bfa.herodamage.com Open in urlscan Pro
2606:4700:20::681a:e4e Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://bfa.herodamage.com/
Effective URL:
https://bfa.herodamage.com/
Submission: On November 18 via api (November 18th 2023, 12:03:44 pm UTC) from US — Scanned from DE

Summary HTTP 201 Redirects Links 6 Behaviour Indicators

Summary

This website contacted 35 IPs in 9 countries across 34 domains to perform 201 HTTP transactions. The main IP is 2606:4700:20::681a:e4e, located in United States and belongs to CLOUDFLARENET, US. The main domain is bfa.herodamage.com.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on April 6th 2023. Valid for: a year.

This is the only time bfa.herodamage.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	2606:4700:20:... 2606:4700:20::ac43:466f	13335 (CLOUDFLAR...) (CLOUDFLARENET)
43	2606:4700:20:... 2606:4700:20::681a:e4e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2a00:1450:400... 2a00:1450:4001:827::200a	15169 (GOOGLE) (GOOGLE)
7	2a00:1450:400... 2a00:1450:4001:828::2002	15169 (GOOGLE) (GOOGLE)
2	2606:4700::68... 2606:4700::6811:190e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	18.66.112.120 18.66.112.120	16509 (AMAZON-02) (AMAZON-02)
2	2a00:1450:400... 2a00:1450:4001:829::200e	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:811::2003	15169 (GOOGLE) (GOOGLE)
43	2a00:1450:400... 2a00:1450:4001:812::2002	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:812::2001	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:400c:c06::9b	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:830::2008	15169 (GOOGLE) (GOOGLE)
23	2a00:1450:400... 2a00:1450:4001:800::2001	15169 (GOOGLE) (GOOGLE)
1	2001:4860:480... 2001:4860:4802:32::36	15169 (GOOGLE) (GOOGLE)
1 8	2a00:1450:400... 2a00:1450:4001:829::2004	15169 (GOOGLE) (GOOGLE)
1 9	2a00:1450:400... 2a00:1450:4001:82a::2002	15169 (GOOGLE) (GOOGLE)
1	2600:9000:206... 2600:9000:206f:5400:1b:f040:3600:93a1	16509 (AMAZON-02) (AMAZON-02)
1	154.58.197.185 154.58.197.185	174 (COGENT-174) (COGENT-174)
1	2600:9000:225... 2600:9000:2251:6600:3:4706:a6c0:93a1	16509 (AMAZON-02) (AMAZON-02)
1	3.121.142.228 3.121.142.228	16509 (AMAZON-02) (AMAZON-02)
2	2a02:fa8:8806... 2a02:fa8:8806:16::1370	41041 (VCLK-EU-SE) (VCLK-EU-SE)
2 5	2606:4700::68... 2606:4700::6812:19ad	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	35.71.131.137 35.71.131.137	16509 (AMAZON-02) (AMAZON-02)
3 3	35.186.193.173 35.186.193.173	15169 (GOOGLE) (GOOGLE)
1 14	142.250.185.66 142.250.185.66	15169 (GOOGLE) (GOOGLE)
2 2	213.155.156.165 213.155.156.165	1299 (TWELVE99 ...) (TWELVE99 Arelion)
2 2	37.157.2.228 37.157.2.228	198622 (ADFORM) (ADFORM)
2 2	51.75.86.98 51.75.86.98	16276 (OVH) (OVH)
1	2600:1901:0:7... 2600:1901:0:76b9::	15169 (GOOGLE) (GOOGLE)
14	2606:4700:20:... 2606:4700:20::681a:bd1	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 1	151.101.130.49 151.101.130.49	54113 (FASTLY) (FASTLY)
1 1	35.204.74.118 35.204.74.118	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
2	3.127.95.101 3.127.95.101	16509 (AMAZON-02) (AMAZON-02)
1 2	2.16.97.41 2.16.97.41	16625 (AKAMAI-AS) (AKAMAI-AS)
1	2606:4700:20:... 2606:4700:20::681a:61b	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	2a00:1450:400... 2a00:1450:4001:806::2003	15169 (GOOGLE) (GOOGLE)
2 2	142.250.186.38 142.250.186.38	15169 (GOOGLE) (GOOGLE)
2 2	84.200.5.215 84.200.5.215	44066 (DE-FIRSTC...) (DE-FIRSTCOLO www.first-colo.net)
1	167.233.13.224 167.233.13.224	24940 (HETZNER-AS) (HETZNER-AS)
2	92.123.148.9 92.123.148.9	16625 (AKAMAI-AS) (AKAMAI-AS)
1	2620:116:800d... 2620:116:800d:21:93ca:31d8:d86e:38f6	16509 (AMAZON-02) (AMAZON-02)
1	98.98.134.242 98.98.134.242	21859 (ZEN-ECN) (ZEN-ECN)
1 1	35.190.0.66 35.190.0.66	15169 (GOOGLE) (GOOGLE)
2	142.250.186.130 142.250.186.130	15169 (GOOGLE) (GOOGLE)
201	35

1 2606:4700:20::ac43:466f (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

bfa.herodamage.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

43 2606:4700:20::681a:e4e (United States)

ASN13335 (CLOUDFLARENET, US)

bfa.herodamage.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:827::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a00:1450:4001:828::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6811:190e (United States)

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.66.112.120 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-112-120.fra56.r.cloudfront.net

wow.zamimg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:829::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:811::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

43 2a00:1450:4001:812::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:812::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

52d9ebb87ca617cc5c6c4da4f45f7058.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c06::9b (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:830::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

23 2a00:1450:4001:800::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4860:4802:32::36 (United States)

ASN15169 (GOOGLE, US)

region1.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2a00:1450:4001:829::2004 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2a00:1450:4001:82a::2002 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:206f:5400:1b:f040:3600:93a1 (United States)

ASN16509 (AMAZON-02, US)

ads.w55c.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 154.58.197.185 (Spain)

ASN174 (COGENT-174, US)
PTR: staticip-hv4m185.hispavista.com

t.hspvst.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2251:6600:3:4706:a6c0:93a1 (United States)

ASN16509 (AMAZON-02, US)

cti.w55c.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.121.142.228 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-121-142-228.eu-central-1.compute.amazonaws.com

i.w55c.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:fa8:8806:16::1370 (Singapore)

ASN41041 (VCLK-EU-SE, US)

dclk-match.dotomi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2606:4700::6812:19ad (United States) 2 redirects

ASN13335 (CLOUDFLARENET, US)

a.tribalfusion.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
s.tribalfusion.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.71.131.137 (United States)

ASN16509 (AMAZON-02, US)
PTR: a6370ebea231e0c9a.awsglobalaccelerator.com

match.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 35.186.193.173 (Kansas City, United States) 3 redirects

ASN15169 (GOOGLE, US)
PTR: 173.193.186.35.bc.googleusercontent.com

gcm.ctnsnet.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ius.ctnsnet.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 142.250.185.66 (United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: fra16s48-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 213.155.156.165 (Sweden) 2 redirects

ASN1299 (TWELVE99 Arelion, fka Telia Carrier, SE)

d5p.de17a.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 37.157.2.228 (Denmark) 2 redirects

ASN198622 (ADFORM, DK)

c1.adform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 51.75.86.98 (France) 2 redirects

ASN16276 (OVH, FR)
PTR: ip98.ip-51-75-86.eu

onetag-sys.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:1901:0:76b9:: (Kansas City, United States)

ASN15169 (GOOGLE, US)

prod-rtb.ad4mat.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 2606:4700:20::681a:bd1 (United States)

ASN13335 (CLOUDFLARENET, US)

as.ad4m.at	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ad4m.at	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
assets.ad4m.at	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.130.49 (United States) 1 redirects

ASN54113 (FASTLY, US)

sync-tm.everesttech.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.204.74.118 (Groningen, Netherlands) 1 redirects

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 118.74.204.35.bc.googleusercontent.com

um.simpli.fi	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 3.127.95.101 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-127-95-101.eu-central-1.compute.amazonaws.com

x.bidswitch.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2.16.97.41 (Frankfurt am Main, Germany) 1 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a2-16-97-41.deploy.static.akamaitechnologies.com

sync.teads.tv	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:20::681a:61b (United States)

ASN13335 (CLOUDFLARENET, US)

static-de.ad4mat.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:806::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.186.38 (United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: fra24s04-in-f6.1e100.net

ad.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 84.200.5.215 (Germany) 2 redirects

ASN44066 (DE-FIRSTCOLO www.first-colo.net, DE)

www.telefonica-partner.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.lead-alliance.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 167.233.13.224 (Hallbergmoos, Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.224.13.233.167.clients.your-server.de

partner.o2online.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 92.123.148.9 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a92-123-148-9.deploy.static.akamaitechnologies.com

www.awin1.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:116:800d:21:93ca:31d8:d86e:38f6 (United States)

ASN16509 (AMAZON-02, US)

cms.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 98.98.134.242 (United States)

ASN21859 (ZEN-ECN, US)

pixel-sync.sitescout.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.190.0.66 (Kansas City, United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: 66.0.190.35.bc.googleusercontent.com

ads.travelaudience.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.186.130 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s07-in-f2.1e100.net

www.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
60	googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 97 52d9ebb87ca617cc5c6c4da4f45f7058.safeframe.googlesyndication.com tpc.googlesyndication.com — Cisco Umbrella Rank: 149	797 KB
44	herodamage.com 1 redirects bfa.herodamage.com	285 KB
36	doubleclick.net 4 redirects securepubads.g.doubleclick.net — Cisco Umbrella Rank: 196 stats.g.doubleclick.net — Cisco Umbrella Rank: 78 googleads.g.doubleclick.net — Cisco Umbrella Rank: 33 cm.g.doubleclick.net — Cisco Umbrella Rank: 245 ad.doubleclick.net — Cisco Umbrella Rank: 154	255 KB
14	ad4m.at as.ad4m.at — Cisco Umbrella Rank: 33424 ad4m.at — Cisco Umbrella Rank: 12394 assets.ad4m.at — Cisco Umbrella Rank: 45800	121 KB
8	google.com 1 redirects www.google.com — Cisco Umbrella Rank: 2	3 KB
7	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 212	413 KB
6	gstatic.com fonts.gstatic.com www.gstatic.com	89 KB
5	tribalfusion.com 2 redirects a.tribalfusion.com — Cisco Umbrella Rank: 860 s.tribalfusion.com — Cisco Umbrella Rank: 2311	3 KB
3	ctnsnet.com 3 redirects gcm.ctnsnet.com — Cisco Umbrella Rank: 54581 ius.ctnsnet.com — Cisco Umbrella Rank: 6637	2 KB
3	w55c.net ads.w55c.net — Cisco Umbrella Rank: 12680 cti.w55c.net — Cisco Umbrella Rank: 2945 i.w55c.net — Cisco Umbrella Rank: 1952	47 KB
3	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 27 region1.google-analytics.com — Cisco Umbrella Rank: 2462	21 KB
2	googleadservices.com www.googleadservices.com — Cisco Umbrella Rank: 145
2	awin1.com www.awin1.com — Cisco Umbrella Rank: 18131	1 KB
2	teads.tv 1 redirects sync.teads.tv — Cisco Umbrella Rank: 1403	496 B
2	bidswitch.net x.bidswitch.net — Cisco Umbrella Rank: 351	291 B
2	ad4mat.net prod-rtb.ad4mat.net — Cisco Umbrella Rank: 150954 static-de.ad4mat.net — Cisco Umbrella Rank: 188473	4 KB
2	onetag-sys.com 2 redirects onetag-sys.com — Cisco Umbrella Rank: 746	831 B
2	adform.net 2 redirects c1.adform.net — Cisco Umbrella Rank: 599	1 KB
2	de17a.com 2 redirects d5p.de17a.com — Cisco Umbrella Rank: 4905	653 B
2	dotomi.com dclk-match.dotomi.com — Cisco Umbrella Rank: 3451	207 B
2	zamimg.com wow.zamimg.com — Cisco Umbrella Rank: 88298	99 KB
2	cloudflare.com cdnjs.cloudflare.com — Cisco Umbrella Rank: 223	8 KB
2	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 31	2 KB
1	travelaudience.com 1 redirects ads.travelaudience.com — Cisco Umbrella Rank: 5683	599 B
1	sitescout.com pixel-sync.sitescout.com — Cisco Umbrella Rank: 726	187 B
1	quantserve.com cms.quantserve.com — Cisco Umbrella Rank: 764	463 B
1	o2online.de partner.o2online.de — Cisco Umbrella Rank: 90716	1 KB
1	lead-alliance.net 1 redirects www.lead-alliance.net — Cisco Umbrella Rank: 83719	427 B
1	telefonica-partner.de 1 redirects www.telefonica-partner.de — Cisco Umbrella Rank: 82742	257 B
1	simpli.fi 1 redirects um.simpli.fi — Cisco Umbrella Rank: 795	762 B
1	everesttech.net 1 redirects sync-tm.everesttech.net — Cisco Umbrella Rank: 709	589 B
1	adsrvr.org match.adsrvr.org — Cisco Umbrella Rank: 353	149 B
1	hspvst.com t.hspvst.com — Cisco Umbrella Rank: 284566	924 B
1	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 35	82 KB
201	34

	Domain	Requested by
44	bfa.herodamage.com	1 redirects bfa.herodamage.com
33	pagead2.googlesyndication.com	securepubads.g.doubleclick.net tpc.googlesyndication.com 52d9ebb87ca617cc5c6c4da4f45f7058.safeframe.googlesyndication.com pagead2.googlesyndication.com googleads.g.doubleclick.net www.googletagservices.com
23	tpc.googlesyndication.com	securepubads.g.doubleclick.net tpc.googlesyndication.com 52d9ebb87ca617cc5c6c4da4f45f7058.safeframe.googlesyndication.com pagead2.googlesyndication.com googleads.g.doubleclick.net
14	cm.g.doubleclick.net	1 redirects googleads.g.doubleclick.net
10	securepubads.g.doubleclick.net	www.googletagservices.com securepubads.g.doubleclick.net 52d9ebb87ca617cc5c6c4da4f45f7058.safeframe.googlesyndication.com
9	googleads.g.doubleclick.net	1 redirects pagead2.googlesyndication.com googleads.g.doubleclick.net
8	www.google.com	1 redirects tpc.googlesyndication.com googleads.g.doubleclick.net
7	www.googletagservices.com	bfa.herodamage.com 52d9ebb87ca617cc5c6c4da4f45f7058.safeframe.googlesyndication.com googleads.g.doubleclick.net
6	assets.ad4m.at	as.ad4m.at
4	ad4m.at	as.ad4m.at ad4m.at
4	as.ad4m.at	googleads.g.doubleclick.net as.ad4m.at ad4m.at
4	52d9ebb87ca617cc5c6c4da4f45f7058.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
3	www.gstatic.com	googleads.g.doubleclick.net
3	a.tribalfusion.com	2 redirects googleads.g.doubleclick.net
3	fonts.gstatic.com	fonts.googleapis.com
2	www.googleadservices.com
2	www.awin1.com	as.ad4m.at
2	ad.doubleclick.net	2 redirects
2	sync.teads.tv	1 redirects
2	ius.ctnsnet.com	2 redirects
2	x.bidswitch.net	googleads.g.doubleclick.net
2	onetag-sys.com	2 redirects
2	c1.adform.net	2 redirects
2	d5p.de17a.com	2 redirects
2	s.tribalfusion.com
2	dclk-match.dotomi.com	googleads.g.doubleclick.net
2	www.google-analytics.com	bfa.herodamage.com www.google-analytics.com
2	wow.zamimg.com	bfa.herodamage.com wow.zamimg.com
2	cdnjs.cloudflare.com	bfa.herodamage.com
2	fonts.googleapis.com	bfa.herodamage.com googleads.g.doubleclick.net
1	ads.travelaudience.com	1 redirects
1	pixel-sync.sitescout.com	googleads.g.doubleclick.net
1	cms.quantserve.com	googleads.g.doubleclick.net
1	partner.o2online.de	as.ad4m.at
1	www.lead-alliance.net	1 redirects
1	www.telefonica-partner.de	1 redirects
1	static-de.ad4mat.net	as.ad4m.at
1	um.simpli.fi	1 redirects
1	sync-tm.everesttech.net	1 redirects
1	prod-rtb.ad4mat.net	googleads.g.doubleclick.net
1	gcm.ctnsnet.com	1 redirects
1	match.adsrvr.org	googleads.g.doubleclick.net
1	i.w55c.net	googleads.g.doubleclick.net
1	cti.w55c.net	googleads.g.doubleclick.net
1	t.hspvst.com	googleads.g.doubleclick.net
1	ads.w55c.net	googleads.g.doubleclick.net
1	region1.google-analytics.com	www.googletagmanager.com
1	www.googletagmanager.com	www.google-analytics.com
1	stats.g.doubleclick.net	www.google-analytics.com
201	49

This site contains links to these domains. Also see Links.

Domain
cookiesandyou.com
github.com
shadowlands.herodamage.com
shadowlands-prepatch.herodamage.com
bfa-prepatch.herodamage.com
legion.herodamage.com

Subject Issuer	Validity	Valid
herodamage.com Cloudflare Inc ECC CA-3	`2023-04-06` - `2024-04-05`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2023-10-23` - `2024-01-15`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2023-10-23` - `2024-01-15`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2023-07-03` - `2024-07-02`	a year	crt.sh
*.zamimg.com Amazon RSA 2048 M01	`2023-09-21` - `2024-10-18`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2023-10-23` - `2024-01-15`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2023-10-23` - `2024-01-15`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2023-10-23` - `2024-01-15`	3 months	crt.sh
www.google.com GTS CA 1C3	`2023-10-23` - `2024-01-15`	3 months	crt.sh
*.google.com GTS CA 1C3	`2023-10-23` - `2024-01-15`	3 months	crt.sh
ads.w55c.net Amazon RSA 2048 M02	`2023-07-19` - `2024-08-16`	a year	crt.sh
*.hspvst.com Gandi Standard SSL CA 2	`2022-12-12` - `2023-12-09`	a year	crt.sh
*.w55c.net Amazon RSA 2048 M02	`2023-05-29` - `2024-06-25`	a year	crt.sh
*.dotomi.com GlobalSign RSA OV SSL CA 2018	`2023-08-15` - `2024-09-15`	a year	crt.sh
*.adsrvr.org GlobalSign GCC R3 DV TLS CA 2020	`2023-04-12` - `2024-05-13`	a year	crt.sh
prod-rtb.ad4mat.net GTS CA 1D4	`2023-09-26` - `2023-12-25`	3 months	crt.sh
*.bidswitch.net Sectigo RSA Domain Validation Secure Server CA	`2023-03-23` - `2024-03-23`	a year	crt.sh
ad4mat.net GTS CA 1P5	`2023-11-18` - `2024-02-16`	3 months	crt.sh
www.awin1.com DigiCert TLS RSA SHA256 2020 CA1	`2023-03-10` - `2024-03-09`	a year	crt.sh
quantserve.com R3	`2023-10-28` - `2024-01-26`	3 months	crt.sh
*.sitescout.com GeoTrust Global TLS RSA4096 SHA256 2022 CA1	`2023-01-09` - `2024-02-02`	a year	crt.sh
www.googleadservices.com GTS CA 1C3	`2023-10-23` - `2024-01-15`	3 months	crt.sh

This page contains 25 frames:

Primary Page: https://bfa.herodamage.com/
Frame ID: 57E6CEFE65FBE20CBD31E3446F713392
Requests: 78 HTTP requests in this frame

Frame: https://52d9ebb87ca617cc5c6c4da4f45f7058.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: 98DBD39BC7E30EF8A76EF79F74339F95
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: F1F2C957A43FE143828CE5F128B03DA3
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 9CAC6215313B9E3645A469038926F9F5
Requests: 2 HTTP requests in this frame

Frame: https://52d9ebb87ca617cc5c6c4da4f45f7058.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: 29840421CCA8729D26DF2D87C58BD92C
Requests: 12 HTTP requests in this frame

Frame: https://52d9ebb87ca617cc5c6c4da4f45f7058.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: 70F75F19755B06D977B50669B1F13D3C
Requests: 12 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20190131/zrt_lookup_fy2021.html
Frame ID: 75FFE5C51AE2AD86279A2E485DE6167E
Requests: 1 HTTP requests in this frame

Frame: https://52d9ebb87ca617cc5c6c4da4f45f7058.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: 46B0BB2AD286AE7103BFB603832EB0A7
Requests: 12 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5677349133508739&output=html&h=90&slotname=6769088917&adk=3547755940&adf=3173046728&pi=t.ma~as.6769088917&w=728&format=728x90&url=https%3A%2F%2Fbfa.herodamage.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1700309018659&bpp=4&bdt=144&idt=177&shv=r20231109&mjsv=m202311140101&ptt=9&saldr=aa&correlator=7298728168825&frm=24&ife=3&pv=2&ga_vid=1970342740.1700309019&ga_sid=1700309019&ga_hid=41962813&ga_fc=0&nhd=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=728&ish=90&ifk=1100524035&scr_x=-12245933&scr_y=-12245933&eid=44759875%2C44759926%2C44759837%2C31079605%2C44795922%2C31078301%2C31079699%2C44806141%2C44807763%2C44808148%2C44808284%2C44809056%2C44809072%2C21065725&oid=2&pvsid=1585363892244544&tmod=709725243&uas=0&nvt=1&etu=AA-V4qMZOgiCtPIjdJOUQQONkWOdFRMkM73TdY2nvRGSf9W2ezaO7Bg4EqKy2j-ADKkAyTQA3SqMuH8tJPPfGQ&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C728%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=1&uci=1.hj0te8kk74vu&fsb=1&dtd=218
Frame ID: AB707F12072846F3FD55866E18575FE5
Requests: 12 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5677349133508739&output=html&h=600&slotname=3965109405&adk=2350305474&adf=3173046727&pi=t.ma~as.3965109405&w=120&format=120x600&url=https%3A%2F%2Fbfa.herodamage.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1700309018704&bpp=3&bdt=181&idt=252&shv=r20231109&mjsv=m202311090102&ptt=9&saldr=aa&correlator=194850047567&frm=24&ife=3&pv=2&ga_vid=1812915870.1700309019&ga_sid=1700309019&ga_hid=1000526508&ga_fc=0&nhd=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=120&ish=600&ifk=749952921&scr_x=-12245933&scr_y=-12245933&eid=44759876%2C44759927%2C44759837%2C31079628%2C44809316%2C31078297%2C31079773%2C44807763%2C44808148%2C44808284%2C44809053&oid=2&pvsid=1056821916372595&tmod=75059055&uas=0&nvt=1&etu=AA-V4qMZOgiCtPIjdJOUQQONkWOdFRMkM73TdY2nvRGSf9W2ezaO7Bg4EqKy2j-ADKkAyTQA3SqMuH8tJPPfGQ&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C120%2C600&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=1&uci=1.hcyzo3by14ev&fsb=1&dtd=273
Frame ID: AF822CC16DC62CC235A95A8BD843628B
Requests: 9 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 33C4E323443BC3C34BBCD4864EA195A2
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 8DE05AAFF4BB0ECE4369CCDDD0CB1D46
Requests: 2 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5677349133508739&output=html&h=90&slotname=4706457386&adk=4108698210&adf=3173046727&pi=t.ma~as.4706457386&w=970&format=970x90&url=https%3A%2F%2Fbfa.herodamage.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1700309018930&bpp=4&bdt=123&idt=166&shv=r20231109&mjsv=m202311150101&ptt=9&saldr=aa&correlator=2401878791743&frm=24&ife=3&pv=2&ga_vid=1854778231.1700309019&ga_sid=1700309019&ga_hid=1334383617&ga_fc=0&nhd=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=970&ish=90&ifk=1083495207&scr_x=-12245933&scr_y=-12245933&eid=44759875%2C44759926%2C31079437%2C31079606%2C42532265%2C44795922%2C44809317%2C31078297%2C31079757%2C44807764%2C44808149%2C44808285%2C44809053&oid=2&pvsid=589745120229187&tmod=810727195&uas=0&nvt=1&etu=AA-V4qMZOgiCtPIjdJOUQQONkWOdFRMkM73TdY2nvRGSf9W2ezaO7Bg4EqKy2j-ADKkAyTQA3SqMuH8tJPPfGQ&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C970%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=1&uci=1.lv4nnqyox4yq&fsb=1&dtd=213
Frame ID: 060B5AAEB3E6A8C0261ACC9E2F28F744
Requests: 15 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 1A61108FB9D67B9372320B81F4D08D50
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 6C6B25FEB68F97909822379CA76A41B2
Requests: 2 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: BA4998EC11D225F078BA5590699A22D2
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 642CD442AF09A439D067DF4DA94FE8FD
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: A5B02EA959173E86B237B93D4BD9702E
Requests: 9 HTTP requests in this frame

Frame: https://as.ad4m.at/ad/dr?ed=1jg9ngq5s4mafyba71gg1pc3tz9mtgfd4veyhww57zen98gefd4pw6ss5bq7dspam48mx6xwajdddyeay3sm0zznsj8fynvamgc0rfb0fvgqmrm5rs984nefqcxyqp48fcyas09td25reerjh4hhvh8df2dh0wnnh61vrppem2jxs15a3p0yrqkjew6nyxb2hkkm7m0q3tezhk204qqymhwjhwx6cb3mk3mkhpe77kvhsxv3dv1bdsdjn2b30mq394z7hsgdzyhe69vpaw6cyxb6b9p7x9bs3drwhzb9x0085re7523zfrcyx2p9h5m0fdn3ay6753yt8ej4g7q0bq4xep2tzkxh05ww3kscbwmkx4z37z7hje2zpm8prf0x71ht1jspp6rwkwaqa7xfzqzjjypmw875dk7h8fh1hj54z0rphbzz2&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC591tG6hYZbjXA72v5LcPn_SFuASQ4YGEXLaoworwAsCNtwEQASAAYJXikIKgB4IBF2NhLXB1Yi01Njc3MzQ5MTMzNTA4NzM5yAEJqQImacesD1CyPqgDAcgDAqoEygFP0CCdjpfdt3weGszg1eopW6c3nU-DnQW_ulEb9k2Yt6U5uLb9zj96L0gNnI0EOOAqY2pZTzt2YnmT8DcogHlIMlQpVwPu5V_c_nLfpHYQhpiA9Cu46407SA7Q6qvz4vcEX_k_hcp6q8A31yRAoyvOQ1nqBrQLosDfD7Fy3zAoNmlRP66GgB9aAQDRWgQxfBDIuJ_VzYrGWYtrlk6Cg64eAC89eu1DSP8kaIv8dnhlVtLE2Qm3APnG2ilCsCRSNIfYuY5Otp_SxPcIgAa4nvrVpfLFg9YBoAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIFAiA4YAQEAEyAqoCOgKAQEi9_cE6-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_1aIb8ng9LutqtYaI3RgO0EYBu3ng%26client%3Dca-pub-5677349133508739%26adurl%3D
Frame ID: 9F8D638F756FB0F8BE292F36625B3B8C
Requests: 5 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 151F03FB1B4C19D510FF1674AC4A5699
Requests: 9 HTTP requests in this frame

Frame: https://ad4m.at/frame.html
Frame ID: BDC8C3C24DA9FDFC642ACB10ACB84005
Requests: 1 HTTP requests in this frame

Frame: https://as.ad4m.at/ad/rar?a=23576%2C19769%2C117569&b=YX1Hrf15spBpHVH9HetQtRR8cAT1T6mHr%2C2xqt6fRQfDrbSVHWHkt8txZPcWT7TEYcg%2CApEhYf9mueRQdhAHRH4tkt3D6c7T4T1Ec9&f=qDRUmfD7H757CZHgHDtRCXXxaPTgTVZF3%2C4BxHEf1Ks2P6fGH9HdtzCmwPFZTpTjRHK%2CMYrCzfjQsGkwrSWHEHGtQCDkPF9T4T2gu3&c=120&d=600&e=&g=5c6246739380ff4ca0b05413f9f052e8%2F11311168656511010473&i=20774%2C21630%2C29981&j=14%2C16%2C16&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach13_BlackFridayPush&r=1700309019696&h=https%3A%2F%2Fas.ad4m.at%2Fdct%3Fed%3D1hcj519efmfzfj26axg5heycq21yq5h8v7d6z5j99ahjgn1jcy91j22h4kphsea8k499j7jenwva59kqm5m969v75jcqfczedjcjqra7zm68yjvt71yfcznr2dhxcsbfsbrbnvfgy3fw956afsvd5j5n3kdenanzdwfbdhnebhgtp1x72dykt15rh2ssm3zcm7vw1m8qv8e2qbpsxnf0tczb4a8m2w8qy11j7hj61bh4nhmfprkqrg41g4re1xq9p9ydtj1vff4n4nx3n8h0%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DC591tG6hYZbjXA72v5LcPn_SFuASQ4YGEXLaoworwAsCNtwEQASAAYJXikIKgB4IBF2NhLXB1Yi01Njc3MzQ5MTMzNTA4NzM5yAEJqQImacesD1CyPqgDAcgDAqoEygFP0CCdjpfdt3weGszg1eopW6c3nU-DnQW_ulEb9k2Yt6U5uLb9zj96L0gNnI0EOOAqY2pZTzt2YnmT8DcogHlIMlQpVwPu5V_c_nLfpHYQhpiA9Cu46407SA7Q6qvz4vcEX_k_hcp6q8A31yRAoyvOQ1nqBrQLosDfD7Fy3zAoNmlRP66GgB9aAQDRWgQxfBDIuJ_VzYrGWYtrlk6Cg64eAC89eu1DSP8kaIv8dnhlVtLE2Qm3APnG2ilCsCRSNIfYuY5Otp_SxPcIgAa4nvrVpfLFg9YBoAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIFAiA4YAQEAEyAqoCOgKAQEi9_cE6-gsCCAGADAHQFQGAFwE%2526num%253D1%2526sig%253DAOD64_1aIb8ng9LutqtYaI3RgO0EYBu3ng%2526client%253Dca-pub-5677349133508739%2526adurl%253D&y=1&s=&z=0
Frame ID: BFE4A286FAEF7005043A71F7268F27CA
Requests: 11 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: FCED37DC6A0258738C93707734267A37
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: DAAFCDE2ABE6356A7CAE1A70DFCFBB47
Requests: 9 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/6h7OZzYWuChAMW0yNvwaAqN_brH89lOBLHEXo8EbMVo.js
Frame ID: ACE50E4BC53EDD921B231501CFDC4335
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Hero Damage

Page URL History Show full URLs

http://bfa.herodamage.com/ HTTP 301
https://bfa.herodamage.com/ Page URL

Detected technologies

React (JavaScript Frameworks) Expand

Overall confidence: 100%
Detected patterns

<[^>]+data-react

DoubleClick Ad Exchange (AdX) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

tpc\.googlesyndication\.com/safeframe

DoubleClick for Publishers (DFP) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googletagservices\.com/tag/js/gpt(?:_mobile)?\.js

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtag/js

Osano (Cookie compliance) Expand

Overall confidence: 100%
Detected patterns

cookieconsent\.min\.js

Page Statistics

201
Requests

93 %
HTTPS

55 %
IPv6

34
Domains

49
Subdomains

35
IPs

9
Countries

2231 kB
Transfer

6884 kB
Size

32
Cookies

6 Outgoing links

These are links going to different origins than the main page.

