBd4YyNOZw%26google_cver%3D1	43 B 890 B	34ms 34ms	Image image/gif	37.252.171.52 ASN-APPNEX
General Check archive.org Show headers Download Go to Show image Full URL https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEIrHwiLG2bbl8EBd4YyNOZw%26google_cver%3D1 Requested by Host: googleads.g.doubleclick.net URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxjT7bvGATAB&v=APEucNVlbq8vmFFCLZHrs45I4kFl0jHcUaFtoFjJFMRKgRKdg_xi90Ea5ReWB38TGhPBLdMKROumeD0objk5etmL2wovNcE0jmUIygMyFkQIpMN8TTnQNpFHlN5oPpNJG0drOlyQ8yJusIIodt1mhusqqLZXEYEeu-H8faPXRFbBMnjDTqWXTBc Protocol H2 Server 37.252.171.52 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US), Reverse DNS 1005.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net Software nginx/1.23.4 / Resource Hash 4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef Security Headers Name Value X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://googleads.g.doubleclick.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36 Response headers pragma no-cache date Sun, 19 Nov 2023 16:21:45 GMT an-x-request-uuid 3875a140-4b3c-437e-ab9d-6d2c265f833b server nginx/1.23.4 accept-ch Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness p3p policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE" content-type image/gif access-control-allow-origin * cache-control no-store, no-cache, private access-control-allow-credentials true x-proxy-origin 84.19.175.184; 84.19.175.184; 1005.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com content-length 43 x-xss-protection 0 expires Sat, 15 Nov 2008 16:00:00 GMT Redirect headers pragma no-cache date Sun, 19 Nov 2023 16:21:45 GMT an-x-request-uuid 967a514d-4696-4ad7-bedf-55ba18f95f24 server nginx/1.23.4 accept-ch Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness p3p policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE" content-type text/html; charset=utf-8 location https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEIrHwiLG2bbl8EBd4YyNOZw%26google_cver%3D1 cache-control no-store, no-cache, private x-proxy-origin 84.19.175.184; 84.19.175.184; 1005.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com content-length 0 x-xss-protection 0 expires Sat, 15 Nov 2008 16:00:00 GMT
GET H2	200	pixel cm.g.doubleclick.net/ Frame 79CA Redirect Chain https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NDc3MTA4NjQyMjg1MTcyNDU4NQ%3D%3D	170 B 232 B	32ms 32ms	Image image/png	142.250.184.226 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NDc3MTA4NjQyMjg1MTcyNDU4NQ%3D%3D Requested by Host: googleads.g.doubleclick.net URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxjT7bvGATAB&v=APEucNVlbq8vmFFCLZHrs45I4kFl0jHcUaFtoFjJFMRKgRKdg_xi90Ea5ReWB38TGhPBLdMKROumeD0objk5etmL2wovNcE0jmUIygMyFkQIpMN8TTnQNpFHlN5oPpNJG0drOlyQ8yJusIIodt1mhusqqLZXEYEeu-H8faPXRFbBMnjDTqWXTBc Protocol H2 Server 142.250.184.226 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra24s12-in-f2.1e100.net Software HTTP server (unknown) / Resource Hash 0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5 Security Headers Name Value X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://googleads.g.doubleclick.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36 Response headers pragma no-cache date Sun, 19 Nov 2023 16:21:45 GMT server HTTP server (unknown) content-type image/png cache-control no-cache, must-revalidate cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 170 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT Redirect headers pragma no-cache date Sun, 19 Nov 2023 16:21:45 GMT an-x-request-uuid d6d6994d-5fa6-445d-a2bd-0ce5c031080d server nginx/1.23.4 accept-ch Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness p3p policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE" content-type text/html; charset=utf-8 access-control-allow-origin * cache-control no-store, no-cache, private access-control-allow-credentials true location https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NDc3MTA4NjQyMjg1MTcyNDU4NQ%3D%3D x-proxy-origin 84.19.175.184; 84.19.175.184; 1005.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com content-length 0 x-xss-protection 0 expires Sat, 15 Nov 2008 16:00:00 GMT
POST H3	204	gen_204 pagead2.googlesyndication.com/pagead/ Frame D20B	0 20 B	57ms 57ms	Ping image/gif	2a00:1450:4001:810::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=4108658946137&version=m202309260101 Requested by Host: pagead2.googlesyndication.com URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://googleads.g.doubleclick.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36 Response headers pragma no-cache date Sun, 19 Nov 2023 16:21:45 GMT x-content-type-options nosniff server cafe content-type image/gif p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cache-control no-cache, must-revalidate cross-origin-resource-policy cross-origin timing-allow-origin * alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 0 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
POST H3	204	gen_204 pagead2.googlesyndication.com/pagead/ Frame D20B	0 20 B	57ms 56ms	Ping image/gif	2a00:1450:4001:810::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=4108658946137&version=m202309260101&ct=77&x=1&cor=15062326055755076000 Requested by Host: pagead2.googlesyndication.com URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://googleads.g.doubleclick.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36 Response headers pragma no-cache date Sun, 19 Nov 2023 16:21:45 GMT x-content-type-options nosniff server cafe content-type image/gif p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cache-control no-cache, must-revalidate cross-origin-resource-policy cross-origin timing-allow-origin * alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 0 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H3	200	ad Show response googleads.g.doubleclick.net/dbm/ Frame D20B	20 KB 13 KB	201ms 200ms	Script text/javascript	2a00:1450:4001:80f::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-BPagsNLUFWuCbIZl5JpSkvS6PKnr2aLaXBKLU3MKXSa_xpymagE6QJLmxP5PCDllZ4b1JGsNFWEexD7MDnUUjqFzaktR17wqb8pTMmxBEsP3YmeK5-U3-VylAwX9c00mPyvhRnkhG46RauS_P6kb6_9Gr5IprRRdJNvR_IvkXFFsnPZoo&cry=1&dbm_d=AKAmf-Al-dN5NkD-FlNdI6bFK9XwLmNLpNOXsq9jueIjYN0DJHJ4Bg0q4pso65o69kunzS79WyLXOpovaCXKHG8m6GrYSoEed3phfb8P7zSuYdAH_CkdgTVbyqsHGhhHmTRF3_K3ksI-Xkusrlkjj7yULt_IrB7LVKcm-ZQk_GtMF5FqUU_uk98Qfyr2EROGsXteUh7k7_hyFFgmlFGBz8O2eRyOw-uYntCJcjJLFS7FB2TCFPmM3odG5Ga2J_SFlBRBocuLB5RDjR7esj3em7f31gVSoWPZjtWNOUDNO-2WESNnT7YDj1Xj__n09eHzBABcWcmkWMamKD2WE3Y3FPsEKpzrO5jrfKCBv7zIvf_Xcdk3RfV2H6Min6i4LOlQux0R6PE1dcXZK3JVNJwE724_gtYzDgMjg6iJGr9l0tY6VXC6mHdS-hxc6eKosZ3VRrHcSM4EngpyeHXAEYlCP32GnsaD-Pbtz-fjrYwkCuWDJuvNeMwEuBgWa47G8IgtqAwpcM6Da9JDDPLRQtIYKsjmxdIDPJQiSWWt4tGamhcPq_Tqo6RoF4sxKe8T5pORb9TcWliP1Dbi5DTcrw6XiYHGgeEwUAKdcVg4XgWAIaFhbQGrftOK_6-tkOOBh4tSieDV3rwxurdKz2leCBwfAfxudiOst5tQ-oqeirLE7ry6kWB-BLeR1WSSeYyzzPeJfeLCtZNGi4fpVkYYdTyzI8o6ryYRUDUVP5bN3c8k7I17keQ1HDEVyJa5ox7A73uUWOUDkv4IsFT0AkExrHcNNf7t8A2nVTBeqvHY_hNzSGVmHobiu2S3sPmBOEmR0VL-5n5qrIHnAL1u1BW5dPCM9DfFJ_2CUdZWYFiEBM3IBg-acgBkQPI-nYncuobGfnDWUpBpJnNjsNSTPuHvpizm9sgk77oDNwHb9B5K_UsQu1TkMe71gwKIUzN-uuDNwEGxpp0p0WhM-z-zJ55sqsUw4sY7UlNTZN9cXv4SmnLgGSTODSTo5FTHfGQHJHMIKTFZVTqW06PMs_4jehjpCZP-If5duIMtPLA-xVINuUwKEXr2MkolPTdWPRoK9K9Er-xVAiFmteHp82myWx5H2b8ABA1dwrhdy6_YDPj8Z_Rx3I3G4nCyF9QhYsk6STLHC1P7LgD1ZF-TDyQ9LpSCNnK3BXuQ6qsbsjTqYg7jvFZqae4yKS_mzuCXm_mBI6rclVReRQX7MJLBEg4m30NbHujFv08e4TetwdIIyDCnrQOhJ6_M6SolBdtF-zwhTtcJXTXif7YAQORbMAfDaSBkWjLBS7ZqWs_MSCKNYrl0mimdpwPpEubExN_H_s0M6nm5e6h_IaAccNou2eygE9rafQiAd7AQF_gAdqJwxKbK6TJ1TJ30o7Jnl7lCmuc3KSnZESfTCi9sSgPTla1eWV2kx09fUyt91fII3riMKqnJMp8AVMHJRRYTGI8U_zYVwzocnJRqUBFlLyyfcOmlJTkz5DRfK0iuEaMWm5z6jzhE8F-90sGCE0oRZICrzLJJ2YD9Mz3-_PjLKuTHGrJr-A3eAXE30D3MaiE0kinIFmTFzlh821-Ul8BMlTe9cLR5DkUsmffxLNXZQyJPmD8cCLji3N5-tdNk605MLP7ASNQJYY0Y0XNUoqLEGIbvZs7BGNxEBDp7vBVB8i4_8uTZlva5Rt3wLT4Q60yGzlhGhJ4AP_5d57jJ-F4Ld0hXETCthDZxonMqYwhS-x28Cz9iC5FXd8-LuazgmidGHwoQWrw7UuDtEHJ5e_qn4ZU9J7AydU1DBYXXa3W9CJfhK8tqOQdCiT1svA7d6JNVew5L2q5Wi04fnL5ByfWKXcQhdKn5V2Si5579E_D9I2Umwvoiyln59HwQtlnFo0coN5_r2QefxhNBM7UMjNObpLknGva1oiSTn78oxE3e_VpEjJq2gPOV6cubdI5oKWGoopw1C0NEWPjMszyd79zxirCHA9XfuzWiwVulJDuEDv2V7mu2BGEldoY4Lhn_7uiNqUXREnbn58Wa8cik9SfvA4yD7Ubb9Hgan_e0zXxbQeekPQMc6IwjsvN4uCzc7yKZyUJ7vIR-WXaCRafQJ-kNFo7vg5kpfZx3wsr21ozygS3riuA5CtKwu7BCk_RNObNhgkvaKFGSDBiODGO0TO4PM-4GE_Bje1gqqJGH-dbhFtVLVMQtbVHtfNTEXDirvNnoP0lgagZ2LCdNQb5dPpT2gR1ElJKeTWbGz_0_cqiCnb4376aL7yKHql9lP8twjVnuAloIfUZ5IM_1xBjS9HxneFy4FJ6z--XmHtII8hkEnIFoSBi2TltgGvpX3ayrT36a9MUCO9-ueiOV76BhW781CF4PMNPLmUGComP8cax2wO5Hm7-2BF_BGGbYlRR1mVDht_xhrQUXuv0zL6De10ygchPGkUyF3zynM1DBI9OfG4Ma-V9z_iJPQl980JlstO0ZvjW-6gs7BnPA_BSF_0laVhXjy8ec2Q9j2bd9mZ_oPXXGH6CMmd-MPBDgT1SX77-q9veGX8GSTScX42e2NN2zjOp4kTnb8DnormnBvBc3mSxGAMdAHKpjPrhhRevJyZYFnwBMjsmUqcLZ2s54FtKKY0K3IiLZbBQyRyIGKB7sQsrJ9nSKmeeqin4l4Rpdzn_Enwon7ofxxtsz1CX2ged0HqIawiBd--mknCywm_vraHOAYKff5hf9mgO4zjCRI1TOOdlNC9FCHNy_D0lBjKE8yN5-DCSasKMxSli9dCZ_6szt3pdblbF1BKaC7XGK-JZLRU1lgeA7AmShUICAkUIerUpnXHPPabepV8J-CxnCvKGxtDQTJE9MxIR66wyj7aRhinTqH38hSxj9xwnZxxWs82EY7FXe5AUa58Q-fsnbzdla-0v1WrD9SxU8BWAdiyJ1e_K97jsW6J-RmLf_Odj203pqoP5qJ9P5VlXjVclN4tGQCJn1WRVixKy7HRAlBDO-5MCU4LxtYAO9xo2AvG5WGLDSFyPCLLegKNBIrp-ToTuoRnP-8VQDGY4WGQbUCW0Zh-KXvmTLBr70HuVvfVpK6tkXinQh-Uc_hvORceIe-cQDJMsE3PUeOUxz8rdD-OoktVa_jcn3GLGqRWz0lJ3ET1aHYnkkoWBcgkq4S-mgt81Trp7Es2z7fFFCFgm2lybBBJtosk92hxWlJBzkPwVGqOYoaHtPCoA2uGggaQbI5e1kL7-5q3iitHfCYpF7xb80BqnV9IdCTJ4A6l5sGvC1hSg4Y0-xAqC3DMiTHhHRQTLdjgNzV1q4wYLgoK60fP1HzFc40FwASOvgBYkl1CYQxoYhrwT7ZVSfB_mMTb-RjdCmbuDE_zK1eC3FDCdIUxj8IQn4tkK14ZapjHbVhZ7Vm0HHyGuwndfcT1cd-HV-hoSwvkTO32jXeQdKtvEtKQiLX3o9tN9lP7ZKbsgA9J4E5LjsKmT4JKMPrXmEFXvEOzZboWc_mv5KyGtSIVTIV84-1M2-7CT9hY0LScvy6YHVQzVmelS8YgWTqCAfyi9vHOWjkRuTXXRnqtNWyBTVZvtLmo6VktRnhy5MfrHXGZCi8ZyFHyl8u4IVw7IoAXQhIh696DEne8S09cA0m_OTxaRV_cmfEAz86Fie1Vev5EdlxrtSQVooOrWU5mGtBuIfmYo9IpgGTQ4BHCXQfebqWZA9lDNlJa8sgj1iJ8HKWLEWjb050w01jW_ClgspTC7JF4dTowunorSGHCyGfzRcRjmYlAy08JouPGZ6JTP6KJ_73XIUosg&cid=CAQSTwDICaaNAdVTiH2hLcoqEHHslJSU2SDO4ZDvaTlU1HcRwfBF4CSJ9O8DmAL2_SVkGemA9Y86sVls-DrW-v2g1wfxQYokCWUyj2pO5glutiYYAQ&dc_eid=31079495&dv3_ver=m202309260101&rfl=https%3A%2F%2Fwww.up-4ever.net%2F&ds=l&xdt=1&iif=1&cor=15062326055755076000&adk=1761367587&idt=79&cac=0&dtd=11 Requested by Host: pagead2.googlesyndication.com URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash 7cdc4ca12e513d34124a279a212d1760bf85d88083c4abdb413076627b87eb8e Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36 Response headers pragma no-cache date Sun, 19 Nov 2023 16:21:45 GMT content-encoding br x-content-type-options nosniff server cafe content-type text/javascript; charset=UTF-8 p3p policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" cache-control no-cache, must-revalidate cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" timing-allow-origin * alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 13699 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
POST H3	204	gen_204 pagead2.googlesyndication.com/pagead/ Frame 932D	0 20 B	55ms 55ms	Ping image/gif	2a00:1450:4001:810::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=7174699676739&version=m202309260101 Requested by Host: pagead2.googlesyndication.com URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://googleads.g.doubleclick.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36 Response headers pragma no-cache date Sun, 19 Nov 2023 16:21:45 GMT x-content-type-options nosniff server cafe content-type image/gif p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cache-control no-cache, must-revalidate cross-origin-resource-policy cross-origin timing-allow-origin * alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 0 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
POST H3	204	gen_204 pagead2.googlesyndication.com/pagead/ Frame 932D	0 20 B	55ms 55ms	Ping image/gif	2a00:1450:4001:810::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=7174699676739&version=m202309260101&ct=77&x=1&cor=1690277075548961000 Requested by Host: pagead2.googlesyndication.com URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://googleads.g.doubleclick.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36 Response headers pragma no-cache date Sun, 19 Nov 2023 16:21:45 GMT x-content-type-options nosniff server cafe content-type image/gif p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cache-control no-cache, must-revalidate cross-origin-resource-policy cross-origin timing-allow-origin * alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 0 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H3	200	ad Show response googleads.g.doubleclick.net/dbm/ Frame 932D	20 KB 14 KB	202ms 201ms	Script text/javascript	2a00:1450:4001:80f::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-DksrMmgyaPSymeJnmRBjI2ziCmfKs_3o6hxMv9QMSmmHHg48omMW_kGVlPigZ1LJZSkZs55MrsSd3FQm5DupP7tZdv_IXq9Vq64VNn_buQk1VcTF4-FJLs6OzrIiwKfiPm1VfHzwnjox2LpLjwg3C2rOhBb0YwEUpl_k1SYXQgG5Tcu6M&cry=1&dbm_d=AKAmf-Cl-effPvlXtepPJnOZ20i39j6OcoZfGmPrUlBb1dpfVPWZJcMk6DdPF-eA24dH-oQyo9O3Oaibh6Bf7ILlgOSdfuLdypU6JsrFt_fx03nfbu5bIZ1k4ej6cuMD0ngjtg2XbC30mADMIA4vjFXMJPkfknv4MPO69VeIg9_yHIeSu307dHjb_m9U0PO7WXoubl-utBFhSFewEr2vJmZ3R6WZvhaUX8_CZtUlfqjPmxIjPgf3z7GFooXmjTNQ2iqQ40wf2XUTwbO6A704Kb7PlbTr25RWB8V9yGe9ADMbl8m58gKQKuGZxdQxrnY-XrtzyHBEIM_vW4YFNMW34Be3obCzguBvw-oA53HMn62Rc5v_TzrjARx0w8Ati23ixPL1mXxpQ7_ZMJkmIFLYzD47G56VJNOpK3CLA6ncN17D05BFuEkjLhqBV5eMkozkXga8uHTTzbpJ69fLkJsRAAX91XBxwpKaJaj3RzwCreobiu6GxyZvROemNmUPIJoBXf1pWlJwaJMdRu9hUSrTcLeU5izMmyGHg4IuLCla-Hzwx4oCHhzovHfuA9N9r5jQv9b5cjsPdFILkXeL6RrgWCWb_6196r-jGNLz65gR_OnYilkBGO_w35ZaW-KqOrCFdkyvPWtpYhFim-d1xje20ZR3O1DqkzCZ9kodVK24SIPJUOypEIHPNZpXRLNvFOXybUAQV_evpJL5iqBwNAlomt9tmDPmaX6Fbfa2pF7G8L6zcX5Fb4k3jLuFcM8gLxxO4c3xSTRMbYJthK51ULZtmwZrVlqDhx4Grjs1eDEjNxj4iJosDx4AVxUtKkjFs5HJdI20fb1LW9hBeLEd7TGEWDCq8eDIjXF6bViK9HZwE0T4ht40H92Vil7BFbSdZD0trt-F62CJ643qNQXQhdYbjE9sDrJhjJ2P6sDXqSyGf2hys50C116x5DOe9t19A_hEIZrllB2kz-qbqaTij91hk81Z3SDYjnNPGI9rtyL9zssOJ6HOmMWYI-cHrb2gcJ2h_kJaE4et3eUssl1Q6mgo55aH3Q0q68UhQ3J0HFLg4SuhjgmPFMvvryyQwzVv0ozbT-tL2XjUdKVoQc1zwahrk3jDS911oCqwdB4rRuQIEudfPuFEEVIZXb8FVaHNBbyrAF7sAxXD-UWLIp4IilvrHzIIcwEtFKbGnecQfqgdvMTWohq_58UW4nGDC9iQBwiFdezmOnn2aF2gLcvJX-4-3JYBlXF2dH-mOVmPTzcqmN_xpDcAXT0SJnZurJtS-h_3eFogslsHCCh22lzbt_6Xk8FjlQXQM3QMOMpgp6ns-3q67tqvdvqQC3aDa2aElzO6pZyzGvTfuHE9lq6tPho0IFeZl67SgjX2QJYcm7g28sNCvRXx75aVfa2HDVditunatfBaHiqzmTOu1VgYyMUV3HaVnJpUM-D5wzEKo6kKsa4OV4Vc95Lo3hTvIzYz9qpYDcwOrcnMG1quuZ6d1_8NEFmovxF78B184oBE2UBAaKnnVoTz3abtDTVYcZ1ODBbLYGBmHnSM_qSMss6mSGjbj5TiPehewz4Bhi1m8gFHpV-KFDKtTRPiX2IV1WEsrOtWcri4IwZgbrdmu6mkTZfqB6v6aTpFLdGOfKszksehNUMv7Dp2YOyIIhm7M2ciVxCZHhBZ3PkhTluN21yR9SE9MdKO-IFgGSnUgUbEAtQVZzb0nj3UeGxZRJpje38H79tmqltmol4GYJqwUfg5kyeTcszYXyXAbD4wPkBpx8c__IkvD1pKDg35O1vYO52ujDk4G1dI1DhpkLroBovxzG9szqXxX0rS5FzIYGfb7_VEOJuWQ6YoLtO2JKNGiKVL9FwfP-g9wFKSuAbBFHCAZYI4j4NwUrb-vEqr1EbxEn7jG8FX1XzFU6hMW3PRKIwnw5iVhFmlwXEQCW6Ug_7YDj0NFn0KXDNYj73pGak6MU6p4IAPNJc7wlki_UoY4tGYxX0u_DRq-MBKhMpyVvBUN3PDMYih3FniRBc-2MERkUVRES-y6CNsUM4Xan802RXt9saOy_McwP4PEsaWvx2gFekg4wCK9QoXD3OhZi5JTlMUZbIxABCRVnVmNWGX5Kg-CIqpSKIPsBZuvk-th_9QxywPZ735W1pczIyKgLoTfm-mDPLaVPaCbsdw4wYZwq2-Aj_p9N38X5_r5LWGGh8FUhronButBB34goyeTjhPYD7P30XmFDJfHLLUQ_nk0ZV9Rr-YzlnAmQK4t6rw9_v8zAKBmd_5JtyRmaVWO-itJELVtdxf3KwuKd-izRSWW3K1FEdVMlTlN8WfAESTsE4dUGA9mefQBYiUES_92zEDCDj_mzl0le7knllPQ54wWctE72JqRlybVROpLvNwh2EVG-BGXdmINTeKddhBxAsephaSSULWE-w_xwtMbzj4sP4lCtObpmzsM29cV7EP_rJYs8mrsjUCcgl6tEFGPwb-GWsM7yEBYZuMiGD-y2hNMd6KuA9P3ft1wd-ZRZ0-sSMlftfULb_22koRO8cirRtld1gQI4l_Fd0KaxPWksge4nyrMpZckEqJffnrh6EDGD8C23IOEi2BUh-UqM-wUYEUm4MWSsReHVTNrmNx3LjQFDbwcbbaAS4nk7MhbQrQMfy2-VZObrfLDChrrZE8a5E7nUdpHLh7bFSbXbpx412bX2u2NUOdr6OsD46rPgPxRMwlZ5e3PpDLuS45cwRyPFy4_ULmls8-uYMVuGAbGMNNKIqn6GYgHwxJfqLl1aBdgXEFfH-6osR86x4HJ5ae0jNW44yIU_9pOlPqLc0TDpoY4a9Ii13xmfgzE59MNpNevcOWnemmCPQXmtz3DvAaDQciq8fSBvDwXQxHrhJJcBF1ws_nVoJvia_4zOK1mqMCjJ2jb9pEM_agi4P5SD46V24oYgPms5Dugp2ZeK-owUbMAlpZqfAXlNdTJ9Mxav3rxJJbCTOUATf7dOD_eagP1I55_T27dQTksiCvFrVvFo5oOIpqN6D6kbspgy8d0SyCVRVMLOCFpb1KtTskUqSk4-T1ao7FHudLFPtjvFBzTC7g8QkvFMFgXHmF8UKSnUxFHtMkkx5hQqn6AT0rksQ_dL--tL2KtSLXptYK_Fci2Di6T-GF4Jw2jkw3ld4LvJzbsm7um_OvPTZDEyNPyjfQQYhc_Wyeb0dPmplvys9o2kG6MZ1BvW91qmRN5mNkm6dlOZvIXUqAFRlflrC1eTdCPGvsly2CBhhOHYIhBvTQ5twRfbbWiBY63VhKRr0t5gqgiKr_suK491IXXHw9XIkWisyKXz_-oJqko9SM-s_2o3a-igqzmAmhWvADTpcdgMVq7phVj3NTyJApDXbxn1HZ9E03CrrZgVtEigs9HYcpdKPb32lxVLniuzdH6vWa2iqEZ4vEYYbFkPpJRY4MX4zTiJk5YByZDPImTGhp5cwc_UcaU-Bb3WxqdIlz1T8yoVNNwiuzBsav3mFE1UPDFI-8qMWGsBB261G0PjvxPGlHfBPxswdHBu9eZhojOnAQrZPH-7TsLLxjELPTDc90ZxDsJlastCusCIoiaZ297IOY95gHTllyo_jXvqJWVuB1SGv26AmrUJHXVtEbmuiG_UK_Jf5JXf8cSjNFPU6I7e5SW2fMaBUdwnoiHB7Ch_vfeTsTNlgLjH_SsEg3QWlrXhDJIVs16AcjTZoDNyVGhkg8Je2L4faAiCp2AO1-rxsxJjSY6JytxzMCxOqhQvsJKNzPIy4gbmg1q8RUFvfjMTZc2yg&cid=CAQSTwDICaaNAdVTiH2hLcoqEHHslJSU2SDO4ZDvaTlU1HcRwfBF4CSJ9O8DmAL2_SVkGemA9Y86sVls-DrW-v2g1wfxQYokCWUyj2pO5glutiYYAQ&dv3_ver=m202309260101&rfl=https%3A%2F%2Fwww.up-4ever.net%2F&ds=l&xdt=1&iif=1&cor=1690277075548961000&adk=1726166460&idt=146&cac=0&dtd=7 Requested by Host: pagead2.googlesyndication.com URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash fdc584c1f9328a6f2f9f5de6693af1a02a7a976e6396297dc63730e204495830 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36 Response headers pragma no-cache date Sun, 19 Nov 2023 16:21:45 GMT content-encoding br x-content-type-options nosniff server cafe content-type text/javascript; charset=UTF-8 p3p policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" cache-control no-cache, must-revalidate cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" timing-allow-origin * alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 13853 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	Q12zgMmT.js Show response tpc.googlesyndication.com/sodar/ Frame D20B	41 KB 14 KB	23ms 22ms	Script text/javascript	2a00:1450:4001:800::2001 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://tpc.googlesyndication.com/sodar/Q12zgMmT.js Requested by Host: googleads.g.doubleclick.net URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-BPagsNLUFWuCbIZl5JpSkvS6PKnr2aLaXBKLU3MKXSa_xpymagE6QJLmxP5PCDllZ4b1JGsNFWEexD7MDnUUjqFzaktR17wqb8pTMmxBEsP3YmeK5-U3-VylAwX9c00mPyvhRnkhG46RauS_P6kb6_9Gr5IprRRdJNvR_IvkXFFsnPZoo&cry=1&dbm_d=AKAmf-Al-dN5NkD-FlNdI6bFK9XwLmNLpNOXsq9jueIjYN0DJHJ4Bg0q4pso65o69kunzS79WyLXOpovaCXKHG8m6GrYSoEed3phfb8P7zSuYdAH_CkdgTVbyqsHGhhHmTRF3_K3ksI-Xkusrlkjj7yULt_IrB7LVKcm-ZQk_GtMF5FqUU_uk98Qfyr2EROGsXteUh7k7_hyFFgmlFGBz8O2eRyOw-uYntCJcjJLFS7FB2TCFPmM3odG5Ga2J_SFlBRBocuLB5RDjR7esj3em7f31gVSoWPZjtWNOUDNO-2WESNnT7YDj1Xj__n09eHzBABcWcmkWMamKD2WE3Y3FPsEKpzrO5jrfKCBv7zIvf_Xcdk3RfV2H6Min6i4LOlQux0R6PE1dcXZK3JVNJwE724_gtYzDgMjg6iJGr9l0tY6VXC6mHdS-hxc6eKosZ3VRrHcSM4EngpyeHXAEYlCP32GnsaD-Pbtz-fjrYwkCuWDJuvNeMwEuBgWa47G8IgtqAwpcM6Da9JDDPLRQtIYKsjmxdIDPJQiSWWt4tGamhcPq_Tqo6RoF4sxKe8T5pORb9TcWliP1Dbi5DTcrw6XiYHGgeEwUAKdcVg4XgWAIaFhbQGrftOK_6-tkOOBh4tSieDV3rwxurdKz2leCBwfAfxudiOst5tQ-oqeirLE7ry6kWB-BLeR1WSSeYyzzPeJfeLCtZNGi4fpVkYYdTyzI8o6ryYRUDUVP5bN3c8k7I17keQ1HDEVyJa5ox7A73uUWOUDkv4IsFT0AkExrHcNNf7t8A2nVTBeqvHY_hNzSGVmHobiu2S3sPmBOEmR0VL-5n5qrIHnAL1u1BW5dPCM9DfFJ_2CUdZWYFiEBM3IBg-acgBkQPI-nYncuobGfnDWUpBpJnNjsNSTPuHvpizm9sgk77oDNwHb9B5K_UsQu1TkMe71gwKIUzN-uuDNwEGxpp0p0WhM-z-zJ55sqsUw4sY7UlNTZN9cXv4SmnLgGSTODSTo5FTHfGQHJHMIKTFZVTqW06PMs_4jehjpCZP-If5duIMtPLA-xVINuUwKEXr2MkolPTdWPRoK9K9Er-xVAiFmteHp82myWx5H2b8ABA1dwrhdy6_YDPj8Z_Rx3I3G4nCyF9QhYsk6STLHC1P7LgD1ZF-TDyQ9LpSCNnK3BXuQ6qsbsjTqYg7jvFZqae4yKS_mzuCXm_mBI6rclVReRQX7MJLBEg4m30NbHujFv08e4TetwdIIyDCnrQOhJ6_M6SolBdtF-zwhTtcJXTXif7YAQORbMAfDaSBkWjLBS7ZqWs_MSCKNYrl0mimdpwPpEubExN_H_s0M6nm5e6h_IaAccNou2eygE9rafQiAd7AQF_gAdqJwxKbK6TJ1TJ30o7Jnl7lCmuc3KSnZESfTCi9sSgPTla1eWV2kx09fUyt91fII3riMKqnJMp8AVMHJRRYTGI8U_zYVwzocnJRqUBFlLyyfcOmlJTkz5DRfK0iuEaMWm5z6jzhE8F-90sGCE0oRZICrzLJJ2YD9Mz3-_PjLKuTHGrJr-A3eAXE30D3MaiE0kinIFmTFzlh821-Ul8BMlTe9cLR5DkUsmffxLNXZQyJPmD8cCLji3N5-tdNk605MLP7ASNQJYY0Y0XNUoqLEGIbvZs7BGNxEBDp7vBVB8i4_8uTZlva5Rt3wLT4Q60yGzlhGhJ4AP_5d57jJ-F4Ld0hXETCthDZxonMqYwhS-x28Cz9iC5FXd8-LuazgmidGHwoQWrw7UuDtEHJ5e_qn4ZU9J7AydU1DBYXXa3W9CJfhK8tqOQdCiT1svA7d6JNVew5L2q5Wi04fnL5ByfWKXcQhdKn5V2Si5579E_D9I2Umwvoiyln59HwQtlnFo0coN5_r2QefxhNBM7UMjNObpLknGva1oiSTn78oxE3e_VpEjJq2gPOV6cubdI5oKWGoopw1C0NEWPjMszyd79zxirCHA9XfuzWiwVulJDuEDv2V7mu2BGEldoY4Lhn_7uiNqUXREnbn58Wa8cik9SfvA4yD7Ubb9Hgan_e0zXxbQeekPQMc6IwjsvN4uCzc7yKZyUJ7vIR-WXaCRafQJ-kNFo7vg5kpfZx3wsr21ozygS3riuA5CtKwu7BCk_RNObNhgkvaKFGSDBiODGO0TO4PM-4GE_Bje1gqqJGH-dbhFtVLVMQtbVHtfNTEXDirvNnoP0lgagZ2LCdNQb5dPpT2gR1ElJKeTWbGz_0_cqiCnb4376aL7yKHql9lP8twjVnuAloIfUZ5IM_1xBjS9HxneFy4FJ6z--XmHtII8hkEnIFoSBi2TltgGvpX3ayrT36a9MUCO9-ueiOV76BhW781CF4PMNPLmUGComP8cax2wO5Hm7-2BF_BGGbYlRR1mVDht_xhrQUXuv0zL6De10ygchPGkUyF3zynM1DBI9OfG4Ma-V9z_iJPQl980JlstO0ZvjW-6gs7BnPA_BSF_0laVhXjy8ec2Q9j2bd9mZ_oPXXGH6CMmd-MPBDgT1SX77-q9veGX8GSTScX42e2NN2zjOp4kTnb8DnormnBvBc3mSxGAMdAHKpjPrhhRevJyZYFnwBMjsmUqcLZ2s54FtKKY0K3IiLZbBQyRyIGKB7sQsrJ9nSKmeeqin4l4Rpdzn_Enwon7ofxxtsz1CX2ged0HqIawiBd--mknCywm_vraHOAYKff5hf9mgO4zjCRI1TOOdlNC9FCHNy_D0lBjKE8yN5-DCSasKMxSli9dCZ_6szt3pdblbF1BKaC7XGK-JZLRU1lgeA7AmShUICAkUIerUpnXHPPabepV8J-CxnCvKGxtDQTJE9MxIR66wyj7aRhinTqH38hSxj9xwnZxxWs82EY7FXe5AUa58Q-fsnbzdla-0v1WrD9SxU8BWAdiyJ1e_K97jsW6J-RmLf_Odj203pqoP5qJ9P5VlXjVclN4tGQCJn1WRVixKy7HRAlBDO-5MCU4LxtYAO9xo2AvG5WGLDSFyPCLLegKNBIrp-ToTuoRnP-8VQDGY4WGQbUCW0Zh-KXvmTLBr70HuVvfVpK6tkXinQh-Uc_hvORceIe-cQDJMsE3PUeOUxz8rdD-OoktVa_jcn3GLGqRWz0lJ3ET1aHYnkkoWBcgkq4S-mgt81Trp7Es2z7fFFCFgm2lybBBJtosk92hxWlJBzkPwVGqOYoaHtPCoA2uGggaQbI5e1kL7-5q3iitHfCYpF7xb80BqnV9IdCTJ4A6l5sGvC1hSg4Y0-xAqC3DMiTHhHRQTLdjgNzV1q4wYLgoK60fP1HzFc40FwASOvgBYkl1CYQxoYhrwT7ZVSfB_mMTb-RjdCmbuDE_zK1eC3FDCdIUxj8IQn4tkK14ZapjHbVhZ7Vm0HHyGuwndfcT1cd-HV-hoSwvkTO32jXeQdKtvEtKQiLX3o9tN9lP7ZKbsgA9J4E5LjsKmT4JKMPrXmEFXvEOzZboWc_mv5KyGtSIVTIV84-1M2-7CT9hY0LScvy6YHVQzVmelS8YgWTqCAfyi9vHOWjkRuTXXRnqtNWyBTVZvtLmo6VktRnhy5MfrHXGZCi8ZyFHyl8u4IVw7IoAXQhIh696DEne8S09cA0m_OTxaRV_cmfEAz86Fie1Vev5EdlxrtSQVooOrWU5mGtBuIfmYo9IpgGTQ4BHCXQfebqWZA9lDNlJa8sgj1iJ8HKWLEWjb050w01jW_ClgspTC7JF4dTowunorSGHCyGfzRcRjmYlAy08JouPGZ6JTP6KJ_73XIUosg&cid=CAQSTwDICaaNAdVTiH2hLcoqEHHslJSU2SDO4ZDvaTlU1HcRwfBF4CSJ9O8DmAL2_SVkGemA9Y86sVls-DrW-v2g1wfxQYokCWUyj2pO5glutiYYAQ&dc_eid=31079495&dv3_ver=m202309260101&rfl=https%3A%2F%2Fwww.up-4ever.net%2F&ds=l&xdt=1&iif=1&cor=15062326055755076000&adk=1761367587&idt=79&cac=0&dtd=11 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 435db380c9936c0970dcd3d9941eab6aec2fcf2a38c3e2b4e02d957e8e76bd1f Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://googleads.g.doubleclick.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36 Response headers date Fri, 17 Nov 2023 18:05:08 GMT content-encoding br x-content-type-options nosniff age 166597 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 13937 x-xss-protection 0 last-modified Fri, 25 Aug 2023 23:48:00 GMT server sffe cross-origin-opener-policy same-origin; report-to="adspam-signals-scs" vary Accept-Encoding report-to {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]} content-type text/javascript cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * expires Sat, 16 Nov 2024 18:05:08 GMT
GET H2	200	attribution_src_register;crd=cXVlcnlfZXZlbnRfaWQgewogIHRpbWVfdXNlYzogMTcwMDQxMDkwNTI0NDQ3OQogIHNlcnZlcl9pcDogMTQ2NTMzNDk4CiAgcHJvY2Vzc19pZDogMjAzMDk5MzA3OQp9CmZsb29kbGlnaHRfY29uZmlnX2lkOiAxMTg2ODk0... ad.doubleclick.net/ddm/activity/ Frame D20B	0 858 B	130ms 63ms	Image image/png	142.250.184.198 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://ad.doubleclick.net/ddm/activity/attribution_src_register;crd=cXVlcnlfZXZlbnRfaWQgewogIHRpbWVfdXNlYzogMTcwMDQxMDkwNTI0NDQ3OQogIHNlcnZlcl9pcDogMTQ2NTMzNDk4CiAgcHJvY2Vzc19pZDogMjAzMDk5MzA3OQp9CmZsb29kbGlnaHRfY29uZmlnX2lkOiAxMTg2ODk0MwphZHZlcnRpc2VyX2RvbWFpbjogImh0dHBzOi8vcmVkaW50ZWxsaWdlbmNlLm5ldCIKeGZhX2F0dHJpYnV0aW9uX2ludGVyYWN0aW9uX3R5cGU6IFZJRVcKaW1wcmVzc2lvbl9wcmlvcml0eTogMAppbXByZXNzaW9uX2V4cGlyeV9pbl9kYXlzOiAzMApldmVudF9pbXByZXNzaW9uX2lkOiAzODkyNjY3MjMyMDgzNTIxNDU4CmRlYnVnX2tleTogMTIxNjY0MzM3NzMxNzY4MjMwMDEKaW1wcmVzc2lvbl9tZWFzdXJlbWVudF9kaW1lbnNpb25zX2RhdGEgewogIG1lYXN1cmVtZW50X2RpbWVuc2lvbjogSU1QUkVTU0lPTl9ESU1FTlNJT05fUFJPRFVDVF9UWVBFCiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uX3ZhbHVlIHsKICAgIGludDY0X3ZhbHVlOiAyCiAgfQp9CmltcHJlc3Npb25fbWVhc3VyZW1lbnRfZGltZW5zaW9uc19kYXRhIHsKICBtZWFzdXJlbWVudF9kaW1lbnNpb246IElNUFJFU1NJT05fRElNRU5TSU9OX0lOVEVSQUNUSU9OX1RZUEUKICBtZWFzdXJlbWVudF9kaW1lbnNpb25fdmFsdWUgewogICAgaW50NjRfdmFsdWU6IDMKICB9Cn0KaW1wcmVzc2lvbl9tZWFzdXJlbWVudF9kaW1lbnNpb25zX2RhdGEgewogIG1lYXN1cmVtZW50X2RpbWVuc2lvbjogSU1QUkVTU0lPTl9ESU1FTlNJT05fSU5URVJBQ1RJT05fREFURQogIG1lYXN1cmVtZW50X2RpbWVuc2lvbl92YWx1ZSB7CiAgICBzdHJpbmdfdmFsdWU6ICIyMDIzLTExLTE5IgogIH0KfQppbXByZXNzaW9uX21lYXN1cmVtZW50X2RpbWVuc2lvbnNfZGF0YSB7CiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uOiBJTVBSRVNTSU9OX0RJTUVOU0lPTl9GTE9PRExJR0hUX0NPTkZJR19JRAogIG1lYXN1cmVtZW50X2RpbWVuc2lvbl92YWx1ZSB7CiAgICBpbnQ2NF92YWx1ZTogMTE4Njg5NDMKICB9Cn0KaW1wcmVzc2lvbl9tZWFzdXJlbWVudF9kaW1lbnNpb25zX2RhdGEgewogIG1lYXN1cmVtZW50X2RpbWVuc2lvbjogSU1QUkVTU0lPTl9ESU1FTlNJT05fQ09SRV9QTEFURk9STV9TRVJWSUNFCiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uX3ZhbHVlIHsKICAgIGludDY0X3ZhbHVlOiAwCiAgfQp9CmltcHJlc3Npb25fbWVhc3VyZW1lbnRfZGltZW5zaW9uc19kYXRhIHsKICBtZWFzdXJlbWVudF9kaW1lbnNpb246IElNUFJFU1NJT05fRElNRU5TSU9OX1BMQVRGT1JNX1RZUEUKICBtZWFzdXJlbWVudF9kaW1lbnNpb25fdmFsdWUgewogICAgaW50NjRfdmFsdWU6IDAKICB9Cn0KaW1wcmVzc2lvbl9tZWFzdXJlbWVudF9kaW1lbnNpb25zX2RhdGEgewogIG1lYXN1cmVtZW50X2RpbWVuc2lvbjogSU1QUkVTU0lPTl9ESU1FTlNJT05fUVVFUllfQ09VTlRSWQogIG1lYXN1cmVtZW50X2RpbWVuc2lvbl92YWx1ZSB7CiAgICBzdHJpbmdfdmFsdWU6ICJVUyIKICB9Cn0KaW1wcmVzc2lvbl9tZWFzdXJlbWVudF9kaW1lbnNpb25zX2RhdGEgewogIG1lYXN1cmVtZW50X2RpbWVuc2lvbjogSU1QUkVTU0lPTl9ESU1FTlNJT05fUExBQ0VNRU5UX0lECiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uX3ZhbHVlIHsKICAgIGludDY0X3ZhbHVlOiAzMzIxNzU0MzcKICB9Cn0KaW1wcmVzc2lvbl9tZWFzdXJlbWVudF9kaW1lbnNpb25zX2RhdGEgewogIG1lYXN1cmVtZW50X2RpbWVuc2lvbjogSU1QUkVTU0lPTl9ESU1FTlNJT05fRFYzX0FEVkVSVElTRVJfSUQKICBtZWFzdXJlbWVudF9kaW1lbnNpb25fdmFsdWUgewogICAgaW50NjRfdmFsdWU6IDg3ODI0MzY5NgogIH0KfQppbXByZXNzaW9uX21lYXN1cmVtZW50X2RpbWVuc2lvbnNfZGF0YSB7CiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uOiBJTVBSRVNTSU9OX0RJTUVOU0lPTl9EVjNfTElORV9JVEVNX0lECiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uX3ZhbHVlIHsKICAgIGludDY0X3ZhbHVlOiAxNjY2MDE0MjA2MwogIH0KfQppbXByZXNzaW9uX21lYXN1cmVtZW50X2RpbWVuc2lvbnNfZGF0YSB7CiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uOiBJTVBSRVNTSU9OX0RJTUVOU0lPTl9EVjNfQ1JFQVRJVkVfSUQKICBtZWFzdXJlbWVudF9kaW1lbnNpb25fdmFsdWUgewogICAgaW50NjRfdmFsdWU6IDQxNjIxNjc4NwogIH0KfQphcmNoZXR5cGVfaWQ6IDEyCmFyY2hldHlwZV9pZDogMTMKYXJjaGV0eXBlX2lkOiAxNAphcmNoZXR5cGVfaWQ6IDE1CmFkdmVydGlzZXJfY29udmVyc2lvbl9kb21haW5zOiAiaHR0cHM6Ly9yZWRpbnRlbGxpZ2VuY2UubmV0IgphZHZlcnRpc2VyX2NvbnZlcnNpb25fZG9tYWluczogImh0dHBzOi8vYWQtc3J2Lm5ldCIKYWR2ZXJ0aXNlcl9jb252ZXJzaW9uX2RvbWFpbnM6ICJodHRwczovL2tsaWNrLXdlbHQuZGUiCmltcHJlc3Npb25fZXZlbnRfcmVwb3J0aW5nX3dpbmRvd19kYXlzOiA0CmJyb3dzZXJfYXR0cmlidXRpb25fYXBpX3JlcXVlc3RfcHJvY2Vzc2luZ19iaXRzOiA3MzgxOTc1MDQK Requested by Host: googleads.g.doubleclick.net URL: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 142.250.184.198 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra24s11-in-f6.1e100.net Software cafe / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://googleads.g.doubleclick.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36 Response headers pragma no-cache date Sun, 19 Nov 2023 16:21:45 GMT x-content-type-options nosniff attribution-reporting-register-source {"aggregation_keys":{"12":"0xc21fb59758cb6ec00000000000000000","13":"0xf790f3d82a3f410a0000000000000000","14":"0x3e72a8e3061eb7aa0000000000000000","15":"0x51970362f48408e90000000000000000"},"debug_key":"12166433773176823001","debug_reporting":true,"destination":"https://redintelligence.net","event_report_window":"345600","expiry":"2592000","filter_data":{"14":[],"8":["11868943"]},"priority":"0","source_event_id":"3892667232083521458"} server cafe p3p policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" content-type image/png access-control-allow-origin * cache-control no-cache, must-revalidate cross-origin-resource-policy cross-origin timing-allow-origin * alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 0 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H/1.1	200 OK	33lgkyejwpt3 Show response hal9000.redintelligence.net/zone/ Frame D20B	11 KB 4 KB	98ms 28ms	Script text/html	138.201.84.244 HETZNER-AS
General Check archive.org Show headers Download Go to Full URL https://hal9000.redintelligence.net/zone/33lgkyejwpt3?subid=&gdpr=&gdpr_consent=&rnd=1700410904307781&extVar[]=DV360_SSP:1&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCZXKrGDZaZcXkEojvn88PsKOW8A-m5b2gaZ2cnKfJD_AuEAEgrr-nmwFglYKAgLgHyAEJqQImacesD1CyPqgDAcgDmwSqBOoBT9AUom0bgBw3ocb7Hm3zzzJH6_EzzPIDQOEgg2XlVgA0Rlnn94GlSw6neBhphzdSCF2-rmnzOyTQavRmwcAhJDX7_atiZTyZDzxuzY7kfUSpsaHJCdoV4567XCJ9eUgwn7naMlaAh4D-14QLMKmT063mvsssR8bOq52vlENy6pdiJZQCYV2CiAn9j049aMrtDIZMNAjycyMwBy7qt4zxLJS88RbyiSCff3Zc-7rgsUny2Z0lbQQRCeuEidhqks2a7TrsBJyN8krcS72JB2tKsHnSMW3ZwE8Dn7PSCSwAumvbmqoyI8q_b1HYwATrj_yO9wPgBAOIBe-vlog-kAYBoAZNgAesrfWfA6gH2baxAqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBYIgOGAEBABGB8yAqoCOgKAQEi9_cE6gAoBmAsByAsBgAwBogwYKhYKFOS0sQLutbECtbixAuS0sQLutbECqg0CREWwE4fvsRXQEwDYEwOIFAHYFAHQFQH4FgGAFwE%26ae%3D1%26num%3D1%26cid%3DCAQSTwDICaaNAdVTiH2hLcoqEHHslJSU2SDO4ZDvaTlU1HcRwfBF4CSJ9O8DmAL2_SVkGemA9Y86sVls-DrW-v2g1wfxQYokCWUyj2pO5glutiYYAQ%26sig%3DAOD64_0j-KyWiHBrosPjNBZfH1QuNTDMaQ%26client%3Dca-pub-6001787570359789%26dbm_c%3DAKAmf-Bb_vKoPPX6CQ89iRlMoMmM4FafTMrl6YWOgEy1VY5wMFNPtlExyCmh1inq7aIV5FVIZ9WMUWisiHlvSBur1U3lB5ymTNkh-UzmOMnLjPJ9ZOTSq0MpaAaZRsQ4vLU_JXR_5z_2tJyaAAC3hkhdnmRURT527nKgm12Ak_Ru6jERpnz3w-s%26cry%3D1%26dbm_d%3DAKAmf-D_iqa7DXwexZurPptjCXJxSU203Jm9pI6OOgYOwKOv8mJIbTrFMC7NAb5wIXoOpipVrDOEIpg3TmI1uEZ7P-WJu4dzmJ0Fpck8krVCdFUQwgxycoT_lGEyM1b97xnk0sgIAZmIBwxNslDFeiAruzyHVX0BTQTGSWIbkFDCgqH5e0HRO-v5tgSFZLlNjyCWn-N5Mu5Ouj6ZP0eh-UD-lgZp2jyJ5KvKySwzgaboSCDW6HZxYklxJB35N9BNW-hvocBC_TabNqkC6v7u87AhlJ9953GUgIZ-AQCuzGo2WjPp6BWh37DoSLALUGTIZqsS3PycMUOCPdKkYoaQz69DEUIGM4QqhsWUif51unapatpx3BTbJXOOJG5Kca8qhwV4tHw2_EgbGfqFuP5qJx8UGRd1ghefo82OyZcjFqGRZQ6nIkikrfEEA80-1jl1hKUfZ8W7xzV_X059ttD-M6qe7CkMAVzPYBPwV1-E9TwcZSg2He95odxlhBCzCtoYzIHaY_hTuqZLzoNYUlEeQQM0cZfoVeG8pliTt6Ytthp-56376Bz8Ym4lJrpoEJ2eW3HZAOIZBuxX%26adurl%3D Requested by Host: googleads.g.doubleclick.net URL: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1 Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 138.201.84.244 , Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS static.244.84.201.138.clients.your-server.de Software Apache / Resource Hash c6f7ae9c55986506d4ea0a5671e2110267c0a596d2d6d2566b56102771b377ee Request headers accept-language de-DE,de;q=0.9 Referer https://googleads.g.doubleclick.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36 Response headers Date Sun, 19 Nov 2023 16:21:45 GMT Content-Encoding gzip Server Apache Connection close Content-Length 4184 Vary Accept-Encoding Content-Type text/html; charset=UTF-8
GET H3	200	vzrjyyduFLgmDwpVgabaEshtOWNUmidH4AmaDYU2FBI.js Show response pagead2.googlesyndication.com/bg/ Frame 3F53	38 KB 15 KB	22ms 22ms	Script text/javascript	2a00:1450:4001:810::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://pagead2.googlesyndication.com/bg/vzrjyyduFLgmDwpVgabaEshtOWNUmidH4AmaDYU2FBI.js Requested by Host: www.up-4ever.net URL: https://www.up-4ever.net/169wh99mvv5x Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash bf3ae3cb276e14b8260f0a5581a6da12c86d3963549a2747e0099a0d85361412 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://googleads.g.doubleclick.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36 Response headers date Sat, 18 Nov 2023 03:07:06 GMT content-encoding br x-content-type-options nosniff age 134079 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 14894 x-xss-protection 0 last-modified Mon, 06 Nov 2023 16:38:00 GMT server sffe cross-origin-opener-policy same-origin; report-to="botguard-scs" vary Accept-Encoding report-to {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]} content-type text/javascript cache-control public, max-age=31536000 accept-ranges bytes expires Sun, 17 Nov 2024 03:07:06 GMT
GET H3	200	Q12zgMmT.js Show response tpc.googlesyndication.com/sodar/ Frame 932D	41 KB 14 KB	23ms 23ms	Script text/javascript	2a00:1450:4001:800::2001 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://tpc.googlesyndication.com/sodar/Q12zgMmT.js Requested by Host: googleads.g.doubleclick.net URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-DksrMmgyaPSymeJnmRBjI2ziCmfKs_3o6hxMv9QMSmmHHg48omMW_kGVlPigZ1LJZSkZs55MrsSd3FQm5DupP7tZdv_IXq9Vq64VNn_buQk1VcTF4-FJLs6OzrIiwKfiPm1VfHzwnjox2LpLjwg3C2rOhBb0YwEUpl_k1SYXQgG5Tcu6M&cry=1&dbm_d=AKAmf-Cl-effPvlXtepPJnOZ20i39j6OcoZfGmPrUlBb1dpfVPWZJcMk6DdPF-eA24dH-oQyo9O3Oaibh6Bf7ILlgOSdfuLdypU6JsrFt_fx03nfbu5bIZ1k4ej6cuMD0ngjtg2XbC30mADMIA4vjFXMJPkfknv4MPO69VeIg9_yHIeSu307dHjb_m9U0PO7WXoubl-utBFhSFewEr2vJmZ3R6WZvhaUX8_CZtUlfqjPmxIjPgf3z7GFooXmjTNQ2iqQ40wf2XUTwbO6A704Kb7PlbTr25RWB8V9yGe9ADMbl8m58gKQKuGZxdQxrnY-XrtzyHBEIM_vW4YFNMW34Be3obCzguBvw-oA53HMn62Rc5v_TzrjARx0w8Ati23ixPL1mXxpQ7_ZMJkmIFLYzD47G56VJNOpK3CLA6ncN17D05BFuEkjLhqBV5eMkozkXga8uHTTzbpJ69fLkJsRAAX91XBxwpKaJaj3RzwCreobiu6GxyZvROemNmUPIJoBXf1pWlJwaJMdRu9hUSrTcLeU5izMmyGHg4IuLCla-Hzwx4oCHhzovHfuA9N9r5jQv9b5cjsPdFILkXeL6RrgWCWb_6196r-jGNLz65gR_OnYilkBGO_w35ZaW-KqOrCFdkyvPWtpYhFim-d1xje20ZR3O1DqkzCZ9kodVK24SIPJUOypEIHPNZpXRLNvFOXybUAQV_evpJL5iqBwNAlomt9tmDPmaX6Fbfa2pF7G8L6zcX5Fb4k3jLuFcM8gLxxO4c3xSTRMbYJthK51ULZtmwZrVlqDhx4Grjs1eDEjNxj4iJosDx4AVxUtKkjFs5HJdI20fb1LW9hBeLEd7TGEWDCq8eDIjXF6bViK9HZwE0T4ht40H92Vil7BFbSdZD0trt-F62CJ643qNQXQhdYbjE9sDrJhjJ2P6sDXqSyGf2hys50C116x5DOe9t19A_hEIZrllB2kz-qbqaTij91hk81Z3SDYjnNPGI9rtyL9zssOJ6HOmMWYI-cHrb2gcJ2h_kJaE4et3eUssl1Q6mgo55aH3Q0q68UhQ3J0HFLg4SuhjgmPFMvvryyQwzVv0ozbT-tL2XjUdKVoQc1zwahrk3jDS911oCqwdB4rRuQIEudfPuFEEVIZXb8FVaHNBbyrAF7sAxXD-UWLIp4IilvrHzIIcwEtFKbGnecQfqgdvMTWohq_58UW4nGDC9iQBwiFdezmOnn2aF2gLcvJX-4-3JYBlXF2dH-mOVmPTzcqmN_xpDcAXT0SJnZurJtS-h_3eFogslsHCCh22lzbt_6Xk8FjlQXQM3QMOMpgp6ns-3q67tqvdvqQC3aDa2aElzO6pZyzGvTfuHE9lq6tPho0IFeZl67SgjX2QJYcm7g28sNCvRXx75aVfa2HDVditunatfBaHiqzmTOu1VgYyMUV3HaVnJpUM-D5wzEKo6kKsa4OV4Vc95Lo3hTvIzYz9qpYDcwOrcnMG1quuZ6d1_8NEFmovxF78B184oBE2UBAaKnnVoTz3abtDTVYcZ1ODBbLYGBmHnSM_qSMss6mSGjbj5TiPehewz4Bhi1m8gFHpV-KFDKtTRPiX2IV1WEsrOtWcri4IwZgbrdmu6mkTZfqB6v6aTpFLdGOfKszksehNUMv7Dp2YOyIIhm7M2ciVxCZHhBZ3PkhTluN21yR9SE9MdKO-IFgGSnUgUbEAtQVZzb0nj3UeGxZRJpje38H79tmqltmol4GYJqwUfg5kyeTcszYXyXAbD4wPkBpx8c__IkvD1pKDg35O1vYO52ujDk4G1dI1DhpkLroBovxzG9szqXxX0rS5FzIYGfb7_VEOJuWQ6YoLtO2JKNGiKVL9FwfP-g9wFKSuAbBFHCAZYI4j4NwUrb-vEqr1EbxEn7jG8FX1XzFU6hMW3PRKIwnw5iVhFmlwXEQCW6Ug_7YDj0NFn0KXDNYj73pGak6MU6p4IAPNJc7wlki_UoY4tGYxX0u_DRq-MBKhMpyVvBUN3PDMYih3FniRBc-2MERkUVRES-y6CNsUM4Xan802RXt9saOy_McwP4PEsaWvx2gFekg4wCK9QoXD3OhZi5JTlMUZbIxABCRVnVmNWGX5Kg-CIqpSKIPsBZuvk-th_9QxywPZ735W1pczIyKgLoTfm-mDPLaVPaCbsdw4wYZwq2-Aj_p9N38X5_r5LWGGh8FUhronButBB34goyeTjhPYD7P30XmFDJfHLLUQ_nk0ZV9Rr-YzlnAmQK4t6rw9_v8zAKBmd_5JtyRmaVWO-itJELVtdxf3KwuKd-izRSWW3K1FEdVMlTlN8WfAESTsE4dUGA9mefQBYiUES_92zEDCDj_mzl0le7knllPQ54wWctE72JqRlybVROpLvNwh2EVG-BGXdmINTeKddhBxAsephaSSULWE-w_xwtMbzj4sP4lCtObpmzsM29cV7EP_rJYs8mrsjUCcgl6tEFGPwb-GWsM7yEBYZuMiGD-y2hNMd6KuA9P3ft1wd-ZRZ0-sSMlftfULb_22koRO8cirRtld1gQI4l_Fd0KaxPWksge4nyrMpZckEqJffnrh6EDGD8C23IOEi2BUh-UqM-wUYEUm4MWSsReHVTNrmNx3LjQFDbwcbbaAS4nk7MhbQrQMfy2-VZObrfLDChrrZE8a5E7nUdpHLh7bFSbXbpx412bX2u2NUOdr6OsD46rPgPxRMwlZ5e3PpDLuS45cwRyPFy4_ULmls8-uYMVuGAbGMNNKIqn6GYgHwxJfqLl1aBdgXEFfH-6osR86x4HJ5ae0jNW44yIU_9pOlPqLc0TDpoY4a9Ii13xmfgzE59MNpNevcOWnemmCPQXmtz3DvAaDQciq8fSBvDwXQxHrhJJcBF1ws_nVoJvia_4zOK1mqMCjJ2jb9pEM_agi4P5SD46V24oYgPms5Dugp2ZeK-owUbMAlpZqfAXlNdTJ9Mxav3rxJJbCTOUATf7dOD_eagP1I55_T27dQTksiCvFrVvFo5oOIpqN6D6kbspgy8d0SyCVRVMLOCFpb1KtTskUqSk4-T1ao7FHudLFPtjvFBzTC7g8QkvFMFgXHmF8UKSnUxFHtMkkx5hQqn6AT0rksQ_dL--tL2KtSLXptYK_Fci2Di6T-GF4Jw2jkw3ld4LvJzbsm7um_OvPTZDEyNPyjfQQYhc_Wyeb0dPmplvys9o2kG6MZ1BvW91qmRN5mNkm6dlOZvIXUqAFRlflrC1eTdCPGvsly2CBhhOHYIhBvTQ5twRfbbWiBY63VhKRr0t5gqgiKr_suK491IXXHw9XIkWisyKXz_-oJqko9SM-s_2o3a-igqzmAmhWvADTpcdgMVq7phVj3NTyJApDXbxn1HZ9E03CrrZgVtEigs9HYcpdKPb32lxVLniuzdH6vWa2iqEZ4vEYYbFkPpJRY4MX4zTiJk5YByZDPImTGhp5cwc_UcaU-Bb3WxqdIlz1T8yoVNNwiuzBsav3mFE1UPDFI-8qMWGsBB261G0PjvxPGlHfBPxswdHBu9eZhojOnAQrZPH-7TsLLxjELPTDc90ZxDsJlastCusCIoiaZ297IOY95gHTllyo_jXvqJWVuB1SGv26AmrUJHXVtEbmuiG_UK_Jf5JXf8cSjNFPU6I7e5SW2fMaBUdwnoiHB7Ch_vfeTsTNlgLjH_SsEg3QWlrXhDJIVs16AcjTZoDNyVGhkg8Je2L4faAiCp2AO1-rxsxJjSY6JytxzMCxOqhQvsJKNzPIy4gbmg1q8RUFvfjMTZc2yg&cid=CAQSTwDICaaNAdVTiH2hLcoqEHHslJSU2SDO4ZDvaTlU1HcRwfBF4CSJ9O8DmAL2_SVkGemA9Y86sVls-DrW-v2g1wfxQYokCWUyj2pO5glutiYYAQ&dv3_ver=m202309260101&rfl=https%3A%2F%2Fwww.up-4ever.net%2F&ds=l&xdt=1&iif=1&cor=1690277075548961000&adk=1726166460&idt=146&cac=0&dtd=7 Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 435db380c9936c0970dcd3d9941eab6aec2fcf2a38c3e2b4e02d957e8e76bd1f Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://googleads.g.doubleclick.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36 Response headers date Fri, 17 Nov 2023 18:05:08 GMT content-encoding br x-content-type-options nosniff age 166597 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 13937 x-xss-protection 0 last-modified Fri, 25 Aug 2023 23:48:00 GMT server sffe cross-origin-opener-policy same-origin; report-to="adspam-signals-scs" vary Accept-Encoding report-to {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]} content-type text/javascript cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * expires Sat, 16 Nov 2024 18:05:08 GMT