URL: https://cookiesandyou.com/
Title: Learn more

Search URL Search Domain Scan URL

URL: https://github.com/herotc/bfa.herodamage.com
Title: GitHub

Search URL Search Domain Scan URL

URL: https://shadowlands.herodamage.com/
Title: Shadowlands

Search URL Search Domain Scan URL

URL: https://shadowlands-prepatch.herodamage.com/
Title: Shadowlands PrePatch

Search URL Search Domain Scan URL

URL: https://bfa-prepatch.herodamage.com/
Title: BfA PrePatch

Search URL Search Domain Scan URL

URL: https://legion.herodamage.com/
Title: Legion

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://bfa.herodamage.com/ HTTP 301
https://bfa.herodamage.com/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 140

https://a.tribalfusion.com/i.match?p=b6&u=CAESEEp_vBFZAR-cxak9cUhesmk&google_cver=1&google_push=AXcoOmS17_yHdBHea6mvmWfs02FfAfjuK2tZped5nv-4jb4tTXjCtLB_itUReldOh4lS9W8bMedVL6iqe5Ooofi8zShwXpWSEqRgcr_n&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAXcoOmS17_yHdBHea6mvmWfs02FfAfjuK2tZped5nv-4jb4tTXjCtLB_itUReldOh4lS9W8bMedVL6iqe5Ooofi8zShwXpWSEqRgcr_n%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24 HTTP 302
https://s.tribalfusion.com/z/i.match?p=b6&u=CAESEEp_vBFZAR-cxak9cUhesmk&google_cver=1&google_push=AXcoOmS17_yHdBHea6mvmWfs02FfAfjuK2tZped5nv-4jb4tTXjCtLB_itUReldOh4lS9W8bMedVL6iqe5Ooofi8zShwXpWSEqRgcr_n&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAXcoOmS17_yHdBHea6mvmWfs02FfAfjuK2tZped5nv-4jb4tTXjCtLB_itUReldOh4lS9W8bMedVL6iqe5Ooofi8zShwXpWSEqRgcr_n%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24

Request Chain 142

https://gcm.ctnsnet.com/int/cm?exc=1&acc=crimtan&google_gid=CAESEJ-1I2_K5Ei_a_Lxj7VivmU&google_cver=1&google_push=AXcoOmRFDj4op_R0kK-qccialMLBEJN6INNgxV3Jgs3MS8Qqmt0rIzi7ltRta6PxCKw3IEQ-fLHMwfTpiD6m7Be5hTxzUU8zn0xNLCCS HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=AXcoOmRFDj4op_R0kK-qccialMLBEJN6INNgxV3Jgs3MS8Qqmt0rIzi7ltRta6PxCKw3IEQ-fLHMwfTpiD6m7Be5hTxzUU8zn0xNLCCS&google_hm=Re4ocx1ARXiHjbzMYUr6KEw

Request Chain 143

https://d5p.de17a.com/cookies/google?google_gid=CAESEF4to48bcd1jI4itm7KgMFY&google_cver=1&google_push=AXcoOmQIx8K71y25ES_lgKzh9Gc8KQXzPkHvn2KwdFyVxmWM00TJltaeeK32yeO2KG5TZKjALBp6IwILMSH8A5Yk1pSEDkEVae-CkBc HTTP 302
https://d5p.de17a.com/cookies/google;c?google_gid=CAESEF4to48bcd1jI4itm7KgMFY&google_cver=1&google_push=AXcoOmQIx8K71y25ES_lgKzh9Gc8KQXzPkHvn2KwdFyVxmWM00TJltaeeK32yeO2KG5TZKjALBp6IwILMSH8A5Yk1pSEDkEVae-CkBc HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=delta_projects_ab&google_ula=668382&google_push=AXcoOmQIx8K71y25ES_lgKzh9Gc8KQXzPkHvn2KwdFyVxmWM00TJltaeeK32yeO2KG5TZKjALBp6IwILMSH8A5Yk1pSEDkEVae-CkBc

Request Chain 144

https://c1.adform.net/serving/cookie/match/?party=1&google_gid=CAESEKzCMexejSAJXhbXO4Q9gjE&google_cver=1&google_push=AXcoOmSUxgDfOMNQ5SwQvWMNPcWmaJPCRnlYn8ft7tpoYKGWFaq3j5gqbfguj6Ge_wCsq7DegwKdKxvJXNy90l4MeNDjTevh5krgljhp HTTP 302
https://c1.adform.net/serving/cookie/match/?CC=1&party=1&google_gid=CAESEKzCMexejSAJXhbXO4Q9gjE&google_cver=1&google_push=AXcoOmSUxgDfOMNQ5SwQvWMNPcWmaJPCRnlYn8ft7tpoYKGWFaq3j5gqbfguj6Ge_wCsq7DegwKdKxvJXNy90l4MeNDjTevh5krgljhp HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=MjI1NDIyMDI4NTk5NDg1NjA3NA&google_push=AXcoOmSUxgDfOMNQ5SwQvWMNPcWmaJPCRnlYn8ft7tpoYKGWFaq3j5gqbfguj6Ge_wCsq7DegwKdKxvJXNy90l4MeNDjTevh5krgljhp

Request Chain 145

https://onetag-sys.com/match/?int_id=19&redir=1&google_gid=CAESEMZcSxjCBr8FebqP-kcQbG8&google_cver=1&google_push=AXcoOmQqbksGJv_jTmruDe-UmhV77foT2jJ1BQBcgPLw6a-9OjeH9LUDfbzO1Yadh2iYDwXjtCUNdHH1DYBNXahmz522UG-uOYlo3YvO HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=AXcoOmQqbksGJv_jTmruDe-UmhV77foT2jJ1BQBcgPLw6a-9OjeH9LUDfbzO1Yadh2iYDwXjtCUNdHH1DYBNXahmz522UG-uOYlo3YvO

Request Chain 161

https://a.tribalfusion.com/i.match?p=b6&u=CAESEEp_vBFZAR-cxak9cUhesmk&google_cver=1&google_push=AXcoOmSEo_dAXEbhzgaXk4CkYxvXVt1IOFxmFFRsmDmUWLsRrZKarVvFg0xjYULD04Td9ePozAjSCZAaYC3g4PpkL-Gwascv9IAjM1t6eMEaKNmn57kCF-073m3J2toLzeZcCrKNSUGCFo7BF422lLgoUQteOw&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAXcoOmSEo_dAXEbhzgaXk4CkYxvXVt1IOFxmFFRsmDmUWLsRrZKarVvFg0xjYULD04Td9ePozAjSCZAaYC3g4PpkL-Gwascv9IAjM1t6eMEaKNmn57kCF-073m3J2toLzeZcCrKNSUGCFo7BF422lLgoUQteOw%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24 HTTP 302
https://s.tribalfusion.com/z/i.match?p=b6&u=CAESEEp_vBFZAR-cxak9cUhesmk&google_cver=1&google_push=AXcoOmSEo_dAXEbhzgaXk4CkYxvXVt1IOFxmFFRsmDmUWLsRrZKarVvFg0xjYULD04Td9ePozAjSCZAaYC3g4PpkL-Gwascv9IAjM1t6eMEaKNmn57kCF-073m3J2toLzeZcCrKNSUGCFo7BF422lLgoUQteOw&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAXcoOmSEo_dAXEbhzgaXk4CkYxvXVt1IOFxmFFRsmDmUWLsRrZKarVvFg0xjYULD04Td9ePozAjSCZAaYC3g4PpkL-Gwascv9IAjM1t6eMEaKNmn57kCF-073m3J2toLzeZcCrKNSUGCFo7BF422lLgoUQteOw%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24

Request Chain 162

https://sync-tm.everesttech.net/upi/pid/5w3jqr4k?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dg8f47s39e399f3fe%26google_hm%3D%24%7BTM_USER_ID_BASE64ENC_URLENC%7D&google_gid=CAESEOyJB9_xL25M9JDdhEYXLjY&google_cver=1&google_push=AXcoOmRUoQLTcYQ6jQSnCWY6Ik0aIc8_-ZQ9GINspZGU_s9D4pAtoKrEt11Sb8DQlFj28xx7oWkvY3lheWIQXjg-CbzwMCYuWQ2nbTIzAY6000wE8qtY6JEk4c-bVQys77_Zzxs1gDAB9Vw6j3bSNBvWMokF9A HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=&google_cver=1&google_gid=CAESEOyJB9_xL25M9JDdhEYXLjY&google_push=AXcoOmRUoQLTcYQ6jQSnCWY6Ik0aIc8_-ZQ9GINspZGU_s9D4pAtoKrEt11Sb8DQlFj28xx7oWkvY3lheWIQXjg-CbzwMCYuWQ2nbTIzAY6000wE8qtY6JEk4c-bVQys77_Zzxs1gDAB9Vw6j3bSNBvWMokF9A

Request Chain 163

https://um.simpli.fi/gp_match?google_gid=CAESEGu0u00YDIr6DU284luTSio&google_cver=1&google_push=AXcoOmTaZ8rVcPYPe85TMVzZpGklwnjCnD1fwOlz8_w4NR-BoX1WSzRRNtzSRPF7h8jfG_aPuMzlJF1wM54W5bQpcF_L9yLWh_pZcXK7VtV6ra9DvvD19Vm4IFA3QzdNZS_g_Auqf8vLk1KHypdzR_glQh8TQMM HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=72B59F185B47462B869C3A6764FC07E2&google_push=AXcoOmTaZ8rVcPYPe85TMVzZpGklwnjCnD1fwOlz8_w4NR-BoX1WSzRRNtzSRPF7h8jfG_aPuMzlJF1wM54W5bQpcF_L9yLWh_pZcXK7VtV6ra9DvvD19Vm4IFA3QzdNZS_g_Auqf8vLk1KHypdzR_glQh8TQMM

Request Chain 165

https://onetag-sys.com/match/?int_id=19&redir=1&google_gid=CAESEMZcSxjCBr8FebqP-kcQbG8&google_cver=1&google_push=AXcoOmSKMmOK31gLbXjTeCSTXMRJ5Xcvz6sE7ZigPCBggeskAU38VrGNz8W2XNiT97Um1QCQy5mXZOWZPRCYZ7glaj-IRyRo5nZQxl7U4Y6PPF7_dM3zKK95XgCuIx2IJyz5DLEe-od5E8GgByMsdq3kwe5JZA HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=AXcoOmSKMmOK31gLbXjTeCSTXMRJ5Xcvz6sE7ZigPCBggeskAU38VrGNz8W2XNiT97Um1QCQy5mXZOWZPRCYZ7glaj-IRyRo5nZQxl7U4Y6PPF7_dM3zKK95XgCuIx2IJyz5DLEe-od5E8GgByMsdq3kwe5JZA

Request Chain 166

https://ius.ctnsnet.com/int/cm?exc=1&acc=crimtan_holdings_limited&google_gid=CAESEGIqeaXfD2FBdPZNotNE_Is&google_cver=1&google_push=AXcoOmRzBkD85dLNZxljkmTfhHkdXPLJlscrxc_X_k26DQsqyCXZ-7u3QVV9BBEvrCNJC9Uf2xIJ3JXkwTqXuLjzpmXa3tDNtWwhjwN-cKRoJfV4bU-_fTdulvKagSpOdQ7tUupYs5ig9B7K1i9o_ZxTjVodCdZa HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=crimtan_holdings_limited&google_push=AXcoOmRzBkD85dLNZxljkmTfhHkdXPLJlscrxc_X_k26DQsqyCXZ-7u3QVV9BBEvrCNJC9Uf2xIJ3JXkwTqXuLjzpmXa3tDNtWwhjwN-cKRoJfV4bU-_fTdulvKagSpOdQ7tUupYs5ig9B7K1i9o_ZxTjVodCdZa&google_hm=Re4ocx1ARXiHjbzMYUr6KEw

Request Chain 167

https://sync.teads.tv/um?ssb_provider_id=3&uid=&google_nid=teadstv_ab&fb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dteadstv_ab%26google_hm%3D%5BVID_B64%5D&google_gid=CAESED-WTaJ8LXx7Tyh59ruVFSQ&google_cver=1&google_push=AXcoOmQ0XvvU-NJLp7shY0ChfI0GGBivVcE38uUNTqU1CoYniVkP5RipXgagHQIXSgR2WG-OwyFsWTjC253ym1VhOlK40xJ2Ek5hiJuTbabkgtgh_HxjOzAI_NemCUU5iFmeNd_8ChpBsmoIzeJ0EO5QXXvyfDnE HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=teadstv_ab&google_hm=&google_push=AXcoOmQ0XvvU-NJLp7shY0ChfI0GGBivVcE38uUNTqU1CoYniVkP5RipXgagHQIXSgR2WG-OwyFsWTjC253ym1VhOlK40xJ2Ek5hiJuTbabkgtgh_HxjOzAI_NemCUU5iFmeNd_8ChpBsmoIzeJ0EO5QXXvyfDnE HTTP 302
https://sync.teads.tv/um/report?eid=3&google_nid=teadstv_ab

Request Chain 191

https://ad.doubleclick.net/ddm/trackimp/N773418.3417549O2_AFFILIATE/B25220131.345081615;dc_trk_aid=536683351;dc_trk_cid=176936761;ord=%7B%7Btimestamp%7D%7D;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=0;gdpr_consent=;ltd=?https%3A%2F%2Fwww.telefonica-partner.de%2Ftpv.php%3Ft%3D120211V1226132702M%26subid%3DviewoneidYX1Hrf15spBpHVH9HetQtRR8cAT1T6mHroneid__suite_Netmix_Reach13_BlackFridayPush%26gdpr_consent=%26gdpr=0%26gdpr_pd=0 HTTP 302
https://ad.doubleclick.net/ddm/trackimp/N773418.3417549O2_AFFILIATE/B25220131.345081615;dc_pre=CMqxitnAzYIDFT_wEQgdvj0Cpw;dc_trk_aid=536683351;dc_trk_cid=176936761;ord=%7B%7Btimestamp%7D%7D;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=0;gdpr_consent=;ltd=?https%3A%2F%2Fwww.telefonica-partner.de%2Ftpv.php%3Ft%3D120211V1226132702M%26subid%3DviewoneidYX1Hrf15spBpHVH9HetQtRR8cAT1T6mHroneid__suite_Netmix_Reach13_BlackFridayPush%26gdpr_consent=%26gdpr=0%26gdpr_pd=0 HTTP 302
https://www.telefonica-partner.de/tpv.php?t=120211V1226132702M&subid=viewoneidYX1Hrf15spBpHVH9HetQtRR8cAT1T6mHroneid__suite_Netmix_Reach13_BlackFridayPush&gdpr_consent=&gdpr=0&gdpr_pd=0 HTTP 302
https://www.lead-alliance.net/tpv.php?t=120211V1226132702M&subid=viewoneidYX1Hrf15spBpHVH9HetQtRR8cAT1T6mHroneid__suite_Netmix_Reach13_BlackFridayPush&gdpr_consent=&gdpr=0&gdpr_pd=0 HTTP 302
https://partner.o2online.de/a/?i=pview&client=o2&camp=pview&l=de&nw=lea1&affiliate=120211&s_id=2023111813033990628437083X120211V1226132702MSviewoneidYX1Hrf15spBpHVH9HetQtRR8cAT1T6mHroneid__suite_Netmix_Reach13_BlackFridayPush&gdpr_consent=&gdpr=0&cons=0&spid=2023111813033990628437083X120211V1226132702MSviewoneidYX1Hrf15spBpHVH9HetQtRR8cAT1T6mHroneid__suite_Netmix_Reach13_BlackFridayPush&wfid=120211&partnerid=12218

Request Chain 202

https://ads.travelaudience.com/google_pixel?google_gid=CAESED7pRi0bQobp6C3Y7FNUkmc&google_cver=1&google_push=AXcoOmQVEljLFnGFfkOPKeoXaIDEW4MJUmmvVcsMm6_SLr2yboXOMkxFOUnxtIESaMAQVvAtn_vtTSTNCOVrBR9NoBdDezWKUjjwFM5AHUBdHczi0MTOg1RvNemc49DJsuiUcUYZ544SGPnm1a5XFzwVq54FwcI HTTP 307
https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=P7WF2lMWQj8xSpwt0Lr9bA&google_push=AXcoOmQVEljLFnGFfkOPKeoXaIDEW4MJUmmvVcsMm6_SLr2yboXOMkxFOUnxtIESaMAQVvAtn_vtTSTNCOVrBR9NoBdDezWKUjjwFM5AHUBdHczi0MTOg1RvNemc49DJsuiUcUYZ544SGPnm1a5XFzwVq54FwcI

Request Chain 204

https://ius.ctnsnet.com/int/cm?exc=1&acc=crimtan_holdings_limited&google_gid=CAESEGIqeaXfD2FBdPZNotNE_Is&google_cver=1&google_push=AXcoOmRnrwjDJrbHEfPWSTZB1Ph5Sui4g252Npz6PNVLAEML62Z5qqke_ij2L9AW80ft7cs6Uy6g3nf5HKQCUc7l5Qw8CzAhD4-nVe2Gns_-vWYD5d1cY6QJc_dqEiOD5zb4689qv0Oy4_7DsoF6_mMdz9COCopc HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=crimtan_holdings_limited&google_push=AXcoOmRnrwjDJrbHEfPWSTZB1Ph5Sui4g252Npz6PNVLAEML62Z5qqke_ij2L9AW80ft7cs6Uy6g3nf5HKQCUc7l5Qw8CzAhD4-nVe2Gns_-vWYD5d1cY6QJc_dqEiOD5zb4689qv0Oy4_7DsoF6_mMdz9COCopc&google_hm=Re4ocx1ARXiHjbzMYUr6KEw

Request Chain 206

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Request Chain 210

https://googleads.g.doubleclick.net/pagead/adview?ai=CQHP0G6hYZaaxDtjsuvQPkLa9kAy87JCmdNPwy9vfEc-N56rmBBABIKmnl1hgleKQgqAHoAHy34aLA8gBAagDAcgDywSqBMgBT9CnZcwtSGreY_19jXzbInE673yNWqa6760SEDEnWYEjMKErEJC3yvhjksKoKUciXGJXQ0iwKDjNZG1HNJYyVkdSN9U90vG056gFxVUyr6m0SajMT-gKbsixAjTLtjNXvrtb3-7hiWcqu2zTFz_3yuLWOMb4wLz6dn_s2iF7L3omkAdVHWBmSS9mTqtHpV-nqqn1q1A6nviskUbnuvAURd7JmydQr4IwnInHysEMzZt12oKFGOWSR8i-j-c_MD2uIWqzGWkGtgvABOPb7o22BIgFmfbBgUyAB9SpnIYBqAfZtrECqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgH1ckbqAemvhvYBwHyBwQQkN4D0ggWCIDhgBAQARgfMgKqAjoCgEBIvf3BOpoJMGh0dHBzOi8veW91dHUuYmUvYXFxTndSdlhZNE0_c2k9b09VYXA0QmJXSXppbS1mVYAKAcgLAaIMGCoWChTktLEC7rWxArW4sQLktLEC7rWxAtgTA4gUBtAVAYAXAbIXHAoaCAASFHB1Yi01Njc3MzQ5MTMzNTA4NzM5GAA&sigh=aNC-wdBVm_4&uach_m=[UACH]&ase=2&nis=4&cid=CAQSOwDICaaNjKxSCcJmlqtMBiSazLgJqVMWCA7Ma8B3WCGTTITiCdUlZZqzHMwHpkDQXOiMHIj71tha1utaGAE&cbvp=2&vis=1 HTTP 302
https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%221066527311818025305%22,%22debug_reporting%22:true,%22destination%22:%22https://youtu.be%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%22828485618%22],%224%22:[%2211-18%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%222971596728703442993%22}&andc=true

201 HTTP transactions
20 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
bfa.herodamage.com/
Redirect Chain

http://bfa.herodamage.com/
https://bfa.herodamage.com/

153 KB
31 KB

157ms
136ms

Document
text/html

2606:4700:20::681a:e4e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://bfa.herodamage.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:e4e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 818c36ce9833503e0323ef64a4606d0a6c53f57524cbf07dbf6020387c4cba8a

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-origin: *
cache-control: max-age=3600
cf-cache-status: REVALIDATED
cf-ray: 8280123f183165d9-FRA
content-encoding: br
content-type: text/html; charset=utf-8
date: Sat, 18 Nov 2023 12:03:37 GMT
expires: Sat, 18 Nov 2023 12:13:37 GMT
last-modified: Tue, 13 Oct 2020 07:18:34 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ojnIvYNlMHVKfk4xC3%2BGgdykODylqqoU9cyAAGXusyqhbHKjlDuHZl9nlVwfVjexYkGhrwqNAdH9OAejHj3VGArhCOgLlkgEs7%2BNprz7%2FD4e5ejY%2FO9Zy734eGdUS%2FJYprpYfl%2F4fAsMjm3lOgoFSQ%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
via: 1.1 varnish
x-cache: MISS
x-cache-hits: 0
x-fastly-request-id: bea39e3d4aa76c350b8baafe2179506591143542
x-github-request-id: 9948:EEA8:6D07D1B:6EA8BC5:65576381
x-origin-cache: HIT
x-proxy-cache: MISS
x-served-by: cache-fra-eddf8230135-FRA
x-timer: S1700225922.018842,VS0,VE103

Redirect headers

CF-RAY: 8280123eda5c71be-FRA
Cache-Control: max-age=3600
Connection: keep-alive
Date: Sat, 18 Nov 2023 12:03:37 GMT
Expires: Sat, 18 Nov 2023 13:03:37 GMT
Location: https://bfa.herodamage.com/
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DDyMlg3XMQMfH3sFyA65wXMlLSHUPo%2FTpAVOtjBDEsQfLQcJMllpnsH%2BOdtVK14u7h9hDlQADzI6oYRSKhioPu4z5CExUq1P7ykWsRFzGIT22qO1dmpByjfiu3wd7nQKC%2B8U2pngRLyPWm2zDDNteg%3D%3D"}],"group":"cf-nel","max_age":604800}
Server: cloudflare
Transfer-Encoding: chunked
Vary: Accept-Encoding

GET
H2 200 css
fonts.googleapis.com/ 6 KB
1 KB 42ms
20ms Stylesheet
text/css 2a00:1450:4001:827::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto:300,400,500

Requested by

Host: bfa.herodamage.com
URL: https://bfa.herodamage.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

7abab7a5fed6d1eb8dcfed4e7f6bfcbc1a1a1dfbf95d281b008f04245b26c769

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://bfa.herodamage.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Sat, 18 Nov 2023 12:03:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Sat, 18 Nov 2023 11:56:41 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sat, 18 Nov 2023 12:03:37 GMT

GET
H2 200 component---src-pages-index-js-01c8225ce75577d0e3da.js Show response
bfa.herodamage.com/ 6 KB
2 KB 132ms
130ms Script
application/javascript 2606:4700:20::681a:e4e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://bfa.herodamage.com/component---src-pages-index-js-01c8225ce75577d0e3da.js
Requested by: Host: bfa.herodamage.com
URL: https://bfa.herodamage.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:e4e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1539a4e70ec940e7fd6240291869a8515b863e8c8ac3c20a28e10edd0e4a9d49

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://bfa.herodamage.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

x-fastly-request-id: bd019781afe80b17dbc4831cf8b32540329728d7
date: Sat, 18 Nov 2023 12:03:37 GMT
via: 1.1 varnish
content-encoding: br
expires: Sat, 18 Nov 2023 12:12:47 GMT
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-proxy-cache: MISS
x-cache: HIT
x-served-by: cache-fra-eddf8230026-FRA
last-modified: Tue, 13 Oct 2020 07:18:33 GMT
server: cloudflare
x-github-request-id: 4A76:748A:595126E:5ABDB15:6558A7E6
x-timer: S1700309018.615537,VS0,VE97
etag: W/"5f8554c9-1640"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=b5thB85L4lZJpppdZWpwWoU96uvaFi8L1Ya7hBZxvDAY4vOjzNioV9RxEXzOL8tN3nN8IIPGR%2B0FKACWL%2B7D4lpv4kRkGY%2BJ26mVO84Yy0EnixI6%2FGenoVC254WwuYrUko8%2FzzEzXD8%2BuNeBfM9jCw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=3600
x-origin-cache: HIT
cf-ray: 8280123ff96b65d9-FRA
x-cache-hits: 1

GET
H2 200 app-707be8dc38d1abc67464.js Show response
bfa.herodamage.com/ 490 KB
138 KB 208ms
207ms Script
application/javascript 2606:4700:20::681a:e4e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://bfa.herodamage.com/app-707be8dc38d1abc67464.js
Requested by: Host: bfa.herodamage.com
URL: https://bfa.herodamage.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:e4e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 85ae913c6d302b0fe6d5d62faeb9421c8140be1854a13d813b2fc3a34d091741

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://bfa.herodamage.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

x-fastly-request-id: 217a378497a2b7294dfc3620b29d047bb787ab4a
date: Sat, 18 Nov 2023 12:03:37 GMT
via: 1.1 varnish
content-encoding: br
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
expires: Sat, 18 Nov 2023 12:12:46 GMT
x-cache: HIT
x-proxy-cache: MISS
x-served-by: cache-fra-eddf8230042-FRA
last-modified: Tue, 13 Oct 2020 07:18:33 GMT
server: cloudflare
x-github-request-id: 3164:1168F:826AA9F:845FD95:6558A7E6
x-timer: S1700309018.687410,VS0,VE3
etag: W/"5f8554c9-7a63a"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XIshGqOVGQRkdtv6CqM%2FBhe8%2BbbEv%2Bb8a1w9fjTIpbfeFJy9sd55MhY9B7ZC3x4EuCkLLz6P6qqYp5ed%2BnVVKAsWhjnChgyUilPIZgN2mrqtjc714ahcJ1BiU6Z5zcLLRphd41%2FN8hJO29CxsDPgTA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=3600
cf-ray: 8280123ff96d65d9-FRA
x-cache-hits: 1

GET
H2 200 commons-f2004c04439924e6e6d9.js Show response
bfa.herodamage.com/ 170 KB
53 KB 47ms
46ms Script
application/javascript 2606:4700:20::681a:e4e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://bfa.herodamage.com/commons-f2004c04439924e6e6d9.js
Requested by: Host: bfa.herodamage.com
URL: https://bfa.herodamage.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:e4e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 97422d7b26df52d564a27e6f32134e20b42ccb8fc2e19f0f9093218d4aaf7c3a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://bfa.herodamage.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

x-fastly-request-id: 3175b137e62198d0192db8378ddb305982acbc0b
date: Sat, 18 Nov 2023 12:03:37 GMT
via: 1.1 varnish
content-encoding: br
expires: Sat, 18 Nov 2023 12:12:46 GMT
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-proxy-cache: MISS
x-cache: HIT
x-served-by: cache-fra-eddf8230083-FRA
last-modified: Tue, 13 Oct 2020 07:18:33 GMT
server: cloudflare
x-github-request-id: 4386:748A:5951185:5ABDA26:6558A7E6
x-timer: S1700309018.624211,VS0,VE2
etag: W/"5f8554c9-2a74d"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Q5THHeZLjumbCqGI5EpPomOvNIhrNMwW2egLIwYcVjOY4ZE7Fa7bAnKutqc9p36x72eDLhT5W1uoPunnuO0OkRgfDy8ih%2BY7nc1BBWWsTe76CsBG534wmoob91DVEXDexEtWm8YWd0BkR2ZRVU3ybg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=3600
x-origin-cache: HIT
cf-ray: 8280123ff97165d9-FRA
x-cache-hits: 1

GET
H2 200 webpack-runtime-8aa278168976c361e82b.js Show response
bfa.herodamage.com/ 3 KB
2 KB 32ms
31ms Script
application/javascript 2606:4700:20::681a:e4e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://bfa.herodamage.com/webpack-runtime-8aa278168976c361e82b.js
Requested by: Host: bfa.herodamage.com
URL: https://bfa.herodamage.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:e4e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d129f5136479f6d49637b240db29c36a1dc31520043613776f7ccfd0b07c5c2d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://bfa.herodamage.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

x-fastly-request-id: 59823106e00acbd0ca715b797fd5ddfaa23dbe5f
date: Sat, 18 Nov 2023 12:03:37 GMT
via: 1.1 varnish
content-encoding: br
expires: Sat, 18 Nov 2023 12:12:46 GMT
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-proxy-cache: MISS
x-cache: HIT
x-served-by: cache-fra-eddf8230059-FRA
last-modified: Tue, 13 Oct 2020 07:18:36 GMT
server: cloudflare
x-github-request-id: 4A72:D51D:52EE66A:54361B2:6558A7E6
x-timer: S1700309018.615956,VS0,VE3
etag: W/"5f8554cc-d77"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kKTbHLrFQHE26TcyKVbdBOjQ3kfVL%2B%2F9Um%2Fvb9tNTTxL9iIQsy6jgII%2BpjX3dUCvMkXJ2Boo3CwfBFG11p%2FrLk7B52DwU0hhTgSHFbweM6i432p%2B%2FCdaOs7JXZ38PkkDCT%2BJ3DjrnbjU5GSHomuvHA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=3600
x-origin-cache: HIT
cf-ray: 8280123ff97465d9-FRA
x-cache-hits: 1

GET
H2 200 page-data.json
bfa.herodamage.com/page-data/index/ 380 B
867 B 140ms
139ms Other
application/json 2606:4700:20::681a:e4e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://bfa.herodamage.com/page-data/index/page-data.json
Requested by: Host: bfa.herodamage.com
URL: https://bfa.herodamage.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:e4e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 620b88ff10935df735bfd61c0cfb6e085d7a7c5da7fabadfc8ff14c2434f6bb1

Request headers

Referer: https://bfa.herodamage.com/
Origin: https://bfa.herodamage.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

x-fastly-request-id: 1e93a8d1ef9550f6f9f5e7f56c39e9d4196e5743
date: Sat, 18 Nov 2023 12:03:37 GMT
via: 1.1 varnish
content-encoding: br
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
expires: Sat, 18 Nov 2023 12:12:46 GMT
x-cache: HIT
x-proxy-cache: MISS
x-served-by: cache-fra-eddf8230082-FRA
last-modified: Tue, 13 Oct 2020 07:18:35 GMT
server: cloudflare
x-github-request-id: C9B4:5F09:82A5C90:849AD89:6558A7E6
x-timer: S1700309018.624703,VS0,VE98
etag: W/"5f8554cb-17c"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=AGtMsJ%2F8%2F6aMH98iQ%2FuJxK%2BGRSqpxegLY6jqY1fizHGPgP4Kw7wY4OdbuhDd9QdvZMBE%2BQpf2wuf6DCorLaRxJH3L75CnfMBynGez5tFd8IbzY1b14sCif34LAQlHnzyib9dZHy1YwsLJnXXzyE%2FGA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/json; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=3600
cf-ray: 8280123ff97565d9-FRA
x-cache-hits: 1

GET
H2 200 gpt.js Show response
www.googletagservices.com/tag/js/ 100 KB
31 KB 88ms
64ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/tag/js/gpt.js

Requested by

Host: bfa.herodamage.com
URL: https://bfa.herodamage.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

704cf5bab5a2e3185bec4628f6cb67ff4dbb3d1461fef03500caf8be7e3f97b1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://bfa.herodamage.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Sat, 18 Nov 2023 12:03:37 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 31379
x-xss-protection: 0
server: cafe
etag: 25 / 19679 / m202311090101 / config-hash: 16204867678510254442
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
expires: Sat, 18 Nov 2023 12:03:37 GMT

GET
H2 200 cookieconsent.min.css
cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.0.4/ 4 KB
2 KB 32ms
15ms Stylesheet
text/css 2606:4700::6811:190e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.0.4/cookieconsent.min.css

Requested by

Host: bfa.herodamage.com
URL: https://bfa.herodamage.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:190e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

456ab1a71507ed91abae14c9d08faffb373a7bc711a66e44341b7b8b7bb72ab4

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://bfa.herodamage.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Sat, 18 Nov 2023 12:03:37 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 802161
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 948
last-modified: Mon, 04 May 2020 16:09:17 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03e2d-f62"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ibF2a8IAjAF2HpT819tJirOAn4LHWCjGF%2BtB50HbU3CoIOL0efAE3ZyO%2FdpZHS8uiZKIRJ71miHUAmvHwgL7NH27nt6%2Bxf7n7GsTOr5tHSdhMYGOeZwtGQSZFjMEbv4KE0UlMIqvGeVh7UAut7NfAYHd"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 8280124018865d9c-FRA
expires: Thu, 07 Nov 2024 12:03:37 GMT