GET H2	200	attribution_src_register;crd=cXVlcnlfZXZlbnRfaWQgewogIHRpbWVfdXNlYzogMTcwMDQxMDkwNTMwODQ5MAogIHNlcnZlcl9pcDogMTI2MDY1MTY4CiAgcHJvY2Vzc19pZDogMTk2MzU1MDQxOAp9CmZsb29kbGlnaHRfY29uZmlnX2lkOiAxMTg2ODk0... ad.doubleclick.net/ddm/activity/ Frame 932D	0 499 B	61ms 60ms	Image image/png	142.250.184.198 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://ad.doubleclick.net/ddm/activity/attribution_src_register;crd=cXVlcnlfZXZlbnRfaWQgewogIHRpbWVfdXNlYzogMTcwMDQxMDkwNTMwODQ5MAogIHNlcnZlcl9pcDogMTI2MDY1MTY4CiAgcHJvY2Vzc19pZDogMTk2MzU1MDQxOAp9CmZsb29kbGlnaHRfY29uZmlnX2lkOiAxMTg2ODk0MwphZHZlcnRpc2VyX2RvbWFpbjogImh0dHBzOi8vcmVkaW50ZWxsaWdlbmNlLm5ldCIKeGZhX2F0dHJpYnV0aW9uX2ludGVyYWN0aW9uX3R5cGU6IFZJRVcKaW1wcmVzc2lvbl9wcmlvcml0eTogMAppbXByZXNzaW9uX2V4cGlyeV9pbl9kYXlzOiAzMApldmVudF9pbXByZXNzaW9uX2lkOiAxMzY5MzI4MjE1MzM2Nzg1MTg5MApkZWJ1Z19rZXk6IDEwMTg2OTk2NDE3MjE4MzM0NDQzCmltcHJlc3Npb25fbWVhc3VyZW1lbnRfZGltZW5zaW9uc19kYXRhIHsKICBtZWFzdXJlbWVudF9kaW1lbnNpb246IElNUFJFU1NJT05fRElNRU5TSU9OX1BST0RVQ1RfVFlQRQogIG1lYXN1cmVtZW50X2RpbWVuc2lvbl92YWx1ZSB7CiAgICBpbnQ2NF92YWx1ZTogMgogIH0KfQppbXByZXNzaW9uX21lYXN1cmVtZW50X2RpbWVuc2lvbnNfZGF0YSB7CiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uOiBJTVBSRVNTSU9OX0RJTUVOU0lPTl9JTlRFUkFDVElPTl9UWVBFCiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uX3ZhbHVlIHsKICAgIGludDY0X3ZhbHVlOiAzCiAgfQp9CmltcHJlc3Npb25fbWVhc3VyZW1lbnRfZGltZW5zaW9uc19kYXRhIHsKICBtZWFzdXJlbWVudF9kaW1lbnNpb246IElNUFJFU1NJT05fRElNRU5TSU9OX0lOVEVSQUNUSU9OX0RBVEUKICBtZWFzdXJlbWVudF9kaW1lbnNpb25fdmFsdWUgewogICAgc3RyaW5nX3ZhbHVlOiAiMjAyMy0xMS0xOSIKICB9Cn0KaW1wcmVzc2lvbl9tZWFzdXJlbWVudF9kaW1lbnNpb25zX2RhdGEgewogIG1lYXN1cmVtZW50X2RpbWVuc2lvbjogSU1QUkVTU0lPTl9ESU1FTlNJT05fRkxPT0RMSUdIVF9DT05GSUdfSUQKICBtZWFzdXJlbWVudF9kaW1lbnNpb25fdmFsdWUgewogICAgaW50NjRfdmFsdWU6IDExODY4OTQzCiAgfQp9CmltcHJlc3Npb25fbWVhc3VyZW1lbnRfZGltZW5zaW9uc19kYXRhIHsKICBtZWFzdXJlbWVudF9kaW1lbnNpb246IElNUFJFU1NJT05fRElNRU5TSU9OX0NPUkVfUExBVEZPUk1fU0VSVklDRQogIG1lYXN1cmVtZW50X2RpbWVuc2lvbl92YWx1ZSB7CiAgICBpbnQ2NF92YWx1ZTogMAogIH0KfQppbXByZXNzaW9uX21lYXN1cmVtZW50X2RpbWVuc2lvbnNfZGF0YSB7CiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uOiBJTVBSRVNTSU9OX0RJTUVOU0lPTl9QTEFURk9STV9UWVBFCiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uX3ZhbHVlIHsKICAgIGludDY0X3ZhbHVlOiAwCiAgfQp9CmltcHJlc3Npb25fbWVhc3VyZW1lbnRfZGltZW5zaW9uc19kYXRhIHsKICBtZWFzdXJlbWVudF9kaW1lbnNpb246IElNUFJFU1NJT05fRElNRU5TSU9OX1FVRVJZX0NPVU5UUlkKICBtZWFzdXJlbWVudF9kaW1lbnNpb25fdmFsdWUgewogICAgc3RyaW5nX3ZhbHVlOiAiVVMiCiAgfQp9CmltcHJlc3Npb25fbWVhc3VyZW1lbnRfZGltZW5zaW9uc19kYXRhIHsKICBtZWFzdXJlbWVudF9kaW1lbnNpb246IElNUFJFU1NJT05fRElNRU5TSU9OX1BMQUNFTUVOVF9JRAogIG1lYXN1cmVtZW50X2RpbWVuc2lvbl92YWx1ZSB7CiAgICBpbnQ2NF92YWx1ZTogMzMyMTc1NDM3CiAgfQp9CmltcHJlc3Npb25fbWVhc3VyZW1lbnRfZGltZW5zaW9uc19kYXRhIHsKICBtZWFzdXJlbWVudF9kaW1lbnNpb246IElNUFJFU1NJT05fRElNRU5TSU9OX0RWM19BRFZFUlRJU0VSX0lECiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uX3ZhbHVlIHsKICAgIGludDY0X3ZhbHVlOiA4NzgyNDM2OTYKICB9Cn0KaW1wcmVzc2lvbl9tZWFzdXJlbWVudF9kaW1lbnNpb25zX2RhdGEgewogIG1lYXN1cmVtZW50X2RpbWVuc2lvbjogSU1QUkVTU0lPTl9ESU1FTlNJT05fRFYzX0xJTkVfSVRFTV9JRAogIG1lYXN1cmVtZW50X2RpbWVuc2lvbl92YWx1ZSB7CiAgICBpbnQ2NF92YWx1ZTogMTY2NjAxNDIwNjMKICB9Cn0KaW1wcmVzc2lvbl9tZWFzdXJlbWVudF9kaW1lbnNpb25zX2RhdGEgewogIG1lYXN1cmVtZW50X2RpbWVuc2lvbjogSU1QUkVTU0lPTl9ESU1FTlNJT05fRFYzX0NSRUFUSVZFX0lECiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uX3ZhbHVlIHsKICAgIGludDY0X3ZhbHVlOiA0MTYyMTY3ODcKICB9Cn0KYXJjaGV0eXBlX2lkOiAxMgphcmNoZXR5cGVfaWQ6IDEzCmFyY2hldHlwZV9pZDogMTQKYXJjaGV0eXBlX2lkOiAxNQphZHZlcnRpc2VyX2NvbnZlcnNpb25fZG9tYWluczogImh0dHBzOi8vcmVkaW50ZWxsaWdlbmNlLm5ldCIKYWR2ZXJ0aXNlcl9jb252ZXJzaW9uX2RvbWFpbnM6ICJodHRwczovL2FkLXNydi5uZXQiCmFkdmVydGlzZXJfY29udmVyc2lvbl9kb21haW5zOiAiaHR0cHM6Ly9rbGljay13ZWx0LmRlIgppbXByZXNzaW9uX2V2ZW50X3JlcG9ydGluZ193aW5kb3dfZGF5czogNApicm93c2VyX2F0dHJpYnV0aW9uX2FwaV9yZXF1ZXN0X3Byb2Nlc3NpbmdfYml0czogNzM4MTk3NTA0Cg Requested by Host: googleads.g.doubleclick.net URL: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 142.250.184.198 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra24s11-in-f6.1e100.net Software cafe / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://googleads.g.doubleclick.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36 Response headers pragma no-cache date Sun, 19 Nov 2023 16:21:45 GMT x-content-type-options nosniff attribution-reporting-register-source {"aggregation_keys":{"12":"0xc21fb59758cb6ec00000000000000000","13":"0xf790f3d82a3f410a0000000000000000","14":"0x3e72a8e3061eb7aa0000000000000000","15":"0x51970362f48408e90000000000000000"},"debug_key":"10186996417218334443","debug_reporting":true,"destination":"https://redintelligence.net","event_report_window":"345600","expiry":"2592000","filter_data":{"14":[],"8":["11868943"]},"priority":"0","source_event_id":"13693282153367851890"} server cafe p3p policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" content-type image/png access-control-allow-origin * cache-control no-cache, must-revalidate cross-origin-resource-policy cross-origin timing-allow-origin * alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 0 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H/1.1	200 OK	33lgkyejwpt3 Show response hal9000.redintelligence.net/zone/ Frame 932D	11 KB 4 KB	85ms 29ms	Script text/html	138.201.84.244 HETZNER-AS
General Check archive.org Show headers Download Go to Full URL https://hal9000.redintelligence.net/zone/33lgkyejwpt3?subid=&gdpr=&gdpr_consent=&rnd=1700410904307782&extVar[]=DV360_SSP:1&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCi9FBGDZaZcbkEojvn88PsKOW8A-m5b2gaZ2cnKfJD_AuEAEgrr-nmwFglYKAgLgHyAEJqQImacesD1CyPqgDAcgDmwSqBOoBT9A3ISbxwVuxvIWZcW6RKBrnK2wZnaqJnKcPCU8mhJ4XbK1_QdXBU2OTRoWsdpux5Ys6NPftMveYf3WexHBQSNVBb-bpuZr0GkksXYZOpTsqm3KrtqG-9XrRes8LMoQZJvuhJ5eyfyL6FebIpflcDYK4lriLNqszTqTnbnIx-Z-Wt6GUWJIIn9JjoCE7O2x0FEh_8MS1ZznX_nuHk1-E9gDWBNvDfwfEKIC6fL5cV5pU0_LRLpCMhquc1NXeJgxSfip4ZDHO2v5y2hDRMnnQciIBp9nibX26w9Yc0Z_ykY7jA3TfNzYP2DN-wATrj_yO9wPgBAOIBe-vlog-kAYBoAZNgAesrfWfA6gH2baxAqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBYIgOGAEBABGB8yAqoCOgKAQEi9_cE6gAoBmAsByAsBgAwBogwYKhYKFOS0sQLutbECtbixAuS0sQLutbECqg0CREWwE4fvsRXQEwDYEwOIFAHYFAHQFQH4FgGAFwE%26ae%3D1%26num%3D1%26cid%3DCAQSTwDICaaNAdVTiH2hLcoqEHHslJSU2SDO4ZDvaTlU1HcRwfBF4CSJ9O8DmAL2_SVkGemA9Y86sVls-DrW-v2g1wfxQYokCWUyj2pO5glutiYYAQ%26sig%3DAOD64_2DMs-EI1cGkGVqOC1GTyFGqQmQ4w%26client%3Dca-pub-6001787570359789%26dbm_c%3DAKAmf-CrowXLgC9YfyPPOtldapeHZXcdViB4b5FJpXT4f-YyqUiFbD2gvVD6EK1fO9lsFnqa46wcnP9pafnSRn8iqIT_fmglzFolCy2Rp-rC-y7hu0i6FTSkfqYfcwv_0ghX3DiWNd28TN5P-2GU6h06Lp2BEYqiKhHdFb9y0YVnoznGiUTixa8%26cry%3D1%26dbm_d%3DAKAmf-DAJ-XuRz3U-RPaNnnNgxtDX4PDKhwxViGOk4Xqemy-htnZSLhKQPapi_Gyu3bUKNeeOVsKr-pKsVcbhqsPUZKmZnDuQT_27myTcvSkO-4OE9VGETaECOI_OAwZSrfq51kxql6_1rUD2uA_l7wjR_IsDANB6SC4uNBYRZrRlIEVvzXUq_WOhTVEsl4gGa0-v2nU1PCfaxbNKO7c8JLs1lpiCpCovQMszeUDNUfpEJOhSBnR0A0TK0g2Kp-qbUXIxwcVjbg18gazoRQD1ypiYxxRPSOPcIe9vq1QJWEwWqyBSPMy6zQF-pG5y_eOEcen9aGjaNnYP6XGilFF8Q0UJoASUC7Az0ywB7EojpLngq0BU5LZrOUkt9_8FjjBbfp-cfAVJ69WhjT96gr0MpN6r0LYqFAo3tWau3yeRcrAbA5uQZ9KopZu7fI-ILyhNHxSvToHFelKZ6HhEt4MpZpUJw0oSOeUwoVIjFrCp1QwsmFTZecvANkWmsLNM2ZPuEMMdAfntXwshLiWhTAv2E44OwD2s0blZ3RZ5qpRIX5jyo0oNucQ9IXmexwM7Ph6lMnc4eQU0x54%26adurl%3D Requested by Host: googleads.g.doubleclick.net URL: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1 Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 138.201.84.244 , Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS static.244.84.201.138.clients.your-server.de Software Apache / Resource Hash c3669d1ccaf1226e5fc28a6514621cff03533f8df5bbf0117a2f8ed9af5be0e1 Request headers accept-language de-DE,de;q=0.9 Referer https://googleads.g.doubleclick.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36 Response headers Date Sun, 19 Nov 2023 16:21:45 GMT Content-Encoding gzip Server Apache Connection close Content-Length 4179 Vary Accept-Encoding Content-Type text/html; charset=UTF-8
GET H3	200	62bHydCX.html Show response tpc.googlesyndication.com/sodar/ Frame DCE0	38 KB 13 KB	24ms 23ms	Document text/html	2a00:1450:4001:800::2001 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://tpc.googlesyndication.com/sodar/62bHydCX.html Requested by Host: tpc.googlesyndication.com URL: https://tpc.googlesyndication.com/sodar/Q12zgMmT.js Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash eb66c7c9d097d5ba414230f422484c17fa6f37157d30e1ded2cc5f65a9667987 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://googleads.g.doubleclick.net/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers accept-ranges bytes age 69720 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 cache-control public, max-age=31536000 content-encoding br content-length 13045 content-type text/html cross-origin-opener-policy same-origin; report-to="adspam-signals-scs" cross-origin-resource-policy cross-origin date Sat, 18 Nov 2023 20:59:45 GMT expires Sun, 17 Nov 2024 20:59:45 GMT last-modified Fri, 25 Aug 2023 23:48:00 GMT report-to {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]} server sffe timing-allow-origin * vary Accept-Encoding x-content-type-options nosniff x-xss-protection 0
GET H/1.1	200 OK	request.php Show response hal900016.redintelligence.net/ Frame D20B Redirect Chain https://hal900016.redintelligence.net/request.php?zone=33lgkyejwpt3&nw=20&renderingType=javascript&namespace=7589270768&subid=&uid=8da3e8ccc3c0981e&screenSize=1600x1200&screenSizeAvail=1600x1200&cl... https://hal900016.redintelligence.net/request.php?zone=33lgkyejwpt3&nw=20&renderingType=javascript&namespace=7589270768&subid=&uid=8da3e8ccc3c0981e&screenSize=1600x1200&screenSizeAvail=1600x1200&cl...	3 KB 2 KB	148ms 91ms	Script application/x-javascript	138.201.220.30 HETZNER-AS
General Check archive.org Show headers Download Go to Full URL https://hal900016.redintelligence.net/request.php?zone=33lgkyejwpt3&nw=20&renderingType=javascript&namespace=7589270768&subid=&uid=8da3e8ccc3c0981e&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=0x0&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCZXKrGDZaZcXkEojvn88PsKOW8A-m5b2gaZ2cnKfJD_AuEAEgrr-nmwFglYKAgLgHyAEJqQImacesD1CyPqgDAcgDmwSqBOoBT9AUom0bgBw3ocb7Hm3zzzJH6_EzzPIDQOEgg2XlVgA0Rlnn94GlSw6neBhphzdSCF2-rmnzOyTQavRmwcAhJDX7_atiZTyZDzxuzY7kfUSpsaHJCdoV4567XCJ9eUgwn7naMlaAh4D-14QLMKmT063mvsssR8bOq52vlENy6pdiJZQCYV2CiAn9j049aMrtDIZMNAjycyMwBy7qt4zxLJS88RbyiSCff3Zc-7rgsUny2Z0lbQQRCeuEidhqks2a7TrsBJyN8krcS72JB2tKsHnSMW3ZwE8Dn7PSCSwAumvbmqoyI8q_b1HYwATrj_yO9wPgBAOIBe-vlog-kAYBoAZNgAesrfWfA6gH2baxAqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBYIgOGAEBABGB8yAqoCOgKAQEi9_cE6gAoBmAsByAsBgAwBogwYKhYKFOS0sQLutbECtbixAuS0sQLutbECqg0CREWwE4fvsRXQEwDYEwOIFAHYFAHQFQH4FgGAFwE%26ae%3D1%26num%3D1%26cid%3DCAQSTwDICaaNAdVTiH2hLcoqEHHslJSU2SDO4ZDvaTlU1HcRwfBF4CSJ9O8DmAL2_SVkGemA9Y86sVls-DrW-v2g1wfxQYokCWUyj2pO5glutiYYAQ%26sig%3DAOD64_0j-KyWiHBrosPjNBZfH1QuNTDMaQ%26client%3Dca-pub-6001787570359789%26dbm_c%3DAKAmf-Bb_vKoPPX6CQ89iRlMoMmM4FafTMrl6YWOgEy1VY5wMFNPtlExyCmh1inq7aIV5FVIZ9WMUWisiHlvSBur1U3lB5ymTNkh-UzmOMnLjPJ9ZOTSq0MpaAaZRsQ4vLU_JXR_5z_2tJyaAAC3hkhdnmRURT527nKgm12Ak_Ru6jERpnz3w-s%26cry%3D1%26dbm_d%3DAKAmf-D_iqa7DXwexZurPptjCXJxSU203Jm9pI6OOgYOwKOv8mJIbTrFMC7NAb5wIXoOpipVrDOEIpg3TmI1uEZ7P-WJu4dzmJ0Fpck8krVCdFUQwgxycoT_lGEyM1b97xnk0sgIAZmIBwxNslDFeiAruzyHVX0BTQTGSWIbkFDCgqH5e0HRO-v5tgSFZLlNjyCWn-N5Mu5Ouj6ZP0eh-UD-lgZp2jyJ5KvKySwzgaboSCDW6HZxYklxJB35N9BNW-hvocBC_TabNqkC6v7u87AhlJ9953GUgIZ-AQCuzGo2WjPp6BWh37DoSLALUGTIZqsS3PycMUOCPdKkYoaQz69DEUIGM4QqhsWUif51unapatpx3BTbJXOOJG5Kca8qhwV4tHw2_EgbGfqFuP5qJx8UGRd1ghefo82OyZcjFqGRZQ6nIkikrfEEA80-1jl1hKUfZ8W7xzV_X059ttD-M6qe7CkMAVzPYBPwV1-E9TwcZSg2He95odxlhBCzCtoYzIHaY_hTuqZLzoNYUlEeQQM0cZfoVeG8pliTt6Ytthp-56376Bz8Ym4lJrpoEJ2eW3HZAOIZBuxX%26adurl%3D&documentReferer=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fhtml%2Fr20231109%2Fr20110914%2Fzrt_lookup_fy2021.html%3Ffsb%3D1%23RS-1-%26adk%3D1812271804%26client%3Dca-pub-6001787570359789%26fa%3D4%26ifi%3D3%26uci%3Da!3%26btvi%3D1&ancestorOrigins=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Chttps%3A%2F%2Fwww.up-4ever.net&random=6456852358007&isIframe=1&container=&adPos=0x0&adPosCheck=0x0&adtagId=0&uidRedirect=1 Requested by Host: googleads.g.doubleclick.net URL: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1 Protocol HTTP/1.1 Server 138.201.220.30 , Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS static.30.220.201.138.clients.your-server.de Software Apache / Resource Hash 19d055d16fa0eaf36b1a488bf3feef209bab40fce684abef3dfa1ec3bc25f649 Request headers accept-language de-DE,de;q=0.9 Referer https://googleads.g.doubleclick.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36 Response headers Pragma no-cache Date Sun, 19 Nov 2023 16:21:45 GMT Content-Encoding gzip Server Apache Vary Accept-Encoding P3P CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM" Content-Type application/x-javascript; charset=utf-8 Cache-Control no-store, no-cache, must-revalidate, max-age=0 X-NEORY-SubId 65579000083252404444556012513016 Connection close Content-Length 1112 Expires Sun, 19 Nov 2023 16:21:45 +0100 Redirect headers Pragma no-cache Date Sun, 19 Nov 2023 16:21:45 GMT Server Apache P3P CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM" Location request.php?zone=33lgkyejwpt3&nw=20&renderingType=javascript&namespace=7589270768&subid=&uid=8da3e8ccc3c0981e&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=0x0&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCZXKrGDZaZcXkEojvn88PsKOW8A-m5b2gaZ2cnKfJD_AuEAEgrr-nmwFglYKAgLgHyAEJqQImacesD1CyPqgDAcgDmwSqBOoBT9AUom0bgBw3ocb7Hm3zzzJH6_EzzPIDQOEgg2XlVgA0Rlnn94GlSw6neBhphzdSCF2-rmnzOyTQavRmwcAhJDX7_atiZTyZDzxuzY7kfUSpsaHJCdoV4567XCJ9eUgwn7naMlaAh4D-14QLMKmT063mvsssR8bOq52vlENy6pdiJZQCYV2CiAn9j049aMrtDIZMNAjycyMwBy7qt4zxLJS88RbyiSCff3Zc-7rgsUny2Z0lbQQRCeuEidhqks2a7TrsBJyN8krcS72JB2tKsHnSMW3ZwE8Dn7PSCSwAumvbmqoyI8q_b1HYwATrj_yO9wPgBAOIBe-vlog-kAYBoAZNgAesrfWfA6gH2baxAqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBYIgOGAEBABGB8yAqoCOgKAQEi9_cE6gAoBmAsByAsBgAwBogwYKhYKFOS0sQLutbECtbixAuS0sQLutbECqg0CREWwE4fvsRXQEwDYEwOIFAHYFAHQFQH4FgGAFwE%26ae%3D1%26num%3D1%26cid%3DCAQSTwDICaaNAdVTiH2hLcoqEHHslJSU2SDO4ZDvaTlU1HcRwfBF4CSJ9O8DmAL2_SVkGemA9Y86sVls-DrW-v2g1wfxQYokCWUyj2pO5glutiYYAQ%26sig%3DAOD64_0j-KyWiHBrosPjNBZfH1QuNTDMaQ%26client%3Dca-pub-6001787570359789%26dbm_c%3DAKAmf-Bb_vKoPPX6CQ89iRlMoMmM4FafTMrl6YWOgEy1VY5wMFNPtlExyCmh1inq7aIV5FVIZ9WMUWisiHlvSBur1U3lB5ymTNkh-UzmOMnLjPJ9ZOTSq0MpaAaZRsQ4vLU_JXR_5z_2tJyaAAC3hkhdnmRURT527nKgm12Ak_Ru6jERpnz3w-s%26cry%3D1%26dbm_d%3DAKAmf-D_iqa7DXwexZurPptjCXJxSU203Jm9pI6OOgYOwKOv8mJIbTrFMC7NAb5wIXoOpipVrDOEIpg3TmI1uEZ7P-WJu4dzmJ0Fpck8krVCdFUQwgxycoT_lGEyM1b97xnk0sgIAZmIBwxNslDFeiAruzyHVX0BTQTGSWIbkFDCgqH5e0HRO-v5tgSFZLlNjyCWn-N5Mu5Ouj6ZP0eh-UD-lgZp2jyJ5KvKySwzgaboSCDW6HZxYklxJB35N9BNW-hvocBC_TabNqkC6v7u87AhlJ9953GUgIZ-AQCuzGo2WjPp6BWh37DoSLALUGTIZqsS3PycMUOCPdKkYoaQz69DEUIGM4QqhsWUif51unapatpx3BTbJXOOJG5Kca8qhwV4tHw2_EgbGfqFuP5qJx8UGRd1ghefo82OyZcjFqGRZQ6nIkikrfEEA80-1jl1hKUfZ8W7xzV_X059ttD-M6qe7CkMAVzPYBPwV1-E9TwcZSg2He95odxlhBCzCtoYzIHaY_hTuqZLzoNYUlEeQQM0cZfoVeG8pliTt6Ytthp-56376Bz8Ym4lJrpoEJ2eW3HZAOIZBuxX%26adurl%3D&documentReferer=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fhtml%2Fr20231109%2Fr20110914%2Fzrt_lookup_fy2021.html%3Ffsb%3D1%23RS-1-%26adk%3D1812271804%26client%3Dca-pub-6001787570359789%26fa%3D4%26ifi%3D3%26uci%3Da!3%26btvi%3D1&ancestorOrigins=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Chttps%3A%2F%2Fwww.up-4ever.net&random=6456852358007&isIframe=1&container=&adPos=0x0&adPosCheck=0x0&adtagId=0&uidRedirect=1 Content-Type text/html; charset=UTF-8 Cache-Control no-store, no-cache, must-revalidate, max-age=0 Connection close Content-Length 0 Expires Sun, 19 Nov 2023 16:21:45 +0100
GET H3	200	62bHydCX.html Show response tpc.googlesyndication.com/sodar/ Frame DF51	38 KB 13 KB	24ms 24ms	Document text/html	2a00:1450:4001:800::2001 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://tpc.googlesyndication.com/sodar/62bHydCX.html Requested by Host: tpc.googlesyndication.com URL: https://tpc.googlesyndication.com/sodar/Q12zgMmT.js Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash eb66c7c9d097d5ba414230f422484c17fa6f37157d30e1ded2cc5f65a9667987 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://googleads.g.doubleclick.net/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers accept-ranges bytes age 69720 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 cache-control public, max-age=31536000 content-encoding br content-length 13045 content-type text/html cross-origin-opener-policy same-origin; report-to="adspam-signals-scs" cross-origin-resource-policy cross-origin date Sat, 18 Nov 2023 20:59:45 GMT expires Sun, 17 Nov 2024 20:59:45 GMT last-modified Fri, 25 Aug 2023 23:48:00 GMT report-to {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]} server sffe timing-allow-origin * vary Accept-Encoding x-content-type-options nosniff x-xss-protection 0