GET
H2 200 cookieconsent.min.js Show response
cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/ 20 KB
6 KB 16ms
12ms Script
application/javascript 2606:4700::6811:190e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js

Requested by

Host: bfa.herodamage.com
URL: https://bfa.herodamage.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:190e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

cb41292903f6bd996333bdfe6fbc58e1dbdb6109074505ee3ea46373bb23be70

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://bfa.herodamage.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Sat, 18 Nov 2023 12:03:37 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 372805
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 5978
last-modified: Mon, 04 May 2020 16:09:17 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03e2d-5148"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fF2VJahBpjEEWa5bdGyN7VKMDD6cGSLcdk%2FMOo9aVR9vDjxfX5FxRhZTs1BFFcroSO5YIA7iI0uAraoiwtXOK7trCZ7z1QBJQkWaflR3xykiEv5ft7rLbcyLYacK0pd1mlWs8eEI1anAFk6rd36LvcAb"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 8280124048be5d9c-FRA
expires: Thu, 07 Nov 2024 12:03:37 GMT

GET
H2 200 power.js Show response
wow.zamimg.com/widgets/ 178 KB
57 KB 36ms
7ms Script
text/javascript 18.66.112.120
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://wow.zamimg.com/widgets/power.js

Requested by

Host: bfa.herodamage.com
URL: https://bfa.herodamage.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.120 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-120.fra56.r.cloudfront.net

Software

Resource Hash

38d740777ac8b3dabb5cf3f9ce653e5aa8d12afbc545c56f98b36b07cd0521ba

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://bfa.herodamage.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Sat, 18 Nov 2023 11:05:53 GMT
content-encoding: gzip
via: 1.1 02d68f3a4f2a3f8967c5e021dcd7f96a.cloudfront.net (CloudFront)
strict-transport-security: max-age=15724800; includeSubDomains
last-modified: Fri, 17 Nov 2023 23:02:00 GMT
x-amz-cf-pop: FRA56-P5
age: 3464
etag: W/"6557f0e8-2c8ff"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/javascript
cache-control: max-age=3600
x-amz-cf-id: SxbTXkxb40D6YFGUE8HDvL7xH6HfhI95FW1yWxpCcG--BqkNDQRAXQ==
expires: Sat, 18 Nov 2023 12:05:53 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 52 KB
21 KB 30ms
6ms Script
text/javascript 2a00:1450:4001:829::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: bfa.herodamage.com
URL: https://bfa.herodamage.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://bfa.herodamage.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Sat, 18 Nov 2023 11:49:38 GMT
last-modified: Mon, 12 Jun 2023 18:23:07 GMT
server: Golfe2
age: 839
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20994
expires: Sat, 18 Nov 2023 13:49:38 GMT

GET
DATA 200
OK truncated
/ 517 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: fde5403c7eea70aa9f82010d8cb58f3012e4a0249431dd06371b6912d8c83379

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 3 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 6dd4a26d545dea4e011150e4f56d261520d253112ff5e6ba7249f085e749a397

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 3 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 5b9cc455f98c02c68f1380e99b6ec823f6a4aa6c62fb6478c334437e1603ee80

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 5 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 905cdb7b18899ebd1d25653b8d9e494f83b17118d0aa2674187b7103d25de1f2

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 2 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 2b1a0190f30ddb1918878bff2f3aec5c0e3d70629fbe368c97ee5f03a2afe6cd

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 4 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e3cf5fce44262770cfdfa2699de435eac0a15df80907cd8fb937fb33071b997f

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 4 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 45e00e923de55aa533a168acb196626cf537bfe8d1e629e44f73f448ad5aeea8

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 3 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 04e740dbc5882a8d358d086a88c960d18ac79c2a0583ad5843c1735e10eff231

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 4 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: dbc208b5a01acfcbbd9fd849df9e467943022aacac49a8ceffaaa914245d1f52

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 3 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: bd30dff0abda0512504cb0b5802fb096c363ef02fe3efc803515854edc95fd6e

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 4 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a4610f7adc11a3c837ffb721cd445355e5a4621af4ea9029a4fbba03e60c953b

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 5 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 858b37a0ff36dd140629d8bccc256e18891617313cab8f2feb68ea5b3f5f4781

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 2 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 02deb9318a3a7a31a1dfa12696aa22f2b415527d997cdbd77d21009274b467ed

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ 16 KB
16 KB 33ms
8ms Font
font/woff2 2a00:1450:4001:811::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:300,400,500

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://bfa.herodamage.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Sat, 18 Nov 2023 08:19:37 GMT
x-content-type-options: nosniff
age: 13440
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15920
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:45 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 17 Nov 2024 08:19:37 GMT

GET
H2 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v30/ 15 KB
16 KB 32ms
8ms Font
font/woff2 2a00:1450:4001:811::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:300,400,500

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://bfa.herodamage.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Mon, 13 Nov 2023 23:30:11 GMT
x-content-type-options: nosniff
age: 390806
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15744
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:48 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 12 Nov 2024 23:30:11 GMT

GET
H2 200 universal.css
wow.zamimg.com/css/ 621 KB
42 KB 8ms
8ms Stylesheet
text/css 18.66.112.120
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://wow.zamimg.com/css/universal.css?19

Requested by

Host: wow.zamimg.com
URL: https://wow.zamimg.com/widgets/power.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.120 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-120.fra56.r.cloudfront.net

Software

Resource Hash

66acb0da63a6bd83ae216a67aff9dd0e5cb8ce062cbb0bd3cb753f571cd9a761

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://bfa.herodamage.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Sat, 18 Nov 2023 11:01:15 GMT
content-encoding: gzip
via: 1.1 02d68f3a4f2a3f8967c5e021dcd7f96a.cloudfront.net (CloudFront)
strict-transport-security: max-age=15724800; includeSubDomains
last-modified: Fri, 17 Nov 2023 23:02:08 GMT
x-amz-cf-pop: FRA56-P5
age: 3742
etag: W/"6557f0f0-9b3b3"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/css
cache-control: max-age=10800
x-amz-cf-id: 7H_W0_WRYSVIqf77lU1CiKF6bkTotXklD9BnU41QQGtaTbW_wIgOeg==
expires: Sat, 18 Nov 2023 14:01:15 GMT

GET
DATA 200
OK truncated
/ 82 B
0 Image
image/webp

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 7e41ca21e421f129d3881e345f990027b66c0ab3c5580e549575f9393d117cbd

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Content-Type: image/webp

GET
H2 200 pubads_impl.js Show response
securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202311090101/ 429 KB
135 KB 68ms
6ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202311090101/pubads_impl.js

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b04dfae5d49297b8b6a514bd8bf1c7bea7ebe622232401a5abed5a92809a2b66

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://bfa.herodamage.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Fri, 17 Nov 2023 17:09:33 GMT
content-encoding: br
x-content-type-options: nosniff
age: 68044
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 137535
x-xss-protection: 0
server: cafe
etag: 18342593356503948095
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
timing-allow-origin: *
expires: Sat, 16 Nov 2024 17:09:33 GMT

GET
H2 200 page-data.json
bfa.herodamage.com/page-data/druid/ 0
1 KB 243ms
240ms Other
application/json 2606:4700:20::681a:e4e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://bfa.herodamage.com/page-data/druid/page-data.json
Requested by: Host: bfa.herodamage.com
URL: https://bfa.herodamage.com/app-707be8dc38d1abc67464.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:e4e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://bfa.herodamage.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

x-fastly-request-id: e7c3332ff363c50d9f9da2874991d5f160258c09
date: Sat, 18 Nov 2023 12:03:38 GMT
via: 1.1 varnish
content-encoding: br
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
expires: Sat, 18 Nov 2023 12:12:46 GMT
x-cache: HIT
x-proxy-cache: MISS
x-served-by: cache-fra-eddf8230026-FRA
last-modified: Tue, 13 Oct 2020 07:18:34 GMT
server: cloudflare
x-github-request-id: 19EA:D51D:52EE707:5436259:6558A7E6
x-timer: S1700309018.983549,VS0,VE98
etag: W/"5f8554ca-16f6"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ivH0RqNux8X4tNZ6NvZQ55TIdSYA1HAhG25VTW0tFviWdaCgefLCtsdQ9k%2BBJAsg8jhpjRd%2B3Ep%2BGFCglN4fSuNebRtRYSZdhHJsqPZk8e785ThfJaVFOEZZBuqws21z5UpzLvrm5%2F%2FLMURd1WH8eA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/json; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=3600
cf-ray: 82801241ebf765d9-FRA
x-cache-hits: 1

GET
H2 200 page-data.json
bfa.herodamage.com/page-data/demon-hunter/ 0
1 KB 135ms
133ms Other
application/json 2606:4700:20::681a:e4e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://bfa.herodamage.com/page-data/demon-hunter/page-data.json
Requested by: Host: bfa.herodamage.com
URL: https://bfa.herodamage.com/app-707be8dc38d1abc67464.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:e4e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://bfa.herodamage.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

x-fastly-request-id: c351933693faff90e112273765c7841e51bf0050
date: Sat, 18 Nov 2023 12:03:38 GMT
via: 1.1 varnish
content-encoding: br
expires: Sat, 18 Nov 2023 12:12:46 GMT
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-proxy-cache: MISS
x-cache: HIT
x-served-by: cache-fra-eddf8230055-FRA
last-modified: Tue, 13 Oct 2020 07:18:34 GMT
server: cloudflare
x-github-request-id: 693E:D547:5AB1CD7:5C14087:6558A7E6
x-timer: S1700309018.934874,VS0,VE90
etag: W/"5f8554ca-10f0"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=unDCU%2FHEDVAQ2wC8VnTbnyQ0O5xgzWZfOTQgBdrQKh7W%2FXT6oxxGesuqEYZMvSwThYZSXfbVvYnyzSyVl%2BkPOsRDztyTl7akqjrD7HWPmqUyk9FOCah%2FOI7eYfbYSaVe2T4FMVUmpG0PTLTwHBHjNw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/json; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=3600
x-origin-cache: HIT
cf-ray: 82801241ebfd65d9-FRA
x-cache-hits: 1

GET
H2 200 page-data.json
bfa.herodamage.com/page-data/monk/ 0
1 KB 208ms
206ms Other
application/json 2606:4700:20::681a:e4e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://bfa.herodamage.com/page-data/monk/page-data.json
Requested by: Host: bfa.herodamage.com
URL: https://bfa.herodamage.com/app-707be8dc38d1abc67464.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:e4e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://bfa.herodamage.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

x-fastly-request-id: f7d8494de935f13c2f8b93ed4d9bfd94bb8b2557
date: Sat, 18 Nov 2023 12:03:38 GMT
via: 1.1 varnish
content-encoding: br
expires: Sat, 18 Nov 2023 12:12:46 GMT
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-proxy-cache: MISS
x-cache: HIT
x-served-by: cache-fra-eddf8230043-FRA
last-modified: Tue, 13 Oct 2020 07:18:35 GMT
server: cloudflare
x-github-request-id: 0B0C:EDB5:568570A:57DD9D7:6558A7E6
x-timer: S1700309018.981055,VS0,VE85
etag: W/"5f8554cb-edf"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dNTTO%2BzafkyWahVRDwd%2FVgHe0Nfgjca4lAKDkyzIkS63LKo7%2Bi2luKyqUfzHSq1SwuDProlsiNias1Cb6MiJPp%2FV9emlkPeYCKsn%2Fa7PXrp%2BcECEsWyLecxOTHgihyyxNe0xTFIZxF3tn3jxTyiSlw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/json; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=3600
x-origin-cache: HIT
cf-ray: 82801241ebff65d9-FRA
x-cache-hits: 1

GET
H2 200 page-data.json
bfa.herodamage.com/page-data/hunter/ 0
1 KB 127ms
126ms Other
application/json 2606:4700:20::681a:e4e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://bfa.herodamage.com/page-data/hunter/page-data.json
Requested by: Host: bfa.herodamage.com
URL: https://bfa.herodamage.com/app-707be8dc38d1abc67464.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:e4e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://bfa.herodamage.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

x-fastly-request-id: b1b1437fd0a7d1b7f913b31493564451f65424e0
date: Sat, 18 Nov 2023 12:03:38 GMT
via: 1.1 varnish
content-encoding: br
expires: Sat, 18 Nov 2023 12:12:46 GMT
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-proxy-cache: MISS
x-cache: HIT
x-served-by: cache-fra-eddf8230115-FRA
last-modified: Tue, 13 Oct 2020 07:18:35 GMT
server: cloudflare
x-github-request-id: 2664:577C:6E5CBC6:701EDB3:6558A7E6
x-timer: S1700309018.920313,VS0,VE97
etag: W/"5f8554cb-1819"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=B14PiHX%2FtRc95LkW7ccnACAiybAUWdsyoEyh0fhh0Zm4J3vJgZD7UGITp8XQJBbEGhrhIFtfAtUQtkOhdWlNrZq%2FymZi%2FPjladQUJbUEp%2BRaXf1VZDlMuP2Kw5VNa%2FJ971tq%2FdyvZOWO3tm2xl3Q%2Bg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/json; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=3600
x-origin-cache: HIT
cf-ray: 82801241ec0165d9-FRA
x-cache-hits: 1

GET
H2 200 page-data.json
bfa.herodamage.com/page-data/warrior/ 0
1 KB 129ms
128ms Other
application/json 2606:4700:20::681a:e4e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://bfa.herodamage.com/page-data/warrior/page-data.json
Requested by: Host: bfa.herodamage.com
URL: https://bfa.herodamage.com/app-707be8dc38d1abc67464.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:e4e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://bfa.herodamage.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

x-fastly-request-id: c8cdaf5955bf1a824349d1213f98bcdf737cc1eb
date: Sat, 18 Nov 2023 12:03:38 GMT
via: 1.1 varnish
content-encoding: br
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
expires: Sat, 18 Nov 2023 12:12:46 GMT
x-cache: HIT
x-proxy-cache: MISS
x-served-by: cache-fra-eddf8230099-FRA
last-modified: Tue, 13 Oct 2020 07:18:35 GMT
server: cloudflare
x-github-request-id: 5310:EDB5:568570A:57DD9D9:6558A7E6
x-timer: S1700309018.923488,VS0,VE95
etag: W/"5f8554cb-1744"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=88hnoEpF7hOn%2B8OytPvb0N0B7wjcWcUEanKtV1D9u7m0%2BGBVVMKdRukyZ6uYweeoQSzj0BUZ3TCCko5KDzNmCoedpW3oBgnHAFIk4kcbc7R6Gfj1sh8RGJfRIpZKYEK%2FUmH25t6gvZvhkj%2Fp3oY0dA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/json; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=3600
cf-ray: 82801241ec0265d9-FRA
x-cache-hits: 1

GET
H2 200 page-data.json
bfa.herodamage.com/page-data/death-knight/ 0
1 KB 123ms
122ms Other
application/json 2606:4700:20::681a:e4e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://bfa.herodamage.com/page-data/death-knight/page-data.json
Requested by: Host: bfa.herodamage.com
URL: https://bfa.herodamage.com/app-707be8dc38d1abc67464.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:e4e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://bfa.herodamage.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

x-fastly-request-id: 652f41dade35e1be729d199265be392e914c5fc9
date: Sat, 18 Nov 2023 12:03:38 GMT
via: 1.1 varnish
content-encoding: br
expires: Sat, 18 Nov 2023 12:12:46 GMT
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-proxy-cache: MISS
x-cache: HIT
x-served-by: cache-fra-eddf8230047-FRA
last-modified: Tue, 13 Oct 2020 07:18:34 GMT
server: cloudflare
x-github-request-id: 310C:3423:6179F0F:63053B7:6558A7E6
x-timer: S1700309018.922593,VS0,VE91
etag: W/"5f8554ca-183d"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Q4U9fIqGYmgP76g9A2uoU2fsQ3pr7BtSukqo9Mkoom3pX%2Bxb1%2B3LK568dtmSKEc16O9FoT3ZpabGxlp0qukR3PkyP9GXytbxkmX%2FSu3ywIpcfCSPMcI5cubNYUuV%2FP9nZi%2FX%2BydihrA2IBE51WQn4w%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/json; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=3600
x-origin-cache: HIT
cf-ray: 82801241ec0465d9-FRA
x-cache-hits: 1

GET
H2 200 page-data.json
bfa.herodamage.com/page-data/rogue/ 0
1 KB 117ms
116ms Other
application/json 2606:4700:20::681a:e4e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://bfa.herodamage.com/page-data/rogue/page-data.json
Requested by: Host: bfa.herodamage.com
URL: https://bfa.herodamage.com/app-707be8dc38d1abc67464.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:e4e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://bfa.herodamage.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

x-fastly-request-id: e03ea58ba5b952152f8361f9c9e4f929cad49e16
date: Sat, 18 Nov 2023 12:03:38 GMT
via: 1.1 varnish
content-encoding: br
expires: Sat, 18 Nov 2023 12:12:46 GMT
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-proxy-cache: MISS
x-cache: HIT
x-served-by: cache-fra-eddf8230082-FRA
last-modified: Tue, 13 Oct 2020 07:18:35 GMT
server: cloudflare
x-github-request-id: F288:268E:8138457:83343DD:6558A7E6
x-timer: S1700309018.913184,VS0,VE93
etag: W/"5f8554cb-1774"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=h1AZ%2FFA5mKQLGRR3YmdyiVtIcCY%2FiAJk%2FeykpRsQbYTVgLLI2TOkuVUwS%2FlsovSRtXEpI%2BRdmZArqXE9kMZqlStHlk6itrfMR8vry1OZ42GKilxStyhahlrhQ3ynqpyzKWjvwOQs0WHczb7bv2GJxQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/json; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=3600
x-origin-cache: HIT
cf-ray: 82801241ec0565d9-FRA
x-cache-hits: 1

GET
H2 200 page-data.json
bfa.herodamage.com/page-data/shaman/ 0
1 KB 139ms
138ms Other
application/json 2606:4700:20::681a:e4e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://bfa.herodamage.com/page-data/shaman/page-data.json
Requested by: Host: bfa.herodamage.com
URL: https://bfa.herodamage.com/app-707be8dc38d1abc67464.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:e4e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://bfa.herodamage.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

x-fastly-request-id: d91b94c7a3f7aa1788a4c2494a08b61aea80bd39
date: Sat, 18 Nov 2023 12:03:38 GMT
via: 1.1 varnish
content-encoding: br
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
expires: Sat, 18 Nov 2023 12:12:46 GMT
x-cache: HIT
x-proxy-cache: MISS
x-served-by: cache-fra-eddf8230130-FRA
last-modified: Tue, 13 Oct 2020 07:18:35 GMT
server: cloudflare
x-github-request-id: 64CA:B478:88D857A:8ADD607:6558A7E6
x-timer: S1700309018.930147,VS0,VE98
etag: W/"5f8554cb-1072"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Z3RGZStfT%2FO9N2yXNwkSRnPsbOwJOVpV%2Bsc5kVd9UntQQBaP%2FHT4G%2Fkm1QLtxlYRfb42Rm%2FmRq7vmYwvzTi4tRA2wSS29cjP4uxQkMBEKdTM2K3ThW1IpOoZG%2Bo7R%2FeXHE%2BuKlbYyDsOk51%2BuP0U9A%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/json; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=3600
cf-ray: 82801241ec0665d9-FRA
x-cache-hits: 1

GET
H2 200 page-data.json
bfa.herodamage.com/page-data/mage/ 0
1 KB 124ms
123ms Other
application/json 2606:4700:20::681a:e4e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://bfa.herodamage.com/page-data/mage/page-data.json
Requested by: Host: bfa.herodamage.com
URL: https://bfa.herodamage.com/app-707be8dc38d1abc67464.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:e4e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://bfa.herodamage.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

x-fastly-request-id: f47231bebf648f30f5abf86d0732b434daf75b13
date: Sat, 18 Nov 2023 12:03:38 GMT
via: 1.1 varnish
content-encoding: br
expires: Sat, 18 Nov 2023 12:12:46 GMT
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-proxy-cache: MISS
x-cache: HIT
x-served-by: cache-fra-eddf8230136-FRA
last-modified: Tue, 13 Oct 2020 07:18:35 GMT
server: cloudflare
x-github-request-id: 806E:570C:3AEACDC:3BCEEDF:6558A7E6
x-timer: S1700309018.922829,VS0,VE91
etag: W/"5f8554cb-1663"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=waCgKqzbtUg3mrcHrl0ix52Ju0Ir4XbGEggPOfPy982S9LQhhJbCLlDsuZusRUbnXaaZnfIDN4YuXKHNJ%2F1GJxcZCNbhvwWIDADjObNsglpF3CT3wl3A9T9qk9UgnZIXoE4oFoQnXQW4Dai8t9aL%2Fw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/json; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=3600
x-origin-cache: HIT
cf-ray: 82801241ec0765d9-FRA
x-cache-hits: 1

GET
H2 200 page-data.json
bfa.herodamage.com/page-data/priest/ 0
925 B 130ms
129ms Other
application/json 2606:4700:20::681a:e4e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://bfa.herodamage.com/page-data/priest/page-data.json
Requested by: Host: bfa.herodamage.com
URL: https://bfa.herodamage.com/app-707be8dc38d1abc67464.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:e4e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://bfa.herodamage.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

x-fastly-request-id: b447f59af5c53121190a9f099463f3617ccb8f03
date: Sat, 18 Nov 2023 12:03:38 GMT
via: 1.1 varnish
content-encoding: br
expires: Sat, 18 Nov 2023 12:12:46 GMT
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-proxy-cache: MISS
x-cache: HIT
x-served-by: cache-fra-eddf8230124-FRA
last-modified: Tue, 13 Oct 2020 07:18:35 GMT
server: cloudflare
x-github-request-id: E04A:EDB5:568570A:57DD9D6:6558A7E6
x-timer: S1700309018.924291,VS0,VE95
etag: W/"5f8554cb-8b9"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=eB9icd%2F4bCd3M4lJ%2B2meKEBzGUHJCLjRASV73%2B9bwrOrRRQEXQyA9Mc1lG%2FeDc0fcsL4rmJGhQvnJ9rA%2B81T%2B2Cs2iu6rfjxZS5TLRSpPrCHsIuC6UEOcPnZAcafF9yjcOlXjP%2BHlekmldYGOJNlEA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/json; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=3600
x-origin-cache: HIT
cf-ray: 82801241ec0965d9-FRA
x-cache-hits: 1

GET
H2 200 page-data.json
bfa.herodamage.com/page-data/warlock/ 0
1 KB 127ms
126ms Other
application/json 2606:4700:20::681a:e4e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://bfa.herodamage.com/page-data/warlock/page-data.json
Requested by: Host: bfa.herodamage.com
URL: https://bfa.herodamage.com/app-707be8dc38d1abc67464.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:e4e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://bfa.herodamage.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

x-fastly-request-id: 1397e0992cfd843075737d6120ba9d3b4f341e77
date: Sat, 18 Nov 2023 12:03:38 GMT
via: 1.1 varnish
content-encoding: br
expires: Sat, 18 Nov 2023 12:12:46 GMT
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-proxy-cache: MISS
x-cache: HIT
x-served-by: cache-fra-eddf8230132-FRA
last-modified: Tue, 13 Oct 2020 07:18:35 GMT
server: cloudflare
x-github-request-id: 5CF0:EDB5:568571D:57DD9F0:6558A7E6
x-timer: S1700309018.923159,VS0,VE94
etag: W/"5f8554cb-182e"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6DQMKC%2FM1qClsvtMSqyrS4piP9a%2FuHz8rBJHZzKo%2BTzdnhKN9YY%2BmQDHcCQJLXkgbkK%2BLAqE31dwWlvU0Z9SVkPGT5Zo1AUpEUxmP6vtRLvJJ2R7WlNZE6XIDae5QkYQDv8LBfcKXyAgAP4AUnCk6Q%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/json; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=3600
x-origin-cache: HIT
cf-ray: 82801241ec0f65d9-FRA
x-cache-hits: 1

GET
H2 200 page-data.json
bfa.herodamage.com/page-data/paladin/ 0
1 KB 124ms
124ms Other
application/json 2606:4700:20::681a:e4e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://bfa.herodamage.com/page-data/paladin/page-data.json
Requested by: Host: bfa.herodamage.com
URL: https://bfa.herodamage.com/app-707be8dc38d1abc67464.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:e4e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://bfa.herodamage.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

x-fastly-request-id: 08638ba06accd33b2b03583bf94d1745b8cdf16d
date: Sat, 18 Nov 2023 12:03:38 GMT
via: 1.1 varnish
content-encoding: br
expires: Sat, 18 Nov 2023 12:12:46 GMT
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-proxy-cache: MISS
x-cache: HIT
x-served-by: cache-fra-eddf8230065-FRA
last-modified: Tue, 13 Oct 2020 07:18:35 GMT
server: cloudflare
x-github-request-id: 26E6:EDB5:568570F:57DD9DF:6558A7E6
x-timer: S1700309018.923795,VS0,VE92
etag: W/"5f8554cb-10ab"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GpeNYs4NApkK%2BJf0CQDRjYUaFD3KS%2FlbE4beIRzk9%2F3Ub3fYJFpjLRQUKfmSnntTF1fJN5c%2BoWbf0TleUzhK9nxCfNspc09Mz1O51ILDs7s4YYRtQB2PD68fwPNJO4OUpFOek2EsjwlQSrJ3iUwlbA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/json; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=3600
x-origin-cache: HIT
cf-ray: 82801241ec1165d9-FRA
x-cache-hits: 1

GET
H2 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
0 43ms
42ms Fetch
image/gif 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=esp&c=38&pc=3968625074765964&eids=31079666

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202311090101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://bfa.herodamage.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 18 Nov 2023 12:03:37 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 29 KB
13 KB 448ms
447ms Fetch
text/plain 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=3968625074765964&correlator=1102421969982436&eid=31079666%2C44780988%2C31079527&output=ldjh&gdfp_req=1&vrg=202311090101&ptt=17&impl=fif&iu_parts=21735668613%2Cbfa-hd_top&enc_prev_ius=%2F0%2F1&prev_iu_szs=980x120%7C980x90%7C970x90%7C960x90%7C950x90%7C750x100%7C728x90%7C970x66%7C320x100%7C300x100%7C468x60%7C300x75%7C320x50%7C234x60&ifi=1&sfv=1-0-40&eri=1&sc=1&cookie_enabled=1&abxe=1&dt=1700309017945&lmt=1602573514&adxs=168&adys=96&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0&ucis=1&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&u_tz=60&dmc=8&bc=31&nvt=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&url=https%3A%2F%2Fbfa.herodamage.com%2F&vis=1&psz=1280x0&msz=1264x0&fws=0&ohw=0&ga_vid=1217902598.1700309018&ga_sid=1700309018&ga_hid=937187293&ga_fc=true&dlt=1700309017595&idt=311&adks=2442461151&frm=20

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202311090101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5431263fbec0b183a9e81fd3e7cc930fd5df7afacf78646dd68a85619770480d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://bfa.herodamage.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Sat, 18 Nov 2023 12:03:38 GMT
content-encoding: br
x-content-type-options: nosniff
observe-browsing-topics: ?1
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12709
x-xss-protection: 0
google-lineitem-id: 4767694021
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138241451849
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://bfa.herodamage.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 16 KB
12 KB 73ms
58ms XHR
application/json 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=m202311090101&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202311090101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

bcd62a111e3278ea98f4cc21bc277e03ae6457f87a517a7b34acdd5248d6f195

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://bfa.herodamage.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Sat, 18 Nov 2023 12:03:37 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12283
x-xss-protection: 0

GET
H2 200 container.html Show response
52d9ebb87ca617cc5c6c4da4f45f7058.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 98DB 6 KB
3 KB 48ms
14ms Document
text/html 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://52d9ebb87ca617cc5c6c4da4f45f7058.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202311090101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://bfa.herodamage.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Sat, 18 Nov 2023 12:03:37 GMT
expires: Sun, 17 Nov 2024 12:03:37 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 29 KB
12 KB 501ms
501ms Fetch
text/plain 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=3968625074765964&correlator=2763712863843271&eid=31079666%2C44780988%2C31079527&output=ldjh&gdfp_req=1&vrg=202311090101&ptt=17&impl=fif&iu_parts=21735668613%2Cbfa-hd_side&enc_prev_ius=%2F0%2F1&prev_iu_szs=120x600%7C120x240%7C125x125&ifi=2&sfv=1-0-40&eri=1&sc=1&cookie_enabled=1&abxe=1&dt=1700309017962&lmt=1602573514&adxs=1448&adys=546&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0&ucis=2&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&u_tz=60&dmc=8&bc=31&nvt=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&url=https%3A%2F%2Fbfa.herodamage.com%2F&vis=1&psz=144x-1&msz=144x-1&fws=512&ohw=0&ga_vid=1217902598.1700309018&ga_sid=1700309018&ga_hid=937187293&ga_fc=true&dlt=1700309017595&idt=311&adks=786808259&frm=20

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202311090101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9aec201e6e90d9603968696b342007b01ccb92ecfebed473db89535c0f43c4b0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://bfa.herodamage.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Sat, 18 Nov 2023 12:03:38 GMT
content-encoding: br
x-content-type-options: nosniff
observe-browsing-topics: ?1
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12311
x-xss-protection: 0
google-lineitem-id: 4767163392
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138241340400
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://bfa.herodamage.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 29 KB
12 KB 819ms
819ms Fetch
text/plain 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=3968625074765964&correlator=1603460293287806&eid=31079666%2C44780988%2C31079527&output=ldjh&gdfp_req=1&vrg=202311090101&ptt=17&impl=fif&iu_parts=21735668613%2Cbfa-hd_bot&enc_prev_ius=%2F0%2F1&prev_iu_szs=980x120%7C980x90%7C970x90%7C960x90%7C950x90%7C750x100%7C728x90%7C970x66%7C320x100%7C300x100%7C468x60%7C300x75%7C320x50%7C234x60&ifi=3&sfv=1-0-40&eri=1&sc=1&cookie_enabled=1&abxe=1&dt=1700309017969&lmt=1602573514&adxs=168&adys=840&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0&ucis=3&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&u_tz=60&dmc=8&bc=31&nvt=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&url=https%3A%2F%2Fbfa.herodamage.com%2F&vis=1&psz=1280x0&msz=1264x0&fws=0&ohw=0&ga_vid=1217902598.1700309018&ga_sid=1700309018&ga_hid=937187293&ga_fc=true&dlt=1700309017595&idt=311&adks=3937002543&frm=20

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202311090101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e1e5aa81dcf2e6d598f3d92d9bb419bf994674557bb5593233b164de2787f57a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://bfa.herodamage.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Sat, 18 Nov 2023 12:03:38 GMT
content-encoding: br
x-content-type-options: nosniff
observe-browsing-topics: ?1
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12345
x-xss-protection: 0
google-lineitem-id: 4768481465
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138241435803
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://bfa.herodamage.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 collect Show response
www.google-analytics.com/j/ 16 B
224 B 14ms
14ms XHR
text/plain 2a00:1450:4001:829::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j101&aip=1&a=937187293&t=pageview&_s=1&dl=https%3A%2F%2Fbfa.herodamage.com%2F&dp=%2F&ul=en-us&de=UTF-8&dt=Hero%20Damage&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=aEBAAEABAAAAACAAI~&jid=846079379&gjid=60081227&cid=1217902598.1700309018&tid=UA-109496873-1&_gid=300620259.1700309018&_r=1&_slc=1&z=72857974

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

6e861c355c5f49881d244f057d7507ce62adedbc0f576fc3bb13446e9401bfd6

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://bfa.herodamage.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sat, 18 Nov 2023 12:03:37 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://bfa.herodamage.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 16
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 1 B
348 B 66ms
21ms XHR
text/plain 2a00:1450:400c:c06::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j101&tid=UA-109496873-1&cid=1217902598.1700309018&jid=846079379&gjid=60081227&_gid=300620259.1700309018&_u=aEBAAEAAAAAAACAAI~&z=1552543962

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c06::9b Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://bfa.herodamage.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Sat, 18 Nov 2023 12:03:38 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://bfa.herodamage.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 230 KB
82 KB 46ms
26ms Script
application/javascript 2a00:1450:4001:830::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-XWQCTYETBQ&cx=c&_slc=1

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

926adc95260da5515310b0e8b71ef602ed232743ca517a0057a1df8433d80d41

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://bfa.herodamage.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Sat, 18 Nov 2023 12:03:38 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 83291
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Sat, 18 Nov 2023 12:03:38 GMT

GET
H2 200 page-data.json Show response
bfa.herodamage.com/page-data/rogue/ 6 KB
1 KB 19ms
18ms XHR
application/json 2606:4700:20::681a:e4e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://bfa.herodamage.com/page-data/rogue/page-data.json
Requested by: Host: bfa.herodamage.com
URL: https://bfa.herodamage.com/app-707be8dc38d1abc67464.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:e4e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 068ec451d90e4ced3dabadc0273fdfff2dd82a18f15cee48b0ac74b863136754

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://bfa.herodamage.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

x-fastly-request-id: e03ea58ba5b952152f8361f9c9e4f929cad49e16
date: Sat, 18 Nov 2023 12:03:38 GMT
via: 1.1 varnish
content-encoding: br
expires: Sat, 18 Nov 2023 12:12:46 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 0
x-cache: HIT
x-proxy-cache: MISS
x-served-by: cache-fra-eddf8230082-FRA
last-modified: Tue, 13 Oct 2020 07:18:35 GMT
server: cloudflare
x-github-request-id: F288:268E:8138457:83343DD:6558A7E6
x-timer: S1700309018.913184,VS0,VE93
etag: W/"5f8554cb-1774"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TFsGP3vDhoGgHHBgQn46tGUTOK0FhufyI%2FVz0LYQlOiuukoMdA3JGOQAApk8PmiWS94ieLLwMPN2DcmGMbTaZjJY0kRX25bcCUk3Rn%2B%2BhivhMbqB4c2QTqOesrDcZ8DeB5B2rvC4RTP4lo9v1FNQQA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/json; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=3600
x-origin-cache: HIT
cf-ray: 82801242acff65d9-FRA
x-cache-hits: 1

GET
H2 200 page-data.json Show response
bfa.herodamage.com/page-data/rogue/ 6 KB
1000 B 22ms
22ms XHR
application/json 2606:4700:20::681a:e4e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://bfa.herodamage.com/page-data/rogue/page-data.json
Requested by: Host: bfa.herodamage.com
URL: https://bfa.herodamage.com/app-707be8dc38d1abc67464.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:e4e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 068ec451d90e4ced3dabadc0273fdfff2dd82a18f15cee48b0ac74b863136754

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://bfa.herodamage.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

x-fastly-request-id: e03ea58ba5b952152f8361f9c9e4f929cad49e16
date: Sat, 18 Nov 2023 12:03:38 GMT
via: 1.1 varnish
content-encoding: br
expires: Sat, 18 Nov 2023 12:12:46 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 0
x-cache: HIT
x-proxy-cache: MISS
x-served-by: cache-fra-eddf8230082-FRA
last-modified: Tue, 13 Oct 2020 07:18:35 GMT
server: cloudflare
x-github-request-id: F288:268E:8138457:83343DD:6558A7E6
x-timer: S1700309018.913184,VS0,VE93
etag: W/"5f8554cb-1774"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=p2Ojo3adqYVksJM9qdYAJibAQDA3NJdBcYzoXqAaqmHiRB7JiobmHrM4jJ%2BgNr5tYGcaeu4fF%2BXKXXdBP%2BibZ9yXU5jB3Evrqy5h9KCIZtCqhtl4rFbWEreN%2FjwZbNDpD97MSrYMpCTaW%2FHUFJUdFw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/json; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=3600
x-origin-cache: HIT
cf-ray: 82801242ad0065d9-FRA
x-cache-hits: 1

GET
H2 200 page-data.json Show response
bfa.herodamage.com/page-data/death-knight/ 6 KB
1 KB 19ms
18ms XHR
application/json 2606:4700:20::681a:e4e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://bfa.herodamage.com/page-data/death-knight/page-data.json
Requested by: Host: bfa.herodamage.com
URL: https://bfa.herodamage.com/app-707be8dc38d1abc67464.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:e4e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 00f357bb1a907149c8ef8d29a494f56ba138ea9f4bccb941549cc597fd6cd328

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://bfa.herodamage.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

x-fastly-request-id: 652f41dade35e1be729d199265be392e914c5fc9
date: Sat, 18 Nov 2023 12:03:38 GMT
via: 1.1 varnish
content-encoding: br
expires: Sat, 18 Nov 2023 12:12:46 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 0
x-cache: HIT
x-proxy-cache: MISS
x-served-by: cache-fra-eddf8230047-FRA
last-modified: Tue, 13 Oct 2020 07:18:34 GMT
server: cloudflare
x-github-request-id: 310C:3423:6179F0F:63053B7:6558A7E6
x-timer: S1700309018.922593,VS0,VE91
etag: W/"5f8554ca-183d"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xt%2FTYyOi65rwMg%2BhicTkWLuFzjRh4V6iy1%2FZe7intIXBUfC8rSRjp8N%2BD65KIAhBKlk%2BcXsWCSfbOoSOIUGeAS%2BArSnjQpd2K2oI6BT5MSvvTyBqpIBUG8cYOKKhVDCCBqNVCTSPNJbXP6Lo9J%2BJjQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/json; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=3600
x-origin-cache: HIT
cf-ray: 82801242ad0665d9-FRA
x-cache-hits: 1

GET
H2 200 page-data.json Show response
bfa.herodamage.com/page-data/death-knight/ 6 KB
1 KB 24ms
23ms XHR
application/json 2606:4700:20::681a:e4e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://bfa.herodamage.com/page-data/death-knight/page-data.json
Requested by: Host: bfa.herodamage.com
URL: https://bfa.herodamage.com/app-707be8dc38d1abc67464.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:e4e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 00f357bb1a907149c8ef8d29a494f56ba138ea9f4bccb941549cc597fd6cd328

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://bfa.herodamage.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

x-fastly-request-id: 652f41dade35e1be729d199265be392e914c5fc9
date: Sat, 18 Nov 2023 12:03:38 GMT
via: 1.1 varnish
content-encoding: br
expires: Sat, 18 Nov 2023 12:12:46 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 0
x-cache: HIT
x-proxy-cache: MISS
x-served-by: cache-fra-eddf8230047-FRA
last-modified: Tue, 13 Oct 2020 07:18:34 GMT
server: cloudflare
x-github-request-id: 310C:3423:6179F0F:63053B7:6558A7E6
x-timer: S1700309018.922593,VS0,VE91
etag: W/"5f8554ca-183d"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BE0RmQPvIK0Iy7j%2BVAmNVhAzLLrYCsJQ%2B2fRqcPPq0XcOVGteXvcnx29rk5fnvfYsPdfhpLZB2s9uT68ccB1di915BGca5VW3rxfHdMqyNT8xtOFwxWhwSbHvCVyO%2BfS9odoMUqIcYVrGfp8rv%2BDlg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/json; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=3600
x-origin-cache: HIT
cf-ray: 82801242ad0765d9-FRA
x-cache-hits: 1

GET
H2 200 page-data.json Show response
bfa.herodamage.com/page-data/mage/ 6 KB
1015 B 34ms
29ms XHR
application/json 2606:4700:20::681a:e4e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://bfa.herodamage.com/page-data/mage/page-data.json
Requested by: Host: bfa.herodamage.com
URL: https://bfa.herodamage.com/app-707be8dc38d1abc67464.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:e4e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c9761aba60411cb1187c930a4710be96ddfc50758b1e7b1d1403c0d696881bf3

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://bfa.herodamage.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

x-fastly-request-id: f47231bebf648f30f5abf86d0732b434daf75b13
date: Sat, 18 Nov 2023 12:03:38 GMT
via: 1.1 varnish
content-encoding: br
expires: Sat, 18 Nov 2023 12:12:46 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 0
x-cache: HIT
x-proxy-cache: MISS
x-served-by: cache-fra-eddf8230136-FRA
last-modified: Tue, 13 Oct 2020 07:18:35 GMT
server: cloudflare
x-github-request-id: 806E:570C:3AEACDC:3BCEEDF:6558A7E6
x-timer: S1700309018.922829,VS0,VE91
etag: W/"5f8554cb-1663"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=O7f%2F3OEQFxyk6SxGzqC7pUfeMWxBel8uG8fJs%2B%2FxpxKhDaGHl4O%2FIHQBpJXNCfrNz1vAx60U69Cd12HH4aWNsLRrCVbeSlXiVZpwkHTybE9XQhfJkJYuX1AAom2xHzOp8LL5LVmucY5%2F19tg35ujGA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/json; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=3600
x-origin-cache: HIT
cf-ray: 82801242bd1465d9-FRA
x-cache-hits: 1

GET
H2 200 page-data.json Show response
bfa.herodamage.com/page-data/mage/ 6 KB
1 KB 30ms
26ms XHR
application/json 2606:4700:20::681a:e4e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://bfa.herodamage.com/page-data/mage/page-data.json
Requested by: Host: bfa.herodamage.com
URL: https://bfa.herodamage.com/app-707be8dc38d1abc67464.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:e4e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c9761aba60411cb1187c930a4710be96ddfc50758b1e7b1d1403c0d696881bf3

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://bfa.herodamage.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

x-fastly-request-id: f47231bebf648f30f5abf86d0732b434daf75b13
date: Sat, 18 Nov 2023 12:03:38 GMT
via: 1.1 varnish
content-encoding: br
expires: Sat, 18 Nov 2023 12:12:46 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 0
x-cache: HIT
x-proxy-cache: MISS
x-served-by: cache-fra-eddf8230136-FRA
last-modified: Tue, 13 Oct 2020 07:18:35 GMT
server: cloudflare
x-github-request-id: 806E:570C:3AEACDC:3BCEEDF:6558A7E6
x-timer: S1700309018.922829,VS0,VE91
etag: W/"5f8554cb-1663"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=p7VhMDJYXvNDkQneDh8l1iQ9bm%2FmUnDTYf0XpU3pR4DfX50pYEPWrWQgNep9zbKiLawbja2CtHWVfBH5PurPVw90beTf1zDe4MfSlkVdPlqURHQ%2BrQtpPeA815CAsBXUsK6H3CQ4qrvlVgCzSr6LtA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/json; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=3600
x-origin-cache: HIT
cf-ray: 82801242bd1865d9-FRA
x-cache-hits: 1

GET
H2 200 page-data.json Show response
bfa.herodamage.com/page-data/paladin/ 4 KB
1 KB 23ms
19ms XHR
application/json 2606:4700:20::681a:e4e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://bfa.herodamage.com/page-data/paladin/page-data.json
Requested by: Host: bfa.herodamage.com
URL: https://bfa.herodamage.com/app-707be8dc38d1abc67464.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:e4e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ea28dc2d9037f31ab60130e288ec35489142eb67ab6c9cb5282d660c8668b5e9

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://bfa.herodamage.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

x-fastly-request-id: 08638ba06accd33b2b03583bf94d1745b8cdf16d
date: Sat, 18 Nov 2023 12:03:38 GMT
via: 1.1 varnish
content-encoding: br
expires: Sat, 18 Nov 2023 12:12:46 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 0
x-cache: HIT
x-proxy-cache: MISS
x-served-by: cache-fra-eddf8230065-FRA
last-modified: Tue, 13 Oct 2020 07:18:35 GMT
server: cloudflare
x-github-request-id: 26E6:EDB5:568570F:57DD9DF:6558A7E6
x-timer: S1700309018.923795,VS0,VE92
etag: W/"5f8554cb-10ab"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2Fku8lZP%2BRvvDcO4xDvnKMrv10IY%2FNvR%2Bg2JNp89e9dX737EuzSednRmGzexlxFb2Rk4Fl0JZmQPuLkUb%2BM2AVpwBCZ0JtR06WEn54GyPnGzisdfXJNzuv8ZYNO2t31dGxWbQ697r71Innj8U%2Fyg1RA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/json; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=3600
x-origin-cache: HIT
cf-ray: 82801242bd1965d9-FRA
x-cache-hits: 1

GET
H2 200 page-data.json Show response
bfa.herodamage.com/page-data/paladin/ 4 KB
1 KB 27ms
23ms XHR
application/json 2606:4700:20::681a:e4e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://bfa.herodamage.com/page-data/paladin/page-data.json
Requested by: Host: bfa.herodamage.com
URL: https://bfa.herodamage.com/app-707be8dc38d1abc67464.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:e4e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ea28dc2d9037f31ab60130e288ec35489142eb67ab6c9cb5282d660c8668b5e9

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://bfa.herodamage.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

x-fastly-request-id: 08638ba06accd33b2b03583bf94d1745b8cdf16d
date: Sat, 18 Nov 2023 12:03:38 GMT
via: 1.1 varnish
content-encoding: br
expires: Sat, 18 Nov 2023 12:12:46 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 0
x-cache: HIT
x-proxy-cache: MISS
x-served-by: cache-fra-eddf8230065-FRA
last-modified: Tue, 13 Oct 2020 07:18:35 GMT
server: cloudflare
x-github-request-id: 26E6:EDB5:568570F:57DD9DF:6558A7E6
x-timer: S1700309018.923795,VS0,VE92
etag: W/"5f8554cb-10ab"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6bxBiPP%2FR1Q%2FytXSpUeDWF2BiT%2B6YL2mM968bgoaNU0TwKXMwGBY7JOs4bER%2FjVwpQTYZODQY2a5Lgj91cqM1VxESOsaloI13FLjM7gh964SIecoCLU1Daq6OAiCPP1A%2B0iABR23h7CpJsRyhAqRew%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/json; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=3600
x-origin-cache: HIT
cf-ray: 82801242bd1b65d9-FRA
x-cache-hits: 1

GET
H2 200 page-data.json Show response
bfa.herodamage.com/page-data/hunter/ 6 KB
1 KB 29ms
26ms XHR
application/json 2606:4700:20::681a:e4e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://bfa.herodamage.com/page-data/hunter/page-data.json
Requested by: Host: bfa.herodamage.com
URL: https://bfa.herodamage.com/app-707be8dc38d1abc67464.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:e4e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8c2f09a78b5ce85d7ff639976859716e29c71318b65c1675effd83e2e9f05a22

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://bfa.herodamage.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

x-fastly-request-id: b1b1437fd0a7d1b7f913b31493564451f65424e0
date: Sat, 18 Nov 2023 12:03:38 GMT
via: 1.1 varnish
content-encoding: br
expires: Sat, 18 Nov 2023 12:12:46 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 0
x-cache: HIT
x-proxy-cache: MISS
x-served-by: cache-fra-eddf8230115-FRA
last-modified: Tue, 13 Oct 2020 07:18:35 GMT
server: cloudflare
x-github-request-id: 2664:577C:6E5CBC6:701EDB3:6558A7E6
x-timer: S1700309018.920313,VS0,VE97
etag: W/"5f8554cb-1819"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ar67AggTEAMcyl8XfJHZiXfaGw605gQAgxWynDVT%2FwRIEuXc0PcpzkTcB1sHftAThsFbUYMySk5Yp%2FCb1rMOcG44EKzkjGu%2B5ycyxlIIKZNQBMlY4Q55vZRZrC%2Bu2spLcooCIEh9VjTDC4bTV4uACg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/json; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=3600
x-origin-cache: HIT
cf-ray: 82801242bd1c65d9-FRA
x-cache-hits: 1

GET
H2 200 page-data.json Show response
bfa.herodamage.com/page-data/hunter/ 6 KB
1 KB 24ms
22ms XHR
application/json 2606:4700:20::681a:e4e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://bfa.herodamage.com/page-data/hunter/page-data.json
Requested by: Host: bfa.herodamage.com
URL: https://bfa.herodamage.com/app-707be8dc38d1abc67464.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:e4e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8c2f09a78b5ce85d7ff639976859716e29c71318b65c1675effd83e2e9f05a22

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://bfa.herodamage.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

x-fastly-request-id: b1b1437fd0a7d1b7f913b31493564451f65424e0
date: Sat, 18 Nov 2023 12:03:38 GMT
via: 1.1 varnish
content-encoding: br
expires: Sat, 18 Nov 2023 12:12:46 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 0
x-cache: HIT
x-proxy-cache: MISS
x-served-by: cache-fra-eddf8230115-FRA
last-modified: Tue, 13 Oct 2020 07:18:35 GMT
server: cloudflare
x-github-request-id: 2664:577C:6E5CBC6:701EDB3:6558A7E6
x-timer: S1700309018.920313,VS0,VE97
etag: W/"5f8554cb-1819"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ajauUs18caz9LQoMtZ%2BaMmKe76Vz6aEWSMhyXT2xGmzqsax7ILhUVFPpmqlpulKN6JD0fJNddKlOQvLc6Pd9t0YKGbNW1PAg45hYTZyyHeuIvsftqmGysb4%2F7XtV%2Ffwkc5lG4RzY0MLJiDleWJmqiw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/json; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=3600
x-origin-cache: HIT
cf-ray: 82801242bd1d65d9-FRA
x-cache-hits: 1

GET
H2 200 page-data.json Show response
bfa.herodamage.com/page-data/warlock/ 6 KB
1 KB 23ms
21ms XHR
application/json 2606:4700:20::681a:e4e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://bfa.herodamage.com/page-data/warlock/page-data.json
Requested by: Host: bfa.herodamage.com
URL: https://bfa.herodamage.com/app-707be8dc38d1abc67464.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:e4e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: cead1229ba5aaea56b38b0428aef22261f3ac494ebc4d287153391003d18ec48

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://bfa.herodamage.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

x-fastly-request-id: 1397e0992cfd843075737d6120ba9d3b4f341e77
date: Sat, 18 Nov 2023 12:03:38 GMT
via: 1.1 varnish
content-encoding: br
expires: Sat, 18 Nov 2023 12:12:46 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 0
x-cache: HIT
x-proxy-cache: MISS
x-served-by: cache-fra-eddf8230132-FRA
last-modified: Tue, 13 Oct 2020 07:18:35 GMT
server: cloudflare
x-github-request-id: 5CF0:EDB5:568571D:57DD9F0:6558A7E6
x-timer: S1700309018.923159,VS0,VE94
etag: W/"5f8554cb-182e"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Vu1NUcR20qGsCNPtW93HfCVS0%2BPWiGtzzzAJ%2FzhquoBgyY2xVJzgCNSsD13eBhtk4XP%2BfP1cKuBU4KQ9fGda%2B6s5jzJJVP16zc%2FIYCT0yq3mASnE95%2BhLArDapww%2BSrK4QLk0M5ciRS7Qrsdy9PMXQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/json; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=3600
x-origin-cache: HIT
cf-ray: 82801242bd1e65d9-FRA
x-cache-hits: 1

GET
H2 200 page-data.json Show response
bfa.herodamage.com/page-data/warlock/ 6 KB
982 B 23ms
22ms XHR
application/json 2606:4700:20::681a:e4e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://bfa.herodamage.com/page-data/warlock/page-data.json
Requested by: Host: bfa.herodamage.com
URL: https://bfa.herodamage.com/app-707be8dc38d1abc67464.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:e4e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: cead1229ba5aaea56b38b0428aef22261f3ac494ebc4d287153391003d18ec48

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://bfa.herodamage.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

x-fastly-request-id: 1397e0992cfd843075737d6120ba9d3b4f341e77
date: Sat, 18 Nov 2023 12:03:38 GMT
via: 1.1 varnish
content-encoding: br
expires: Sat, 18 Nov 2023 12:12:46 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 0
x-cache: HIT
x-proxy-cache: MISS
x-served-by: cache-fra-eddf8230132-FRA
last-modified: Tue, 13 Oct 2020 07:18:35 GMT
server: cloudflare
x-github-request-id: 5CF0:EDB5:568571D:57DD9F0:6558A7E6
x-timer: S1700309018.923159,VS0,VE94
etag: W/"5f8554cb-182e"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DzUUb86jVJYFYJtDzTsKrwcO1qMTKvaW3yKSCMdML7%2BW0QVxw0TFzV88Efr2GnoBMUrLjAt8dpjUZCX9gDit4e0p2UzchC5o%2BBW1sNSDKKZPJGDh4NB0Kmy7Yx0uVXVk0U3arUPMHv9vg%2B3rKBUt2Q%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/json; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=3600
x-origin-cache: HIT
cf-ray: 82801242bd2065d9-FRA
x-cache-hits: 1

GET
H2 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
7 KB 68ms
38ms Script
text/javascript 2a00:1450:4001:800::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202311090101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://bfa.herodamage.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Sat, 18 Nov 2023 12:03:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Sat, 18 Nov 2023 12:03:38 GMT

GET
H2 200 page-data.json Show response
bfa.herodamage.com/page-data/warrior/ 6 KB
1 KB 18ms
17ms XHR
application/json 2606:4700:20::681a:e4e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://bfa.herodamage.com/page-data/warrior/page-data.json
Requested by: Host: bfa.herodamage.com
URL: https://bfa.herodamage.com/app-707be8dc38d1abc67464.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:e4e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3342cd3835ef04948548fe58d9da2f7ef94b7649376864b2b078b59842fcdb0c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://bfa.herodamage.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

x-fastly-request-id: c8cdaf5955bf1a824349d1213f98bcdf737cc1eb
date: Sat, 18 Nov 2023 12:03:38 GMT
via: 1.1 varnish
content-encoding: br
expires: Sat, 18 Nov 2023 12:12:46 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 0
x-cache: HIT
x-proxy-cache: MISS
x-served-by: cache-fra-eddf8230099-FRA
last-modified: Tue, 13 Oct 2020 07:18:35 GMT
server: cloudflare
x-github-request-id: 5310:EDB5:568570A:57DD9D9:6558A7E6
x-timer: S1700309018.923488,VS0,VE95
etag: W/"5f8554cb-1744"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JoQfxnZCccFQo1MhhiLKtiKt8bdqIg1FPH59yKaXSwpjrMlVyoomb8fHPtR0rbLlYWMyZ0K7X2%2BQwshf7T7K9uM4jevq4IwdYl0plk7l5vlCw9Hfc3LWAThIsOt4g0SCVkCeyZtH2rHFyzJqryMdvQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/json; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=3600
cf-ray: 82801242bd2365d9-FRA
x-cache-hits: 1

GET
H2 200 page-data.json Show response
bfa.herodamage.com/page-data/warrior/ 6 KB
1 KB 19ms
17ms XHR
application/json 2606:4700:20::681a:e4e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://bfa.herodamage.com/page-data/warrior/page-data.json
Requested by: Host: bfa.herodamage.com
URL: https://bfa.herodamage.com/app-707be8dc38d1abc67464.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:e4e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3342cd3835ef04948548fe58d9da2f7ef94b7649376864b2b078b59842fcdb0c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://bfa.herodamage.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

x-fastly-request-id: c8cdaf5955bf1a824349d1213f98bcdf737cc1eb
date: Sat, 18 Nov 2023 12:03:38 GMT
via: 1.1 varnish
content-encoding: br
expires: Sat, 18 Nov 2023 12:12:46 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 0
x-cache: HIT
x-proxy-cache: MISS
x-served-by: cache-fra-eddf8230099-FRA
last-modified: Tue, 13 Oct 2020 07:18:35 GMT
server: cloudflare
x-github-request-id: 5310:EDB5:568570A:57DD9D9:6558A7E6
x-timer: S1700309018.923488,VS0,VE95
etag: W/"5f8554cb-1744"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CKcKZw2enE1wDOSzN9JqyoG9pGngMPHbEp6u%2F47a7wR1oh%2BY2YrMcCkArDW9iA%2BUbJEKXElnB3fpRrgk%2BMDcqUy4HzvUt1hm5iY9DSqwqWzfAdqdQY8DaXk7gyNxALkdgLxnyQxtHpn%2FchsT9Arbzg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/json; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=3600
cf-ray: 82801242bd2665d9-FRA
x-cache-hits: 1

GET
H2 200 page-data.json Show response
bfa.herodamage.com/page-data/priest/ 2 KB
883 B 26ms
25ms XHR
application/json 2606:4700:20::681a:e4e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://bfa.herodamage.com/page-data/priest/page-data.json
Requested by: Host: bfa.herodamage.com
URL: https://bfa.herodamage.com/app-707be8dc38d1abc67464.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:e4e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6400f4f1b40440fd918fae095c77dd1a2bb81f51f0591ded108bd784cb8e6398

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://bfa.herodamage.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

x-fastly-request-id: b447f59af5c53121190a9f099463f3617ccb8f03
date: Sat, 18 Nov 2023 12:03:38 GMT
via: 1.1 varnish
content-encoding: br
expires: Sat, 18 Nov 2023 12:12:46 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 0
x-cache: HIT
x-proxy-cache: MISS
x-served-by: cache-fra-eddf8230124-FRA
last-modified: Tue, 13 Oct 2020 07:18:35 GMT
server: cloudflare
x-github-request-id: E04A:EDB5:568570A:57DD9D6:6558A7E6
x-timer: S1700309018.924291,VS0,VE95
etag: W/"5f8554cb-8b9"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XEGOXlMid60SGDCuOR7cnXoN4knRQ7HS5dtd73VjLG9YYRVSzWL1DJQ803csndVcdYMdseN1yP1o2INx3PZZ%2BXoldrXr6qPVbQBzDj6W3Mpc53uXxXSU5cp%2B8%2B2unSu7HoMTjETEjYXu1GZ%2B2M5tLA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/json; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=3600
x-origin-cache: HIT
cf-ray: 82801242bd2765d9-FRA
x-cache-hits: 1

GET
H2 200 page-data.json Show response
bfa.herodamage.com/page-data/priest/ 2 KB
950 B 21ms
20ms XHR
application/json 2606:4700:20::681a:e4e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://bfa.herodamage.com/page-data/priest/page-data.json
Requested by: Host: bfa.herodamage.com
URL: https://bfa.herodamage.com/app-707be8dc38d1abc67464.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:e4e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6400f4f1b40440fd918fae095c77dd1a2bb81f51f0591ded108bd784cb8e6398

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://bfa.herodamage.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

x-fastly-request-id: b447f59af5c53121190a9f099463f3617ccb8f03
date: Sat, 18 Nov 2023 12:03:38 GMT
via: 1.1 varnish
content-encoding: br
expires: Sat, 18 Nov 2023 12:12:46 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 0
x-cache: HIT
x-proxy-cache: MISS
x-served-by: cache-fra-eddf8230124-FRA
last-modified: Tue, 13 Oct 2020 07:18:35 GMT
server: cloudflare
x-github-request-id: E04A:EDB5:568570A:57DD9D6:6558A7E6
x-timer: S1700309018.924291,VS0,VE95
etag: W/"5f8554cb-8b9"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RTEsAWDBynjYnYP2iOHZ%2B6BNhWnSMTxeKV9yP4fBVapg80OFKs7e6idZgB%2BN0LiYVS%2B7FKS1MSRWU2G1L8lnJk2I0r8y7sLvv%2Bwk8jqKpfyy85%2ByLm56YpnI4DsV0GdsJJN4HSWUEOCSJC4XEGL1%2BQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/json; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=3600
x-origin-cache: HIT
cf-ray: 82801242bd2965d9-FRA
x-cache-hits: 1

GET
H2 200 page-data.json Show response
bfa.herodamage.com/page-data/demon-hunter/ 4 KB
928 B 24ms
23ms XHR
application/json 2606:4700:20::681a:e4e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://bfa.herodamage.com/page-data/demon-hunter/page-data.json
Requested by: Host: bfa.herodamage.com
URL: https://bfa.herodamage.com/app-707be8dc38d1abc67464.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:e4e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6730f11bfada53b9ad60b760a43a1c35f8977d01f9e2559e59c5d8ad06dc1019

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://bfa.herodamage.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

x-fastly-request-id: c351933693faff90e112273765c7841e51bf0050
date: Sat, 18 Nov 2023 12:03:38 GMT
via: 1.1 varnish
content-encoding: br
expires: Sat, 18 Nov 2023 12:12:46 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 0
x-cache: HIT
x-proxy-cache: MISS
x-served-by: cache-fra-eddf8230055-FRA
last-modified: Tue, 13 Oct 2020 07:18:34 GMT
server: cloudflare
x-github-request-id: 693E:D547:5AB1CD7:5C14087:6558A7E6
x-timer: S1700309018.934874,VS0,VE90
etag: W/"5f8554ca-10f0"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Qd2aDY%2Bc1YZ3y6V%2Bw1dIgvPUwlnIaQIqKyBOjBvrQ3U7iG9ldPIoFFkdidDZoRZr9iECMKaHxEX34tbRDN4V3%2B2amKB%2Bf6YOTgYXrFIiMCoSFEHECvlmMCvnq%2F88DwsDQU9Doxb%2BkiTJ7ZQohBQlpQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/json; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=3600
x-origin-cache: HIT
cf-ray: 82801242bd3165d9-FRA
x-cache-hits: 1

GET
H2 200 page-data.json Show response
bfa.herodamage.com/page-data/demon-hunter/ 4 KB
1 KB 19ms
18ms XHR
application/json 2606:4700:20::681a:e4e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://bfa.herodamage.com/page-data/demon-hunter/page-data.json
Requested by: Host: bfa.herodamage.com
URL: https://bfa.herodamage.com/app-707be8dc38d1abc67464.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:e4e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6730f11bfada53b9ad60b760a43a1c35f8977d01f9e2559e59c5d8ad06dc1019

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://bfa.herodamage.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

x-fastly-request-id: c351933693faff90e112273765c7841e51bf0050
date: Sat, 18 Nov 2023 12:03:38 GMT
via: 1.1 varnish
content-encoding: br
expires: Sat, 18 Nov 2023 12:12:46 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 0
x-cache: HIT
x-proxy-cache: MISS
x-served-by: cache-fra-eddf8230055-FRA
last-modified: Tue, 13 Oct 2020 07:18:34 GMT
server: cloudflare
x-github-request-id: 693E:D547:5AB1CD7:5C14087:6558A7E6
x-timer: S1700309018.934874,VS0,VE90
etag: W/"5f8554ca-10f0"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8qDzhCJ2EA0PfhUrVPFYpL7VtcUzd1WUBe3VSzrgup1zNYFFOCNL4GYStGnG%2BunKydx7sIyQ6wW3x504sLFO6%2BqnOrxbge%2FDNpKgvuSmYfkZIwVgHJTt92BqSAxc6lWG1GsbCwk2a7YHck7Txe4uTw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/json; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=3600
x-origin-cache: HIT
cf-ray: 82801242bd3365d9-FRA
x-cache-hits: 1

GET
H2 200 page-data.json Show response
bfa.herodamage.com/page-data/shaman/ 4 KB
1 KB 20ms
20ms XHR
application/json 2606:4700:20::681a:e4e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://bfa.herodamage.com/page-data/shaman/page-data.json
Requested by: Host: bfa.herodamage.com
URL: https://bfa.herodamage.com/app-707be8dc38d1abc67464.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:e4e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2d41426eb6ee42b6c5f9cfab4cb41aea704671de238a5a195db0d4cd9da603af