GET H3	200	GOa2ZK97xVqw-WOSDw2lqG4V8l_qTiI5JNj0tnI6N88.js Show response pagead2.googlesyndication.com/bg/ Frame DCE0	39 KB 15 KB	22ms 22ms	Script text/javascript	2a00:1450:4001:810::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://pagead2.googlesyndication.com/bg/GOa2ZK97xVqw-WOSDw2lqG4V8l_qTiI5JNj0tnI6N88.js Requested by Host: tpc.googlesyndication.com URL: https://tpc.googlesyndication.com/sodar/62bHydCX.html Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 18e6b664af7bc55ab0f963920f0da5a86e15f25fea4e223924d8f4b6723a37cf Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://tpc.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36 Response headers date Sun, 19 Nov 2023 10:17:57 GMT content-encoding br x-content-type-options nosniff age 21828 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 15296 x-xss-protection 0 last-modified Mon, 06 Nov 2023 16:38:00 GMT server sffe cross-origin-opener-policy same-origin; report-to="botguard-scs" vary Accept-Encoding report-to {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]} content-type text/javascript cache-control public, max-age=31536000 accept-ranges bytes expires Mon, 18 Nov 2024 10:17:57 GMT
GET H/1.1	200 OK	request.php Show response hal900026.redintelligence.net/ Frame 932D Redirect Chain https://hal900026.redintelligence.net/request.php?zone=33lgkyejwpt3&nw=20&renderingType=javascript&namespace=6bf4c2393c&subid=&uid=2056731acc78e908&screenSize=1600x1200&screenSizeAvail=1600x1200&cl... https://hal900026.redintelligence.net/request.php?zone=33lgkyejwpt3&nw=20&renderingType=javascript&namespace=6bf4c2393c&subid=&uid=2056731acc78e908&screenSize=1600x1200&screenSizeAvail=1600x1200&cl...	3 KB 2 KB	160ms 104ms	Script application/x-javascript	138.201.84.244 HETZNER-AS
General Check archive.org Show headers Download Go to Full URL https://hal900026.redintelligence.net/request.php?zone=33lgkyejwpt3&nw=20&renderingType=javascript&namespace=6bf4c2393c&subid=&uid=2056731acc78e908&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=0x0&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCi9FBGDZaZcbkEojvn88PsKOW8A-m5b2gaZ2cnKfJD_AuEAEgrr-nmwFglYKAgLgHyAEJqQImacesD1CyPqgDAcgDmwSqBOoBT9A3ISbxwVuxvIWZcW6RKBrnK2wZnaqJnKcPCU8mhJ4XbK1_QdXBU2OTRoWsdpux5Ys6NPftMveYf3WexHBQSNVBb-bpuZr0GkksXYZOpTsqm3KrtqG-9XrRes8LMoQZJvuhJ5eyfyL6FebIpflcDYK4lriLNqszTqTnbnIx-Z-Wt6GUWJIIn9JjoCE7O2x0FEh_8MS1ZznX_nuHk1-E9gDWBNvDfwfEKIC6fL5cV5pU0_LRLpCMhquc1NXeJgxSfip4ZDHO2v5y2hDRMnnQciIBp9nibX26w9Yc0Z_ykY7jA3TfNzYP2DN-wATrj_yO9wPgBAOIBe-vlog-kAYBoAZNgAesrfWfA6gH2baxAqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBYIgOGAEBABGB8yAqoCOgKAQEi9_cE6gAoBmAsByAsBgAwBogwYKhYKFOS0sQLutbECtbixAuS0sQLutbECqg0CREWwE4fvsRXQEwDYEwOIFAHYFAHQFQH4FgGAFwE%26ae%3D1%26num%3D1%26cid%3DCAQSTwDICaaNAdVTiH2hLcoqEHHslJSU2SDO4ZDvaTlU1HcRwfBF4CSJ9O8DmAL2_SVkGemA9Y86sVls-DrW-v2g1wfxQYokCWUyj2pO5glutiYYAQ%26sig%3DAOD64_2DMs-EI1cGkGVqOC1GTyFGqQmQ4w%26client%3Dca-pub-6001787570359789%26dbm_c%3DAKAmf-CrowXLgC9YfyPPOtldapeHZXcdViB4b5FJpXT4f-YyqUiFbD2gvVD6EK1fO9lsFnqa46wcnP9pafnSRn8iqIT_fmglzFolCy2Rp-rC-y7hu0i6FTSkfqYfcwv_0ghX3DiWNd28TN5P-2GU6h06Lp2BEYqiKhHdFb9y0YVnoznGiUTixa8%26cry%3D1%26dbm_d%3DAKAmf-DAJ-XuRz3U-RPaNnnNgxtDX4PDKhwxViGOk4Xqemy-htnZSLhKQPapi_Gyu3bUKNeeOVsKr-pKsVcbhqsPUZKmZnDuQT_27myTcvSkO-4OE9VGETaECOI_OAwZSrfq51kxql6_1rUD2uA_l7wjR_IsDANB6SC4uNBYRZrRlIEVvzXUq_WOhTVEsl4gGa0-v2nU1PCfaxbNKO7c8JLs1lpiCpCovQMszeUDNUfpEJOhSBnR0A0TK0g2Kp-qbUXIxwcVjbg18gazoRQD1ypiYxxRPSOPcIe9vq1QJWEwWqyBSPMy6zQF-pG5y_eOEcen9aGjaNnYP6XGilFF8Q0UJoASUC7Az0ywB7EojpLngq0BU5LZrOUkt9_8FjjBbfp-cfAVJ69WhjT96gr0MpN6r0LYqFAo3tWau3yeRcrAbA5uQZ9KopZu7fI-ILyhNHxSvToHFelKZ6HhEt4MpZpUJw0oSOeUwoVIjFrCp1QwsmFTZecvANkWmsLNM2ZPuEMMdAfntXwshLiWhTAv2E44OwD2s0blZ3RZ5qpRIX5jyo0oNucQ9IXmexwM7Ph6lMnc4eQU0x54%26adurl%3D&documentReferer=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fhtml%2Fr20231109%2Fr20110914%2Fzrt_lookup_fy2021.html%3Ffsb%3D1%23RS-2-%26adk%3D1812271803%26client%3Dca-pub-6001787570359789%26fa%3D3%26ifi%3D4%26uci%3Da!4%26btvi%3D2&ancestorOrigins=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Chttps%3A%2F%2Fwww.up-4ever.net&random=9145879072423&isIframe=1&container=&adPos=0x0&adPosCheck=0x0&adtagId=0&uidRedirect=1 Requested by Host: googleads.g.doubleclick.net URL: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1 Protocol HTTP/1.1 Server 138.201.84.244 , Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS static.244.84.201.138.clients.your-server.de Software Apache / Resource Hash a7a3a501490e904976b3f4630e55f5cf3cb68a1a262095b98f3a12a7f11f8649 Request headers accept-language de-DE,de;q=0.9 Referer https://googleads.g.doubleclick.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36 Response headers Pragma no-cache Date Sun, 19 Nov 2023 16:21:45 GMT Content-Encoding gzip Server Apache Vary Accept-Encoding P3P CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM" Content-Type application/x-javascript; charset=utf-8 Cache-Control no-store, no-cache, must-revalidate, max-age=0 X-NEORY-SubId 68478800076149004444556012513026 Connection close Content-Length 1113 Expires Sun, 19 Nov 2023 16:21:45 +0100 Redirect headers Pragma no-cache Date Sun, 19 Nov 2023 16:21:45 GMT Server Apache P3P CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM" Location request.php?zone=33lgkyejwpt3&nw=20&renderingType=javascript&namespace=6bf4c2393c&subid=&uid=2056731acc78e908&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=0x0&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCi9FBGDZaZcbkEojvn88PsKOW8A-m5b2gaZ2cnKfJD_AuEAEgrr-nmwFglYKAgLgHyAEJqQImacesD1CyPqgDAcgDmwSqBOoBT9A3ISbxwVuxvIWZcW6RKBrnK2wZnaqJnKcPCU8mhJ4XbK1_QdXBU2OTRoWsdpux5Ys6NPftMveYf3WexHBQSNVBb-bpuZr0GkksXYZOpTsqm3KrtqG-9XrRes8LMoQZJvuhJ5eyfyL6FebIpflcDYK4lriLNqszTqTnbnIx-Z-Wt6GUWJIIn9JjoCE7O2x0FEh_8MS1ZznX_nuHk1-E9gDWBNvDfwfEKIC6fL5cV5pU0_LRLpCMhquc1NXeJgxSfip4ZDHO2v5y2hDRMnnQciIBp9nibX26w9Yc0Z_ykY7jA3TfNzYP2DN-wATrj_yO9wPgBAOIBe-vlog-kAYBoAZNgAesrfWfA6gH2baxAqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBYIgOGAEBABGB8yAqoCOgKAQEi9_cE6gAoBmAsByAsBgAwBogwYKhYKFOS0sQLutbECtbixAuS0sQLutbECqg0CREWwE4fvsRXQEwDYEwOIFAHYFAHQFQH4FgGAFwE%26ae%3D1%26num%3D1%26cid%3DCAQSTwDICaaNAdVTiH2hLcoqEHHslJSU2SDO4ZDvaTlU1HcRwfBF4CSJ9O8DmAL2_SVkGemA9Y86sVls-DrW-v2g1wfxQYokCWUyj2pO5glutiYYAQ%26sig%3DAOD64_2DMs-EI1cGkGVqOC1GTyFGqQmQ4w%26client%3Dca-pub-6001787570359789%26dbm_c%3DAKAmf-CrowXLgC9YfyPPOtldapeHZXcdViB4b5FJpXT4f-YyqUiFbD2gvVD6EK1fO9lsFnqa46wcnP9pafnSRn8iqIT_fmglzFolCy2Rp-rC-y7hu0i6FTSkfqYfcwv_0ghX3DiWNd28TN5P-2GU6h06Lp2BEYqiKhHdFb9y0YVnoznGiUTixa8%26cry%3D1%26dbm_d%3DAKAmf-DAJ-XuRz3U-RPaNnnNgxtDX4PDKhwxViGOk4Xqemy-htnZSLhKQPapi_Gyu3bUKNeeOVsKr-pKsVcbhqsPUZKmZnDuQT_27myTcvSkO-4OE9VGETaECOI_OAwZSrfq51kxql6_1rUD2uA_l7wjR_IsDANB6SC4uNBYRZrRlIEVvzXUq_WOhTVEsl4gGa0-v2nU1PCfaxbNKO7c8JLs1lpiCpCovQMszeUDNUfpEJOhSBnR0A0TK0g2Kp-qbUXIxwcVjbg18gazoRQD1ypiYxxRPSOPcIe9vq1QJWEwWqyBSPMy6zQF-pG5y_eOEcen9aGjaNnYP6XGilFF8Q0UJoASUC7Az0ywB7EojpLngq0BU5LZrOUkt9_8FjjBbfp-cfAVJ69WhjT96gr0MpN6r0LYqFAo3tWau3yeRcrAbA5uQZ9KopZu7fI-ILyhNHxSvToHFelKZ6HhEt4MpZpUJw0oSOeUwoVIjFrCp1QwsmFTZecvANkWmsLNM2ZPuEMMdAfntXwshLiWhTAv2E44OwD2s0blZ3RZ5qpRIX5jyo0oNucQ9IXmexwM7Ph6lMnc4eQU0x54%26adurl%3D&documentReferer=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fhtml%2Fr20231109%2Fr20110914%2Fzrt_lookup_fy2021.html%3Ffsb%3D1%23RS-2-%26adk%3D1812271803%26client%3Dca-pub-6001787570359789%26fa%3D3%26ifi%3D4%26uci%3Da!4%26btvi%3D2&ancestorOrigins=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Chttps%3A%2F%2Fwww.up-4ever.net&random=9145879072423&isIframe=1&container=&adPos=0x0&adPosCheck=0x0&adtagId=0&uidRedirect=1 Content-Type text/html; charset=UTF-8 Cache-Control no-store, no-cache, must-revalidate, max-age=0 Connection close Content-Length 0 Expires Sun, 19 Nov 2023 16:21:45 +0100
GET H3	200	GOa2ZK97xVqw-WOSDw2lqG4V8l_qTiI5JNj0tnI6N88.js Show response pagead2.googlesyndication.com/bg/ Frame DF51	39 KB 15 KB	22ms 21ms	Script text/javascript	2a00:1450:4001:810::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://pagead2.googlesyndication.com/bg/GOa2ZK97xVqw-WOSDw2lqG4V8l_qTiI5JNj0tnI6N88.js Requested by Host: tpc.googlesyndication.com URL: https://tpc.googlesyndication.com/sodar/62bHydCX.html Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 18e6b664af7bc55ab0f963920f0da5a86e15f25fea4e223924d8f4b6723a37cf Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://tpc.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36 Response headers date Sun, 19 Nov 2023 10:17:57 GMT content-encoding br x-content-type-options nosniff age 21828 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 15296 x-xss-protection 0 last-modified Mon, 06 Nov 2023 16:38:00 GMT server sffe cross-origin-opener-policy same-origin; report-to="botguard-scs" vary Accept-Encoding report-to {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]} content-type text/javascript cache-control public, max-age=31536000 accept-ranges bytes expires Mon, 18 Nov 2024 10:17:57 GMT
GET H3	204	gen_204 pagead2.googlesyndication.com/pagead/ Frame DCE0	0 20 B	59ms 58ms	Image image/gif	2a00:1450:4001:810::2002 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=44&t=2&bgai=BpV9GGTZaZf_1DvrY7_UPt_25yAcAAAAAOAHgBAI&bg=!FxSlFFvNAAZxrfrxUa07ADQBe5WfOGuUH3G5jYJgP_jYUK4MrJZAW1dbBifgq4H_iRJ-U-EC8mW8SRzrFZQC3nZaxplyAgAAAHFSAAAABGgBBwoANcpJQgMIGNfJgZ5-TfK7Z8KrJvLAaRTDwdeSzm63N90lTTQwwXG_RNAf4AeN2LlGMOf7KDAGmQL_ITho40X8xgx83FazjxCHEA6NrqSK2u52SkEaCWNKogJI5eKamy-UFzw1Rpt89QPSv74Gom83001NRBKwePENzyHQq76oIfwjOKH_kIEhDd4GsrYtUyMs2eQs6bhi1kv_QVNqO_IzvLHzQp66_dAsWhCYVubVA3tRdLeqsG6HvHp5QNk6b1ijz5T5Lur6K_qVNmOIt_7t3ksTRdKDyXVXZKFj7nfuA76WdPUv8u_G1Uz4E9okUX6sMAtucGKGaNGOqwxbDeBH_nuQtCpyyScpJxKDHmjXu6xbP4OoFMM5flQrGV2dqhrnr5oPsiV4RkxAYTj43pZF9dbrJMAd2euVu5m_KAW0OuA6VQItK7Tc0T2B2dyZpiIg5ejQQuV6ppwpppWrlsyaxnLyXOaSqn7SaAWgHCoXUGMyZTWsHAuti6soPZtPWk23OiXeaZDAz4DiVYvyEu1bw4LdY6wKvuxeGso5SQ3WrdPSMeFTg-UZYFFEj2EyZ3g4nztBsVL21QzU9lxU93_nz14ShURtTLQQQggXpalAqxdB7LFs4J6-__B6mfi_aLEtqJGELnrSzaWSvPSTu-bUYieNGLJIMDHXsTaK8naraMTgnXGMnJIGQ55VREDd8P-uIXmqxopgPlJKjisUl27uR_EbXGoJPaNbS3W0hVKYmPQBdj1nDZgwJ0g8kaqKH0Gl6hXi5nC6-PhObctSsPbW4NWji7QgIqlHyBl0Rx5rFl7Bh492rK7NyHv0DUnVINJatLBmNk4OqBNHIzujVFxMSDqX9NTEHqMIU3I3tO4rSwBt_vJ7-nnldR0zDCw7gpWJI_pXbiqd7A88YhScLQ5OTLXVqi8OXiHUl8ATWqvX3jOcwVbWWRmzYuprJ-OCodC1vyTdmlhakGSvMJ82e_QIg_D484RumiktOMfbqIyD90kqPrWnOb3DefOPZCVfWw_1qiz4OqXOn9ER5EiWn0Vk8CsGmxNouOZQZQN1_A0ZQkvSYIpBwe-JtCrC0QAz9fLwQTgqAEmQ_II Requested by Host: googleads.g.doubleclick.net URL: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1 Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://tpc.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36 Response headers pragma no-cache date Sun, 19 Nov 2023 16:21:45 GMT x-content-type-options nosniff server cafe content-type image/gif p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cache-control no-cache, must-revalidate cross-origin-resource-policy cross-origin timing-allow-origin * alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 0 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H3	204	gen_204 pagead2.googlesyndication.com/pagead/ Frame DF51	0 20 B	59ms 58ms	Image image/gif	2a00:1450:4001:810::2002 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=44&t=2&bgai=BCJKwGTZaZYrqEpC0juwP0s2lqAcAAAAAOAHgBAI&bg=!zM-lz4DNAAZxrfrxUa07ADQBe5WfOMmyyaFWctHeLmHI5RT_XHQkGFEjpUpoiLlPRV3Jd94q6PAbmcxGyrI57Sm7CpfBAgAAAGlSAAAAAmgBBwoALnu2S2_VyXH0yHai7d6xNlJHf64_a3NrNGhg8O1RYbl5GNoIsU9kYLggJCqhBZCZAwpckQMHjz3bxL4s_T44DCaltKmvrYTVIqnBbmOI8MRtSnMXUW_nN9tiRMTsHnbLPH0VuasfcVeJeoHXPoDEzhSz-ZhxsEz78EN35y4YeitaWJ4RmQoF6RY5R-MTpKxAThxOxvG_yup4_8c68vXFRY5pzaOY3DUa51cvN0-Kk6vgUZyo6h1_kmUXFJWGb-dwypgNgnNTreYouiVQ5xC_JqZZJVKEKqnRo5aRBYTtIyiq-NmBgiNJ5QhWaHNNIFIqN8VDjY1zy7HHagai-M3l_-aKvHpx0tcfjAfvpUsjS5lZRuV5u-0XbpsUltrD20VaY8chfuWgeLtOKqHCT-bKlOtCrrpfYLumEnywPMyWrFlbxbqvLGotPBQ6xetkmoU5xD9wHyj98XKTlb4lwhuuy3u0AQP-MJ6tY--egaKwCUNl33IKXN_SdYwiQV9jh6ID7YBn9931bJB8ngE85DggrE51TfZq25RB7GvEy3FPi3aaEJEEFZGTnRWdDDMykUpZTFfsar2nUBpZWTpLf9FyhJ-jUAh4vHu-3xoft6iPzo9e9DQpxIxvMqt9PU4dIsY5iQAB7Ekg54WR5dHS9aPF59MWJepOkN63FjNRzxyIAmDPzlBI9V42SkJ2_930-jofJi5gplpOZOBAW09uYnXm19PYzUiZG_U8glSKy4pI5wE65V8taSBRd0G_NrxAcEjVNzeyvX5aX3bfaO4p6z5K7tWitOmeIvYcSb4vj3NWVao1dVo02BgU59hnSCjWreSG_DRud1VvdxQJ407qO_Qz1JS_w_PfQ7zUnE0YF7eRocaDNOdytELs8NWs59QZT2OHkftcKnSCCrsFoNjkWCiYwLUMc36LDm0-XXBMu9IcS5tpFgGjDB9mSbYaX0xCIhhSRA2yDr95r4D73BsLl7hpaEfypw7iEvNSnX_5KaAFNOxUgwdJ0eYjWTDC8bfswzOJ35wHVYWzi2PKHbxTSdWKDKGxpJpwyB6MCzj3q0STghn1NaSCWIDCWuiVJZx7baavXphGXykkeZ4RYCH9 Requested by Host: googleads.g.doubleclick.net URL: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1 Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://tpc.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36 Response headers pragma no-cache date Sun, 19 Nov 2023 16:21:45 GMT x-content-type-options nosniff server cafe content-type image/gif p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cache-control no-cache, must-revalidate cross-origin-resource-policy cross-origin timing-allow-origin * alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 0 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	view.aspx Show response pb.media01.eu/ Frame 7230 Redirect Chain https://pv.medialead.de/trck/epv/e99aace94e6e5873881d3400993e1e7e?subid=65579000083252404444556012513016&t=htlp&gdpr=1&consent=1&gdpr_consent= https://pb.media01.eu/view.aspx?trackid=529D4F146E3238B0FD87AE72E1190AD4&dt_subid1=52180&dt_subid2=65579000083252404444556012513016&actionid=879111&produktid=ratenkredit&dt_url=	0 630 B	140ms 60ms	Document text/html	88.198.250.30 HETZNER-AS
General Check archive.org Show headers Download Go to Full URL https://pb.media01.eu/view.aspx?trackid=529D4F146E3238B0FD87AE72E1190AD4&dt_subid1=52180&dt_subid2=65579000083252404444556012513016&actionid=879111&produktid=ratenkredit&dt_url= Requested by Host: hal900016.redintelligence.net URL: https://hal900016.redintelligence.net/request.php?zone=33lgkyejwpt3&nw=20&renderingType=javascript&namespace=7589270768&subid=&uid=8da3e8ccc3c0981e&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=0x0&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCZXKrGDZaZcXkEojvn88PsKOW8A-m5b2gaZ2cnKfJD_AuEAEgrr-nmwFglYKAgLgHyAEJqQImacesD1CyPqgDAcgDmwSqBOoBT9AUom0bgBw3ocb7Hm3zzzJH6_EzzPIDQOEgg2XlVgA0Rlnn94GlSw6neBhphzdSCF2-rmnzOyTQavRmwcAhJDX7_atiZTyZDzxuzY7kfUSpsaHJCdoV4567XCJ9eUgwn7naMlaAh4D-14QLMKmT063mvsssR8bOq52vlENy6pdiJZQCYV2CiAn9j049aMrtDIZMNAjycyMwBy7qt4zxLJS88RbyiSCff3Zc-7rgsUny2Z0lbQQRCeuEidhqks2a7TrsBJyN8krcS72JB2tKsHnSMW3ZwE8Dn7PSCSwAumvbmqoyI8q_b1HYwATrj_yO9wPgBAOIBe-vlog-kAYBoAZNgAesrfWfA6gH2baxAqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBYIgOGAEBABGB8yAqoCOgKAQEi9_cE6gAoBmAsByAsBgAwBogwYKhYKFOS0sQLutbECtbixAuS0sQLutbECqg0CREWwE4fvsRXQEwDYEwOIFAHYFAHQFQH4FgGAFwE%26ae%3D1%26num%3D1%26cid%3DCAQSTwDICaaNAdVTiH2hLcoqEHHslJSU2SDO4ZDvaTlU1HcRwfBF4CSJ9O8DmAL2_SVkGemA9Y86sVls-DrW-v2g1wfxQYokCWUyj2pO5glutiYYAQ%26sig%3DAOD64_0j-KyWiHBrosPjNBZfH1QuNTDMaQ%26client%3Dca-pub-6001787570359789%26dbm_c%3DAKAmf-Bb_vKoPPX6CQ89iRlMoMmM4FafTMrl6YWOgEy1VY5wMFNPtlExyCmh1inq7aIV5FVIZ9WMUWisiHlvSBur1U3lB5ymTNkh-UzmOMnLjPJ9ZOTSq0MpaAaZRsQ4vLU_JXR_5z_2tJyaAAC3hkhdnmRURT527nKgm12Ak_Ru6jERpnz3w-s%26cry%3D1%26dbm_d%3DAKAmf-D_iqa7DXwexZurPptjCXJxSU203Jm9pI6OOgYOwKOv8mJIbTrFMC7NAb5wIXoOpipVrDOEIpg3TmI1uEZ7P-WJu4dzmJ0Fpck8krVCdFUQwgxycoT_lGEyM1b97xnk0sgIAZmIBwxNslDFeiAruzyHVX0BTQTGSWIbkFDCgqH5e0HRO-v5tgSFZLlNjyCWn-N5Mu5Ouj6ZP0eh-UD-lgZp2jyJ5KvKySwzgaboSCDW6HZxYklxJB35N9BNW-hvocBC_TabNqkC6v7u87AhlJ9953GUgIZ-AQCuzGo2WjPp6BWh37DoSLALUGTIZqsS3PycMUOCPdKkYoaQz69DEUIGM4QqhsWUif51unapatpx3BTbJXOOJG5Kca8qhwV4tHw2_EgbGfqFuP5qJx8UGRd1ghefo82OyZcjFqGRZQ6nIkikrfEEA80-1jl1hKUfZ8W7xzV_X059ttD-M6qe7CkMAVzPYBPwV1-E9TwcZSg2He95odxlhBCzCtoYzIHaY_hTuqZLzoNYUlEeQQM0cZfoVeG8pliTt6Ytthp-56376Bz8Ym4lJrpoEJ2eW3HZAOIZBuxX%26adurl%3D&documentReferer=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fhtml%2Fr20231109%2Fr20110914%2Fzrt_lookup_fy2021.html%3Ffsb%3D1%23RS-1-%26adk%3D1812271804%26client%3Dca-pub-6001787570359789%26fa%3D4%26ifi%3D3%26uci%3Da!3%26btvi%3D1&ancestorOrigins=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Chttps%3A%2F%2Fwww.up-4ever.net&random=6456852358007&isIframe=1&container=&adPos=0x0&adPosCheck=0x0&adtagId=0 Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 88.198.250.30 , Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS static.88-198-250-30.clients.your-server.de Software Microsoft-IIS/10.0 / ASP.NET Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value X-Xss-Protection 1; mode=block Request headers Referer https://googleads.g.doubleclick.net/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers access-control-allow-credentials true access-control-allow-headers Content-Type, Content-Range, Content-Disposition, Content-Description, X-XSRF-TOKEN, X-Location access-control-allow-methods GET,POST access-control-allow-origin * cache-control no-cache, must-revalidate content-length 0 content-type text/html; charset=UTF-8 date Sun, 19 Nov 2023 16:21:45 GMT expires Mon, 26 Jul 1997 05:00:00 GMT last-modified Sun, 19 Nov 2023 05:21:45 GMT p3p policyref="https://pb.media01.eu/pb.media01.eu/p3p.xml", CP="NOI NID PSA OUR BUS NAV STA" pragma no-cache server Microsoft-IIS/10.0 x-aspnet-version 4.0.30319 x-powered-by ASP.NET x-xss-protection 1; mode=block Redirect headers access-control-allow-credentials true access-control-allow-origin * access-control-expose-headers X-Request-ID attribution-reporting-register-source {"source_event_id":"17200521800104416","destination":"https://trck.easy-m.de","expiry":5184000,"filter_data":{}} content-length 0 content-type application/javascript date Sun, 19 Nov 2023 16:21:45 GMT host pv.medialead.de keep-alive timeout=20 location https://pb.media01.eu/view.aspx?trackid=529D4F146E3238B0FD87AE72E1190AD4&dt_subid1=52180&dt_subid2=65579000083252404444556012513016&actionid=879111&produktid=ratenkredit&dt_url= proxy-host pv.medialead.de server nginx/1.17.5 strict-transport-security max-age=15768000 vary Origin x-iplb-instance 40027 x-iplb-request-id 5413AFB8:877E_91EFC182:01BB_655A3619_5D88BCB:1E87A
GET H2	200	/ Show response adv.office-partner.de/ Frame 7319	930 B 922 B	127ms 28ms	Document text/html	2a0b:4d07:102::1 PROINITY PROINITY