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://bfa.herodamage.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

x-fastly-request-id: d91b94c7a3f7aa1788a4c2494a08b61aea80bd39
date: Sat, 18 Nov 2023 12:03:38 GMT
via: 1.1 varnish
content-encoding: br
expires: Sat, 18 Nov 2023 12:12:46 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 0
x-cache: HIT
x-proxy-cache: MISS
x-served-by: cache-fra-eddf8230130-FRA
last-modified: Tue, 13 Oct 2020 07:18:35 GMT
server: cloudflare
x-github-request-id: 64CA:B478:88D857A:8ADD607:6558A7E6
x-timer: S1700309018.930147,VS0,VE98
etag: W/"5f8554cb-1072"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MefcwzAzEOFO%2FUTdNXC8eOhVLlarHT7zIsV1EBmhYU28DWmXzKp%2BTUTNjPnezXdZnZWrAWuEYPeiHW7S2ltLXEp%2Fwg52%2F%2F%2BWbToC2ArcKy51xIQV6RjwF0EI3w2KHKHFfbTtIGIr68M9JiTlWcs4VQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/json; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=3600
cf-ray: 82801242cd4165d9-FRA
x-cache-hits: 1

GET
H2 200 page-data.json Show response
bfa.herodamage.com/page-data/shaman/ 4 KB
898 B 29ms
29ms XHR
application/json 2606:4700:20::681a:e4e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://bfa.herodamage.com/page-data/shaman/page-data.json
Requested by: Host: bfa.herodamage.com
URL: https://bfa.herodamage.com/app-707be8dc38d1abc67464.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:e4e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2d41426eb6ee42b6c5f9cfab4cb41aea704671de238a5a195db0d4cd9da603af

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://bfa.herodamage.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

x-fastly-request-id: d91b94c7a3f7aa1788a4c2494a08b61aea80bd39
date: Sat, 18 Nov 2023 12:03:38 GMT
via: 1.1 varnish
content-encoding: br
expires: Sat, 18 Nov 2023 12:12:46 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 0
x-cache: HIT
x-proxy-cache: MISS
x-served-by: cache-fra-eddf8230130-FRA
last-modified: Tue, 13 Oct 2020 07:18:35 GMT
server: cloudflare
x-github-request-id: 64CA:B478:88D857A:8ADD607:6558A7E6
x-timer: S1700309018.930147,VS0,VE98
etag: W/"5f8554cb-1072"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QPY68GhvE4VwHqdlNNa2G%2Bv%2BpF%2Fe9cDeAnoCSZ5pAigqbI7EBqqQX9FL70kkFqLcus7rC5uu1oEJLvFHfo2xg53yo2T924IRcl6Xa8hKcgT%2Fej8rJWdKnpxGwfn7fpq4x7rapXQGa51HhiaQ%2FG%2BbsA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/json; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=3600
cf-ray: 82801242cd4565d9-FRA
x-cache-hits: 1

GET
H2 200 component---src-templates-wow-class-js-3a34498aa7440c390b97.js
bfa.herodamage.com/ 0
19 KB 118ms
118ms Other
application/javascript 2606:4700:20::681a:e4e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://bfa.herodamage.com/component---src-templates-wow-class-js-3a34498aa7440c390b97.js
Requested by: Host: bfa.herodamage.com
URL: https://bfa.herodamage.com/app-707be8dc38d1abc67464.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:e4e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://bfa.herodamage.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

x-fastly-request-id: 1158ef01da359443197e940787e49850eab6e020
date: Sat, 18 Nov 2023 12:03:38 GMT
via: 1.1 varnish
content-encoding: br
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
expires: Sat, 18 Nov 2023 12:12:47 GMT
x-cache: HIT
x-proxy-cache: MISS
x-served-by: cache-fra-eddf8230029-FRA
last-modified: Tue, 13 Oct 2020 07:18:33 GMT
server: cloudflare
x-github-request-id: 2566:1338D:4DCAB10:4EFD4CC:6558A7E6
x-timer: S1700309018.060900,VS0,VE86
etag: W/"5f8554c9-102e2"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6cCckyKjR7YnNyEiarXYp0V7KRT%2Fm%2BfrdeEmacLYu4FGWgV06nEzOWmtfOKSAAMONqKNLgba5qsLTLqe%2FTJ7yV8FYjPMbvzNEYBwWB3Edk%2B8oc5RnsBi8TL%2BcxP70OP%2BocD3iRpDvnVka0qc%2BAkDUA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=3600
cf-ray: 82801242cd4965d9-FRA
x-cache-hits: 1

POST
H2 204 collect
region1.google-analytics.com/g/ 0
256 B 35ms
13ms Ping
text/plain 2001:4860:4802:32::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-XWQCTYETBQ&gtm=45je3b81v9134949561&_p=1700309017990&gcd=11l1l1l1l2&dma_cps=sypham&dma=1&ul=en-us&sr=1600x1200&cid=1217902598.1700309018&ir=1&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_eu=EBAI&_s=1&dl=https%3A%2F%2Fbfa.herodamage.com%2F&dp=%2F&dt=Hero%20Damage&sid=1700309018&sct=1&seg=0&en=page_view&_fv=1&_ss=1&_ee=1&tfd=701
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-XWQCTYETBQ&cx=c&_slc=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://bfa.herodamage.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 18 Nov 2023 12:03:38 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://bfa.herodamage.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame F1F2 13 KB
5 KB 7ms
6ms Document
text/html 2a00:1450:4001:800::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://bfa.herodamage.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 2646
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Sat, 18 Nov 2023 11:19:32 GMT
expires: Sun, 17 Nov 2024 11:19:32 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 9CAC 829 B
1 KB 39ms
18ms Document
text/html 2a00:1450:4001:829::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

7db902484287395505a02d032422d854888c93570cceb79b6640de614c31e1e7

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-50roKs_OlFTKP97Stf73-A' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://bfa.herodamage.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=300
content-encoding: gzip
content-security-policy: script-src 'report-sample' 'nonce-50roKs_OlFTKP97Stf73-A' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Sat, 18 Nov 2023 12:03:38 GMT
expires: Sat, 18 Nov 2023 12:03:38 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H2 200 page-data.json Show response
bfa.herodamage.com/page-data/monk/ 4 KB
953 B 19ms
18ms XHR
application/json 2606:4700:20::681a:e4e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://bfa.herodamage.com/page-data/monk/page-data.json
Requested by: Host: bfa.herodamage.com
URL: https://bfa.herodamage.com/app-707be8dc38d1abc67464.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:e4e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5454ec0e034476877e6c1e6efa5e5a021e70751c049b544b1ed382d5964dd56d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://bfa.herodamage.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

x-fastly-request-id: f7d8494de935f13c2f8b93ed4d9bfd94bb8b2557
date: Sat, 18 Nov 2023 12:03:38 GMT
via: 1.1 varnish
content-encoding: br
expires: Sat, 18 Nov 2023 12:12:46 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 0
x-cache: HIT
x-proxy-cache: MISS
x-served-by: cache-fra-eddf8230043-FRA
last-modified: Tue, 13 Oct 2020 07:18:35 GMT
server: cloudflare
x-github-request-id: 0B0C:EDB5:568570A:57DD9D7:6558A7E6
x-timer: S1700309018.981055,VS0,VE85
etag: W/"5f8554cb-edf"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Ia0Gm38NHW32gnDN7sgKRxkTW8mvOdVE2PxUm5V2K0pQIRspEbpzcxYLj0Q%2BxBXdXTBzKY37mzVBium%2Ba3yBmIRMJqtX4smR0J90CUERIQhqQPgf80TFO1k0ot2ZvLpZhvfDrE2VcVGEMWSqRxSBYg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/json; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=3600
x-origin-cache: HIT
cf-ray: 828012432dd065d9-FRA
x-cache-hits: 1

GET
H2 200 page-data.json Show response
bfa.herodamage.com/page-data/monk/ 4 KB
975 B 19ms
19ms XHR
application/json 2606:4700:20::681a:e4e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://bfa.herodamage.com/page-data/monk/page-data.json
Requested by: Host: bfa.herodamage.com
URL: https://bfa.herodamage.com/app-707be8dc38d1abc67464.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:e4e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5454ec0e034476877e6c1e6efa5e5a021e70751c049b544b1ed382d5964dd56d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://bfa.herodamage.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

x-fastly-request-id: f7d8494de935f13c2f8b93ed4d9bfd94bb8b2557
date: Sat, 18 Nov 2023 12:03:38 GMT
via: 1.1 varnish
content-encoding: br
expires: Sat, 18 Nov 2023 12:12:46 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 0
x-cache: HIT
x-proxy-cache: MISS
x-served-by: cache-fra-eddf8230043-FRA
last-modified: Tue, 13 Oct 2020 07:18:35 GMT
server: cloudflare
x-github-request-id: 0B0C:EDB5:568570A:57DD9D7:6558A7E6
x-timer: S1700309018.981055,VS0,VE85
etag: W/"5f8554cb-edf"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=APHjFA0GOhYfilNbFos0inyi8Jc2bD1rTwDmnztytHBqrBXdJpEDSGWrF9yS3JuM9bBe72N345Tm%2FVa7vBnP%2FR4e62%2BY4uHdL1kR43AbTNX1cOqt5%2B%2FSHHIRlRK4kxMt%2FNZQse4Fa9pZnxMfsuT%2BZg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/json; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=3600
x-origin-cache: HIT
cf-ray: 828012432dd365d9-FRA
x-cache-hits: 1

GET
H3 200 GOa2ZK97xVqw-WOSDw2lqG4V8l_qTiI5JNj0tnI6N88.js Show response
pagead2.googlesyndication.com/bg/ Frame F1F2 39 KB
15 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/GOa2ZK97xVqw-WOSDw2lqG4V8l_qTiI5JNj0tnI6N88.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

18e6b664af7bc55ab0f963920f0da5a86e15f25fea4e223924d8f4b6723a37cf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Sat, 18 Nov 2023 11:19:32 GMT
content-encoding: br
x-content-type-options: nosniff
age: 2646
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15296
x-xss-protection: 0
last-modified: Mon, 06 Nov 2023 16:38:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sun, 17 Nov 2024 11:19:32 GMT

GET
H2 200 page-data.json Show response
bfa.herodamage.com/page-data/druid/ 6 KB
1012 B 18ms
17ms XHR
application/json 2606:4700:20::681a:e4e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://bfa.herodamage.com/page-data/druid/page-data.json
Requested by: Host: bfa.herodamage.com
URL: https://bfa.herodamage.com/app-707be8dc38d1abc67464.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:e4e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 446bdacd5729489ed719aab21ead795632289590e3954cac6fe1f821f0884557

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://bfa.herodamage.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

x-fastly-request-id: e7c3332ff363c50d9f9da2874991d5f160258c09
date: Sat, 18 Nov 2023 12:03:38 GMT
via: 1.1 varnish
content-encoding: br
expires: Sat, 18 Nov 2023 12:12:46 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 0
x-cache: HIT
x-proxy-cache: MISS
x-served-by: cache-fra-eddf8230026-FRA
last-modified: Tue, 13 Oct 2020 07:18:34 GMT
server: cloudflare
x-github-request-id: 19EA:D51D:52EE707:5436259:6558A7E6
x-timer: S1700309018.983549,VS0,VE98
etag: W/"5f8554ca-16f6"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=c9cii5Kvgcd%2BVlPR2DF0WFlF7IY3c8JGHF4O8uB4H6RzIFD1GC%2FYsm8aiTTEKaLSypJsNL%2FtfBuPcbGwfTsIPVi8pa%2Fd5xGMArK6f21VaXp%2BICcIequt1Nlt0%2FboEg42ZegO9s0JPSd4a6Ur8ymQsg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/json; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=3600
cf-ray: 828012436e1265d9-FRA
x-cache-hits: 1

GET
H2 200 page-data.json Show response
bfa.herodamage.com/page-data/druid/ 6 KB
980 B 21ms
20ms XHR
application/json 2606:4700:20::681a:e4e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://bfa.herodamage.com/page-data/druid/page-data.json
Requested by: Host: bfa.herodamage.com
URL: https://bfa.herodamage.com/app-707be8dc38d1abc67464.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:e4e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 446bdacd5729489ed719aab21ead795632289590e3954cac6fe1f821f0884557

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://bfa.herodamage.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

x-fastly-request-id: e7c3332ff363c50d9f9da2874991d5f160258c09
date: Sat, 18 Nov 2023 12:03:38 GMT
via: 1.1 varnish
content-encoding: br
expires: Sat, 18 Nov 2023 12:12:46 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 0
x-cache: HIT
x-proxy-cache: MISS
x-served-by: cache-fra-eddf8230026-FRA
last-modified: Tue, 13 Oct 2020 07:18:34 GMT
server: cloudflare
x-github-request-id: 19EA:D51D:52EE707:5436259:6558A7E6
x-timer: S1700309018.983549,VS0,VE98
etag: W/"5f8554ca-16f6"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7MGymf1Vq42jYzQLRpju%2BLi7Z3TbAvsgFahrFxwROUQ6HqReAjc7gq5ghgsZMy1XYIHBw1thu0kEjDKfDKdGiWjYKHdxqWgWE6A2Ue3C3i59ohRSEM1quxkYBaq8WhBsB16QX%2FmL3Cx9zCv1r2wT3A%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/json; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=3600
cf-ray: 828012436e1465d9-FRA
x-cache-hits: 1

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 9CAC 0
0 40ms
40ms Image
text/html 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_m202311090101&jk=3968625074765964&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame F1F2 0
10 B 7ms
6ms Image
text/plain 2a00:1450:4001:800::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?eXGaVw
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Sat, 18 Nov 2023 12:03:38 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H2 200 container.html Show response
52d9ebb87ca617cc5c6c4da4f45f7058.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 2984 6 KB
3 KB 9ms
7ms Document
text/html 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://52d9ebb87ca617cc5c6c4da4f45f7058.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202311090101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://bfa.herodamage.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Sat, 18 Nov 2023 12:03:37 GMT
expires: Sun, 17 Nov 2024 12:03:37 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 container.html Show response
52d9ebb87ca617cc5c6c4da4f45f7058.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 70F7 6 KB
3 KB 8ms
7ms Document
text/html 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://52d9ebb87ca617cc5c6c4da4f45f7058.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202311090101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://bfa.herodamage.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Sat, 18 Nov 2023 12:03:37 GMT
expires: Sun, 17 Nov 2024 12:03:37 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 ext.js Show response
tpc.googlesyndication.com/safeframe/1-0-40/js/ Frame 2984 24 KB
6 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:800::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/safeframe/1-0-40/js/ext.js

Requested by

Host: 52d9ebb87ca617cc5c6c4da4f45f7058.safeframe.googlesyndication.com
URL: https://52d9ebb87ca617cc5c6c4da4f45f7058.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

08204982c484faf6890c60557a4e642971f17625ddddc0559dc0e3ca728ac9e0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://52d9ebb87ca617cc5c6c4da4f45f7058.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 23:16:58 GMT
content-encoding: br
x-content-type-options: nosniff
age: 132400
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6402
x-xss-protection: 0
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Fri, 15 Nov 2024 23:16:58 GMT

GET
H3 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame 2984 151 KB
52 KB 67ms
66ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Requested by

Host: 52d9ebb87ca617cc5c6c4da4f45f7058.safeframe.googlesyndication.com
URL: https://52d9ebb87ca617cc5c6c4da4f45f7058.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5114447784fd9c26afdbf18b5633f3c1f76f8f14b5bac736803716d6d7ef6304

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://52d9ebb87ca617cc5c6c4da4f45f7058.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Sat, 18 Nov 2023 12:03:38 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 52733
x-xss-protection: 0
server: cafe
etag: 15022176000523672418
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Sat, 18 Nov 2023 12:03:38 GMT

GET
H2 200 ufs_web_display.js Show response
www.googletagservices.com/activeview/js/current/ Frame 2984 202 KB
64 KB 33ms
33ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Requested by

Host: 52d9ebb87ca617cc5c6c4da4f45f7058.safeframe.googlesyndication.com
URL: https://52d9ebb87ca617cc5c6c4da4f45f7058.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d00881661ce5e766ce98430f69d6d217ab80bdfa98811e039afc92a327d57a68

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://52d9ebb87ca617cc5c6c4da4f45f7058.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Sat, 18 Nov 2023 12:03:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 65070
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1700193896630564"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 18 Nov 2023 12:03:38 GMT

GET
H3 200 ext.js Show response
tpc.googlesyndication.com/safeframe/1-0-40/js/ Frame 70F7 24 KB
6 KB 9ms
9ms Script
text/javascript 2a00:1450:4001:800::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/safeframe/1-0-40/js/ext.js

Requested by

Host: 52d9ebb87ca617cc5c6c4da4f45f7058.safeframe.googlesyndication.com
URL: https://52d9ebb87ca617cc5c6c4da4f45f7058.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

08204982c484faf6890c60557a4e642971f17625ddddc0559dc0e3ca728ac9e0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://52d9ebb87ca617cc5c6c4da4f45f7058.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 23:16:58 GMT
content-encoding: br
x-content-type-options: nosniff
age: 132400
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6402
x-xss-protection: 0
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Fri, 15 Nov 2024 23:16:58 GMT

GET
H3 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame 70F7 150 KB
52 KB 148ms
147ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Requested by

Host: 52d9ebb87ca617cc5c6c4da4f45f7058.safeframe.googlesyndication.com
URL: https://52d9ebb87ca617cc5c6c4da4f45f7058.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e42563b61e8389678b35e95153b6aacbc43203a880f241a5304cf5747ba9bd7b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://52d9ebb87ca617cc5c6c4da4f45f7058.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Sat, 18 Nov 2023 12:03:38 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 52711
x-xss-protection: 0
server: cafe
etag: 10338488515970310071
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Sat, 18 Nov 2023 12:03:38 GMT

GET
H2 200 ufs_web_display.js Show response
www.googletagservices.com/activeview/js/current/ Frame 70F7 202 KB
64 KB 39ms
38ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Requested by

Host: 52d9ebb87ca617cc5c6c4da4f45f7058.safeframe.googlesyndication.com
URL: https://52d9ebb87ca617cc5c6c4da4f45f7058.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d00881661ce5e766ce98430f69d6d217ab80bdfa98811e039afc92a327d57a68

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://52d9ebb87ca617cc5c6c4da4f45f7058.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Sat, 18 Nov 2023 12:03:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 65070
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1700193896630564"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 18 Nov 2023 12:03:38 GMT

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 2984 0
0 46ms
46ms Fetch
image/gif 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstb1zWzTFQTg1TZtH-iLfnsKZwJD0xwKUXwsOYp4EWDuPXGimji0vrPzK1pVfAV4z3h3osNCXGvuqzMwSmJx_Tt2lMuq3_KRZbWqKBEDyy0YSMsa3B6a4-C_s-WBSGEkT55g1SpzcjO2_k8rR-6abfVgC1yzq_kwI5ahCfNiEKjsblRY3Y6q_UCN7G8kMP4EznjX0L_89BuMVBdVie1uU5VU3PF7Fb09-k1pgfddqjAr1rBcf7wfxpdpdLBUynJNKQILgTQDV645goWTDm0wVVeWcRTATG5yHoDJSEAyYuScFQv1pPkKyYwpzYYQNMmwE7vsMny9jJM9pUDuiKwVeQUXYQrxTM2uL8DRWUCy4M&sai=AMfl-YRD87IZ1cqyZKaa8cDaDoHXvHINUQVBRv_XdmIYrn0F40dD-CghwXvt27mzd1sRQJ5Xurj0rhWWy1JCsF7HrhX-0joM7vAdtIg6Q9A8rIQIzrteInod5hzRuw-UOc7K4ydljVqcROrcxcd8VUwU364c&sig=Cg0ArKJSzKwXC5o7QgncEAE&uach_m=[UACH]&urlfix=1&adurl=

Requested by

Host: 52d9ebb87ca617cc5c6c4da4f45f7058.safeframe.googlesyndication.com
URL: https://52d9ebb87ca617cc5c6c4da4f45f7058.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://52d9ebb87ca617cc5c6c4da4f45f7058.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Sat, 18 Nov 2023 12:03:38 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Sat, 18 Nov 2023 12:03:38 GMT

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 70F7 0
0 45ms
45ms Fetch
image/gif 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsuXepsxUpB-2fjrcfXOrY8jNBFkHauMEpkPOi0Y6fG-NwNRntMVPNLscCxfLbMNsM-6iGxBf5uXrb-BiFK6UqRWOTAfdQYgGU3TXY1bgkSJ9tPKya5UNbEjhd2RxcXfjzJ-Jk-Q4PTmQbGJ5TJNlbQBQj8_j6coOVKwBXfYcEMOREp9R-aAVljjm-dZjq1jJUljSMQlfNkz53k1W6F-UxIUs1htYjaC8m8YKK01yY1jIlog5Z67Jv8fNaSDVIWTSV_mWmPwzb1tK8uh_XXmYHabFXrEoVwna6zD3-feKNUlPSrYxo6rapVue2aB8xDUvmi6juwJqhLiQ7oEM_4y8FDEcNyGOQT6mHxBs27eGxzM9w&sai=AMfl-YTXv4lczKHXhVJWDF953TtDLtNyMvlzoqAg-r3x-GGAj8MTyFkmFyQlsKGVKkaNHqIbyqpbluOd6Z9iXwtuHkoiI0Cj82Q6MX0jyLOfHaw4VlzvHCWt8SE4Tt39t1UOGRDlau-ybcl8Nzyx0Mf9Okld&sig=Cg0ArKJSzEtxTjUXVUtzEAE&uach_m=[UACH]&urlfix=1&adurl=

Requested by

Host: 52d9ebb87ca617cc5c6c4da4f45f7058.safeframe.googlesyndication.com
URL: https://52d9ebb87ca617cc5c6c4da4f45f7058.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://52d9ebb87ca617cc5c6c4da4f45f7058.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Sat, 18 Nov 2023 12:03:38 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Sat, 18 Nov 2023 12:03:38 GMT

GET
DATA 200
OK truncated
/ Frame 2984 210 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: eb6f93058fdc6d325f62a3eb19e1f4836fe4c3aa6ea6cbbbe6e85663ae7810ab

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame 70F7 215 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 5350f09961e598ccf57c00ed08f2e124c45e84262d3761772a8ab323222d069a

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 show_ads_impl_with_ama_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202311140101/ Frame 2984 397 KB
134 KB 77ms
77ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202311140101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-5677349133508739&plah=52d9ebb87ca617cc5c6c4da4f45f7058.safeframe.googlesyndication.com&bust=31079699

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

1ed0a5a2d6c6f9977288dfcbcf800d3fcf971a4e24273ffa378c5121a6390bdb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://52d9ebb87ca617cc5c6c4da4f45f7058.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Sat, 18 Nov 2023 12:03:38 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 137295
x-xss-protection: 0
server: cafe
etag: 8132471865642082463
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Sat, 18 Nov 2023 12:03:38 GMT

GET
H2 200 zrt_lookup_fy2021.html Show response
googleads.g.doubleclick.net/pagead/html/r20231109/r20190131/ Frame 75FF 9 KB
4 KB 28ms
6ms Document
text/html 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20231109/r20190131/zrt_lookup_fy2021.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

623c81b092a6116d4d60ff89b14803818efb0b9aebf6e4e2c50241e802f6e016

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://52d9ebb87ca617cc5c6c4da4f45f7058.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 50778
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4118
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 17 Nov 2023 21:57:20 GMT
etag: 16674218716276178799
expires: Fri, 01 Dec 2023 21:57:20 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 show_ads_impl_with_ama_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202311090102/ Frame 70F7 400 KB
135 KB 86ms
86ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202311090102/show_ads_impl_with_ama_fy2021.js?client=ca-pub-5677349133508739&plah=52d9ebb87ca617cc5c6c4da4f45f7058.safeframe.googlesyndication.com&bust=31079773

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d40b01890b8c0c1c5a4327322e14922a245d4161ae76cb7e4969051ba381dcd5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://52d9ebb87ca617cc5c6c4da4f45f7058.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Sat, 18 Nov 2023 12:03:38 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 138526
x-xss-protection: 0
server: cafe
etag: 16514122985590703506
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Sat, 18 Nov 2023 12:03:38 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ 0
0 43ms
43ms Image
text/html 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gpt_m202311090101&jk=3968625074765964&bg=!vr2lvfLNAAZxrfrxUa07ADQBe5WfOEPWLKqEQfSTtUVS8GMk0FV4CdfyodEixIEk5UUyg9yFUAVrb8g-vcpEA7mcHgGgAgAAAExSAAAAAmgBB5kCx4-i4_FYcLpuomPs1Rs8_Udiy_2Yd1eR7X51MuqDaNYiUyN3jcvkkESfziM8a4kzvBjSLFS1Yrg0YQQ3Zvt0pcOYtN9av3wPAk-K8rO77aNrdF-a3EKQMg3iWEaSunwM5WaA_ptW0N3CUxbBvxyPyYsvkCuXpPorP3VIqmY1DSocMww7In1SKwvZHDaDYfHOnrjnA8MZaahNl-TSemF5i84C9igS1MO8rphfez-N-J2_YI6q6tzx2FpYt2fpGWRnYOxSqTMtAPtky_sSf3iuToWwl8eW3rUsy5T2refixulGpwZBPR9jsmktQ1fEjWpERBnPJjOOxNHIuBGFdOFpu7kALJ4M4Pxdo_4P3qrBxyuyhe74vZrRf64nwgRdjELWCO_ohLqmSx8TFoF2ge9f8EjjdzW8laAJ6NJKgX74u6zoJIrYatW7IeESjZaj5XXNd8sMUOwHudzXPCvWzKrN3aD_6OlHtuqqntLXOjUNrPnhOFnA7Ze1jUi3pd4bKVhi2Fl2cc6VPaOsxB0x_J-p1ai89b1Q5GNiNmHImGtL7MA9WLFPIzOLlDEMZaPjjIV4j3zbT4RH8DiY0OS6_BUragZ-DfZpvIwanWjQw4S8X6fPg5HBEz9nOAslGDebyz45ULfZ5teW2YBgGbIGroES4mGnGDhP1CQQ60qkxm7JClPyYFfBvUF056QRU8neJFC6ugXSPlut6pitrG79ceh2DecIndhc4uIBIlcFVRBhwtnZVQaKm5usC3s1zh0cDvQEY2EPZk0y3uP2sRfqeTkcXs9Cm02rR2iAagbU_EsQHTX-CQMuu1_ljBsbEHhGDw5-UJEFVUsB6iyVEcF8va17JzDsCErepRAdwYW1Mwpaf45P_2C9Po_XxyHWILwEoa2wV-k7QyE_n8rq5t_bYgH_AsXNAoVxVeKm2893H8OXlrDaQixk_3g10g
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://bfa.herodamage.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

GET
H3 200 container.html Show response
52d9ebb87ca617cc5c6c4da4f45f7058.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 46B0 6 KB
3 KB 7ms
7ms Document
text/html 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://52d9ebb87ca617cc5c6c4da4f45f7058.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202311090101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://bfa.herodamage.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Sat, 18 Nov 2023 12:03:37 GMT
expires: Sun, 17 Nov 2024 12:03:37 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 ext.js Show response
tpc.googlesyndication.com/safeframe/1-0-40/js/ Frame 46B0 24 KB
6 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:800::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/safeframe/1-0-40/js/ext.js

Requested by

Host: 52d9ebb87ca617cc5c6c4da4f45f7058.safeframe.googlesyndication.com
URL: https://52d9ebb87ca617cc5c6c4da4f45f7058.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

08204982c484faf6890c60557a4e642971f17625ddddc0559dc0e3ca728ac9e0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://52d9ebb87ca617cc5c6c4da4f45f7058.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 23:16:58 GMT
content-encoding: br
x-content-type-options: nosniff
age: 132400
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6402
x-xss-protection: 0
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Fri, 15 Nov 2024 23:16:58 GMT

GET
H3 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame 46B0 151 KB
52 KB 65ms
65ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Requested by

Host: 52d9ebb87ca617cc5c6c4da4f45f7058.safeframe.googlesyndication.com
URL: https://52d9ebb87ca617cc5c6c4da4f45f7058.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

19ed69dbc1555727c93a9a43979a6464d99106b52789f9ea880d99679e808af9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://52d9ebb87ca617cc5c6c4da4f45f7058.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Sat, 18 Nov 2023 12:03:38 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 52726
x-xss-protection: 0
server: cafe
etag: 7556748695150917765
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Sat, 18 Nov 2023 12:03:38 GMT

GET
H3 200 ufs_web_display.js Show response
www.googletagservices.com/activeview/js/current/ Frame 46B0 202 KB
64 KB 38ms
37ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Requested by

Host: 52d9ebb87ca617cc5c6c4da4f45f7058.safeframe.googlesyndication.com
URL: https://52d9ebb87ca617cc5c6c4da4f45f7058.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d00881661ce5e766ce98430f69d6d217ab80bdfa98811e039afc92a327d57a68

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://52d9ebb87ca617cc5c6c4da4f45f7058.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Sat, 18 Nov 2023 12:03:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 65070
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1700193896630564"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 18 Nov 2023 12:03:38 GMT

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 46B0 0
0 45ms
45ms Fetch
image/gif 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsuE5VVE_JDF4bkz6Vm_Q3wLd-VrGgiZZdL79TiG70LuHu3WkqXNcf-OiyM0sBf5Ht8p2fQRF2ek5zgiOSbSrImN0HoohRnKldjMaYl3K5FXt-gC4J9V8bcj6J-TTfSHh3DyE_VhnKBVEOWrRxs2HmvurcHA6ll8DQ2Cf2OV3R1AbVpWlBCaMyopvwLUlWNDchQubQlENZMxUgqhOi-jnyNa90Qa15ZWQwUiYk4c1nRbRf56_kBbUik-8jRKqwsxCqjgCRAsaqymjBQER5hEhi0a882qjWnR_P7SIXpQZPdHZSqVghdJThLPrCS3DFUSyQlAGmBiO1SXxASP6w6DV9tzDH8mzBGYMjaeu5s2VP0&sai=AMfl-YRAq5johdFxPguIqAwvw56LbSyOEQvmIBOhZmC9OPrtwdW0gdpxN1TIu3dlEzOPq8f1nnSD1RzLzemt1FBuKobgYy6QIg1QORnvO1MDwpMLT4Ineo-bC8dJEStUpDu3wqz_Mt22Rdx5gcoQl-v0Fx8&sig=Cg0ArKJSzNHB43FrB4ysEAE&uach_m=[UACH]&urlfix=1&adurl=

Requested by

Host: 52d9ebb87ca617cc5c6c4da4f45f7058.safeframe.googlesyndication.com
URL: https://52d9ebb87ca617cc5c6c4da4f45f7058.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://52d9ebb87ca617cc5c6c4da4f45f7058.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Sat, 18 Nov 2023 12:03:38 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 2984 0
0 47ms
44ms Fetch
image/gif 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsse90d4_43dnfE6HpUYJh5V6nZ6D0B0AiTz-DCk6pYDXwEEX-9MkkoxP5KT5CkoOn6kzEFt9KpLbz2mkHJS1-OTy6VK5Rt7FwXcnn3RQV2Huw8lCzEkU8EAHgUtdrUHUFKkypXIMa8FuDFPqiizqtGsExE_4qVNaZH5pKEc7W14VIHL0Hs0KFl9w9nBuRfvHhLnL4rtS5kibge1AlVFCU9NH8n_vJKyURe7CShhomS5WINEwQYGh_DUG1rwJz7rMp_Iuzwbytt-YYzqm66oC215AsFVSHAplYTX-J8hhApjtfiWGy5WgPLUOypRffFvacriei9W4Cg7zYvwcPGzMVaP0CQRyASgc8e2LsjUQ-pE8A&sai=AMfl-YReJyP__RmkvkW9MKMdnCWyYTI4QdszCqygWYLcCCp4x7O5x9naslwQ0A86zIqxepcDVFc-TB_lZcRBaQ3dtYVsgDO-Winq-zVo_lKRY9uFVgekHeZZguZxdTpBhPUw26L3JdGcokLdTQnt7BhEE8Gs&sig=Cg0ArKJSzDT1y0suwdnXEAE&uach_m=[UACH]&urlfix=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://52d9ebb87ca617cc5c6c4da4f45f7058.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Sat, 18 Nov 2023 12:03:38 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Sat, 18 Nov 2023 12:03:38 GMT