General Check archive.org Show headers Download Go to Full URL https://adv.office-partner.de/?utm_source=webgains&utm_campaign=webgains Requested by Host: hal900016.redintelligence.net URL: https://hal900016.redintelligence.net/request.php?zone=33lgkyejwpt3&nw=20&renderingType=javascript&namespace=7589270768&subid=&uid=8da3e8ccc3c0981e&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=0x0&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCZXKrGDZaZcXkEojvn88PsKOW8A-m5b2gaZ2cnKfJD_AuEAEgrr-nmwFglYKAgLgHyAEJqQImacesD1CyPqgDAcgDmwSqBOoBT9AUom0bgBw3ocb7Hm3zzzJH6_EzzPIDQOEgg2XlVgA0Rlnn94GlSw6neBhphzdSCF2-rmnzOyTQavRmwcAhJDX7_atiZTyZDzxuzY7kfUSpsaHJCdoV4567XCJ9eUgwn7naMlaAh4D-14QLMKmT063mvsssR8bOq52vlENy6pdiJZQCYV2CiAn9j049aMrtDIZMNAjycyMwBy7qt4zxLJS88RbyiSCff3Zc-7rgsUny2Z0lbQQRCeuEidhqks2a7TrsBJyN8krcS72JB2tKsHnSMW3ZwE8Dn7PSCSwAumvbmqoyI8q_b1HYwATrj_yO9wPgBAOIBe-vlog-kAYBoAZNgAesrfWfA6gH2baxAqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBYIgOGAEBABGB8yAqoCOgKAQEi9_cE6gAoBmAsByAsBgAwBogwYKhYKFOS0sQLutbECtbixAuS0sQLutbECqg0CREWwE4fvsRXQEwDYEwOIFAHYFAHQFQH4FgGAFwE%26ae%3D1%26num%3D1%26cid%3DCAQSTwDICaaNAdVTiH2hLcoqEHHslJSU2SDO4ZDvaTlU1HcRwfBF4CSJ9O8DmAL2_SVkGemA9Y86sVls-DrW-v2g1wfxQYokCWUyj2pO5glutiYYAQ%26sig%3DAOD64_0j-KyWiHBrosPjNBZfH1QuNTDMaQ%26client%3Dca-pub-6001787570359789%26dbm_c%3DAKAmf-Bb_vKoPPX6CQ89iRlMoMmM4FafTMrl6YWOgEy1VY5wMFNPtlExyCmh1inq7aIV5FVIZ9WMUWisiHlvSBur1U3lB5ymTNkh-UzmOMnLjPJ9ZOTSq0MpaAaZRsQ4vLU_JXR_5z_2tJyaAAC3hkhdnmRURT527nKgm12Ak_Ru6jERpnz3w-s%26cry%3D1%26dbm_d%3DAKAmf-D_iqa7DXwexZurPptjCXJxSU203Jm9pI6OOgYOwKOv8mJIbTrFMC7NAb5wIXoOpipVrDOEIpg3TmI1uEZ7P-WJu4dzmJ0Fpck8krVCdFUQwgxycoT_lGEyM1b97xnk0sgIAZmIBwxNslDFeiAruzyHVX0BTQTGSWIbkFDCgqH5e0HRO-v5tgSFZLlNjyCWn-N5Mu5Ouj6ZP0eh-UD-lgZp2jyJ5KvKySwzgaboSCDW6HZxYklxJB35N9BNW-hvocBC_TabNqkC6v7u87AhlJ9953GUgIZ-AQCuzGo2WjPp6BWh37DoSLALUGTIZqsS3PycMUOCPdKkYoaQz69DEUIGM4QqhsWUif51unapatpx3BTbJXOOJG5Kca8qhwV4tHw2_EgbGfqFuP5qJx8UGRd1ghefo82OyZcjFqGRZQ6nIkikrfEEA80-1jl1hKUfZ8W7xzV_X059ttD-M6qe7CkMAVzPYBPwV1-E9TwcZSg2He95odxlhBCzCtoYzIHaY_hTuqZLzoNYUlEeQQM0cZfoVeG8pliTt6Ytthp-56376Bz8Ym4lJrpoEJ2eW3HZAOIZBuxX%26adurl%3D&documentReferer=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fhtml%2Fr20231109%2Fr20110914%2Fzrt_lookup_fy2021.html%3Ffsb%3D1%23RS-1-%26adk%3D1812271804%26client%3Dca-pub-6001787570359789%26fa%3D4%26ifi%3D3%26uci%3Da!3%26btvi%3D1&ancestorOrigins=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Chttps%3A%2F%2Fwww.up-4ever.net&random=6456852358007&isIframe=1&container=&adPos=0x0&adPosCheck=0x0&adtagId=0 Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH), Reverse DNS Software keycdn / Resource Hash 384179ee8fb1fd393558e28ea811532ea776e8cd69f9e94f379ddefb78948bd7 Request headers Referer https://googleads.g.doubleclick.net/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers accept-ranges bytes access-control-allow-origin * cache-control max-age=604800 content-encoding gzip content-length 552 content-type text/html date Sun, 19 Nov 2023 16:21:45 GMT etag "3a2-5c1ab16b3be00-gzip" expires Sun, 26 Nov 2023 16:21:45 GMT last-modified Thu, 06 May 2021 15:37:28 GMT link <https://adv-srv.office-partner.de/?utm_source=webgains&utm_campaign=webgains>; rel="canonical" server keycdn vary Accept-Encoding x-accel-version 0.01 x-cache HIT x-edge-location defr
GET H2	200	link.html Show response track.webgains.com/ Frame D20B	2 KB 2 KB	175ms 80ms	Script text/html	18.132.222.111 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://track.webgains.com/link.html?wglinkid=2513145&wgcampaignid=99582&js=1&viewref=65579000083252404444556012513016&nw=1 Requested by Host: www.up-4ever.net URL: https://www.up-4ever.net/169wh99mvv5x Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 18.132.222.111 London, United Kingdom, ASN16509 (AMAZON-02, US), Reverse DNS ec2-18-132-222-111.eu-west-2.compute.amazonaws.com Software nginx / PHP/7.4.26 Resource Hash 9299fc00462725455732e62acee47a8aad899397ddeec34d4fee18e5eae2cdd3 Request headers accept-language de-DE,de;q=0.9 Referer https://googleads.g.doubleclick.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36 Response headers date Sun, 19 Nov 2023 16:21:46 GMT last-modified Sun, 19 Nov 2023 16:21:45 GMT server nginx x-powered-by PHP/7.4.26 access-control-allow-methods GET, POST, PUT, DELETE, OPTIONS content-type text/html; charset=UTF-8 access-control-allow-origin * cache-control private, max-age=60 access-control-allow-headers Authorization expires Sun, 19 Nov 2023 16:22:45 GMT
GET H/1.1	200 OK	request_content.php Show response hal900016.redintelligence.net/ Frame 2D26	7 KB 2 KB	85ms 29ms	Document text/html	138.201.220.30 HETZNER-AS
General Check archive.org Show headers Download Go to Full URL https://hal900016.redintelligence.net/request_content.php?s=65579000083252404444556012513016&a=737493f0 Requested by Host: hal900016.redintelligence.net URL: https://hal900016.redintelligence.net/request.php?zone=33lgkyejwpt3&nw=20&renderingType=javascript&namespace=7589270768&subid=&uid=8da3e8ccc3c0981e&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=0x0&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCZXKrGDZaZcXkEojvn88PsKOW8A-m5b2gaZ2cnKfJD_AuEAEgrr-nmwFglYKAgLgHyAEJqQImacesD1CyPqgDAcgDmwSqBOoBT9AUom0bgBw3ocb7Hm3zzzJH6_EzzPIDQOEgg2XlVgA0Rlnn94GlSw6neBhphzdSCF2-rmnzOyTQavRmwcAhJDX7_atiZTyZDzxuzY7kfUSpsaHJCdoV4567XCJ9eUgwn7naMlaAh4D-14QLMKmT063mvsssR8bOq52vlENy6pdiJZQCYV2CiAn9j049aMrtDIZMNAjycyMwBy7qt4zxLJS88RbyiSCff3Zc-7rgsUny2Z0lbQQRCeuEidhqks2a7TrsBJyN8krcS72JB2tKsHnSMW3ZwE8Dn7PSCSwAumvbmqoyI8q_b1HYwATrj_yO9wPgBAOIBe-vlog-kAYBoAZNgAesrfWfA6gH2baxAqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBYIgOGAEBABGB8yAqoCOgKAQEi9_cE6gAoBmAsByAsBgAwBogwYKhYKFOS0sQLutbECtbixAuS0sQLutbECqg0CREWwE4fvsRXQEwDYEwOIFAHYFAHQFQH4FgGAFwE%26ae%3D1%26num%3D1%26cid%3DCAQSTwDICaaNAdVTiH2hLcoqEHHslJSU2SDO4ZDvaTlU1HcRwfBF4CSJ9O8DmAL2_SVkGemA9Y86sVls-DrW-v2g1wfxQYokCWUyj2pO5glutiYYAQ%26sig%3DAOD64_0j-KyWiHBrosPjNBZfH1QuNTDMaQ%26client%3Dca-pub-6001787570359789%26dbm_c%3DAKAmf-Bb_vKoPPX6CQ89iRlMoMmM4FafTMrl6YWOgEy1VY5wMFNPtlExyCmh1inq7aIV5FVIZ9WMUWisiHlvSBur1U3lB5ymTNkh-UzmOMnLjPJ9ZOTSq0MpaAaZRsQ4vLU_JXR_5z_2tJyaAAC3hkhdnmRURT527nKgm12Ak_Ru6jERpnz3w-s%26cry%3D1%26dbm_d%3DAKAmf-D_iqa7DXwexZurPptjCXJxSU203Jm9pI6OOgYOwKOv8mJIbTrFMC7NAb5wIXoOpipVrDOEIpg3TmI1uEZ7P-WJu4dzmJ0Fpck8krVCdFUQwgxycoT_lGEyM1b97xnk0sgIAZmIBwxNslDFeiAruzyHVX0BTQTGSWIbkFDCgqH5e0HRO-v5tgSFZLlNjyCWn-N5Mu5Ouj6ZP0eh-UD-lgZp2jyJ5KvKySwzgaboSCDW6HZxYklxJB35N9BNW-hvocBC_TabNqkC6v7u87AhlJ9953GUgIZ-AQCuzGo2WjPp6BWh37DoSLALUGTIZqsS3PycMUOCPdKkYoaQz69DEUIGM4QqhsWUif51unapatpx3BTbJXOOJG5Kca8qhwV4tHw2_EgbGfqFuP5qJx8UGRd1ghefo82OyZcjFqGRZQ6nIkikrfEEA80-1jl1hKUfZ8W7xzV_X059ttD-M6qe7CkMAVzPYBPwV1-E9TwcZSg2He95odxlhBCzCtoYzIHaY_hTuqZLzoNYUlEeQQM0cZfoVeG8pliTt6Ytthp-56376Bz8Ym4lJrpoEJ2eW3HZAOIZBuxX%26adurl%3D&documentReferer=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fhtml%2Fr20231109%2Fr20110914%2Fzrt_lookup_fy2021.html%3Ffsb%3D1%23RS-1-%26adk%3D1812271804%26client%3Dca-pub-6001787570359789%26fa%3D4%26ifi%3D3%26uci%3Da!3%26btvi%3D1&ancestorOrigins=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Chttps%3A%2F%2Fwww.up-4ever.net&random=6456852358007&isIframe=1&container=&adPos=0x0&adPosCheck=0x0&adtagId=0 Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 138.201.220.30 , Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS static.30.220.201.138.clients.your-server.de Software Apache / Resource Hash b918db2b81000bdf414ad43029d1bdedebb326646e14166a756e509a03eee975 Request headers Referer https://googleads.g.doubleclick.net/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers Cache-Control no-store, no-cache, must-revalidate, max-age=0 Connection close Content-Encoding gzip Content-Length 2043 Content-Type text/html; charset=utf-8 Date Sun, 19 Nov 2023 16:21:45 GMT Expires Sun, 19 Nov 2023 16:21:45 +0100 P3P CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM" Pragma no-cache Server Apache Vary Accept-Encoding
GET H/1.1	200 OK	e99aace94e6e5873881d3400993e1e7e pv.medialead.de/trck/eview/ Frame D20B Redirect Chain https://medialead.de/trck/eview/e99aace94e6e5873881d3400993e1e7e?subid=65579000083252404444556012513016&t=htlp&gdpr=1&consent=1&gdpr_consent= https://pv.medialead.de/trck/eview/e99aace94e6e5873881d3400993e1e7e?subid=65579000083252404444556012513016&t=htlp&gdpr=1&consent=1&gdpr_consent=	43 B 666 B	68ms 44ms	Image image/gif	145.239.193.130 OVH
General Check archive.org Show headers Download Go to Show image Full URL https://pv.medialead.de/trck/eview/e99aace94e6e5873881d3400993e1e7e?subid=65579000083252404444556012513016&t=htlp&gdpr=1&consent=1&gdpr_consent= Requested by Host: googleads.g.doubleclick.net URL: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1 Protocol HTTP/1.1 Server 145.239.193.130 , France, ASN16276 (OVH, FR), Reverse DNS Software nginx/1.17.5 / Resource Hash 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87 Security Headers Name Value Strict-Transport-Security max-age=15768000 Request headers accept-language de-DE,de;q=0.9 Referer https://googleads.g.doubleclick.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36 Response headers date Sun, 19 Nov 2023 16:21:46 GMT strict-transport-security max-age=15768000 attribution-reporting-register-source {"source_event_id":"17200521800104416","destination":"https://trck.easy-m.de","expiry":5184000,"filter_data":{}} server nginx/1.17.5 host pv.medialead.de x-iplb-request-id 5413AFB8:877E_91EFC182:01BB_655A361A_5D88BD4:1E87A x-iplb-instance 40027 vary Origin content-type image/gif access-control-allow-origin * access-control-expose-headers X-Request-ID access-control-allow-credentials true keep-alive timeout=20 content-length 43 proxy-host pv.medialead.de Redirect headers location https://pv.medialead.de/trck/eview/e99aace94e6e5873881d3400993e1e7e?subid=65579000083252404444556012513016&t=htlp&gdpr=1&consent=1&gdpr_consent= date Sun, 19 Nov 2023 16:21:45 GMT server nginx content-length 154 content-type text/html
GET H/1.1	200 OK	cshow.php www.awin1.com/ Frame D20B	43 B 702 B	209ms 111ms	Image image/gif	23.56.205.163 AKAMAI-AS
General Check archive.org Show headers Download Go to Show image Full URL https://www.awin1.com/cshow.php?s=3266505&v=11601&q=357526&r=113440&pref1=65579000083252404444556012513016&pv=1 Requested by Host: googleads.g.doubleclick.net URL: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1 Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 23.56.205.163 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US), Reverse DNS a23-56-205-163.deploy.static.akamaitechnologies.com Software / Resource Hash 2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363 Security Headers Name Value Strict-Transport-Security max-age=86400 Request headers accept-language de-DE,de;q=0.9 Referer https://googleads.g.doubleclick.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36 Response headers Pragma no-cache Date Sun, 19 Nov 2023 16:21:46 GMT Strict-Transport-Security max-age=86400 Node Helix Content-Type image/gif P3P policyref="http://www.awin1.com/w3c/p3p.xml", CP="NOI NID CURa ADMa PSAa HISa OUR IND UNI PUR COM NAV" Cache-Control no-store, no-cache, max-age=0, must-revalidate Awin-Akamai-Rule-Set default Connection keep-alive Content-Length 43 Expires 0
GET H2	200	view.aspx Show response pb.media01.eu/ Frame FD81 Redirect Chain https://pv.medialead.de/trck/epv/e99aace94e6e5873881d3400993e1e7e?subid=68478800076149004444556012513026&t=htlp&gdpr=1&consent=1&gdpr_consent= https://pb.media01.eu/view.aspx?trackid=529D4F146E3238B0FD87AE72E1190AD4&dt_subid1=52180&dt_subid2=68478800076149004444556012513026&actionid=879111&produktid=ratenkredit&dt_url=	0 202 B	123ms 64ms	Document text/html	88.198.250.30 HETZNER-AS
General Check archive.org Show headers Download Go to Full URL https://pb.media01.eu/view.aspx?trackid=529D4F146E3238B0FD87AE72E1190AD4&dt_subid1=52180&dt_subid2=68478800076149004444556012513026&actionid=879111&produktid=ratenkredit&dt_url= Requested by Host: hal900026.redintelligence.net URL: https://hal900026.redintelligence.net/request.php?zone=33lgkyejwpt3&nw=20&renderingType=javascript&namespace=6bf4c2393c&subid=&uid=2056731acc78e908&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=0x0&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCi9FBGDZaZcbkEojvn88PsKOW8A-m5b2gaZ2cnKfJD_AuEAEgrr-nmwFglYKAgLgHyAEJqQImacesD1CyPqgDAcgDmwSqBOoBT9A3ISbxwVuxvIWZcW6RKBrnK2wZnaqJnKcPCU8mhJ4XbK1_QdXBU2OTRoWsdpux5Ys6NPftMveYf3WexHBQSNVBb-bpuZr0GkksXYZOpTsqm3KrtqG-9XrRes8LMoQZJvuhJ5eyfyL6FebIpflcDYK4lriLNqszTqTnbnIx-Z-Wt6GUWJIIn9JjoCE7O2x0FEh_8MS1ZznX_nuHk1-E9gDWBNvDfwfEKIC6fL5cV5pU0_LRLpCMhquc1NXeJgxSfip4ZDHO2v5y2hDRMnnQciIBp9nibX26w9Yc0Z_ykY7jA3TfNzYP2DN-wATrj_yO9wPgBAOIBe-vlog-kAYBoAZNgAesrfWfA6gH2baxAqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBYIgOGAEBABGB8yAqoCOgKAQEi9_cE6gAoBmAsByAsBgAwBogwYKhYKFOS0sQLutbECtbixAuS0sQLutbECqg0CREWwE4fvsRXQEwDYEwOIFAHYFAHQFQH4FgGAFwE%26ae%3D1%26num%3D1%26cid%3DCAQSTwDICaaNAdVTiH2hLcoqEHHslJSU2SDO4ZDvaTlU1HcRwfBF4CSJ9O8DmAL2_SVkGemA9Y86sVls-DrW-v2g1wfxQYokCWUyj2pO5glutiYYAQ%26sig%3DAOD64_2DMs-EI1cGkGVqOC1GTyFGqQmQ4w%26client%3Dca-pub-6001787570359789%26dbm_c%3DAKAmf-CrowXLgC9YfyPPOtldapeHZXcdViB4b5FJpXT4f-YyqUiFbD2gvVD6EK1fO9lsFnqa46wcnP9pafnSRn8iqIT_fmglzFolCy2Rp-rC-y7hu0i6FTSkfqYfcwv_0ghX3DiWNd28TN5P-2GU6h06Lp2BEYqiKhHdFb9y0YVnoznGiUTixa8%26cry%3D1%26dbm_d%3DAKAmf-DAJ-XuRz3U-RPaNnnNgxtDX4PDKhwxViGOk4Xqemy-htnZSLhKQPapi_Gyu3bUKNeeOVsKr-pKsVcbhqsPUZKmZnDuQT_27myTcvSkO-4OE9VGETaECOI_OAwZSrfq51kxql6_1rUD2uA_l7wjR_IsDANB6SC4uNBYRZrRlIEVvzXUq_WOhTVEsl4gGa0-v2nU1PCfaxbNKO7c8JLs1lpiCpCovQMszeUDNUfpEJOhSBnR0A0TK0g2Kp-qbUXIxwcVjbg18gazoRQD1ypiYxxRPSOPcIe9vq1QJWEwWqyBSPMy6zQF-pG5y_eOEcen9aGjaNnYP6XGilFF8Q0UJoASUC7Az0ywB7EojpLngq0BU5LZrOUkt9_8FjjBbfp-cfAVJ69WhjT96gr0MpN6r0LYqFAo3tWau3yeRcrAbA5uQZ9KopZu7fI-ILyhNHxSvToHFelKZ6HhEt4MpZpUJw0oSOeUwoVIjFrCp1QwsmFTZecvANkWmsLNM2ZPuEMMdAfntXwshLiWhTAv2E44OwD2s0blZ3RZ5qpRIX5jyo0oNucQ9IXmexwM7Ph6lMnc4eQU0x54%26adurl%3D&documentReferer=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fhtml%2Fr20231109%2Fr20110914%2Fzrt_lookup_fy2021.html%3Ffsb%3D1%23RS-2-%26adk%3D1812271803%26client%3Dca-pub-6001787570359789%26fa%3D3%26ifi%3D4%26uci%3Da!4%26btvi%3D2&ancestorOrigins=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Chttps%3A%2F%2Fwww.up-4ever.net&random=9145879072423&isIframe=1&container=&adPos=0x0&adPosCheck=0x0&adtagId=0 Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 88.198.250.30 , Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS static.88-198-250-30.clients.your-server.de Software Microsoft-IIS/10.0 / ASP.NET Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value X-Xss-Protection 1; mode=block Request headers Referer https://googleads.g.doubleclick.net/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers access-control-allow-credentials true access-control-allow-headers Content-Type, Content-Range, Content-Disposition, Content-Description, X-XSRF-TOKEN, X-Location access-control-allow-methods GET,POST access-control-allow-origin * cache-control no-cache, must-revalidate content-length 0 content-type text/html; charset=UTF-8 date Sun, 19 Nov 2023 16:21:45 GMT expires Mon, 26 Jul 1997 05:00:00 GMT last-modified Sun, 19 Nov 2023 05:21:45 GMT p3p policyref="https://pb.media01.eu/pb.media01.eu/p3p.xml", CP="NOI NID PSA OUR BUS NAV STA" pragma no-cache server Microsoft-IIS/10.0 x-aspnet-version 4.0.30319 x-powered-by ASP.NET x-xss-protection 1; mode=block Redirect headers access-control-allow-credentials true access-control-allow-origin * access-control-expose-headers X-Request-ID attribution-reporting-register-source {"source_event_id":"17200521800104416","destination":"https://trck.easy-m.de","expiry":5184000,"filter_data":{}} content-length 0 content-type application/javascript date Sun, 19 Nov 2023 16:21:46 GMT host pv.medialead.de keep-alive timeout=20 location https://pb.media01.eu/view.aspx?trackid=529D4F146E3238B0FD87AE72E1190AD4&dt_subid1=52180&dt_subid2=68478800076149004444556012513026&actionid=879111&produktid=ratenkredit&dt_url= proxy-host pv.medialead.de server nginx/1.17.5 strict-transport-security max-age=15768000 vary Origin x-iplb-instance 40027 x-iplb-request-id 5413AFB8:87D2_91EFC182:01BB_655A3619_5D861E7:1E879
GET H2	200	/ Show response adv.office-partner.de/ Frame D48D	930 B 923 B	89ms 28ms	Document text/html	2a0b:4d07:102::1 PROINITY PROINITY
General Check archive.org Show headers Download Go to Full URL https://adv.office-partner.de/?utm_source=webgains&utm_campaign=webgains Requested by Host: hal900026.redintelligence.net URL: https://hal900026.redintelligence.net/request.php?zone=33lgkyejwpt3&nw=20&renderingType=javascript&namespace=6bf4c2393c&subid=&uid=2056731acc78e908&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=0x0&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCi9FBGDZaZcbkEojvn88PsKOW8A-m5b2gaZ2cnKfJD_AuEAEgrr-nmwFglYKAgLgHyAEJqQImacesD1CyPqgDAcgDmwSqBOoBT9A3ISbxwVuxvIWZcW6RKBrnK2wZnaqJnKcPCU8mhJ4XbK1_QdXBU2OTRoWsdpux5Ys6NPftMveYf3WexHBQSNVBb-bpuZr0GkksXYZOpTsqm3KrtqG-9XrRes8LMoQZJvuhJ5eyfyL6FebIpflcDYK4lriLNqszTqTnbnIx-Z-Wt6GUWJIIn9JjoCE7O2x0FEh_8MS1ZznX_nuHk1-E9gDWBNvDfwfEKIC6fL5cV5pU0_LRLpCMhquc1NXeJgxSfip4ZDHO2v5y2hDRMnnQciIBp9nibX26w9Yc0Z_ykY7jA3TfNzYP2DN-wATrj_yO9wPgBAOIBe-vlog-kAYBoAZNgAesrfWfA6gH2baxAqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBYIgOGAEBABGB8yAqoCOgKAQEi9_cE6gAoBmAsByAsBgAwBogwYKhYKFOS0sQLutbECtbixAuS0sQLutbECqg0CREWwE4fvsRXQEwDYEwOIFAHYFAHQFQH4FgGAFwE%26ae%3D1%26num%3D1%26cid%3DCAQSTwDICaaNAdVTiH2hLcoqEHHslJSU2SDO4ZDvaTlU1HcRwfBF4CSJ9O8DmAL2_SVkGemA9Y86sVls-DrW-v2g1wfxQYokCWUyj2pO5glutiYYAQ%26sig%3DAOD64_2DMs-EI1cGkGVqOC1GTyFGqQmQ4w%26client%3Dca-pub-6001787570359789%26dbm_c%3DAKAmf-CrowXLgC9YfyPPOtldapeHZXcdViB4b5FJpXT4f-YyqUiFbD2gvVD6EK1fO9lsFnqa46wcnP9pafnSRn8iqIT_fmglzFolCy2Rp-rC-y7hu0i6FTSkfqYfcwv_0ghX3DiWNd28TN5P-2GU6h06Lp2BEYqiKhHdFb9y0YVnoznGiUTixa8%26cry%3D1%26dbm_d%3DAKAmf-DAJ-XuRz3U-RPaNnnNgxtDX4PDKhwxViGOk4Xqemy-htnZSLhKQPapi_Gyu3bUKNeeOVsKr-pKsVcbhqsPUZKmZnDuQT_27myTcvSkO-4OE9VGETaECOI_OAwZSrfq51kxql6_1rUD2uA_l7wjR_IsDANB6SC4uNBYRZrRlIEVvzXUq_WOhTVEsl4gGa0-v2nU1PCfaxbNKO7c8JLs1lpiCpCovQMszeUDNUfpEJOhSBnR0A0TK0g2Kp-qbUXIxwcVjbg18gazoRQD1ypiYxxRPSOPcIe9vq1QJWEwWqyBSPMy6zQF-pG5y_eOEcen9aGjaNnYP6XGilFF8Q0UJoASUC7Az0ywB7EojpLngq0BU5LZrOUkt9_8FjjBbfp-cfAVJ69WhjT96gr0MpN6r0LYqFAo3tWau3yeRcrAbA5uQZ9KopZu7fI-ILyhNHxSvToHFelKZ6HhEt4MpZpUJw0oSOeUwoVIjFrCp1QwsmFTZecvANkWmsLNM2ZPuEMMdAfntXwshLiWhTAv2E44OwD2s0blZ3RZ5qpRIX5jyo0oNucQ9IXmexwM7Ph6lMnc4eQU0x54%26adurl%3D&documentReferer=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fhtml%2Fr20231109%2Fr20110914%2Fzrt_lookup_fy2021.html%3Ffsb%3D1%23RS-2-%26adk%3D1812271803%26client%3Dca-pub-6001787570359789%26fa%3D3%26ifi%3D4%26uci%3Da!4%26btvi%3D2&ancestorOrigins=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Chttps%3A%2F%2Fwww.up-4ever.net&random=9145879072423&isIframe=1&container=&adPos=0x0&adPosCheck=0x0&adtagId=0 Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH), Reverse DNS Software keycdn / Resource Hash 384179ee8fb1fd393558e28ea811532ea776e8cd69f9e94f379ddefb78948bd7 Request headers Referer https://googleads.g.doubleclick.net/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers accept-ranges bytes access-control-allow-origin * cache-control max-age=604800 content-encoding gzip content-length 552 content-type text/html date Sun, 19 Nov 2023 16:21:45 GMT etag "3a2-5c1ab16b3be00-gzip" expires Sun, 26 Nov 2023 16:21:45 GMT last-modified Thu, 06 May 2021 15:37:28 GMT link <https://adv-srv.office-partner.de/?utm_source=webgains&utm_campaign=webgains>; rel="canonical" server keycdn vary Accept-Encoding x-accel-version 0.01 x-cache HIT x-edge-location defr