GET
H2 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame AB70 36 KB
15 KB 328ms
327ms Document
text/html 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5677349133508739&output=html&h=90&slotname=6769088917&adk=3547755940&adf=3173046728&pi=t.ma~as.6769088917&w=728&format=728x90&url=https%3A%2F%2Fbfa.herodamage.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1700309018659&bpp=4&bdt=144&idt=177&shv=r20231109&mjsv=m202311140101&ptt=9&saldr=aa&correlator=7298728168825&frm=24&ife=3&pv=2&ga_vid=1970342740.1700309019&ga_sid=1700309019&ga_hid=41962813&ga_fc=0&nhd=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=728&ish=90&ifk=1100524035&scr_x=-12245933&scr_y=-12245933&eid=44759875%2C44759926%2C44759837%2C31079605%2C44795922%2C31078301%2C31079699%2C44806141%2C44807763%2C44808148%2C44808284%2C44809056%2C44809072%2C21065725&oid=2&pvsid=1585363892244544&tmod=709725243&uas=0&nvt=1&etu=AA-V4qMZOgiCtPIjdJOUQQONkWOdFRMkM73TdY2nvRGSf9W2ezaO7Bg4EqKy2j-ADKkAyTQA3SqMuH8tJPPfGQ&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C728%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=1&uci=1.hj0te8kk74vu&fsb=1&dtd=218

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202311140101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-5677349133508739&plah=52d9ebb87ca617cc5c6c4da4f45f7058.safeframe.googlesyndication.com&bust=31079699

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

60f58e4ee8610241cd953f095fbe84b0d58b0619552edc742f3e23b1abbedb03

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://52d9ebb87ca617cc5c6c4da4f45f7058.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 15177
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sat, 18 Nov 2023 12:03:39 GMT
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 2984 16 KB
12 KB 57ms
56ms XHR
application/json 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20231109&st=env

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

fc44e6a8272cb1516b475c614771458410760532c46c086358a0c9c752949e3f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://52d9ebb87ca617cc5c6c4da4f45f7058.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Sat, 18 Nov 2023 12:03:38 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12224
x-xss-protection: 0

GET
H3 200 show_ads_impl_with_ama_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202311150101/ Frame 46B0 397 KB
134 KB 65ms
65ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202311150101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-5677349133508739&plah=52d9ebb87ca617cc5c6c4da4f45f7058.safeframe.googlesyndication.com&bust=31079757

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

cbacf395316f8dcadfa44e800002ab71226764120ff9ace1ea94d37a1fb89012

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://52d9ebb87ca617cc5c6c4da4f45f7058.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Sat, 18 Nov 2023 12:03:38 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 137292
x-xss-protection: 0
server: cafe
etag: 15542613958461499969
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Sat, 18 Nov 2023 12:03:38 GMT

GET
DATA 200
OK truncated
/ Frame 46B0 216 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 5e6d1b4b7677f1e2467f4ef4047b6467bebce6b59db266ce2c7e2736359a7975

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 2984 17 KB
6 KB 39ms
39ms Script
text/javascript 2a00:1450:4001:800::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://52d9ebb87ca617cc5c6c4da4f45f7058.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Sat, 18 Nov 2023 12:03:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Sat, 18 Nov 2023 12:03:38 GMT

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 70F7 0
0 45ms
44ms Fetch
image/gif 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsuIOp3539nl6c5tfUwmmqBhJLHjElml_kzwOqhAe059r8se-mE5bCA4lbfiUrnkO24zAVVbJGiHLrvN1XysvFHRH-PItItZPtZ68v_lHJkO9Z-CN-djDv6XersBi5-Fq-MfCfNcEiE6vsI2Ep1mU_q9a67pel7uTVRZTD3tp4lNBErme3btOr5WZFLcAk5BF3TlZiDmAqa0w8dnrwP7NMkY08cKPKHGcFGINtFDD0RjcXrROB4QvFiAgIPZVl2c2q5ST1tMXZW_TxOqr-PqdzVG_mZ44XHU0N-M_GBwGpN8FK4JuLt68ayGirQeW5QNuuNkb3fdC7jKam2K3lJ2CvOfGXBm8jiHSnsW5J0lbDqOf4Eh&sai=AMfl-YQXTHeCIxWZ0qmtRCCvU8U77f832lZFyCdQAYgt_kt7SowscpdXIxfasBdLJKbFJT25bkova3Bo0jcuClz-SAV2-97j1RvtKVtQSyZstrjmdERpHifwAysNOLtelnB6V5h2UcAU8TcF24FVrnSOVBFz&sig=Cg0ArKJSzHnF-ldNjtdAEAE&uach_m=[UACH]&urlfix=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://52d9ebb87ca617cc5c6c4da4f45f7058.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Sat, 18 Nov 2023 12:03:38 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Sat, 18 Nov 2023 12:03:38 GMT

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame AF82 35 KB
15 KB 459ms
458ms Document
text/html 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5677349133508739&output=html&h=600&slotname=3965109405&adk=2350305474&adf=3173046727&pi=t.ma~as.3965109405&w=120&format=120x600&url=https%3A%2F%2Fbfa.herodamage.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1700309018704&bpp=3&bdt=181&idt=252&shv=r20231109&mjsv=m202311090102&ptt=9&saldr=aa&correlator=194850047567&frm=24&ife=3&pv=2&ga_vid=1812915870.1700309019&ga_sid=1700309019&ga_hid=1000526508&ga_fc=0&nhd=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=120&ish=600&ifk=749952921&scr_x=-12245933&scr_y=-12245933&eid=44759876%2C44759927%2C44759837%2C31079628%2C44809316%2C31078297%2C31079773%2C44807763%2C44808148%2C44808284%2C44809053&oid=2&pvsid=1056821916372595&tmod=75059055&uas=0&nvt=1&etu=AA-V4qMZOgiCtPIjdJOUQQONkWOdFRMkM73TdY2nvRGSf9W2ezaO7Bg4EqKy2j-ADKkAyTQA3SqMuH8tJPPfGQ&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C120%2C600&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=1&uci=1.hcyzo3by14ev&fsb=1&dtd=273

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202311090102/show_ads_impl_with_ama_fy2021.js?client=ca-pub-5677349133508739&plah=52d9ebb87ca617cc5c6c4da4f45f7058.safeframe.googlesyndication.com&bust=31079773

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4b0951038d1c687b1acd43587bbd48df066f7f8dc6673832ccf230f11746e887

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://52d9ebb87ca617cc5c6c4da4f45f7058.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 15129
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sat, 18 Nov 2023 12:03:39 GMT
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 70F7 16 KB
12 KB 57ms
57ms XHR
application/json 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20231109&st=env

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

49525f03040b7b6e0350423d205f13fbe567b9cf560a4b6bfa13fd5142b1f8e8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://52d9ebb87ca617cc5c6c4da4f45f7058.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Sat, 18 Nov 2023 12:03:39 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12415
x-xss-protection: 0

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 33C4 13 KB
5 KB 13ms
9ms Document
text/html 2a00:1450:4001:800::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://52d9ebb87ca617cc5c6c4da4f45f7058.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 2646
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Sat, 18 Nov 2023 11:19:32 GMT
expires: Sun, 17 Nov 2024 11:19:32 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 8DE0 829 B
790 B 18ms
17ms Document
text/html 2a00:1450:4001:829::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

fe490520db47ae2f5224af30b3cb4f60a508e4e84a66a25ab97b558f2e8bc31b

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-8uIkzyNT8TTyfofXYLH9tw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://52d9ebb87ca617cc5c6c4da4f45f7058.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=300
content-encoding: gzip
content-security-policy: script-src 'report-sample' 'nonce-8uIkzyNT8TTyfofXYLH9tw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Sat, 18 Nov 2023 12:03:39 GMT
expires: Sat, 18 Nov 2023 12:03:39 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 70F7 17 KB
6 KB 52ms
52ms Script
text/javascript 2a00:1450:4001:800::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://52d9ebb87ca617cc5c6c4da4f45f7058.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Sat, 18 Nov 2023 12:03:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Sat, 18 Nov 2023 12:03:39 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 8DE0 0
0 40ms
40ms Image
text/html 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20231109&jk=1585363892244544&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

GET
H3 200 GOa2ZK97xVqw-WOSDw2lqG4V8l_qTiI5JNj0tnI6N88.js Show response
pagead2.googlesyndication.com/bg/ Frame 33C4 39 KB
15 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/GOa2ZK97xVqw-WOSDw2lqG4V8l_qTiI5JNj0tnI6N88.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

18e6b664af7bc55ab0f963920f0da5a86e15f25fea4e223924d8f4b6723a37cf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Sat, 18 Nov 2023 11:19:32 GMT
content-encoding: br
x-content-type-options: nosniff
age: 2647
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15296
x-xss-protection: 0
last-modified: Mon, 06 Nov 2023 16:38:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sun, 17 Nov 2024 11:19:32 GMT

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 46B0 0
0 45ms
45ms Fetch
image/gif 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsvp8lv5tjrT2eXsSoXHY0PJmnYLug5efKemRTCfD-DfkMm0I2sUxe5k9dgta4aBhMd14JQDXdUkF-v9cwjBKPqZ3OcAhZ2qqPtIgAP6xbxQBaSyZ9wipcfBQx6TtZKNOKsO6fVHabN_ILgM2ziLSjQ9lxryWDxEL6Xxz_DUuGQVPFT7TA5D_PEUtK5TlqPZgmEcd4FiwAgDpxIG8NBVUKdKZVPFox5ElgMkJUNrzLLGS-I6toM3BT_k8BZv-TihaMgyM8fWguKgTf4mxPVo_BBBfxO4CKD0XOKJW9VbC6R2_jNQo3xG4ZC1PTMB8DO8Be7aSCJtAtsmuS1lB6SKd4vOiHq9zfMOcvLmiFK1SUzqnw&sai=AMfl-YTRg8EoJjgfqHyO6I7KI7TMqSG3S3Lrox_nkNn1XeGjfATbMqsHc4LrWBW3IrlZxGgQux7nzWoWR6CUhz7sJ3YIAfUqlVaYNU3FccY3EDbhEwc-ZtrXdG9EywCpiii98XdpI1RhsbbYaDVvnm2U9ac&sig=Cg0ArKJSzFXuOnpIsQDTEAE&uach_m=[UACH]&urlfix=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://52d9ebb87ca617cc5c6c4da4f45f7058.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Sat, 18 Nov 2023 12:03:39 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Sat, 18 Nov 2023 12:03:39 GMT

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 060B 129 KB
45 KB 559ms
558ms Document
text/html 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5677349133508739&output=html&h=90&slotname=4706457386&adk=4108698210&adf=3173046727&pi=t.ma~as.4706457386&w=970&format=970x90&url=https%3A%2F%2Fbfa.herodamage.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1700309018930&bpp=4&bdt=123&idt=166&shv=r20231109&mjsv=m202311150101&ptt=9&saldr=aa&correlator=2401878791743&frm=24&ife=3&pv=2&ga_vid=1854778231.1700309019&ga_sid=1700309019&ga_hid=1334383617&ga_fc=0&nhd=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=970&ish=90&ifk=1083495207&scr_x=-12245933&scr_y=-12245933&eid=44759875%2C44759926%2C31079437%2C31079606%2C42532265%2C44795922%2C44809317%2C31078297%2C31079757%2C44807764%2C44808149%2C44808285%2C44809053&oid=2&pvsid=589745120229187&tmod=810727195&uas=0&nvt=1&etu=AA-V4qMZOgiCtPIjdJOUQQONkWOdFRMkM73TdY2nvRGSf9W2ezaO7Bg4EqKy2j-ADKkAyTQA3SqMuH8tJPPfGQ&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C970%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=1&uci=1.lv4nnqyox4yq&fsb=1&dtd=213

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202311150101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-5677349133508739&plah=52d9ebb87ca617cc5c6c4da4f45f7058.safeframe.googlesyndication.com&bust=31079757

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

6d322f983f072ad2cf681f4714e0230f8343e4ca7086a35308da4096ea433401

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://52d9ebb87ca617cc5c6c4da4f45f7058.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 46001
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sat, 18 Nov 2023 12:03:39 GMT
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 46B0 16 KB
12 KB 60ms
57ms XHR
application/json 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20231109&st=env

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7baeed10edafe308895332f44136187b0bd76371d2d9ed32080f3a31890904e9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://52d9ebb87ca617cc5c6c4da4f45f7058.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Sat, 18 Nov 2023 12:03:39 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12385
x-xss-protection: 0

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 1A61 13 KB
5 KB 9ms
7ms Document
text/html 2a00:1450:4001:800::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://52d9ebb87ca617cc5c6c4da4f45f7058.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 2647
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Sat, 18 Nov 2023 11:19:32 GMT
expires: Sun, 17 Nov 2024 11:19:32 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 6C6B 829 B
557 B 17ms
17ms Document
text/html 2a00:1450:4001:829::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

ee4b51e5091b6ce52cbe00780f0a2381d39596eecc92406370d57bbeae4375c8

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-mYBcnpV1tEyc9NcK5lwCdg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://52d9ebb87ca617cc5c6c4da4f45f7058.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=300
content-encoding: gzip
content-security-policy: script-src 'report-sample' 'nonce-mYBcnpV1tEyc9NcK5lwCdg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Sat, 18 Nov 2023 12:03:39 GMT
expires: Sat, 18 Nov 2023 12:03:39 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 200 GOa2ZK97xVqw-WOSDw2lqG4V8l_qTiI5JNj0tnI6N88.js Show response
pagead2.googlesyndication.com/bg/ Frame 1A61 39 KB
15 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/GOa2ZK97xVqw-WOSDw2lqG4V8l_qTiI5JNj0tnI6N88.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

18e6b664af7bc55ab0f963920f0da5a86e15f25fea4e223924d8f4b6723a37cf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Sat, 18 Nov 2023 11:19:32 GMT
content-encoding: br
x-content-type-options: nosniff
age: 2647
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15296
x-xss-protection: 0
last-modified: Mon, 06 Nov 2023 16:38:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sun, 17 Nov 2024 11:19:32 GMT

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 46B0 17 KB
6 KB 25ms
24ms Script
text/javascript 2a00:1450:4001:800::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://52d9ebb87ca617cc5c6c4da4f45f7058.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Sat, 18 Nov 2023 12:03:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Sat, 18 Nov 2023 12:03:39 GMT

GET
H2 200 XassetrGVaWW53.png
ads.w55c.net/t/d/ Frame AB70 43 KB
44 KB 79ms
9ms Image
image/png 2600:9000:206f:5400:1b:f040:3600:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ads.w55c.net/t/d/XassetrGVaWW53.png?at=0&rtbhost=conf01-europe-west1.rtb.roku.com&btid=RTE5QTM3NkMyNzY5Mjk5OUQ5NDVBNzEwN0JDOTU5MTF8R0ZvSmYyN0xrc3wxNzAwMzA5MDE4OTk4fDF8WG1KVFAyNDVlMHxYUnpvYlBzTGhWfDc4NTQ3NDgyOV9FWHwyMDQ2OXx8fHwuMFB8VVNE&ei=GOOGLE_CONTENTNETWORK&ac=WFMwUE56aXZTMTpYU2YwU29uZW43fDB8MHxFVVI7&js=0&ob=0&ccw=SUFCMjQjMS4w&ci=Xm5m1vekkx&psid=NTkzOTA4MTEyNTc&s=https%3A%2F%2Fbfa.herodamage.com&ts=1700309019001&c=DE&r=G-HE&epid=R0NoZXJvZGFtYWdlLmNvbQ&mi=d2Vi&wp_exchange=NWP
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5677349133508739&output=html&h=90&slotname=6769088917&adk=3547755940&adf=3173046728&pi=t.ma~as.6769088917&w=728&format=728x90&url=https%3A%2F%2Fbfa.herodamage.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1700309018659&bpp=4&bdt=144&idt=177&shv=r20231109&mjsv=m202311140101&ptt=9&saldr=aa&correlator=7298728168825&frm=24&ife=3&pv=2&ga_vid=1970342740.1700309019&ga_sid=1700309019&ga_hid=41962813&ga_fc=0&nhd=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=728&ish=90&ifk=1100524035&scr_x=-12245933&scr_y=-12245933&eid=44759875%2C44759926%2C44759837%2C31079605%2C44795922%2C31078301%2C31079699%2C44806141%2C44807763%2C44808148%2C44808284%2C44809056%2C44809072%2C21065725&oid=2&pvsid=1585363892244544&tmod=709725243&uas=0&nvt=1&etu=AA-V4qMZOgiCtPIjdJOUQQONkWOdFRMkM73TdY2nvRGSf9W2ezaO7Bg4EqKy2j-ADKkAyTQA3SqMuH8tJPPfGQ&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C728%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=1&uci=1.hj0te8kk74vu&fsb=1&dtd=218
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:206f:5400:1b:f040:3600:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 96e22a33f827f042ac4b239c21f468a17c87545df3f6b90e100d3a91b253a1e7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

x-amz-version-id: 77muH8mujF9NEC9ipS.55iMMWqUaEtvK
date: Sat, 18 Nov 2023 07:51:56 GMT
via: 1.1 579a21a67e4dc50a655a7c0e9675261c.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-C1
age: 15107
x-amz-server-side-encryption: AES256
x-amz-meta-width: 728
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
x-amz-meta-filesize: 44534
x-amz-meta-height: 90
content-length: 44534
last-modified: Wed, 03 May 2023 17:26:36 GMT
server: AmazonS3
etag: "ccf751b21647e448aa5dadd8c05f5ac6"
vary: Accept-Encoding
content-type: image/png
accept-ranges: bytes
x-amz-cf-id: JS26DwSQ1HVTXuw1njBplPg9uLCPdOi1iarIlxPh_FgG1SAqeM4jww==

GET
H/1.1 200
OK pixel.php
t.hspvst.com/ Frame AB70 95 B
924 B 161ms
36ms Image
image/png 154.58.197.185
COGENT-174

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://t.hspvst.com/pixel.php?id=2677&t=P&cb=1428133347940297
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5677349133508739&output=html&h=90&slotname=6769088917&adk=3547755940&adf=3173046728&pi=t.ma~as.6769088917&w=728&format=728x90&url=https%3A%2F%2Fbfa.herodamage.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1700309018659&bpp=4&bdt=144&idt=177&shv=r20231109&mjsv=m202311140101&ptt=9&saldr=aa&correlator=7298728168825&frm=24&ife=3&pv=2&ga_vid=1970342740.1700309019&ga_sid=1700309019&ga_hid=41962813&ga_fc=0&nhd=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=728&ish=90&ifk=1100524035&scr_x=-12245933&scr_y=-12245933&eid=44759875%2C44759926%2C44759837%2C31079605%2C44795922%2C31078301%2C31079699%2C44806141%2C44807763%2C44808148%2C44808284%2C44809056%2C44809072%2C21065725&oid=2&pvsid=1585363892244544&tmod=709725243&uas=0&nvt=1&etu=AA-V4qMZOgiCtPIjdJOUQQONkWOdFRMkM73TdY2nvRGSf9W2ezaO7Bg4EqKy2j-ADKkAyTQA3SqMuH8tJPPfGQ&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C728%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=1&uci=1.hj0te8kk74vu&fsb=1&dtd=218
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 154.58.197.185 , Spain, ASN174 (COGENT-174, US),
Reverse DNS: staticip-hv4m185.hispavista.com
Software: Apache / PHP/5.4.45-1~dotdeb+7.1
Resource Hash: 3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date: Sat, 18 Nov 2023 12:03:39 GMT
Server: Apache
X-Powered-By: PHP/5.4.45-1~dotdeb+7.1
Transfer-Encoding: chunked
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
Content-Type: image/png
Cache-Control: max-age=315360000
Access-Control-Allow-Credentials: true
Connection: Keep-Alive
Keep-Alive: timeout=3, max=1000
Expires: Tue, 15 Nov 2033 12:03:39 GMT

GET
H2 200 creative_add_on.js Show response
cti.w55c.net/ct/ Frame AB70 5 KB
2 KB 78ms
14ms Script
application/javascript 2600:9000:2251:6600:3:4706:a6c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://cti.w55c.net/ct/creative_add_on.js?w=728&h=90&zindex=0&ci=Xm5m1vekkx&ei=GOOGLE_CONTENTNETWORK&ob=0&ai=0DaDXCcU00&epid=R0NoZXJvZGFtYWdlLmNvbQ&fiu=WG1KVFAyNDVlMA&s=https%3A%2F%2Fbfa.herodamage.com&ciu=XRzobPsLhV&btid=RTE5QTM3NkMyNzY5Mjk5OUQ5NDVBNzEwN0JDOTU5MTF8R0ZvSmYyN0xrc3wxNzAwMzA5MDE4OTk4fDF8WG1KVFAyNDVlMHxYUnpvYlBzTGhWfDc4NTQ3NDgyOV9FWHwyMDQ2OXx8fHwuMFB8VVNE&c=DE&dt=2dt0005&sd=herodamage.com&cip=1&hmt=1&uidu=CAESECs_so6VaET3ZAn8en7jW8I&spidu=GOOGLE_CONTENTNETWORK&pidu=herodamage.com&hmpvu=c9128529-ce1b-41b4-bb6c-07a626e475f8&hmtsu=3&odtu=2&mtfu=1&crdmu=728x90&cridu=XRzobPsLhV&

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5677349133508739&output=html&h=90&slotname=6769088917&adk=3547755940&adf=3173046728&pi=t.ma~as.6769088917&w=728&format=728x90&url=https%3A%2F%2Fbfa.herodamage.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1700309018659&bpp=4&bdt=144&idt=177&shv=r20231109&mjsv=m202311140101&ptt=9&saldr=aa&correlator=7298728168825&frm=24&ife=3&pv=2&ga_vid=1970342740.1700309019&ga_sid=1700309019&ga_hid=41962813&ga_fc=0&nhd=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=728&ish=90&ifk=1100524035&scr_x=-12245933&scr_y=-12245933&eid=44759875%2C44759926%2C44759837%2C31079605%2C44795922%2C31078301%2C31079699%2C44806141%2C44807763%2C44808148%2C44808284%2C44809056%2C44809072%2C21065725&oid=2&pvsid=1585363892244544&tmod=709725243&uas=0&nvt=1&etu=AA-V4qMZOgiCtPIjdJOUQQONkWOdFRMkM73TdY2nvRGSf9W2ezaO7Bg4EqKy2j-ADKkAyTQA3SqMuH8tJPPfGQ&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C728%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=1&uci=1.hj0te8kk74vu&fsb=1&dtd=218

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2251:6600:3:4706:a6c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

e8090651b52c256938df2fb0582f24521fe0476939aab81d01b7f31a7ac75beb

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

x-amz-version-id: 0IYa12QvFdrNK.CC2JhaeEJAYjkhUjCe
content-encoding: br
via: 1.1 fa8c9f29fb8ef5c537a2a53f4de05240.cloudfront.net (CloudFront)
date: Fri, 17 Nov 2023 01:07:35 GMT
strict-transport-security: max-age=2592000; includeSubDomains
x-amz-cf-pop: FRA60-P3
age: 125765
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
last-modified: Fri, 17 Sep 2021 21:17:39 GMT
server: AmazonS3
etag: W/"a6c8a5bdec77729759b220b95bf503f9"
vary: Accept-Encoding
content-type: application/javascript
cache-control: must-revalidate
x-amz-cf-id: 1-1_-5P9gpA_Dxbdo5-jeBzgt2aWcku28oAZZghTmXN3nmE22CsKcw==

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/ Frame AB70 3 KB
1 KB 11ms
9ms Script
text/javascript 2a00:1450:4001:800::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/window_focus_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Sat, 18 Nov 2023 11:19:13 GMT
content-encoding: br
x-content-type-options: nosniff
age: 2666
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 02 Dec 2023 11:19:13 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/ Frame AB70 20 KB
8 KB 11ms
8ms Script
text/javascript 2a00:1450:4001:800::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/qs_click_protection_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3c30eaaa059a466037880c18c01c2fe94183d8e67eaab42061d4d2a180114658

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Fri, 17 Nov 2023 23:16:57 GMT
content-encoding: br
x-content-type-options: nosniff
age: 46002
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8541
x-xss-protection: 0
server: cafe
etag: 737174102934380276
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 01 Dec 2023 23:16:57 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame AB70 0
0 17ms
15ms Image
text/html 2a00:1450:4001:829::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaQ5qQDs2eFlqPYqKwWJzrlEjAyZAuxnhX0IrH3WrBEhhlkHmnX-v_jhSduzdgv7iSBO_X6_ODumCSgBk8EoS5YG5C2OfQ
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5677349133508739&output=html&h=90&slotname=6769088917&adk=3547755940&adf=3173046728&pi=t.ma~as.6769088917&w=728&format=728x90&url=https%3A%2F%2Fbfa.herodamage.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1700309018659&bpp=4&bdt=144&idt=177&shv=r20231109&mjsv=m202311140101&ptt=9&saldr=aa&correlator=7298728168825&frm=24&ife=3&pv=2&ga_vid=1970342740.1700309019&ga_sid=1700309019&ga_hid=41962813&ga_fc=0&nhd=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=728&ish=90&ifk=1100524035&scr_x=-12245933&scr_y=-12245933&eid=44759875%2C44759926%2C44759837%2C31079605%2C44795922%2C31078301%2C31079699%2C44806141%2C44807763%2C44808148%2C44808284%2C44809056%2C44809072%2C21065725&oid=2&pvsid=1585363892244544&tmod=709725243&uas=0&nvt=1&etu=AA-V4qMZOgiCtPIjdJOUQQONkWOdFRMkM73TdY2nvRGSf9W2ezaO7Bg4EqKy2j-ADKkAyTQA3SqMuH8tJPPfGQ&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C728%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=1&uci=1.hj0te8kk74vu&fsb=1&dtd=218
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:829::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

GET
H3 200 ufs_web_display.js Show response
www.googletagservices.com/activeview/js/current/ Frame AB70 202 KB
64 KB 53ms
50ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d00881661ce5e766ce98430f69d6d217ab80bdfa98811e039afc92a327d57a68

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Sat, 18 Nov 2023 12:03:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 65070
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1700193896630564"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 18 Nov 2023 12:03:39 GMT

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame 33C4 0
10 B 8ms
7ms Image
text/plain 2a00:1450:4001:800::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?ye6pxg
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Sat, 18 Nov 2023 12:03:39 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame AB70 0
0 53ms
51ms Fetch
text/html 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CfObcGqhYZa_dNpC-9u8Ps4esgA-6iLSPXJzX7u6pCMCNtwEQASAAYJXikIKgB4IBF2NhLXB1Yi01Njc3MzQ5MTMzNTA4NzM5yAEJqAMByAMCqgTGAU_Qn8mH_WryERbjEY23lI49SnhpbAiHwMzoGIlNjaDIdO6QltvAGdJs5pLQG-U0lTM8eCxsbT5AS91IgcvtNqEhNu761PEVMQhkLACvVPXoiU-RIBsHULuPIINF29BQlM8HnsSJEin1CCJog8o0JPdegperouUPuxca8qm7a6p6VJBoLVIaafPUyrJCcdBeVW4mFcPdw4UqbZIibv_s10QLNE9A7nN5Yuc6S8lLKtrrY948P-Z2tsYxgEF03B-9DSgAT8l9SIAG0cmll-ullpXrAaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBQIgOGAEBABMgKqAjoCgEBIvf3BOoAKAfoLAggBgAwB0BUBgBcBshcaChgSFHB1Yi01Njc3MzQ5MTMzNTA4NzM5GAA&sigh=_QKJrFJicjM&uach_m=[UACH]&cid=CAQSPADICaaNeCKc47qicuh2TOHedyMwBj6MurcFj8nj2ILuM8AGJEBNzlZJ-GQm9-FKCZUfSvOUO2l0mp0p1RgB

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5677349133508739&output=html&h=90&slotname=6769088917&adk=3547755940&adf=3173046728&pi=t.ma~as.6769088917&w=728&format=728x90&url=https%3A%2F%2Fbfa.herodamage.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1700309018659&bpp=4&bdt=144&idt=177&shv=r20231109&mjsv=m202311140101&ptt=9&saldr=aa&correlator=7298728168825&frm=24&ife=3&pv=2&ga_vid=1970342740.1700309019&ga_sid=1700309019&ga_hid=41962813&ga_fc=0&nhd=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=728&ish=90&ifk=1100524035&scr_x=-12245933&scr_y=-12245933&eid=44759875%2C44759926%2C44759837%2C31079605%2C44795922%2C31078301%2C31079699%2C44806141%2C44807763%2C44808148%2C44808284%2C44809056%2C44809072%2C21065725&oid=2&pvsid=1585363892244544&tmod=709725243&uas=0&nvt=1&etu=AA-V4qMZOgiCtPIjdJOUQQONkWOdFRMkM73TdY2nvRGSf9W2ezaO7Bg4EqKy2j-ADKkAyTQA3SqMuH8tJPPfGQ&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C728%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=1&uci=1.hj0te8kk74vu&fsb=1&dtd=218
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Sat, 18 Nov 2023 12:03:39 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H/1.1 200 a.gif Show response
i.w55c.net/ Frame AB70 42 B
582 B 87ms
8ms Fetch
image/gif 3.121.142.228
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://i.w55c.net/a.gif?t=0&rtbhost=conf01-europe-west1.rtb.roku.com&rts=1&btid=RTE5QTM3NkMyNzY5Mjk5OUQ5NDVBNzEwN0JDOTU5MTF8R0ZvSmYyN0xrc3wxNzAwMzA5MDE4OTk4fDF8WG1KVFAyNDVlMHxYUnpvYlBzTGhWfDc4NTQ3NDgyOV9FWHwyMDQ2OXx8fHwuMFB8VVNE&ei=GOOGLE_CONTENTNETWORK&wp_exchange=ZVioGgANrq8H_Z8QAAsDs5DBgCKpkshu_bMWlA&ac=WFMwUE56aXZTMTpYU2YwU29uZW43fDB8MHxFVVI7&psid=NTkzOTA4MTEyNTc&js=0&ob=0&ccw=SUFCMjQjMS4w&ci=Xm5m1vekkx&fiu=WG1KVFAyNDVlMA&fid=XmJTP245e0&sd=herodamage.com&s=https%3A%2F%2Fbfa.herodamage.com&ts=1700309019001&dvdp=i.w55c.net/dv.jpg&ai=0DaDXCcU00&c=DE&r=G-HE&rnd=1428133347940297&epid=R0NoZXJvZGFtYWdlLmNvbQ&ct=b126c92c760c4964ba6058483a07fa14&os=Mm8wMDAy&dc=NzI4NWEyMmNjZmE2NGM1Y2JmMzBmYzExNmQzNGFhNGU&dm=MU1ocWFxcHZ5RQ&l=ZW58fA&ri=2rxtlU&cip=1&alg=TGcwMDA4&v=2&euid=Q0FFU0VDc19zbzZWYUVUM1pBbjhlbjdqVzhJ&mt=2cmt0001&mi=d2Vi&dt=2dt0005&tz=RXVyb3BlL0Jlcmxpbg&sg=_W7bsUrmg2cs1bop483NOg&buid=Xdb4DXiaK1Q&dv=MUxWSXJn&az=europe-west1-c&hmt=1&hmdp=s.h.w55c.net/2/948461/analytics.gif&hmtiu=9484611643830741015000&uidu=CAESECs_so6VaET3ZAn8en7jW8I&spidu=GOOGLE_CONTENTNETWORK&pidu=herodamage.com&hmpvu=c9128529-ce1b-41b4-bb6c-07a626e475f8&hmtsu=3&odtu=2&mtfu=1&crdmu=728x90&cridu=XRzobPsLhV&naoh=i.w55c.net/na.gif&ndgh=i.w55c.net/ng.gif

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

3.121.142.228 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-121-142-228.eu-central-1.compute.amazonaws.com

Software

PixelTracking/v2.0.30-795-gb641a57#rel-ec2-master i-0f7f5cc7c951f6e61@eu-central-1b@dxedge-app-eu-central-1-prod-asg /

Resource Hash

47043e4823a6c21a8881de789b4185355330b5804629d23f6b43dd93f5265292

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 18 Nov 2023 12:03:38 GMT
Strict-Transport-Security: max-age=2592000; includeSubDomains
Server: PixelTracking/v2.0.30-795-gb641a57#rel-ec2-master i-0f7f5cc7c951f6e61@eu-central-1b@dxedge-app-eu-central-1-prod-asg
Content-Type: image/gif
Cache-Control: no-cache, must-revalidate
Connection: keep-alive
Content-Length: 42
Expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 6C6B 0
0 42ms
40ms Image
text/html 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20231109&jk=1056821916372595&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame BA49 13 KB
5 KB 13ms
7ms Document
text/html 2a00:1450:4001:800::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://52d9ebb87ca617cc5c6c4da4f45f7058.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 2647
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Sat, 18 Nov 2023 11:19:32 GMT
expires: Sun, 17 Nov 2024 11:19:32 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 642C 829 B
558 B 22ms
18ms Document
text/html 2a00:1450:4001:829::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

6c159cf6007687abdc31baa2d94751c3dd870995ea1f3924059cf375b1a8da52

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-y2p796sD3bFFYUq9H0Eatg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://52d9ebb87ca617cc5c6c4da4f45f7058.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=300
content-encoding: gzip
content-security-policy: script-src 'report-sample' 'nonce-y2p796sD3bFFYUq9H0Eatg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Sat, 18 Nov 2023 12:03:39 GMT
expires: Sat, 18 Nov 2023 12:03:39 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame A5B0 1 KB
644 B 7ms
7ms Document
text/html 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 9504
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sat, 18 Nov 2023 09:25:15 GMT
etag: 48472445140208031
expires: Sun, 19 Nov 2023 09:25:15 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame AB70 218 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: ad0ae9cecb4a8b0d618ccbc1264c973e0a041f19f7c5225e6fc197c4cd3f04cd

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 204 current
dclk-match.dotomi.com/match/bounce/ Frame A5B0 0
104 B 81ms
23ms Image
text/plain 2a02:fa8:8806:16::1370
VCLK-EU-SE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dclk-match.dotomi.com/match/bounce/current?networkId=14000&version=1&google_gid=CAESEILsafLZDD5NP5EvLgCqlv0&google_cver=1&google_push=AXcoOmThftQzSERYtX9_9khpLSVBlH5CoYlzcR1wtq-O3ykTVo5lFpbBnUu8wXqzt37e8kCXvgOpsi4eWhazovKjJdnBAZN3sP48Rn8L
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5677349133508739&output=html&h=90&slotname=6769088917&adk=3547755940&adf=3173046728&pi=t.ma~as.6769088917&w=728&format=728x90&url=https%3A%2F%2Fbfa.herodamage.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1700309018659&bpp=4&bdt=144&idt=177&shv=r20231109&mjsv=m202311140101&ptt=9&saldr=aa&correlator=7298728168825&frm=24&ife=3&pv=2&ga_vid=1970342740.1700309019&ga_sid=1700309019&ga_hid=41962813&ga_fc=0&nhd=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=728&ish=90&ifk=1100524035&scr_x=-12245933&scr_y=-12245933&eid=44759875%2C44759926%2C44759837%2C31079605%2C44795922%2C31078301%2C31079699%2C44806141%2C44807763%2C44808148%2C44808284%2C44809056%2C44809072%2C21065725&oid=2&pvsid=1585363892244544&tmod=709725243&uas=0&nvt=1&etu=AA-V4qMZOgiCtPIjdJOUQQONkWOdFRMkM73TdY2nvRGSf9W2ezaO7Bg4EqKy2j-ADKkAyTQA3SqMuH8tJPPfGQ&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C728%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=1&uci=1.hj0te8kk74vu&fsb=1&dtd=218
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2a02:fa8:8806:16::1370 , Singapore, ASN41041 (VCLK-EU-SE, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 18 Nov 2023 12:03:39 GMT
cache-control: no-cache, private, max-age=0, no-store
server: nginx
expires: 0

GET
H2

200

i.match
s.tribalfusion.com/z/ Frame A5B0
Redirect Chain

https://a.tribalfusion.com/i.match?p=b6&u=CAESEEp_vBFZAR-cxak9cUhesmk&google_cver=1&google_push=AXcoOmS17_yHdBHea6mvmWfs02FfAfjuK2tZped5nv-4jb4tTXjCtLB_itUReldOh4lS9W8bMedVL6iqe5Ooofi8zShwXpWSEqRgc...
https://s.tribalfusion.com/z/i.match?p=b6&u=CAESEEp_vBFZAR-cxak9cUhesmk&google_cver=1&google_push=AXcoOmS17_yHdBHea6mvmWfs02FfAfjuK2tZped5nv-4jb4tTXjCtLB_itUReldOh4lS9W8bMedVL6iqe5Ooofi8zShwXpWSEqR...

43 B
422 B

185ms
173ms

Image
image/gif

2606:4700::6812:19ad
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s.tribalfusion.com/z/i.match?p=b6&u=CAESEEp_vBFZAR-cxak9cUhesmk&google_cver=1&google_push=AXcoOmS17_yHdBHea6mvmWfs02FfAfjuK2tZped5nv-4jb4tTXjCtLB_itUReldOh4lS9W8bMedVL6iqe5Ooofi8zShwXpWSEqRgcr_n&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAXcoOmS17_yHdBHea6mvmWfs02FfAfjuK2tZped5nv-4jb4tTXjCtLB_itUReldOh4lS9W8bMedVL6iqe5Ooofi8zShwXpWSEqRgcr_n%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24
Protocol: H2
Server: 2606:4700::6812:19ad , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 18 Nov 2023 12:03:39 GMT
cf-cache-status: DYNAMIC
x-function: 302
server: cloudflare
content-type: image/gif; charset=utf-8
p3p: CP="NOI DEVo TAIa OUR BUS"
cache-control: no-cache, private
cf-ray: 8280124cdc8137f5-FRA
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Sat, 18 Nov 2023 12:03:39 GMT
cf-cache-status: DYNAMIC
x-function: 206
server: cloudflare
x-reuse-index: 4
content-type: text/html
location: https://s.tribalfusion.com/z/i.match?p=b6&u=CAESEEp_vBFZAR-cxak9cUhesmk&google_cver=1&google_push=AXcoOmS17_yHdBHea6mvmWfs02FfAfjuK2tZped5nv-4jb4tTXjCtLB_itUReldOh4lS9W8bMedVL6iqe5Ooofi8zShwXpWSEqRgcr_n&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAXcoOmS17_yHdBHea6mvmWfs02FfAfjuK2tZped5nv-4jb4tTXjCtLB_itUReldOh4lS9W8bMedVL6iqe5Ooofi8zShwXpWSEqRgcr_n%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24
p3p: CP="NOI DEVo TAIa OUR BUS"
cache-control: no-cache, private
cf-ray: 8280124bab3137f5-FRA
alt-svc: h3=":443"; ma=86400
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 google
match.adsrvr.org/track/cmf/ Frame A5B0 70 B
149 B 106ms
32ms Image
image/gif 35.71.131.137
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/google?google_gid=CAESEDIRaMUk8w6E9kxUwQZLvpA&google_cver=1&google_push=AXcoOmQRc2wPFEswPSvzzpfuUQ0kqQ6Biirgz-j9_aEzP1XB3n7Mq4NRYX7x_uk5IAWujbmsBM17oIyFmd0ECIbx2TqLZriVktYICBsK
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5677349133508739&output=html&h=90&slotname=6769088917&adk=3547755940&adf=3173046728&pi=t.ma~as.6769088917&w=728&format=728x90&url=https%3A%2F%2Fbfa.herodamage.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1700309018659&bpp=4&bdt=144&idt=177&shv=r20231109&mjsv=m202311140101&ptt=9&saldr=aa&correlator=7298728168825&frm=24&ife=3&pv=2&ga_vid=1970342740.1700309019&ga_sid=1700309019&ga_hid=41962813&ga_fc=0&nhd=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=728&ish=90&ifk=1100524035&scr_x=-12245933&scr_y=-12245933&eid=44759875%2C44759926%2C44759837%2C31079605%2C44795922%2C31078301%2C31079699%2C44806141%2C44807763%2C44808148%2C44808284%2C44809056%2C44809072%2C21065725&oid=2&pvsid=1585363892244544&tmod=709725243&uas=0&nvt=1&etu=AA-V4qMZOgiCtPIjdJOUQQONkWOdFRMkM73TdY2nvRGSf9W2ezaO7Bg4EqKy2j-ADKkAyTQA3SqMuH8tJPPfGQ&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C728%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=1&uci=1.hj0te8kk74vu&fsb=1&dtd=218
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.71.131.137 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a6370ebea231e0c9a.awsglobalaccelerator.com
Software: Kestrel /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Sat, 18 Nov 2023 12:03:39 GMT
server: Kestrel
content-length: 70
content-type: image/gif

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame A5B0
Redirect Chain

https://gcm.ctnsnet.com/int/cm?exc=1&acc=crimtan&google_gid=CAESEJ-1I2_K5Ei_a_Lxj7VivmU&google_cver=1&google_push=AXcoOmRFDj4op_R0kK-qccialMLBEJN6INNgxV3Jgs3MS8Qqmt0rIzi7ltRta6PxCKw3IEQ-fLHMwfTpiD6...
https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=AXcoOmRFDj4op_R0kK-qccialMLBEJN6INNgxV3Jgs3MS8Qqmt0rIzi7ltRta6PxCKw3IEQ-fLHMwfTpiD6m7Be5hTxzUU8zn0xNLCCS&google_hm=Re4ocx1ARXiHjbzM...

170 B
232 B

18ms
17ms

Image
image/png

142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=AXcoOmRFDj4op_R0kK-qccialMLBEJN6INNgxV3Jgs3MS8Qqmt0rIzi7ltRta6PxCKw3IEQ-fLHMwfTpiD6m7Be5hTxzUU8zn0xNLCCS&google_hm=Re4ocx1ARXiHjbzMYUr6KEw

Protocol

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 18 Nov 2023 12:03:39 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Sat, 18 Nov 2023 12:03:39 GMT
via: 1.1 google
server: Apache-Coyote/1.1
p3p: CP="NOI DSP COR NID CUR OUR NOR"
status: 302
location: https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=AXcoOmRFDj4op_R0kK-qccialMLBEJN6INNgxV3Jgs3MS8Qqmt0rIzi7ltRta6PxCKw3IEQ-fLHMwfTpiD6m7Be5hTxzUU8zn0xNLCCS&google_hm=Re4ocx1ARXiHjbzMYUr6KEw
content-type: text/html;charset=UTF-8
cache-control: no-cache, must-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 1; mode=block
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame A5B0
Redirect Chain

https://d5p.de17a.com/cookies/google?google_gid=CAESEF4to48bcd1jI4itm7KgMFY&google_cver=1&google_push=AXcoOmQIx8K71y25ES_lgKzh9Gc8KQXzPkHvn2KwdFyVxmWM00TJltaeeK32yeO2KG5TZKjALBp6IwILMSH8A5Yk1pSEDkE...
https://d5p.de17a.com/cookies/google;c?google_gid=CAESEF4to48bcd1jI4itm7KgMFY&google_cver=1&google_push=AXcoOmQIx8K71y25ES_lgKzh9Gc8KQXzPkHvn2KwdFyVxmWM00TJltaeeK32yeO2KG5TZKjALBp6IwILMSH8A5Yk1pSED...
https://cm.g.doubleclick.net/pixel?google_nid=delta_projects_ab&google_ula=668382&google_push=AXcoOmQIx8K71y25ES_lgKzh9Gc8KQXzPkHvn2KwdFyVxmWM00TJltaeeK32yeO2KG5TZKjALBp6IwILMSH8A5Yk1pSEDkEVae-CkBc

170 B
188 B

30ms
30ms

Image
image/png

142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=delta_projects_ab&google_ula=668382&google_push=AXcoOmQIx8K71y25ES_lgKzh9Gc8KQXzPkHvn2KwdFyVxmWM00TJltaeeK32yeO2KG5TZKjALBp6IwILMSH8A5Yk1pSEDkEVae-CkBc

Protocol

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 18 Nov 2023 12:03:39 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=delta_projects_ab&google_ula=668382&google_push=AXcoOmQIx8K71y25ES_lgKzh9Gc8KQXzPkHvn2KwdFyVxmWM00TJltaeeK32yeO2KG5TZKjALBp6IwILMSH8A5Yk1pSEDkEVae-CkBc
content-length: 0
p3p: CP=NON CURa ADMa DEVa TAIa OUR STP IND UNI COM NAV

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame A5B0
Redirect Chain

https://c1.adform.net/serving/cookie/match/?party=1&google_gid=CAESEKzCMexejSAJXhbXO4Q9gjE&google_cver=1&google_push=AXcoOmSUxgDfOMNQ5SwQvWMNPcWmaJPCRnlYn8ft7tpoYKGWFaq3j5gqbfguj6Ge_wCsq7DegwKdKxvJ...
https://c1.adform.net/serving/cookie/match/?CC=1&party=1&google_gid=CAESEKzCMexejSAJXhbXO4Q9gjE&google_cver=1&google_push=AXcoOmSUxgDfOMNQ5SwQvWMNPcWmaJPCRnlYn8ft7tpoYKGWFaq3j5gqbfguj6Ge_wCsq7DegwK...
https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=MjI1NDIyMDI4NTk5NDg1NjA3NA&google_push=AXcoOmSUxgDfOMNQ5SwQvWMNPcWmaJPCRnlYn8ft7tpoYKGWFaq3j5gqbfguj6Ge_wCsq7DegwKdKx...

170 B
188 B

18ms
18ms

Image
image/png

142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=MjI1NDIyMDI4NTk5NDg1NjA3NA&google_push=AXcoOmSUxgDfOMNQ5SwQvWMNPcWmaJPCRnlYn8ft7tpoYKGWFaq3j5gqbfguj6Ge_wCsq7DegwKdKxvJXNy90l4MeNDjTevh5krgljhp

Protocol

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 18 Nov 2023 12:03:39 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Sat, 18 Nov 2023 12:03:39 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
access-control-max-age: 86400
access-control-allow-methods: GET
location: https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=MjI1NDIyMDI4NTk5NDg1NjA3NA&google_push=AXcoOmSUxgDfOMNQ5SwQvWMNPcWmaJPCRnlYn8ft7tpoYKGWFaq3j5gqbfguj6Ge_wCsq7DegwKdKxvJXNy90l4MeNDjTevh5krgljhp
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length: 0
expires: -1

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame A5B0
Redirect Chain

https://onetag-sys.com/match/?int_id=19&redir=1&google_gid=CAESEMZcSxjCBr8FebqP-kcQbG8&google_cver=1&google_push=AXcoOmQqbksGJv_jTmruDe-UmhV77foT2jJ1BQBcgPLw6a-9OjeH9LUDfbzO1Yadh2iYDwXjtCUNdHH1DYBN...
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=AXcoOmQqbksGJv_jTmruDe-UmhV77foT2jJ1BQBcgPLw6a-9OjeH9LUDfbzO1Yadh2iYDwXjtCUNdHH1DYBNXahmz522UG-uOYlo3YvO

170 B
329 B

19ms
18ms

Image
image/png

142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=AXcoOmQqbksGJv_jTmruDe-UmhV77foT2jJ1BQBcgPLw6a-9OjeH9LUDfbzO1Yadh2iYDwXjtCUNdHH1DYBNXahmz522UG-uOYlo3YvO

Protocol

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 18 Nov 2023 12:03:39 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=AXcoOmQqbksGJv_jTmruDe-UmhV77foT2jJ1BQBcgPLw6a-9OjeH9LUDfbzO1Yadh2iYDwXjtCUNdHH1DYBNXahmz522UG-uOYlo3YvO
strict-transport-security: max-age=15552000
cache-control: no-transform, no-cache
alt-svc: h3=":443"; ma=900, h3-29=":443"; ma=900
content-length: 0
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'

GET
H2 204 attr
cm.g.doubleclick.net/pixel/ Frame A5B0 0
130 B 60ms
17ms Image
text/html 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13JIdqFN6t6h_t_s3Kq57u9Pv3vXN2JsLWGbSJJWhtJbicbI6PzXzp0fQ63zbaY0rloADiZ1

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Sat, 18 Nov 2023 12:03:39 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 642C 0
0 43ms
42ms Image
text/html 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20231109&jk=589745120229187&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

GET
H3 200 GOa2ZK97xVqw-WOSDw2lqG4V8l_qTiI5JNj0tnI6N88.js Show response
pagead2.googlesyndication.com/bg/ Frame BA49 39 KB
15 KB 8ms
8ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/GOa2ZK97xVqw-WOSDw2lqG4V8l_qTiI5JNj0tnI6N88.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

18e6b664af7bc55ab0f963920f0da5a86e15f25fea4e223924d8f4b6723a37cf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Sat, 18 Nov 2023 11:19:32 GMT
content-encoding: br
x-content-type-options: nosniff
age: 2647
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15296
x-xss-protection: 0
last-modified: Mon, 06 Nov 2023 16:38:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sun, 17 Nov 2024 11:19:32 GMT

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame 1A61 0
10 B 9ms
8ms Image
text/plain 2a00:1450:4001:800::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?8SIQ4w
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Sat, 18 Nov 2023 12:03:39 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/ Frame AF82 3 KB
1 KB 10ms
8ms Script
text/javascript 2a00:1450:4001:800::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/window_focus_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5677349133508739&output=html&h=600&slotname=3965109405&adk=2350305474&adf=3173046727&pi=t.ma~as.3965109405&w=120&format=120x600&url=https%3A%2F%2Fbfa.herodamage.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1700309018704&bpp=3&bdt=181&idt=252&shv=r20231109&mjsv=m202311090102&ptt=9&saldr=aa&correlator=194850047567&frm=24&ife=3&pv=2&ga_vid=1812915870.1700309019&ga_sid=1700309019&ga_hid=1000526508&ga_fc=0&nhd=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=120&ish=600&ifk=749952921&scr_x=-12245933&scr_y=-12245933&eid=44759876%2C44759927%2C44759837%2C31079628%2C44809316%2C31078297%2C31079773%2C44807763%2C44808148%2C44808284%2C44809053&oid=2&pvsid=1056821916372595&tmod=75059055&uas=0&nvt=1&etu=AA-V4qMZOgiCtPIjdJOUQQONkWOdFRMkM73TdY2nvRGSf9W2ezaO7Bg4EqKy2j-ADKkAyTQA3SqMuH8tJPPfGQ&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C120%2C600&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=1&uci=1.hcyzo3by14ev&fsb=1&dtd=273

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Sat, 18 Nov 2023 11:19:13 GMT
content-encoding: br
x-content-type-options: nosniff
age: 2666
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 02 Dec 2023 11:19:13 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/ Frame AF82 20 KB
8 KB 10ms
9ms Script
text/javascript 2a00:1450:4001:800::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/qs_click_protection_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3c30eaaa059a466037880c18c01c2fe94183d8e67eaab42061d4d2a180114658

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Fri, 17 Nov 2023 23:16:57 GMT
content-encoding: br
x-content-type-options: nosniff
age: 46002
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8541
x-xss-protection: 0
server: cafe
etag: 737174102934380276
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 01 Dec 2023 23:16:57 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame AF82 0
0 17ms
15ms Image
text/html 2a00:1450:4001:829::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaTGZ3Wkpo81NU7c0uA63Ae-HJ1rMxwYN3GxU4oKBOglMRXKqF5hk0jOE8TPqUXjH4abvL9Gk47KTSvUQW9ovnlbekg9hg
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5677349133508739&output=html&h=600&slotname=3965109405&adk=2350305474&adf=3173046727&pi=t.ma~as.3965109405&w=120&format=120x600&url=https%3A%2F%2Fbfa.herodamage.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1700309018704&bpp=3&bdt=181&idt=252&shv=r20231109&mjsv=m202311090102&ptt=9&saldr=aa&correlator=194850047567&frm=24&ife=3&pv=2&ga_vid=1812915870.1700309019&ga_sid=1700309019&ga_hid=1000526508&ga_fc=0&nhd=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=120&ish=600&ifk=749952921&scr_x=-12245933&scr_y=-12245933&eid=44759876%2C44759927%2C44759837%2C31079628%2C44809316%2C31078297%2C31079773%2C44807763%2C44808148%2C44808284%2C44809053&oid=2&pvsid=1056821916372595&tmod=75059055&uas=0&nvt=1&etu=AA-V4qMZOgiCtPIjdJOUQQONkWOdFRMkM73TdY2nvRGSf9W2ezaO7Bg4EqKy2j-ADKkAyTQA3SqMuH8tJPPfGQ&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C120%2C600&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=1&uci=1.hcyzo3by14ev&fsb=1&dtd=273
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:829::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

GET
H3 200 ufs_web_display.js Show response
www.googletagservices.com/activeview/js/current/ Frame AF82 202 KB
64 KB 24ms
22ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d00881661ce5e766ce98430f69d6d217ab80bdfa98811e039afc92a327d57a68

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Sat, 18 Nov 2023 12:03:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 65070
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1700193896630564"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 18 Nov 2023 12:03:39 GMT

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame AF82 0
0 53ms
52ms Fetch
text/html 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CHX8HG6hYZbjXA72v5LcPn_SFuASQ4YGEXLaoworwAsCNtwEQASAAYJXikIKgB4IBF2NhLXB1Yi01Njc3MzQ5MTMzNTA4NzM5yAEJqQImacesD1CyPqgDAcgDAqoExwFP0CCdjpfdt3weGszg1eopW6c3nU-DnQW_ulEb9k2Yt6U5uLb9zj96L0gNnI0EOOAqY2pZTzt2YnmT8DcogHlIMlQpVwPu5V_c_nLfpHYQhpiA9Cu46407SA7Q6qvz4vcEX_k_hcp6q8A31yRAoyvOQ1nqBrQLosDfD7Fy3zAoNmlRP66GgB9aAQDRWgQxfBDIuJ_VzYrGWYtrlk6Cg64eAG0_W3-UsXhkoAy04KIsxCD9zQMaCtfeB6mA-baqoJn0oVuSKd8agAa4nvrVpfLFg9YBoAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIFAiA4YAQEAEyAqoCOgKAQEi9_cE6gAoB-gsCCAGADAHQFQGAFwGyFxoKGBIUcHViLTU2NzczNDkxMzM1MDg3MzkYAA&sigh=ltOLqiO9seg&uach_m=[UACH]&cid=CAQSPADICaaN66oe3ZoNCSuveCa9XkZgYJCHAPJ83rhiNkvRIQPIhtzuyTJIxfxXTzhBtw0-r3atLTxcpJOkaxgB

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5677349133508739&output=html&h=600&slotname=3965109405&adk=2350305474&adf=3173046727&pi=t.ma~as.3965109405&w=120&format=120x600&url=https%3A%2F%2Fbfa.herodamage.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1700309018704&bpp=3&bdt=181&idt=252&shv=r20231109&mjsv=m202311090102&ptt=9&saldr=aa&correlator=194850047567&frm=24&ife=3&pv=2&ga_vid=1812915870.1700309019&ga_sid=1700309019&ga_hid=1000526508&ga_fc=0&nhd=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=120&ish=600&ifk=749952921&scr_x=-12245933&scr_y=-12245933&eid=44759876%2C44759927%2C44759837%2C31079628%2C44809316%2C31078297%2C31079773%2C44807763%2C44808148%2C44808284%2C44809053&oid=2&pvsid=1056821916372595&tmod=75059055&uas=0&nvt=1&etu=AA-V4qMZOgiCtPIjdJOUQQONkWOdFRMkM73TdY2nvRGSf9W2ezaO7Bg4EqKy2j-ADKkAyTQA3SqMuH8tJPPfGQ&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C120%2C600&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=1&uci=1.hcyzo3by14ev&fsb=1&dtd=273
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Sat, 18 Nov 2023 12:03:39 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H2 204 winResponse
prod-rtb.ad4mat.net/ Frame AF82 0
0 66ms
17ms Fetch
image/gif 2600:1901:0:76b9::
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://prod-rtb.ad4mat.net/winResponse?a=1js0p0p7kt73fc21ws1kvg6q5f8ffsdba3dmpvn2wkhqp9ycg1gwcdekmrrky76ne8dq9weecmbcvd76xc7qxhayxa0rm5xcvtn6sqnyf2bds4r0c59j333v9bwt8ptdq2c1ebf8gbjgz38vc3m4b2h7mw5359p78ebwc986gk0y6s96srnej6321zbk859maa0fqck2s20dhn2e5xfgfj8d31by620s0cev96d2638jj83yk9xjc7gn18vc2dnnwr1bt7s17bx720bf53byhn6q7jdt0p84gdr1q7gvywwpy79dgnxv2fg4dkyvcst55p5b8bq1ppdaj55qm2cmavpwp1psjnjxh4ssmc9y5amaxjr1xyg822c1jjqy0pd5vr72mjq348&b=ZVioGwAA67gA-Re9AAF6H34D1h57q8-5Z7TXZw
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5677349133508739&output=html&h=600&slotname=3965109405&adk=2350305474&adf=3173046727&pi=t.ma~as.3965109405&w=120&format=120x600&url=https%3A%2F%2Fbfa.herodamage.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1700309018704&bpp=3&bdt=181&idt=252&shv=r20231109&mjsv=m202311090102&ptt=9&saldr=aa&correlator=194850047567&frm=24&ife=3&pv=2&ga_vid=1812915870.1700309019&ga_sid=1700309019&ga_hid=1000526508&ga_fc=0&nhd=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=120&ish=600&ifk=749952921&scr_x=-12245933&scr_y=-12245933&eid=44759876%2C44759927%2C44759837%2C31079628%2C44809316%2C31078297%2C31079773%2C44807763%2C44808148%2C44808284%2C44809053&oid=2&pvsid=1056821916372595&tmod=75059055&uas=0&nvt=1&etu=AA-V4qMZOgiCtPIjdJOUQQONkWOdFRMkM73TdY2nvRGSf9W2ezaO7Bg4EqKy2j-ADKkAyTQA3SqMuH8tJPPfGQ&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C120%2C600&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=1&uci=1.hcyzo3by14ev&fsb=1&dtd=273
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:1901:0:76b9:: Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

access-control-allow-origin: *
date: Sat, 18 Nov 2023 12:03:39 GMT
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-type: image/gif

GET
H2 200 dr Show response
as.ad4m.at/ad/ Frame 9F8D 2 KB
3 KB 52ms
30ms Document
text/html 2606:4700:20::681a:bd1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://as.ad4m.at/ad/dr?ed=1jg9ngq5s4mafyba71gg1pc3tz9mtgfd4veyhww57zen98gefd4pw6ss5bq7dspam48mx6xwajdddyeay3sm0zznsj8fynvamgc0rfb0fvgqmrm5rs984nefqcxyqp48fcyas09td25reerjh4hhvh8df2dh0wnnh61vrppem2jxs15a3p0yrqkjew6nyxb2hkkm7m0q3tezhk204qqymhwjhwx6cb3mk3mkhpe77kvhsxv3dv1bdsdjn2b30mq394z7hsgdzyhe69vpaw6cyxb6b9p7x9bs3drwhzb9x0085re7523zfrcyx2p9h5m0fdn3ay6753yt8ej4g7q0bq4xep2tzkxh05ww3kscbwmkx4z37z7hje2zpm8prf0x71ht1jspp6rwkwaqa7xfzqzjjypmw875dk7h8fh1hj54z0rphbzz2&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC591tG6hYZbjXA72v5LcPn_SFuASQ4YGEXLaoworwAsCNtwEQASAAYJXikIKgB4IBF2NhLXB1Yi01Njc3MzQ5MTMzNTA4NzM5yAEJqQImacesD1CyPqgDAcgDAqoEygFP0CCdjpfdt3weGszg1eopW6c3nU-DnQW_ulEb9k2Yt6U5uLb9zj96L0gNnI0EOOAqY2pZTzt2YnmT8DcogHlIMlQpVwPu5V_c_nLfpHYQhpiA9Cu46407SA7Q6qvz4vcEX_k_hcp6q8A31yRAoyvOQ1nqBrQLosDfD7Fy3zAoNmlRP66GgB9aAQDRWgQxfBDIuJ_VzYrGWYtrlk6Cg64eAC89eu1DSP8kaIv8dnhlVtLE2Qm3APnG2ilCsCRSNIfYuY5Otp_SxPcIgAa4nvrVpfLFg9YBoAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIFAiA4YAQEAEyAqoCOgKAQEi9_cE6-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_1aIb8ng9LutqtYaI3RgO0EYBu3ng%26client%3Dca-pub-5677349133508739%26adurl%3D

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:bd1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

57f34736bb717fdea5df544a1b51513195f993dcd6f6f2dbb6f00b583b1273e3

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; report-to report-endpoint;report-uri /ad/rcv; upgrade-insecure-requests;sandbox allow-scripts allow-same-origin allow-popups allow-popups-to-escape-sandbox;base-uri https:;child-src ;connect-src https:;default-src 'self';font-src ;form-action 'none';frame-src ;img-src https: data:;manifest-src 'none';media-src 'none';object-src 'none';worker-src 'none';script-src https: 'unsafe-inline' 'unsafe-eval';style-src 'unsafe-inline'
Strict-Transport-Security	max-age=86400; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate
cf-cache-status: DYNAMIC
cf-ray: 8280124bcdd49219-FRA
content-encoding: br
content-security-policy: block-all-mixed-content; report-to report-endpoint;report-uri /ad/rcv; upgrade-insecure-requests;sandbox allow-scripts allow-same-origin allow-popups allow-popups-to-escape-sandbox;base-uri https:;child-src *;connect-src https:;default-src 'self';font-src *;form-action 'none';frame-src *;img-src https: data:;manifest-src 'none';media-src 'none';object-src 'none';worker-src 'none';script-src https: 'unsafe-inline' 'unsafe-eval';style-src * 'unsafe-inline'
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: unsafe-none
cross-origin-opener-policy: unsafe-none
cross-origin-resource-policy: cross-origin
date: Sat, 18 Nov 2023 12:03:39 GMT
expires: 0
nel: {"failure_fraction":"1.0","max_age":86400,"report_to":"report-endpoint","success_fraction":"0.0","include_subdomains":true}
permissions-policy: accelerometer=(),autoplay=(self),camera=(),display-capture=(),encrypted-media=(self),fullscreen=(),gamepad=(),geolocation=(),gyroscope=(),hid=(),identity-credentials-get=(),idle-detection=*,local-fonts=*,magnetometer=(),microphone=(),midi=(),otp-credentials=(),payment=(),picture-in-picture=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=(),web-share=*,xr-spatial-tracking=()
pragma: no-cache
referrer-policy: same-origin
report-to: {"endpoints":[{"url":"/ad/vre"}],"group":"report-endpoint","max_age":86400}
server: cloudflare
strict-transport-security: max-age=86400; includeSubDomains; preload
surrogate-control: no-store
vary: accept-encoding
via: 1.1 google
x-content-type-options: nosniff
x-download-options: noopen
x-xss-protection: 1; mode=block