GET H2	200	link.html Show response track.webgains.com/ Frame 932D	2 KB 2 KB	153ms 95ms	Script text/html	18.132.222.111 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://track.webgains.com/link.html?wglinkid=498343&wgcampaignid=99582&js=1&viewref=68478800076149004444556012513026&nw=1 Requested by Host: www.up-4ever.net URL: https://www.up-4ever.net/169wh99mvv5x Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 18.132.222.111 London, United Kingdom, ASN16509 (AMAZON-02, US), Reverse DNS ec2-18-132-222-111.eu-west-2.compute.amazonaws.com Software nginx / PHP/7.4.26 Resource Hash 2269448db41c2f720ee19adf9a70b20dd486e0c8c608131f74ed0e4d7925f8a5 Request headers accept-language de-DE,de;q=0.9 Referer https://googleads.g.doubleclick.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36 Response headers date Sun, 19 Nov 2023 16:21:46 GMT last-modified Sun, 19 Nov 2023 16:21:45 GMT server nginx x-powered-by PHP/7.4.26 access-control-allow-methods GET, POST, PUT, DELETE, OPTIONS content-type text/html; charset=UTF-8 access-control-allow-origin * cache-control private, max-age=60 access-control-allow-headers Authorization expires Sun, 19 Nov 2023 16:22:45 GMT
GET H/1.1	200 OK	request_content.php Show response hal900026.redintelligence.net/ Frame E2ED	7 KB 2 KB	81ms 28ms	Document text/html	138.201.84.244 HETZNER-AS
General Check archive.org Show headers Download Go to Full URL https://hal900026.redintelligence.net/request_content.php?s=68478800076149004444556012513026&a=362f7207 Requested by Host: hal900026.redintelligence.net URL: https://hal900026.redintelligence.net/request.php?zone=33lgkyejwpt3&nw=20&renderingType=javascript&namespace=6bf4c2393c&subid=&uid=2056731acc78e908&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=0x0&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCi9FBGDZaZcbkEojvn88PsKOW8A-m5b2gaZ2cnKfJD_AuEAEgrr-nmwFglYKAgLgHyAEJqQImacesD1CyPqgDAcgDmwSqBOoBT9A3ISbxwVuxvIWZcW6RKBrnK2wZnaqJnKcPCU8mhJ4XbK1_QdXBU2OTRoWsdpux5Ys6NPftMveYf3WexHBQSNVBb-bpuZr0GkksXYZOpTsqm3KrtqG-9XrRes8LMoQZJvuhJ5eyfyL6FebIpflcDYK4lriLNqszTqTnbnIx-Z-Wt6GUWJIIn9JjoCE7O2x0FEh_8MS1ZznX_nuHk1-E9gDWBNvDfwfEKIC6fL5cV5pU0_LRLpCMhquc1NXeJgxSfip4ZDHO2v5y2hDRMnnQciIBp9nibX26w9Yc0Z_ykY7jA3TfNzYP2DN-wATrj_yO9wPgBAOIBe-vlog-kAYBoAZNgAesrfWfA6gH2baxAqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBYIgOGAEBABGB8yAqoCOgKAQEi9_cE6gAoBmAsByAsBgAwBogwYKhYKFOS0sQLutbECtbixAuS0sQLutbECqg0CREWwE4fvsRXQEwDYEwOIFAHYFAHQFQH4FgGAFwE%26ae%3D1%26num%3D1%26cid%3DCAQSTwDICaaNAdVTiH2hLcoqEHHslJSU2SDO4ZDvaTlU1HcRwfBF4CSJ9O8DmAL2_SVkGemA9Y86sVls-DrW-v2g1wfxQYokCWUyj2pO5glutiYYAQ%26sig%3DAOD64_2DMs-EI1cGkGVqOC1GTyFGqQmQ4w%26client%3Dca-pub-6001787570359789%26dbm_c%3DAKAmf-CrowXLgC9YfyPPOtldapeHZXcdViB4b5FJpXT4f-YyqUiFbD2gvVD6EK1fO9lsFnqa46wcnP9pafnSRn8iqIT_fmglzFolCy2Rp-rC-y7hu0i6FTSkfqYfcwv_0ghX3DiWNd28TN5P-2GU6h06Lp2BEYqiKhHdFb9y0YVnoznGiUTixa8%26cry%3D1%26dbm_d%3DAKAmf-DAJ-XuRz3U-RPaNnnNgxtDX4PDKhwxViGOk4Xqemy-htnZSLhKQPapi_Gyu3bUKNeeOVsKr-pKsVcbhqsPUZKmZnDuQT_27myTcvSkO-4OE9VGETaECOI_OAwZSrfq51kxql6_1rUD2uA_l7wjR_IsDANB6SC4uNBYRZrRlIEVvzXUq_WOhTVEsl4gGa0-v2nU1PCfaxbNKO7c8JLs1lpiCpCovQMszeUDNUfpEJOhSBnR0A0TK0g2Kp-qbUXIxwcVjbg18gazoRQD1ypiYxxRPSOPcIe9vq1QJWEwWqyBSPMy6zQF-pG5y_eOEcen9aGjaNnYP6XGilFF8Q0UJoASUC7Az0ywB7EojpLngq0BU5LZrOUkt9_8FjjBbfp-cfAVJ69WhjT96gr0MpN6r0LYqFAo3tWau3yeRcrAbA5uQZ9KopZu7fI-ILyhNHxSvToHFelKZ6HhEt4MpZpUJw0oSOeUwoVIjFrCp1QwsmFTZecvANkWmsLNM2ZPuEMMdAfntXwshLiWhTAv2E44OwD2s0blZ3RZ5qpRIX5jyo0oNucQ9IXmexwM7Ph6lMnc4eQU0x54%26adurl%3D&documentReferer=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fhtml%2Fr20231109%2Fr20110914%2Fzrt_lookup_fy2021.html%3Ffsb%3D1%23RS-2-%26adk%3D1812271803%26client%3Dca-pub-6001787570359789%26fa%3D3%26ifi%3D4%26uci%3Da!4%26btvi%3D2&ancestorOrigins=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Chttps%3A%2F%2Fwww.up-4ever.net&random=9145879072423&isIframe=1&container=&adPos=0x0&adPosCheck=0x0&adtagId=0 Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 138.201.84.244 , Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS static.244.84.201.138.clients.your-server.de Software Apache / Resource Hash 2afee46b411ee2f8e5155a8738a8d6a1623ffc1a23a558f1a86678cc1306ff5a Request headers Referer https://googleads.g.doubleclick.net/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers Cache-Control no-store, no-cache, must-revalidate, max-age=0 Connection close Content-Encoding gzip Content-Length 2046 Content-Type text/html; charset=utf-8 Date Sun, 19 Nov 2023 16:21:45 GMT Expires Sun, 19 Nov 2023 16:21:45 +0100 P3P CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM" Pragma no-cache Server Apache Vary Accept-Encoding
GET H/1.1	200 OK	e99aace94e6e5873881d3400993e1e7e pv.medialead.de/trck/eview/ Frame 932D Redirect Chain https://medialead.de/trck/eview/e99aace94e6e5873881d3400993e1e7e?subid=68478800076149004444556012513026&t=htlp&gdpr=1&consent=1&gdpr_consent= https://pv.medialead.de/trck/eview/e99aace94e6e5873881d3400993e1e7e?subid=68478800076149004444556012513026&t=htlp&gdpr=1&consent=1&gdpr_consent=	43 B 666 B	91ms 46ms	Image image/gif	145.239.193.130 OVH
General Check archive.org Show headers Download Go to Show image Full URL https://pv.medialead.de/trck/eview/e99aace94e6e5873881d3400993e1e7e?subid=68478800076149004444556012513026&t=htlp&gdpr=1&consent=1&gdpr_consent= Requested by Host: googleads.g.doubleclick.net URL: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1 Protocol HTTP/1.1 Server 145.239.193.130 , France, ASN16276 (OVH, FR), Reverse DNS Software nginx/1.17.5 / Resource Hash 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87 Security Headers Name Value Strict-Transport-Security max-age=15768000 Request headers accept-language de-DE,de;q=0.9 Referer https://googleads.g.doubleclick.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36 Response headers date Sun, 19 Nov 2023 16:21:46 GMT strict-transport-security max-age=15768000 attribution-reporting-register-source {"source_event_id":"17200521800104416","destination":"https://trck.easy-m.de","expiry":5184000,"filter_data":{}} server nginx/1.17.5 host pv.medialead.de x-iplb-request-id 5413AFB8:87D2_91EFC182:01BB_655A361A_5D861ED:1E879 x-iplb-instance 40027 vary Origin content-type image/gif access-control-allow-origin * access-control-expose-headers X-Request-ID access-control-allow-credentials true keep-alive timeout=20 content-length 43 proxy-host pv.medialead.de Redirect headers location https://pv.medialead.de/trck/eview/e99aace94e6e5873881d3400993e1e7e?subid=68478800076149004444556012513026&t=htlp&gdpr=1&consent=1&gdpr_consent= date Sun, 19 Nov 2023 16:21:45 GMT server nginx content-length 154 content-type text/html
GET H/1.1	200 OK	cshow.php www.awin1.com/ Frame 932D	43 B 702 B	258ms 197ms	Image image/gif	23.56.205.163 AKAMAI-AS
General Check archive.org Show headers Download Go to Show image Full URL https://www.awin1.com/cshow.php?s=3266505&v=11601&q=357526&r=113440&pref1=68478800076149004444556012513026&pv=1 Requested by Host: googleads.g.doubleclick.net URL: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1 Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 23.56.205.163 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US), Reverse DNS a23-56-205-163.deploy.static.akamaitechnologies.com Software / Resource Hash 2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363 Security Headers Name Value Strict-Transport-Security max-age=86400 Request headers accept-language de-DE,de;q=0.9 Referer https://googleads.g.doubleclick.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36 Response headers Pragma no-cache Date Sun, 19 Nov 2023 16:21:46 GMT Strict-Transport-Security max-age=86400 Node Helix Content-Type image/gif P3P policyref="http://www.awin1.com/w3c/p3p.xml", CP="NOI NID CURa ADMa PSAa HISa OUR IND UNI PUR COM NAV" Cache-Control no-store, no-cache, max-age=0, must-revalidate Awin-Akamai-Rule-Set default Connection keep-alive Content-Length 43 Expires 0
GET H3	200	css fonts.googleapis.com/ Frame 2D26	5 KB 682 B	37ms 36ms	Stylesheet text/css	2a00:1450:4001:829::200a GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.googleapis.com/css?family=Source+Sans+Pro:400,600 Requested by Host: hal900016.redintelligence.net URL: https://hal900016.redintelligence.net/request_content.php?s=65579000083252404444556012513016&a=737493f0 Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:829::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software ESF / Resource Hash e334ca19f092778f57815a534078daf8e3fce269e56f7ea374ab3a117eee92ad Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://hal900016.redintelligence.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36 Response headers strict-transport-security max-age=31536000 date Sun, 19 Nov 2023 16:21:45 GMT content-encoding gzip x-content-type-options nosniff cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 x-xss-protection 0 last-modified Sun, 19 Nov 2023 15:52:10 GMT server ESF cross-origin-opener-policy same-origin-allow-popups x-frame-options SAMEORIGIN content-type text/css; charset=utf-8 access-control-allow-origin * cache-control private, max-age=86400, stale-while-revalidate=604800 timing-allow-origin * link <https://fonts.gstatic.com>; rel=preconnect; crossorigin expires Sun, 19 Nov 2023 16:21:45 GMT
GET H/1.1	200 OK	/ hal9000.redintelligence.net/scale/ Frame 2D26	27 KB 27 KB	85ms 30ms	Image image/png	138.201.84.244 HETZNER-AS
General Check archive.org Show headers Download Go to Show image Full URL https://hal9000.redintelligence.net/scale/?nw=20&mode=bb&width=150&height=90&url=https://cdn.contentspread.net/24i/advertiser/6383/creativesup/produkte-kredite-privatkredit-mann-auf-pferd-teaser-logout-1200x627.jpg Requested by Host: hal900016.redintelligence.net URL: https://hal900016.redintelligence.net/request_content.php?s=65579000083252404444556012513016&a=737493f0 Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 138.201.84.244 , Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS static.244.84.201.138.clients.your-server.de Software Apache / Resource Hash 84ec10d6c5432c70ae442dfcd9865ee788d69c62b43d12dc0b9d58b7f0430c4a Request headers accept-language de-DE,de;q=0.9 Referer https://hal900016.redintelligence.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36 Response headers Date Sun, 19 Nov 2023 16:21:46 GMT Content-Encoding gzip Server Apache Connection close Content-Length 27708 Vary Accept-Encoding Content-Type image/png
GET H/1.1	200 OK	/ hal9000.redintelligence.net/scale/ Frame 2D26	25 KB 25 KB	87ms 30ms	Image image/png	138.201.84.244 HETZNER-AS
General Check archive.org Show headers Download Go to Show image Full URL https://hal9000.redintelligence.net/scale/?nw=20&mode=bb&width=150&height=90&url=https://cdn.contentspread.net/24i/advertiser/30229/creativesup/1200x627_Office-Partner.jpg Requested by Host: hal900016.redintelligence.net URL: https://hal900016.redintelligence.net/request_content.php?s=65579000083252404444556012513016&a=737493f0 Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 138.201.84.244 , Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS static.244.84.201.138.clients.your-server.de Software Apache / Resource Hash ab3b49256067f1e3dc6ab1db81c6f05741fa8458d5716e626e3a641bacbc36c1 Request headers accept-language de-DE,de;q=0.9 Referer https://hal900016.redintelligence.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36 Response headers Date Sun, 19 Nov 2023 16:21:46 GMT Content-Encoding gzip Server Apache Connection close Content-Length 25830 Vary Accept-Encoding Content-Type image/png
GET H/1.1	200 OK	/ hal9000.redintelligence.net/scale/ Frame 2D26	16 KB 17 KB	85ms 29ms	Image image/png	138.201.84.244 HETZNER-AS
General Check archive.org Show headers Download Go to Show image Full URL https://hal9000.redintelligence.net/scale/?nw=20&mode=bb&width=150&height=90&url=https://cdn.contentspread.net/24i/advertiser/36340/creativesup/native2.png Requested by Host: hal900016.redintelligence.net URL: https://hal900016.redintelligence.net/request_content.php?s=65579000083252404444556012513016&a=737493f0 Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 138.201.84.244 , Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS static.244.84.201.138.clients.your-server.de Software Apache / Resource Hash 3428be7729f8400fc04ffd251ca9c824738d2e5446c7294d40015c42f93cdd1f Request headers accept-language de-DE,de;q=0.9 Referer https://hal900016.redintelligence.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36 Response headers Date Sun, 19 Nov 2023 16:21:46 GMT Content-Encoding gzip Server Apache Connection close Content-Length 16833 Vary Accept-Encoding Content-Type image/png
GET H3	200	css fonts.googleapis.com/ Frame E2ED	5 KB 682 B	33ms 32ms	Stylesheet text/css	2a00:1450:4001:829::200a GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.googleapis.com/css?family=Source+Sans+Pro:400,600 Requested by Host: hal900026.redintelligence.net URL: https://hal900026.redintelligence.net/request_content.php?s=68478800076149004444556012513026&a=362f7207 Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:829::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software ESF / Resource Hash e334ca19f092778f57815a534078daf8e3fce269e56f7ea374ab3a117eee92ad Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://hal900026.redintelligence.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36 Response headers strict-transport-security max-age=31536000 date Sun, 19 Nov 2023 16:21:45 GMT content-encoding gzip x-content-type-options nosniff cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 x-xss-protection 0 last-modified Sun, 19 Nov 2023 15:49:45 GMT server ESF cross-origin-opener-policy same-origin-allow-popups x-frame-options SAMEORIGIN content-type text/css; charset=utf-8 access-control-allow-origin * cache-control private, max-age=86400, stale-while-revalidate=604800 timing-allow-origin * link <https://fonts.gstatic.com>; rel=preconnect; crossorigin expires Sun, 19 Nov 2023 16:21:45 GMT
GET H/1.1	200 OK	/ hal9000.redintelligence.net/scale/ Frame E2ED	27 KB 27 KB	85ms 29ms	Image image/png	138.201.84.244 HETZNER-AS
General Check archive.org Show headers Download Go to Show image Full URL https://hal9000.redintelligence.net/scale/?nw=20&mode=bb&width=150&height=90&url=https://cdn.contentspread.net/24i/advertiser/6383/creativesup/produkte-kredite-privatkredit-mann-auf-pferd-teaser-logout-1200x627.jpg Requested by Host: hal900026.redintelligence.net URL: https://hal900026.redintelligence.net/request_content.php?s=68478800076149004444556012513026&a=362f7207 Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 138.201.84.244 , Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS static.244.84.201.138.clients.your-server.de Software Apache / Resource Hash 84ec10d6c5432c70ae442dfcd9865ee788d69c62b43d12dc0b9d58b7f0430c4a Request headers accept-language de-DE,de;q=0.9 Referer https://hal900026.redintelligence.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36 Response headers Date Sun, 19 Nov 2023 16:21:46 GMT Content-Encoding gzip Server Apache Connection close Content-Length 27708 Vary Accept-Encoding Content-Type image/png
GET H/1.1	200 OK	/ hal9000.redintelligence.net/scale/ Frame E2ED	25 KB 25 KB	84ms 28ms	Image image/png	138.201.84.244 HETZNER-AS
General Check archive.org Show headers Download Go to Show image Full URL https://hal9000.redintelligence.net/scale/?nw=20&mode=bb&width=150&height=90&url=https://cdn.contentspread.net/24i/advertiser/30229/creativesup/1200x627_Office-Partner.jpg Requested by Host: hal900026.redintelligence.net URL: https://hal900026.redintelligence.net/request_content.php?s=68478800076149004444556012513026&a=362f7207 Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 138.201.84.244 , Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS static.244.84.201.138.clients.your-server.de Software Apache / Resource Hash ab3b49256067f1e3dc6ab1db81c6f05741fa8458d5716e626e3a641bacbc36c1 Request headers accept-language de-DE,de;q=0.9 Referer https://hal900026.redintelligence.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36 Response headers Date Sun, 19 Nov 2023 16:21:46 GMT Content-Encoding gzip Server Apache Connection close Content-Length 25830 Vary Accept-Encoding Content-Type image/png
GET H/1.1	200 OK	/ hal9000.redintelligence.net/scale/ Frame E2ED	16 KB 17 KB	85ms 29ms	Image image/png	138.201.84.244 HETZNER-AS
General Check archive.org Show headers Download Go to Show image Full URL https://hal9000.redintelligence.net/scale/?nw=20&mode=bb&width=150&height=90&url=https://cdn.contentspread.net/24i/advertiser/36340/creativesup/native2.png Requested by Host: hal900026.redintelligence.net URL: https://hal900026.redintelligence.net/request_content.php?s=68478800076149004444556012513026&a=362f7207 Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 138.201.84.244 , Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS static.244.84.201.138.clients.your-server.de Software Apache / Resource Hash 3428be7729f8400fc04ffd251ca9c824738d2e5446c7294d40015c42f93cdd1f Request headers accept-language de-DE,de;q=0.9 Referer https://hal900026.redintelligence.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36 Response headers Date Sun, 19 Nov 2023 16:21:46 GMT Content-Encoding gzip Server Apache Connection close Content-Length 16833 Vary Accept-Encoding Content-Type image/png
GET H2	200	gtm.js Show response www.googletagmanager.com/ Frame D48D	174 KB 63 KB	31ms 30ms	Script application/javascript	2a00:1450:4001:80e::2008 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.googletagmanager.com/gtm.js?id=GTM-TBMT2SF Requested by Host: adv.office-partner.de URL: https://adv.office-partner.de/?utm_source=webgains&utm_campaign=webgains Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:80e::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Google Tag Manager / Resource Hash 649eb458f20268b45746aca537d2bf4d77007612981e2460f76f1427e54f24b2 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://adv.office-partner.de/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36 Response headers date Sun, 19 Nov 2023 16:21:46 GMT content-encoding br strict-transport-security max-age=31536000; includeSubDomains cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 63915 x-xss-protection 0 last-modified Sun, 19 Nov 2023 15:00:00 GMT server Google Tag Manager vary Accept-Encoding content-type application/javascript; charset=UTF-8 access-control-allow-origin * cache-control private, max-age=900 access-control-allow-credentials true access-control-allow-headers Cache-Control expires Sun, 19 Nov 2023 16:21:46 GMT
GET H2	200	gtm.js Show response www.googletagmanager.com/ Frame 7319	174 KB 63 KB	32ms 31ms	Script application/javascript	2a00:1450:4001:80e::2008 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.googletagmanager.com/gtm.js?id=GTM-TBMT2SF Requested by Host: adv.office-partner.de URL: https://adv.office-partner.de/?utm_source=webgains&utm_campaign=webgains Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:80e::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Google Tag Manager / Resource Hash 5fbe4f7b613e0d45836af4053b1a9044e2de79f4a64fb0b0e8cbcdde8232d59e Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://adv.office-partner.de/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36 Response headers date Sun, 19 Nov 2023 16:21:46 GMT content-encoding br strict-transport-security max-age=31536000; includeSubDomains cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 63918 x-xss-protection 0 last-modified Sun, 19 Nov 2023 15:00:00 GMT server Google Tag Manager vary Accept-Encoding content-type application/javascript; charset=UTF-8 access-control-allow-origin * cache-control private, max-age=900 access-control-allow-credentials true access-control-allow-headers Cache-Control expires Sun, 19 Nov 2023 16:21:46 GMT
GET H/1.1	200 OK	viewability Show response hal900016.redintelligence.net/ Frame 2D26	0 150 B	90ms 32ms	Script text/html	138.201.220.30 HETZNER-AS
General Check archive.org Show headers Download Go to Full URL https://hal900016.redintelligence.net/viewability?s=65579000083252404444556012513016&a=b71fc2e6&vb=m Requested by Host: hal900016.redintelligence.net URL: https://hal900016.redintelligence.net/request_content.php?s=65579000083252404444556012513016&a=737493f0 Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 138.201.220.30 , Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS static.30.220.201.138.clients.your-server.de Software Apache / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers accept-language de-DE,de;q=0.9 Referer https://hal900016.redintelligence.net/request_content.php?s=65579000083252404444556012513016&a=737493f0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36 Response headers Date Sun, 19 Nov 2023 16:21:46 GMT Server Apache Connection close Content-Length 0 Content-Type text/html; charset=UTF-8
GET H/1.1	200 OK	viewability Show response hal900026.redintelligence.net/ Frame E2ED	0 150 B	104ms 45ms	Script text/html	138.201.84.244 HETZNER-AS
General Check archive.org Show headers Download Go to Full URL https://hal900026.redintelligence.net/viewability?s=68478800076149004444556012513026&a=523c11be&vb=m Requested by Host: hal900026.redintelligence.net URL: https://hal900026.redintelligence.net/request_content.php?s=68478800076149004444556012513026&a=362f7207 Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 138.201.84.244 , Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS static.244.84.201.138.clients.your-server.de Software Apache / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers accept-language de-DE,de;q=0.9 Referer https://hal900026.redintelligence.net/request_content.php?s=68478800076149004444556012513026&a=362f7207 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36 Response headers Date Sun, 19 Nov 2023 16:21:46 GMT Server Apache Connection close Content-Length 0 Content-Type text/html; charset=UTF-8
GET H2	200	pvClk.min.js Show response analytics.webgains.io/ Frame D20B	53 KB 19 KB	126ms 31ms	Script application/javascript	18.66.147.52 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://analytics.webgains.io/pvClk.min.js Requested by Host: track.webgains.com URL: https://track.webgains.com/link.html?wglinkid=2513145&wgcampaignid=99582&js=1&viewref=65579000083252404444556012513016&nw=1 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 18.66.147.52 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-18-66-147-52.fra60.r.cloudfront.net Software AmazonS3 / Resource Hash 75b11328827bb635b369ee1f4c8e9dad82b7b609d5bfc736d8ce1994a6f4c03b Request headers accept-language de-DE,de;q=0.9 Referer https://googleads.g.doubleclick.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36 Response headers date Sun, 19 Nov 2023 05:56:21 GMT content-encoding gzip via 1.1 d81b69368e6f8be2907e338480e58682.cloudfront.net (CloudFront) last-modified Wed, 15 Nov 2023 16:51:15 GMT server AmazonS3 x-amz-cf-pop FRA60-P4 age 37526 x-amz-server-side-encryption AES256 etag W/"5d5bc5942e2e0a61b44429bb852bdc91" vary Accept-Encoding x-cache Hit from cloudfront content-type application/javascript x-amz-cf-id -IoDDJUe_6MyjhCiDiVx8RMJFvi2zpQJo3WfIVTgvkd2Phu7odXezQ==
GET H2	200	1x1_0.png cdn.track.production.webgains.team/7121/ Frame D20B	3 KB 3 KB	117ms 22ms	Image image/png	99.86.4.53 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://cdn.track.production.webgains.team/7121/1x1_0.png?Expires=1700411206&Signature=dQAJIGvL2SxCPGAf42fKIsL7MugAuxomQV~wWL42ouk7TvyB-XZtcT-spqYxacwrStxZSndOxvvCaOWtuc6bXfvkkvq0cZFuNmIDb6oyFnrdwohvREn7xN0BaX4UXIWl~ihlLZMsVBBNA2Tvs1ejoJySokhLjV3dvWFt~teWd0of6wVqgsb6-WZbGmiDt376o5IG4JLxXd45w62fB9KV97Zz-P9Cap5Qj~zI5A89u5YvFKt-EMmMpseLhRTzKvLnVZ88uEjfcSnx901UHUboLQQzBvCvb6XQ9~ZjuYGYfMRprDGpWcqpmW-JJp8Jb81DBggbdxfJtxXbH3CP3zFqOg__&Key-Pair-Id=K28VXAGA7VWE0O Requested by Host: googleads.g.doubleclick.net URL: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 99.86.4.53 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-99-86-4-53.fra6.r.cloudfront.net Software AmazonS3 / Resource Hash 232d3fbf590a584138bb563319747dbef0c9e41db91f19ff45d41e785a5f4f98 Request headers accept-language de-DE,de;q=0.9 Referer https://googleads.g.doubleclick.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36 Response headers x-amz-version-id null date Sun, 19 Nov 2023 06:19:11 GMT via 1.1 a0a81637cc76d6981e4e29044a73b7f6.cloudfront.net (CloudFront) last-modified Fri, 06 May 2022 11:40:06 GMT server AmazonS3 x-amz-cf-pop FRA6-C1 age 36156 etag "4e57de0506fbdb487ffcd53b450caee1" vary Accept-Encoding x-cache Hit from cloudfront content-type image/png accept-ranges bytes content-length 2808 x-amz-cf-id gVs24ugh8prGpmGkDfjUFjSOnBGuuo9VkWh00T-YPQNWme-MU_SNRA==
GET H3	200	js Show response www.googletagmanager.com/gtag/ Frame D48D	273 KB 91 KB	32ms 32ms	Script application/javascript	2a00:1450:4001:80e::2008 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.googletagmanager.com/gtag/js?id=G-Q7C756EV6G&l=dataLayer&cx=c Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtm.js?id=GTM-TBMT2SF Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:80e::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Google Tag Manager / Resource Hash 8d6dbf7380ba6bce1b9a9af3b8875b7c9b28407cad7f1b033db292a0718f58ed Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://adv.office-partner.de/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36 Response headers date Sun, 19 Nov 2023 16:21:46 GMT content-encoding br strict-transport-security max-age=31536000; includeSubDomains server Google Tag Manager vary Accept-Encoding content-type application/javascript; charset=UTF-8 access-control-allow-origin * cache-control private, max-age=900 access-control-allow-credentials true cross-origin-resource-policy cross-origin access-control-allow-headers Cache-Control content-length 92915 x-xss-protection 0 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 expires Sun, 19 Nov 2023 16:21:46 GMT
GET H2	200	pvClk.min.js Show response analytics.webgains.io/ Frame 932D	53 KB 19 KB	87ms 36ms	Script application/javascript	18.66.147.52 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://analytics.webgains.io/pvClk.min.js Requested by Host: track.webgains.com URL: https://track.webgains.com/link.html?wglinkid=498343&wgcampaignid=99582&js=1&viewref=68478800076149004444556012513026&nw=1 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 18.66.147.52 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-18-66-147-52.fra60.r.cloudfront.net Software AmazonS3 / Resource Hash 75b11328827bb635b369ee1f4c8e9dad82b7b609d5bfc736d8ce1994a6f4c03b Request headers accept-language de-DE,de;q=0.9 Referer https://googleads.g.doubleclick.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36 Response headers date Sun, 19 Nov 2023 05:56:21 GMT content-encoding gzip via 1.1 d81b69368e6f8be2907e338480e58682.cloudfront.net (CloudFront) last-modified Wed, 15 Nov 2023 16:51:15 GMT server AmazonS3 x-amz-cf-pop FRA60-P4 age 37526 x-amz-server-side-encryption AES256 etag W/"5d5bc5942e2e0a61b44429bb852bdc91" vary Accept-Encoding x-cache Hit from cloudfront content-type application/javascript x-amz-cf-id eNwYowylDvEVLH3rAUQQ4pzeR_pLgyPGvGBMIogbD64kFr1RrebKVw==
GET H2	200	1x1.gif cdn.track.production.webgains.team/7121/ Frame 932D	85 B 436 B	73ms 23ms	Image image/gif	99.86.4.53 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://cdn.track.production.webgains.team/7121/1x1.gif?Expires=1700411206&Signature=KYZgVNv7NB8SaJBAdq46CRGwQrdWTxdvZuSJ2oGKGlqiZhI5ps7T00KX2yU-wIoVzVJ4oP17mI14IC1BPIhyNnAmdkpNXx7mk3tAb-2D7wKjdHWeUmYT8gDQkkf~FlOS1TikcreKeZgI~BSn5mzDPXoiacV7296EqPJeCA~vNg8AYZylO3gEAjcIDybSRNjcyK~FAsVAMSMEvSRj9Wl-uyCxkvOerfvj4xqdDNRN-PYgYZRAx1aNLly-09~qJCzEHmoXzKrjZcYHLRX4R~~mREAG3ryziLvv02csAOphbmwCZxKQgN~sN2cn4CuvzsEmBrfLtRA01X9bVj65ym6kHw__&Key-Pair-Id=K28VXAGA7VWE0O Requested by Host: googleads.g.doubleclick.net URL: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 99.86.4.53 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-99-86-4-53.fra6.r.cloudfront.net Software AmazonS3 / Resource Hash 08409d08d8d118c6c6d1c375e079bfce656ac367ff4d1dd9551fff110033c185 Request headers accept-language de-DE,de;q=0.9 Referer https://googleads.g.doubleclick.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36 Response headers x-amz-version-id null date Sun, 19 Nov 2023 08:17:41 GMT via 1.1 a0a81637cc76d6981e4e29044a73b7f6.cloudfront.net (CloudFront) last-modified Fri, 06 May 2022 11:40:06 GMT server AmazonS3 x-amz-cf-pop FRA6-C1 age 29966 etag "70af33d70b6810475aae19743c8c435b" vary Accept-Encoding x-cache Hit from cloudfront content-type image/gif accept-ranges bytes content-length 85 x-amz-cf-id ey5dgi7c6Z9dCPubdcOo113nlGUOT5rQfmabMV6ahZzZhTZGuNuyzw==
GET H3	200	js Show response www.googletagmanager.com/gtag/ Frame 7319	273 KB 91 KB	43ms 42ms	Script application/javascript	2a00:1450:4001:80e::2008 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.googletagmanager.com/gtag/js?id=G-Q7C756EV6G&l=dataLayer&cx=c Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtm.js?id=GTM-TBMT2SF Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:80e::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Google Tag Manager / Resource Hash dfdb26d96ed82ead6113ffca49c866101349bf9ee5fdf7aeb46ee1766af6c53c Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://adv.office-partner.de/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36 Response headers date Sun, 19 Nov 2023 16:21:46 GMT content-encoding br strict-transport-security max-age=31536000; includeSubDomains server Google Tag Manager vary Accept-Encoding content-type application/javascript; charset=UTF-8 access-control-allow-origin * cache-control private, max-age=900 access-control-allow-credentials true cross-origin-resource-policy cross-origin access-control-allow-headers Cache-Control content-length 92917 x-xss-protection 0 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 expires Sun, 19 Nov 2023 16:21:46 GMT
GET DATA	200 OK	truncated / Frame D20B	212 B 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 4a1cba0cf6f073ad5477bed4b2727bf35151c15e429b39f916b4ffc503d6718b Request headers accept-language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36 Response headers Content-Type image/png
GET H2	200	6xKydSBYKcSV-LCoeQqfX1RYOo3i54rwlxdu.woff2 fonts.gstatic.com/s/sourcesanspro/v22/ Frame 2D26	14 KB 15 KB	89ms 22ms	Font font/woff2	2a00:1450:4001:80f::2003 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.gstatic.com/s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3i54rwlxdu.woff2 Requested by Host: fonts.googleapis.com URL: https://fonts.googleapis.com/css?family=Source+Sans+Pro:400,600 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash ca57b79a870bbf54700730858603a70d79743779c1b059922ec401bfddc5adc9 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://fonts.googleapis.com/ Origin https://hal900016.redintelligence.net accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36 Response headers date Sat, 18 Nov 2023 12:44:49 GMT x-content-type-options nosniff age 99417 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 14824 x-xss-protection 0 last-modified Thu, 01 Jun 2023 22:52:55 GMT server sffe cross-origin-opener-policy same-origin; report-to="apps-themes" report-to {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]} content-type font/woff2 access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * expires Sun, 17 Nov 2024 12:44:49 GMT
GET H2	200	6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2 fonts.gstatic.com/s/sourcesanspro/v22/ Frame 2D26	15 KB 15 KB	94ms 28ms	Font font/woff2	2a00:1450:4001:80f::2003 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.gstatic.com/s/sourcesanspro/v22/6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2 Requested by Host: fonts.googleapis.com URL: https://fonts.googleapis.com/css?family=Source+Sans+Pro:400,600 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 7b348b30ea1fe43857e68fc462c29e5c6e63c97666af75135c4396a272e54762 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://fonts.googleapis.com/ Origin https://hal900016.redintelligence.net accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36 Response headers date Sat, 18 Nov 2023 20:59:44 GMT x-content-type-options nosniff age 69722 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 14892 x-xss-protection 0 last-modified Thu, 01 Jun 2023 22:52:56 GMT server sffe cross-origin-opener-policy same-origin; report-to="apps-themes" report-to {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]} content-type font/woff2 access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * expires Sun, 17 Nov 2024 20:59:44 GMT
GET H2	200	sodar Show response pagead2.googlesyndication.com/getconfig/	16 KB 12 KB	75ms 74ms	XHR application/json	2a00:1450:4001:810::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20231109&st=env Requested by Host: pagead2.googlesyndication.com URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202311090101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-6001787570359789&plah=www.up-4ever.net&bust=31079772 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash 03c086c60e697d59fc66069fd00d798ea39bf21721f1cff46e9e30c322ffa86c Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://www.up-4ever.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36 Response headers date Sun, 19 Nov 2023 16:21:46 GMT content-encoding br x-content-type-options nosniff server cafe content-type application/json; charset=UTF-8 access-control-allow-origin * p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" timing-allow-origin * alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 12319 x-xss-protection 0
GET DATA	200 OK	truncated / Frame 932D	210 B 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 80864eef45ae79bd74b6d189225efffde4507cdc1d9bb632b82181b732f09422 Request headers accept-language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36 Response headers Content-Type image/png
GET H2	200	6xKydSBYKcSV-LCoeQqfX1RYOo3i54rwlxdu.woff2 fonts.gstatic.com/s/sourcesanspro/v22/ Frame E2ED	14 KB 15 KB	78ms 45ms	Font font/woff2	2a00:1450:4001:80f::2003 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.gstatic.com/s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3i54rwlxdu.woff2 Requested by Host: fonts.googleapis.com URL: https://fonts.googleapis.com/css?family=Source+Sans+Pro:400,600 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash ca57b79a870bbf54700730858603a70d79743779c1b059922ec401bfddc5adc9 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://fonts.googleapis.com/ Origin https://hal900026.redintelligence.net accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36 Response headers date Sat, 18 Nov 2023 12:44:49 GMT x-content-type-options nosniff age 99417 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 14824 x-xss-protection 0 last-modified Thu, 01 Jun 2023 22:52:55 GMT server sffe cross-origin-opener-policy same-origin; report-to="apps-themes" report-to {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]} content-type font/woff2 access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * expires Sun, 17 Nov 2024 12:44:49 GMT
GET H2	200	6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2 fonts.gstatic.com/s/sourcesanspro/v22/ Frame E2ED	15 KB 15 KB	84ms 51ms	Font font/woff2	2a00:1450:4001:80f::2003 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.gstatic.com/s/sourcesanspro/v22/6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2 Requested by Host: fonts.googleapis.com URL: https://fonts.googleapis.com/css?family=Source+Sans+Pro:400,600 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 7b348b30ea1fe43857e68fc462c29e5c6e63c97666af75135c4396a272e54762 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://fonts.googleapis.com/ Origin https://hal900026.redintelligence.net accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36 Response headers date Sat, 18 Nov 2023 20:59:44 GMT x-content-type-options nosniff age 69722 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 14892 x-xss-protection 0 last-modified Thu, 01 Jun 2023 22:52:56 GMT server sffe cross-origin-opener-policy same-origin; report-to="apps-themes" report-to {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]} content-type font/woff2 access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * expires Sun, 17 Nov 2024 20:59:44 GMT
GET H3	200	sodar2.js Show response tpc.googlesyndication.com/sodar/	17 KB 6 KB	39ms 39ms	Script text/javascript	2a00:1450:4001:800::2001 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://tpc.googlesyndication.com/sodar/sodar2.js Requested by Host: pagead2.googlesyndication.com URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202311090101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-6001787570359789&plah=www.up-4ever.net&bust=31079772 Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://www.up-4ever.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36 Response headers date Sun, 19 Nov 2023 16:21:46 GMT content-encoding gzip x-content-type-options nosniff cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 6386 x-xss-protection 0 server sffe cross-origin-opener-policy same-origin; report-to="adspam-signals-scs" etag "1637097310169751" vary Accept-Encoding report-to {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]} content-type text/javascript cache-control private, max-age=3000 accept-ranges bytes expires Sun, 19 Nov 2023 16:21:46 GMT
GET H3	200	runner.html Show response tpc.googlesyndication.com/sodar/sodar2/225/ Frame C7C4	13 KB 5 KB	23ms 23ms	Document text/html	2a00:1450:4001:800::2001 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html Requested by Host: tpc.googlesyndication.com URL: https://tpc.googlesyndication.com/sodar/sodar2.js Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://www.up-4ever.net/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers accept-ranges bytes age 21726 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 cache-control public, max-age=31536000 content-encoding gzip content-length 5046 content-type text/html cross-origin-opener-policy same-origin; report-to="adspam-signals-scs" cross-origin-resource-policy cross-origin date Sun, 19 Nov 2023 10:19:40 GMT expires Mon, 18 Nov 2024 10:19:40 GMT last-modified Mon, 21 Jun 2021 20:47:05 GMT report-to {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]} server sffe vary Accept-Encoding x-content-type-options nosniff x-xss-protection 0
GET H2	200	aframe Show response www.google.com/recaptcha/api2/ Frame DF28	829 B 1 KB	85ms 32ms	Document text/html	2a00:1450:4001:830::2004 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.google.com/recaptcha/api2/aframe Requested by Host: tpc.googlesyndication.com URL: https://tpc.googlesyndication.com/sodar/sodar2.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:830::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software GSE / Resource Hash 06547aa7af6a90c7e68ca34a2bba265a84c05b798f3a1e4802f138253bfd7a5b Security Headers Name Value Content-Security-Policy script-src 'report-sample' 'nonce-ju9Gs-7XNsH5vPbzt-zcJA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1 X-Content-Type-Options nosniff X-Xss-Protection 1; mode=block Request headers Referer https://www.up-4ever.net/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 cache-control private, max-age=300 content-encoding gzip content-security-policy script-src 'report-sample' 'nonce-ju9Gs-7XNsH5vPbzt-zcJA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1 content-type text/html; charset=utf-8 cross-origin-embedder-policy require-corp cross-origin-resource-policy cross-origin date Sun, 19 Nov 2023 16:21:46 GMT expires Sun, 19 Nov 2023 16:21:46 GMT report-to {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]} server GSE x-content-type-options nosniff x-xss-protection 1; mode=block
GET H3	200	GOa2ZK97xVqw-WOSDw2lqG4V8l_qTiI5JNj0tnI6N88.js Show response pagead2.googlesyndication.com/bg/ Frame C7C4	39 KB 15 KB	22ms 22ms	Script text/javascript	2a00:1450:4001:810::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://pagead2.googlesyndication.com/bg/GOa2ZK97xVqw-WOSDw2lqG4V8l_qTiI5JNj0tnI6N88.js Requested by Host: tpc.googlesyndication.com URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 18e6b664af7bc55ab0f963920f0da5a86e15f25fea4e223924d8f4b6723a37cf Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://tpc.googlesyndication.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36 Response headers date Sun, 19 Nov 2023 10:17:57 GMT content-encoding br x-content-type-options nosniff age 21829 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 15296 x-xss-protection 0 last-modified Mon, 06 Nov 2023 16:38:00 GMT server sffe cross-origin-opener-policy same-origin; report-to="botguard-scs" vary Accept-Encoding report-to {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]} content-type text/javascript cache-control public, max-age=31536000 accept-ranges bytes expires Mon, 18 Nov 2024 10:17:57 GMT
GET H3	204	sodar pagead2.googlesyndication.com/pagead/ Frame DF28	0 0	55ms 55ms	Image text/html	2a00:1450:4001:810::2002 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20231109&jk=1015309954588737&rc= Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers accept-language de-DE,de;q=0.9 Referer https://www.google.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36 Response headers
GET H3	204	generate_204 tpc.googlesyndication.com/ Frame C7C4	0 10 B	23ms 22ms	Image text/plain	2a00:1450:4001:800::2001 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://tpc.googlesyndication.com/generate_204?CRrRUw Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers accept-language de-DE,de;q=0.9 Referer https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36 Response headers date Sun, 19 Nov 2023 16:21:46 GMT cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 0
POST H2	200	tracking-event Show response api.webgains.io/ Frame D20B	16 B 209 B	93ms 93ms	Fetch application/json	18.170.173.249 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://api.webgains.io/tracking-event Requested by Host: analytics.webgains.io URL: https://analytics.webgains.io/pvClk.min.js Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 18.170.173.249 London, United Kingdom, ASN16509 (AMAZON-02, US), Reverse DNS ec2-18-170-173-249.eu-west-2.compute.amazonaws.com Software nginx / PHP/8.1.14 Resource Hash c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 1; mode=block Request headers Referer https://googleads.g.doubleclick.net/ accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36 Content-Type application/json Response headers date Sun, 19 Nov 2023 16:21:47 GMT x-content-type-options nosniff server nginx x-powered-by PHP/8.1.14 content-type application/json access-control-allow-origin * cache-control no-cache, private x-xss-protection 1; mode=block
POST H2	200	tracking-event Show response api.webgains.io/ Frame 932D	16 B 209 B	76ms 76ms	Fetch application/json	18.170.173.249 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://api.webgains.io/tracking-event Requested by Host: analytics.webgains.io URL: https://analytics.webgains.io/pvClk.min.js Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 18.170.173.249 London, United Kingdom, ASN16509 (AMAZON-02, US), Reverse DNS ec2-18-170-173-249.eu-west-2.compute.amazonaws.com Software nginx / PHP/8.1.14 Resource Hash c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 1; mode=block Request headers Referer https://googleads.g.doubleclick.net/ accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36 Content-Type application/json Response headers date Sun, 19 Nov 2023 16:21:47 GMT x-content-type-options nosniff server nginx x-powered-by PHP/8.1.14 content-type application/json access-control-allow-origin * cache-control no-cache, private x-xss-protection 1; mode=block
GET H3	204	sodar pagead2.googlesyndication.com/pagead/	0 0	59ms 59ms	Image text/html	2a00:1450:4001:810::2002 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gda_r20231109&jk=1015309954588737&bg=!AwClAE_NAAZxrfrxUa07ADQBe5WfOKkDOE_HPl_fs1CD2eGvYZcc1loI8JTw7nOfHjOti09UQwkIf9zCwBAAlMdc4wJHAgAAAFFSAAAAAmgBB5kCtp0SWMbNlI10Imt7SqR1zo4MJezEvIRaxToAISjaqSzSA_XctVv3bXsiKNuEOzhaZ4MSXvQeCUJhTKK-D3pdlhCpeYkt7rE1wXQttn9Qo9Sf8_AXGY3VZJu8nnYb9meX1mfRMn58bi-Tfg1kh7DJle49yWOLN3aYXeMRyxK3UVm01nexS6CnMz6tXeFn16lukQoEeIlijbLupCHi8pI9xC9I0TaO6bpuzX0IBtfCPBX0JpiVN7PjxnBrSn2_lIA_hmQ1jAJZT4ZXwL1eJj1Ek8fNNPi7sSLrtZ9k3TMBj5VKCX_daB-fnZIY3R3TaQkuB5yxHCWDurMuAUZgvSSUWlMK0vBlWnugwS7pNHN2iCr2jtYXfleKspnleRi56VPs0ArIVGrzbDs5wajoQmeJJ9PM8TmxNIu7avG2cshrquoQf1WlEBPYuQK_4_HZnwqoHCHPtTu_8ysV3IxB6_KqFmgwBNo62yorXl0mH6LPI7MWpfkuif67NqPqDMKknAAoA3EAgvhUUFiAEwcsW4BFz214jh_zD_Xa49OILkd6ZiGYgvNPQl8Egl2RwUm3wQozFr1ZfgKgb0e4iCp0ODEjBQd9QYcXEQ78xpV_ozwhpNskFCuHjj7fAC1y0HEkhj7Lej8dUDmAZOJw_-a_VBiTT_JaG_8bW-AJdvfEidQehVnZON3neKPffzf8xr9l1bEzaRej1QvneVAK2LvZIgfno1p4D_701jquFu2WNN88gcV7ZcgQYOQwglmfIXnzOCrhizxyNa7IfIat-jlAe1qw0gBB9jYxTqI9QwwyFDu_GgzUZwZoLSVr-na6PsjFaksZLJaKyJzgDB7FilLrQJwOqgcSjGZM8sQGtOzDFVsJr-iEvfkQFcXZM_IYQ3tTkLImSb3HEWYXYwPSBdcQS-2T3_X3txaSLWI Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers accept-language de-DE,de;q=0.9 Referer https://www.up-4ever.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36 Response headers
OPTIONS H2	204	tracking-event api.webgains.io/ Frame	0 0	242ms 37ms	Preflight	18.170.173.249 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://api.webgains.io/tracking-event Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 18.170.173.249 London, United Kingdom, ASN16509 (AMAZON-02, US), Reverse DNS ec2-18-170-173-249.eu-west-2.compute.amazonaws.com Software nginx / Resource Hash Request headers Accept */* Access-Control-Request-Headers content-type Access-Control-Request-Method POST Origin https://googleads.g.doubleclick.net Sec-Fetch-Mode cors User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36 Response headers access-control-allow-headers Authorization, Content-Type access-control-allow-methods GET, POST, PUT, DELETE, OPTIONS access-control-allow-origin * date Sun, 19 Nov 2023 16:21:47 GMT server nginx
OPTIONS H2	204	tracking-event api.webgains.io/ Frame	0 0	228ms 36ms	Preflight	18.170.173.249 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://api.webgains.io/tracking-event Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 18.170.173.249 London, United Kingdom, ASN16509 (AMAZON-02, US), Reverse DNS ec2-18-170-173-249.eu-west-2.compute.amazonaws.com Software nginx / Resource Hash Request headers Accept */* Access-Control-Request-Headers content-type Access-Control-Request-Method POST Origin https://googleads.g.doubleclick.net Sec-Fetch-Mode cors User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36 Response headers access-control-allow-headers Authorization, Content-Type access-control-allow-methods GET, POST, PUT, DELETE, OPTIONS access-control-allow-origin * date Sun, 19 Nov 2023 16:21:47 GMT server nginx
POST H3	204	gen_204 pagead2.googlesyndication.com/pagead/ Frame D20B	0 20 B	55ms 55ms	Ping image/gif	2a00:1450:4001:810::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=4108658946137&version=m202309260101&ct=77&x=1&cor=15062326055755076000 Requested by Host: pagead2.googlesyndication.com URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://googleads.g.doubleclick.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36 Response headers pragma no-cache date Sun, 19 Nov 2023 16:21:47 GMT x-content-type-options nosniff server cafe content-type image/gif p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cache-control no-cache, must-revalidate cross-origin-resource-policy cross-origin timing-allow-origin * alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 0 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
POST H3	204	gen_204 pagead2.googlesyndication.com/pagead/ Frame 932D	0 20 B	58ms 57ms	Ping image/gif	2a00:1450:4001:810::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=7174699676739&version=m202309260101&ct=77&x=1&cor=1690277075548961000 Requested by Host: pagead2.googlesyndication.com URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://googleads.g.doubleclick.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36 Response headers pragma no-cache date Sun, 19 Nov 2023 16:21:47 GMT x-content-type-options nosniff server cafe content-type image/gif p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cache-control no-cache, must-revalidate cross-origin-resource-policy cross-origin timing-allow-origin * alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 0 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H3	200	activeview Show response pagead2.googlesyndication.com/pcs/ Frame D20B	42 B 64 B	173ms 172ms	Fetch image/gif	2a00:1450:4001:810::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsu7fgqt4n8IyAjUmhI3iOwa8L3-82nNF9g34pyyiZwNT04GewkHQflkCTvP1DwwEPJHd2Dtlq3Q1RFU7I0Vn_YJgR_SYtxTdU0Qsbh8u4gCFZ8Cl72vCU1HLZX_SEWKHA8&sai=AMfl-YRvF2c2ilSFbyQfmM0v94wd84EGDdEehl15UVZ7mDkCS0p6IKWN9gx_ciBvIx5WPy0hjufeViOBTC1b7TXw8QSIpCKQbylnQiKmIG3ixkddXGrftganzPCHr0UQ6LmeB4FbQr8kQUPOnYzqLMi8WQ&sig=Cg0ArKJSzLaAOrmKHioiEAE&cid=CAQSTwDICaaNAdVTiH2hLcoqEHHslJSU2SDO4ZDvaTlU1HcRwfBF4CSJ9O8DmAL2_SVkGemA9Y86sVls-DrW-v2g1wfxQYokCWUyj2pO5glutiYYAQ&id=lidar2&mcvt=1042&p=0,0,600,160&mtos=1042,1042,1042,1042,1042&tos=1042,0,0,0,0&v=20231116&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=20&adk=1812271804&rs=2&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&vs=4&r=v&rst=1700410905100&rpt=775&met=ie&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0 Requested by Host: www.googletagservices.com URL: https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914 Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://googleads.g.doubleclick.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36 Response headers pragma no-cache date Sun, 19 Nov 2023 16:21:47 GMT x-content-type-options nosniff server cafe content-type image/gif access-control-allow-origin * p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cache-control no-cache, must-revalidate cross-origin-resource-policy cross-origin timing-allow-origin * alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 42 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H3	200	activeview Show response pagead2.googlesyndication.com/pcs/ Frame 932D	42 B 64 B	172ms 171ms	Fetch image/gif	2a00:1450:4001:810::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjst8hbheHuSlHahj6smK3r8wKPXJdGo7j9au1O8i4kIS_resCDRrt9yG5uk1zRTplfirPLTP7gj6v9nnx4jiEwjxdu15Ght7VaG1K9i6cSFBFnwC7HMp-d99lT76bj1dhv8&sai=AMfl-YTGm5ZisAnf8G3ZEC7sU_EHs7rCgbpZFksX26ZJQhTi5f0b7aUaQtfEFr62p0WwSWX8oRgRPYnJ_aFXwHf9Lpvkb2SuxXYjYT5JdUmBUjHpYraphQy4wfdB-ydDqeCCKYpqfQTKupvT0SQK4VqB3A&sig=Cg0ArKJSzB6VUbYJ8DXPEAE&cid=CAQSTwDICaaNAdVTiH2hLcoqEHHslJSU2SDO4ZDvaTlU1HcRwfBF4CSJ9O8DmAL2_SVkGemA9Y86sVls-DrW-v2g1wfxQYokCWUyj2pO5glutiYYAQ&id=lidar2&mcvt=1029&p=0,0,600,160&mtos=1029,1029,1029,1029,1029&tos=1029,0,0,0,0&v=20231116&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=20&adk=1812271803&rs=2&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&vs=4&r=v&rst=1700410905117&rpt=796&met=ie&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0 Requested by Host: www.googletagservices.com URL: https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914 Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://googleads.g.doubleclick.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36 Response headers pragma no-cache date Sun, 19 Nov 2023 16:21:47 GMT x-content-type-options nosniff server cafe content-type image/gif access-control-allow-origin * p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cache-control no-cache, must-revalidate cross-origin-resource-policy cross-origin timing-allow-origin * alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 42 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H/1.1	200 OK	viewability Show response hal900016.redintelligence.net/ Frame 2D26	0 150 B	86ms 30ms	Script text/html	138.201.220.30 HETZNER-AS
General Check archive.org Show headers Download Go to Full URL https://hal900016.redintelligence.net/viewability?s=65579000083252404444556012513016&a=b71fc2e6&vb=v Requested by Host: hal900016.redintelligence.net URL: https://hal900016.redintelligence.net/request_content.php?s=65579000083252404444556012513016&a=737493f0 Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 138.201.220.30 , Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS static.30.220.201.138.clients.your-server.de Software Apache / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers accept-language de-DE,de;q=0.9 Referer https://hal900016.redintelligence.net/request_content.php?s=65579000083252404444556012513016&a=737493f0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36 Response headers Date Sun, 19 Nov 2023 16:21:47 GMT Server Apache Connection close Content-Length 0 Content-Type text/html; charset=UTF-8
GET H/1.1	200 OK	viewability Show response hal900026.redintelligence.net/ Frame E2ED	0 150 B	86ms 29ms	Script text/html	138.201.84.244 HETZNER-AS
General Check archive.org Show headers Download Go to Full URL https://hal900026.redintelligence.net/viewability?s=68478800076149004444556012513026&a=523c11be&vb=v Requested by Host: hal900026.redintelligence.net URL: https://hal900026.redintelligence.net/request_content.php?s=68478800076149004444556012513026&a=362f7207 Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 138.201.84.244 , Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS static.244.84.201.138.clients.your-server.de Software Apache / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers accept-language de-DE,de;q=0.9 Referer https://hal900026.redintelligence.net/request_content.php?s=68478800076149004444556012513026&a=362f7207 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36 Response headers Date Sun, 19 Nov 2023 16:21:47 GMT Server Apache Connection close Content-Length 0 Content-Type text/html; charset=UTF-8