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 151F 1 KB
644 B 7ms
6ms Document
text/html 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 9504
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sat, 18 Nov 2023 09:25:15 GMT
etag: 48472445140208031
expires: Sun, 19 Nov 2023 09:25:15 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 default.css
as.ad4m.at/ad/style/0.1.50/one-ad/ Frame 9F8D 115 KB
13 KB 22ms
21ms Stylesheet
text/css 2606:4700:20::681a:bd1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://as.ad4m.at/ad/style/0.1.50/one-ad/default.css
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/dr?ed=1jg9ngq5s4mafyba71gg1pc3tz9mtgfd4veyhww57zen98gefd4pw6ss5bq7dspam48mx6xwajdddyeay3sm0zznsj8fynvamgc0rfb0fvgqmrm5rs984nefqcxyqp48fcyas09td25reerjh4hhvh8df2dh0wnnh61vrppem2jxs15a3p0yrqkjew6nyxb2hkkm7m0q3tezhk204qqymhwjhwx6cb3mk3mkhpe77kvhsxv3dv1bdsdjn2b30mq394z7hsgdzyhe69vpaw6cyxb6b9p7x9bs3drwhzb9x0085re7523zfrcyx2p9h5m0fdn3ay6753yt8ej4g7q0bq4xep2tzkxh05ww3kscbwmkx4z37z7hje2zpm8prf0x71ht1jspp6rwkwaqa7xfzqzjjypmw875dk7h8fh1hj54z0rphbzz2&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC591tG6hYZbjXA72v5LcPn_SFuASQ4YGEXLaoworwAsCNtwEQASAAYJXikIKgB4IBF2NhLXB1Yi01Njc3MzQ5MTMzNTA4NzM5yAEJqQImacesD1CyPqgDAcgDAqoEygFP0CCdjpfdt3weGszg1eopW6c3nU-DnQW_ulEb9k2Yt6U5uLb9zj96L0gNnI0EOOAqY2pZTzt2YnmT8DcogHlIMlQpVwPu5V_c_nLfpHYQhpiA9Cu46407SA7Q6qvz4vcEX_k_hcp6q8A31yRAoyvOQ1nqBrQLosDfD7Fy3zAoNmlRP66GgB9aAQDRWgQxfBDIuJ_VzYrGWYtrlk6Cg64eAC89eu1DSP8kaIv8dnhlVtLE2Qm3APnG2ilCsCRSNIfYuY5Otp_SxPcIgAa4nvrVpfLFg9YBoAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIFAiA4YAQEAEyAqoCOgKAQEi9_cE6-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_1aIb8ng9LutqtYaI3RgO0EYBu3ng%26client%3Dca-pub-5677349133508739%26adurl%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:bd1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5f5a0db09b2c7d59fce00d749f6b857d80edafcca6897c038c5b77fb942f1393

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://as.ad4m.at/ad/dr?ed=1jg9ngq5s4mafyba71gg1pc3tz9mtgfd4veyhww57zen98gefd4pw6ss5bq7dspam48mx6xwajdddyeay3sm0zznsj8fynvamgc0rfb0fvgqmrm5rs984nefqcxyqp48fcyas09td25reerjh4hhvh8df2dh0wnnh61vrppem2jxs15a3p0yrqkjew6nyxb2hkkm7m0q3tezhk204qqymhwjhwx6cb3mk3mkhpe77kvhsxv3dv1bdsdjn2b30mq394z7hsgdzyhe69vpaw6cyxb6b9p7x9bs3drwhzb9x0085re7523zfrcyx2p9h5m0fdn3ay6753yt8ej4g7q0bq4xep2tzkxh05ww3kscbwmkx4z37z7hje2zpm8prf0x71ht1jspp6rwkwaqa7xfzqzjjypmw875dk7h8fh1hj54z0rphbzz2&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC591tG6hYZbjXA72v5LcPn_SFuASQ4YGEXLaoworwAsCNtwEQASAAYJXikIKgB4IBF2NhLXB1Yi01Njc3MzQ5MTMzNTA4NzM5yAEJqQImacesD1CyPqgDAcgDAqoEygFP0CCdjpfdt3weGszg1eopW6c3nU-DnQW_ulEb9k2Yt6U5uLb9zj96L0gNnI0EOOAqY2pZTzt2YnmT8DcogHlIMlQpVwPu5V_c_nLfpHYQhpiA9Cu46407SA7Q6qvz4vcEX_k_hcp6q8A31yRAoyvOQ1nqBrQLosDfD7Fy3zAoNmlRP66GgB9aAQDRWgQxfBDIuJ_VzYrGWYtrlk6Cg64eAC89eu1DSP8kaIv8dnhlVtLE2Qm3APnG2ilCsCRSNIfYuY5Otp_SxPcIgAa4nvrVpfLFg9YBoAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIFAiA4YAQEAEyAqoCOgKAQEi9_cE6-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_1aIb8ng9LutqtYaI3RgO0EYBu3ng%26client%3Dca-pub-5677349133508739%26adurl%3D
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Sat, 18 Nov 2023 12:03:39 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 553145
cf-polished: origSize=118430
alt-svc: h3=":443"; ma=86400
cf-bgj: minify
last-modified: Thu, 02 Nov 2023 10:26:17 GMT
server: cloudflare
etag: W/"486507ccce9ac587d11c0ef3f32a109a"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lpfhkPucaornGcab6DHbn19QhgqBPssqQxWpd9FywD84stG8oxq%2Ba2t0npp5020w7LAIeYa2qSX362pt3smDhKUKYnEMONIROINTRooiEc5ioP%2FSOv5fEIWEf6AXW548UZyS%2Fz4AodU%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: public, max-age=86400
cf-ray: 8280124c1e219219-FRA
expires: Sun, 19 Nov 2023 12:03:39 GMT

GET
H2 200 r62eglto.js Show response
ad4m.at/ Frame 9F8D 25 KB
10 KB 19ms
18ms Script
application/javascript 2606:4700:20::681a:bd1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ad4m.at/r62eglto.js
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/dr?ed=1jg9ngq5s4mafyba71gg1pc3tz9mtgfd4veyhww57zen98gefd4pw6ss5bq7dspam48mx6xwajdddyeay3sm0zznsj8fynvamgc0rfb0fvgqmrm5rs984nefqcxyqp48fcyas09td25reerjh4hhvh8df2dh0wnnh61vrppem2jxs15a3p0yrqkjew6nyxb2hkkm7m0q3tezhk204qqymhwjhwx6cb3mk3mkhpe77kvhsxv3dv1bdsdjn2b30mq394z7hsgdzyhe69vpaw6cyxb6b9p7x9bs3drwhzb9x0085re7523zfrcyx2p9h5m0fdn3ay6753yt8ej4g7q0bq4xep2tzkxh05ww3kscbwmkx4z37z7hje2zpm8prf0x71ht1jspp6rwkwaqa7xfzqzjjypmw875dk7h8fh1hj54z0rphbzz2&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC591tG6hYZbjXA72v5LcPn_SFuASQ4YGEXLaoworwAsCNtwEQASAAYJXikIKgB4IBF2NhLXB1Yi01Njc3MzQ5MTMzNTA4NzM5yAEJqQImacesD1CyPqgDAcgDAqoEygFP0CCdjpfdt3weGszg1eopW6c3nU-DnQW_ulEb9k2Yt6U5uLb9zj96L0gNnI0EOOAqY2pZTzt2YnmT8DcogHlIMlQpVwPu5V_c_nLfpHYQhpiA9Cu46407SA7Q6qvz4vcEX_k_hcp6q8A31yRAoyvOQ1nqBrQLosDfD7Fy3zAoNmlRP66GgB9aAQDRWgQxfBDIuJ_VzYrGWYtrlk6Cg64eAC89eu1DSP8kaIv8dnhlVtLE2Qm3APnG2ilCsCRSNIfYuY5Otp_SxPcIgAa4nvrVpfLFg9YBoAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIFAiA4YAQEAEyAqoCOgKAQEi9_cE6-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_1aIb8ng9LutqtYaI3RgO0EYBu3ng%26client%3Dca-pub-5677349133508739%26adurl%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:bd1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ba4a0c91bdda0c6f615970c6c39dbe9e47f84613f5460c2b21bf5d1eec6277a3

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Sat, 18 Nov 2023 12:03:39 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 11 Jul 2023 16:29:57 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 451343
etag: W/"8f7b47e4fef4e58c4cfeb4f6c445dcb6"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ISnUQ10wO17fhmvmUAMX08mKm6wGJlFG5lWQbF3aGDLX5xoeXVwDytNXvev7WKkAwGqIL32P1J7Cfp8uBzliLZZ0GLec9zYnfjDkAnuCR1O%2FnZQiZiNBRiYePslX6Jn5YAi%2FpsY%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: public, max-age=3600, must-revalidate, stale-while-revalidate=300
cf-ray: 8280124c1e239219-FRA
alt-svc: h3=":443"; ma=86400
expires: Mon, 13 Nov 2023 06:41:16 GMT

GET
DATA 200
OK truncated
/ Frame AF82 213 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: c518d6d2fa7bbf076b184c286e65f24ab3f54a6cb7f75b44bc27932c32706118

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Content-Type: image/png

GET
H2

200

i.match
s.tribalfusion.com/z/ Frame 151F
Redirect Chain

https://a.tribalfusion.com/i.match?p=b6&u=CAESEEp_vBFZAR-cxak9cUhesmk&google_cver=1&google_push=AXcoOmSEo_dAXEbhzgaXk4CkYxvXVt1IOFxmFFRsmDmUWLsRrZKarVvFg0xjYULD04Td9ePozAjSCZAaYC3g4PpkL-Gwascv9IAjM...
https://s.tribalfusion.com/z/i.match?p=b6&u=CAESEEp_vBFZAR-cxak9cUhesmk&google_cver=1&google_push=AXcoOmSEo_dAXEbhzgaXk4CkYxvXVt1IOFxmFFRsmDmUWLsRrZKarVvFg0xjYULD04Td9ePozAjSCZAaYC3g4PpkL-Gwascv9IA...

43 B
391 B

226ms
226ms

Image
image/gif

2606:4700::6812:19ad
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s.tribalfusion.com/z/i.match?p=b6&u=CAESEEp_vBFZAR-cxak9cUhesmk&google_cver=1&google_push=AXcoOmSEo_dAXEbhzgaXk4CkYxvXVt1IOFxmFFRsmDmUWLsRrZKarVvFg0xjYULD04Td9ePozAjSCZAaYC3g4PpkL-Gwascv9IAjM1t6eMEaKNmn57kCF-073m3J2toLzeZcCrKNSUGCFo7BF422lLgoUQteOw&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAXcoOmSEo_dAXEbhzgaXk4CkYxvXVt1IOFxmFFRsmDmUWLsRrZKarVvFg0xjYULD04Td9ePozAjSCZAaYC3g4PpkL-Gwascv9IAjM1t6eMEaKNmn57kCF-073m3J2toLzeZcCrKNSUGCFo7BF422lLgoUQteOw%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24
Protocol: H2
Server: 2606:4700::6812:19ad , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 18 Nov 2023 12:03:39 GMT
cf-cache-status: DYNAMIC
x-function: 302
server: cloudflare
content-type: image/gif; charset=utf-8
p3p: CP="NOI DEVo TAIa OUR BUS"
cache-control: no-cache, private
cf-ray: 8280124d2cda37f5-FRA
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Sat, 18 Nov 2023 12:03:39 GMT
cf-cache-status: DYNAMIC
x-function: 206
server: cloudflare
x-reuse-index: 20
content-type: text/html
location: https://s.tribalfusion.com/z/i.match?p=b6&u=CAESEEp_vBFZAR-cxak9cUhesmk&google_cver=1&google_push=AXcoOmSEo_dAXEbhzgaXk4CkYxvXVt1IOFxmFFRsmDmUWLsRrZKarVvFg0xjYULD04Td9ePozAjSCZAaYC3g4PpkL-Gwascv9IAjM1t6eMEaKNmn57kCF-073m3J2toLzeZcCrKNSUGCFo7BF422lLgoUQteOw&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAXcoOmSEo_dAXEbhzgaXk4CkYxvXVt1IOFxmFFRsmDmUWLsRrZKarVvFg0xjYULD04Td9ePozAjSCZAaYC3g4PpkL-Gwascv9IAjM1t6eMEaKNmn57kCF-073m3J2toLzeZcCrKNSUGCFo7BF422lLgoUQteOw%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24
p3p: CP="NOI DEVo TAIa OUR BUS"
cache-control: no-cache, private
cf-ray: 8280124c1bbc37f5-FRA
alt-svc: h3=":443"; ma=86400
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 151F
Redirect Chain

https://sync-tm.everesttech.net/upi/pid/5w3jqr4k?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dg8f47s39e399f3fe%26google_hm%3D%24%7BTM_USER_ID_BASE64ENC_URLENC%7D&google_gid=CAESE...
https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=&google_cver=1&google_gid=CAESEOyJB9_xL25M9JDdhEYXLjY&google_push=AXcoOmRUoQLTcYQ6jQSnCWY6Ik0aIc8_-ZQ9GINspZGU_s9D4pAtoKrEt1...

170 B
188 B

17ms
17ms

Image
image/png

142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=&google_cver=1&google_gid=CAESEOyJB9_xL25M9JDdhEYXLjY&google_push=AXcoOmRUoQLTcYQ6jQSnCWY6Ik0aIc8_-ZQ9GINspZGU_s9D4pAtoKrEt11Sb8DQlFj28xx7oWkvY3lheWIQXjg-CbzwMCYuWQ2nbTIzAY6000wE8qtY6JEk4c-bVQys77_Zzxs1gDAB9Vw6j3bSNBvWMokF9A

Protocol

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 18 Nov 2023 12:03:39 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

x-served-by: cache-fra-eddf8230138-FRA
pragma: no-cache
date: Sat, 18 Nov 2023 12:03:39 GMT
via: 1.1 varnish
server: Jetty(9.4.35.v20201120)
x-timer: S1700309020.570576,VS0,VE93
x-cache: MISS
p3p: CP="NOI DSP COR LAW PSAo PSDo IVAo IVDo OUR BUS UNI DEM"
access-control-allow-origin: *
location: https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=&google_cver=1&google_gid=CAESEOyJB9_xL25M9JDdhEYXLjY&google_push=AXcoOmRUoQLTcYQ6jQSnCWY6Ik0aIc8_-ZQ9GINspZGU_s9D4pAtoKrEt11Sb8DQlFj28xx7oWkvY3lheWIQXjg-CbzwMCYuWQ2nbTIzAY6000wE8qtY6JEk4c-bVQys77_Zzxs1gDAB9Vw6j3bSNBvWMokF9A
cache-control: no-cache
accept-ranges: bytes
content-length: 0
x-cache-hits: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 151F
Redirect Chain

https://um.simpli.fi/gp_match?google_gid=CAESEGu0u00YDIr6DU284luTSio&google_cver=1&google_push=AXcoOmTaZ8rVcPYPe85TMVzZpGklwnjCnD1fwOlz8_w4NR-BoX1WSzRRNtzSRPF7h8jfG_aPuMzlJF1wM54W5bQpcF_L9yLWh_pZcX...
https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=72B59F185B47462B869C3A6764FC07E2&google_push=AXcoOmTaZ8rVcPYPe85TMVzZpGklwnjCnD1fwOlz8_w4NR-BoX1WSzRRNtzSRPF7h8jfG_aPuMzlJF1wM54W5bQ...

170 B
188 B

17ms
17ms

Image
image/png

142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=72B59F185B47462B869C3A6764FC07E2&google_push=AXcoOmTaZ8rVcPYPe85TMVzZpGklwnjCnD1fwOlz8_w4NR-BoX1WSzRRNtzSRPF7h8jfG_aPuMzlJF1wM54W5bQpcF_L9yLWh_pZcXK7VtV6ra9DvvD19Vm4IFA3QzdNZS_g_Auqf8vLk1KHypdzR_glQh8TQMM

Requested by

Protocol

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 18 Nov 2023 12:03:39 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Sat, 18 Nov 2023 12:03:39 GMT
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-content-type-options: nosniff
server: openresty
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/html
location: https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=72B59F185B47462B869C3A6764FC07E2&google_push=AXcoOmTaZ8rVcPYPe85TMVzZpGklwnjCnD1fwOlz8_w4NR-BoX1WSzRRNtzSRPF7h8jfG_aPuMzlJF1wM54W5bQpcF_L9yLWh_pZcXK7VtV6ra9DvvD19Vm4IFA3QzdNZS_g_Auqf8vLk1KHypdzR_glQh8TQMM
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length: 142
expires: Fri, 17 Nov 2023 12:03:39 GMT

GET
H2 200 sync
x.bidswitch.net/ Frame 151F 43 B
146 B 36ms
9ms Image
image/gif 3.127.95.101
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://x.bidswitch.net/sync?ssp=google&google_gid=CAESEGa7mvEaPJ9Aqb5nxWXihgw&google_cver=1&google_push=AXcoOmR6T-M4EP8dTNFcPhjYSKbIQ1Fo3DQUdHDDP-ovlA0kKTCgTC7mGLiiF044mvzuvjjq3mugckWfnBesDbpy-NHXoPCsMY0uIWY7DTM_sZ5shUk6frnS-OU-QCcne8j9vSVz-W1FkOBSq8u2jMTy9YGx8hk
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5677349133508739&output=html&h=600&slotname=3965109405&adk=2350305474&adf=3173046727&pi=t.ma~as.3965109405&w=120&format=120x600&url=https%3A%2F%2Fbfa.herodamage.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1700309018704&bpp=3&bdt=181&idt=252&shv=r20231109&mjsv=m202311090102&ptt=9&saldr=aa&correlator=194850047567&frm=24&ife=3&pv=2&ga_vid=1812915870.1700309019&ga_sid=1700309019&ga_hid=1000526508&ga_fc=0&nhd=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=120&ish=600&ifk=749952921&scr_x=-12245933&scr_y=-12245933&eid=44759876%2C44759927%2C44759837%2C31079628%2C44809316%2C31078297%2C31079773%2C44807763%2C44808148%2C44808284%2C44809053&oid=2&pvsid=1056821916372595&tmod=75059055&uas=0&nvt=1&etu=AA-V4qMZOgiCtPIjdJOUQQONkWOdFRMkM73TdY2nvRGSf9W2ezaO7Bg4EqKy2j-ADKkAyTQA3SqMuH8tJPPfGQ&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C120%2C600&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=1&uci=1.hcyzo3by14ev&fsb=1&dtd=273
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.127.95.101 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-127-95-101.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Sat, 18 Nov 2023 12:03:39 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 43
content-type: image/gif

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 151F
Redirect Chain

https://onetag-sys.com/match/?int_id=19&redir=1&google_gid=CAESEMZcSxjCBr8FebqP-kcQbG8&google_cver=1&google_push=AXcoOmSKMmOK31gLbXjTeCSTXMRJ5Xcvz6sE7ZigPCBggeskAU38VrGNz8W2XNiT97Um1QCQy5mXZOWZPRCY...
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=AXcoOmSKMmOK31gLbXjTeCSTXMRJ5Xcvz6sE7ZigPCBggeskAU38VrGNz8W2XNiT97Um1QCQy5mXZOWZPRCYZ7glaj-IRyRo5nZQxl7U4Y6PPF7_dM3zKK95...

170 B
188 B

30ms
29ms

Image
image/png

142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=AXcoOmSKMmOK31gLbXjTeCSTXMRJ5Xcvz6sE7ZigPCBggeskAU38VrGNz8W2XNiT97Um1QCQy5mXZOWZPRCYZ7glaj-IRyRo5nZQxl7U4Y6PPF7_dM3zKK95XgCuIx2IJyz5DLEe-od5E8GgByMsdq3kwe5JZA

Requested by

Protocol

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 18 Nov 2023 12:03:39 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=AXcoOmSKMmOK31gLbXjTeCSTXMRJ5Xcvz6sE7ZigPCBggeskAU38VrGNz8W2XNiT97Um1QCQy5mXZOWZPRCYZ7glaj-IRyRo5nZQxl7U4Y6PPF7_dM3zKK95XgCuIx2IJyz5DLEe-od5E8GgByMsdq3kwe5JZA
strict-transport-security: max-age=15552000
cache-control: no-transform, no-cache
alt-svc: h3=":443"; ma=900, h3-29=":443"; ma=900
content-length: 0
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 151F
Redirect Chain

https://ius.ctnsnet.com/int/cm?exc=1&acc=crimtan_holdings_limited&google_gid=CAESEGIqeaXfD2FBdPZNotNE_Is&google_cver=1&google_push=AXcoOmRzBkD85dLNZxljkmTfhHkdXPLJlscrxc_X_k26DQsqyCXZ-7u3QVV9BBEvrC...
https://cm.g.doubleclick.net/pixel?google_nid=crimtan_holdings_limited&google_push=AXcoOmRzBkD85dLNZxljkmTfhHkdXPLJlscrxc_X_k26DQsqyCXZ-7u3QVV9BBEvrCNJC9Uf2xIJ3JXkwTqXuLjzpmXa3tDNtWwhjwN-cKRoJfV4bU...

170 B
188 B

31ms
30ms

Image
image/png

142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=crimtan_holdings_limited&google_push=AXcoOmRzBkD85dLNZxljkmTfhHkdXPLJlscrxc_X_k26DQsqyCXZ-7u3QVV9BBEvrCNJC9Uf2xIJ3JXkwTqXuLjzpmXa3tDNtWwhjwN-cKRoJfV4bU-_fTdulvKagSpOdQ7tUupYs5ig9B7K1i9o_ZxTjVodCdZa&google_hm=Re4ocx1ARXiHjbzMYUr6KEw

Requested by

Protocol

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 18 Nov 2023 12:03:39 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Sat, 18 Nov 2023 12:03:38 GMT
via: 1.1 google
server: Apache-Coyote/1.1
p3p: CP="NOI DSP COR NID CUR OUR NOR"
status: 302
location: https://cm.g.doubleclick.net/pixel?google_nid=crimtan_holdings_limited&google_push=AXcoOmRzBkD85dLNZxljkmTfhHkdXPLJlscrxc_X_k26DQsqyCXZ-7u3QVV9BBEvrCNJC9Uf2xIJ3JXkwTqXuLjzpmXa3tDNtWwhjwN-cKRoJfV4bU-_fTdulvKagSpOdQ7tUupYs5ig9B7K1i9o_ZxTjVodCdZa&google_hm=Re4ocx1ARXiHjbzMYUr6KEw
content-type: text/html;charset=UTF-8
cache-control: no-cache, must-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 1; mode=block
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

report
sync.teads.tv/um/ Frame 151F
Redirect Chain

https://sync.teads.tv/um?ssb_provider_id=3&uid=&google_nid=teadstv_ab&fb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dteadstv_ab%26google_hm%3D%5BVID_B64%5D&google_gid=CAESED-WTaJ8LXx7...
https://cm.g.doubleclick.net/pixel?google_nid=teadstv_ab&google_hm=&google_push=AXcoOmQ0XvvU-NJLp7shY0ChfI0GGBivVcE38uUNTqU1CoYniVkP5RipXgagHQIXSgR2WG-OwyFsWTjC253ym1VhOlK40xJ2Ek5hiJuTbabkgtgh_HxjO...
https://sync.teads.tv/um/report?eid=3&google_nid=teadstv_ab

23 B
163 B

32ms
32ms

Image
image/gif

2.16.97.41
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.teads.tv/um/report?eid=3&google_nid=teadstv_ab
Protocol: H2
Server: 2.16.97.41 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-16-97-41.deploy.static.akamaitechnologies.com
Software: pekko-http/1.0.0 /
Resource Hash: 328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

expires: Sat, 18 Nov 2023 12:03:39 GMT
pragma: no-cache
date: Sat, 18 Nov 2023 12:03:39 GMT
cache-control: max-age=0, no-cache, no-store
server: pekko-http/1.0.0
content-length: 23
content-type: image/gif

Redirect headers

pragma: no-cache
date: Sat, 18 Nov 2023 12:03:39 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://sync.teads.tv/um/report?eid=3&google_nid=teadstv_ab
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 260
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame 151F 0
12 B 15ms
15ms Image
text/html 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13IuEdLOCHYetm2QUSHQ0LpsfjOPGx5-5J1R1JmcB_72D29D8lLIinaTE9yTii0_DjLLdQ_aWlM

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Sat, 18 Nov 2023 12:03:39 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H2 200 adchoices_default.png
static-de.ad4mat.net/ads/img/ad_markers_folder/ Frame 9F8D 3 KB
4 KB 68ms
17ms Image
image/png 2606:4700:20::681a:61b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static-de.ad4mat.net/ads/img/ad_markers_folder/adchoices_default.png
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/style/0.1.50/one-ad/default.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:61b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2eeaed1b310e214596abec926291c1a41c6333ddaeac312886fc0b5930d71f0e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://as.ad4m.at/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Sat, 18 Nov 2023 12:03:39 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2678
x-guploader-uploadid: ABPtcPqeyAM5pLg6y_aW-mO4RhYrJbAfgFk8ciklB7Qbadl6mBYc25sbnaISoSIa00JiW0GQc1l2omk
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=86400
content-length: 3262
last-modified: Tue, 21 Jun 2022 12:31:17 GMT
server: cloudflare
etag: "794c84d30e213ec6a144d64215f07551"
vary: Accept-Encoding
x-goog-generation: 1655814677405990
content-type: image/png
content-language: en
x-goog-hash: crc32c=v7nNsg==, md5=eUyE0w4hPsahRNZCFfB1UQ==
cache-control: public, max-age=7200
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kUfIaGPtP%2FPbYBdp%2B8UfHWA5VrVU8f8AakzZr%2F%2Faiq3%2BrXHH7psD2xhpDlgdLGPfPShXhMCncRMrOHebMM4nGzUu3zjRiRYpuPyEhdRaw%2BbpXZ241ExFR0XZmxXxhxJY6J4A4iPpzb%2Bthld8EkjDVi%2Bi"}],"group":"cf-nel","max_age":604800}
x-goog-stored-content-length: 3262
accept-ranges: bytes
cf-ray: 8280124cca259170-FRA
expires: Sat, 18 Nov 2023 12:02:40 GMT

GET
H3 200 frame.html Show response
ad4m.at/ Frame BDC8 2 KB
2 KB 18ms
18ms Document
text/html 2606:4700:20::681a:bd1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ad4m.at/frame.html
Requested by: Host: ad4m.at
URL: https://ad4m.at/r62eglto.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::681a:bd1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 61bb554f7f2636654d8753efec0e55ae8e1ff4853af1942d7efd1f28f54e783a

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 1056143
alt-svc: h3=":443"; ma=86400
cache-control: public, max-age=3600
cf-cache-status: HIT
cf-ray: 8280124c7b015b2c-FRA
content-encoding: br
content-language: en
content-type: text/html; charset=utf-8
date: Sat, 18 Nov 2023 12:03:39 GMT
expires: Mon, 06 Nov 2023 07:07:05 GMT
last-modified: Tue, 17 Oct 2023 09:43:49 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZN5ajzW56yxlG3MHlhbPqUMCYi72ZQx4KPPFCUokew%2Fv%2B7D8rcT90VvdCTK%2BP4tDvPD5T6G%2FlBYccZK3%2Ft2Dixbw7e%2FqjhJWOmXHPdbKNZYcHmjgwUPAPADDTECnQV17PPSYaA4%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding

OPTIONS
H3 200 rs
ad4m.at/ Frame 0
0 41ms
31ms Preflight
text/plain 2606:4700:20::681a:bd1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ad4m.at/rs
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::681a:bd1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://as.ad4m.at
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: content-type
access-control-allow-methods: GET,PATCH,POST,OPTIONS,DELETE
access-control-allow-origin: https://as.ad4m.at
access-control-max-age: 1800
allow: HEAD,POST,GET,OPTIONS
alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 8280124cec3e1cbd-FRA
content-length: 24
content-type: text/plain
date: Sat, 18 Nov 2023 12:03:39 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oGn9Wa1cUYSzeP9NBuMk3apK2W72Wbz%2FURN6COkoho2Hw2Me5pPGWyOyqGtuybj5owUWspsay%2F%2FVV%2FF7oVwdzQaIlmI2RsEjieJQ0aWBtSh2NNW3aeN93MkU5d90tozGR4xX01c%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
via: 1.1 google
x-backend-server: aa-reachservice-group-europe-west1-8ts3

POST
H3 200 rs Show response
ad4m.at/ Frame 9F8D 1 KB
2 KB 34ms
33ms XHR
text/plain 2606:4700:20::681a:bd1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ad4m.at/rs
Requested by: Host: ad4m.at
URL: https://ad4m.at/r62eglto.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::681a:bd1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0c68134667bad499154dfe2614ffb0ff76fad9563890be13eb10fb733c1f39be

Request headers

Referer
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
Content-Type: application/json

Response headers

date: Sat, 18 Nov 2023 12:03:39 GMT
via: 1.1 google
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LD5wyyw559Axfoa8P17xrswC9Jn99l4q7w7DYyJNoTDR4XlsI8YpWZWAEeOHVtpuLbJs%2Fdh%2F%2FJdi7%2Fq%2BS8OmnM3ADxQf3eoe9V30r2MlWOz904VA29DDy3ag%2BanuM8npXmqRrWs%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/plain
access-control-allow-origin: https://as.ad4m.at
access-control-allow-credentials: true
cf-ray: 8280124d2c7f1cbd-FRA
x-backend-server: aa-reachservice-group-europe-west1-8ts3
alt-svc: h3=":443"; ma=86400

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame BA49 0
10 B 8ms
8ms Image
text/plain 2a00:1450:4001:800::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?31haEg
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Sat, 18 Nov 2023 12:03:39 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H2 200 38bcf84a6c98f8ab5c7e5b9a6f0eaec8.js Show response
www.gstatic.com/mysidia/ Frame 060B 9 KB
4 KB 29ms
7ms Script
text/javascript 2a00:1450:4001:806::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/38bcf84a6c98f8ab5c7e5b9a6f0eaec8.js?tag=client_fast_engine_2019

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5677349133508739&output=html&h=90&slotname=4706457386&adk=4108698210&adf=3173046727&pi=t.ma~as.4706457386&w=970&format=970x90&url=https%3A%2F%2Fbfa.herodamage.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1700309018930&bpp=4&bdt=123&idt=166&shv=r20231109&mjsv=m202311150101&ptt=9&saldr=aa&correlator=2401878791743&frm=24&ife=3&pv=2&ga_vid=1854778231.1700309019&ga_sid=1700309019&ga_hid=1334383617&ga_fc=0&nhd=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=970&ish=90&ifk=1083495207&scr_x=-12245933&scr_y=-12245933&eid=44759875%2C44759926%2C31079437%2C31079606%2C42532265%2C44795922%2C44809317%2C31078297%2C31079757%2C44807764%2C44808149%2C44808285%2C44809053&oid=2&pvsid=589745120229187&tmod=810727195&uas=0&nvt=1&etu=AA-V4qMZOgiCtPIjdJOUQQONkWOdFRMkM73TdY2nvRGSf9W2ezaO7Bg4EqKy2j-ADKkAyTQA3SqMuH8tJPPfGQ&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C970%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=1&uci=1.lv4nnqyox4yq&fsb=1&dtd=213

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

70602b2d4f8fd19b95f522d3f3334ada3b3ff4647b4e81c7285b885977fd9ac4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Fri, 17 Nov 2023 09:24:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 95931
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4046
x-xss-protection: 0
last-modified: Tue, 14 Nov 2023 14:10:21 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Thu, 15 Feb 2024 09:24:48 GMT

GET
H2 200 78b00c21e40332afd18050ebd59c6b08.js Show response
www.gstatic.com/mysidia/ Frame 060B 11 KB
5 KB 29ms
8ms Script
text/javascript 2a00:1450:4001:806::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/78b00c21e40332afd18050ebd59c6b08.js?tag=text/vanilla_highlight

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b82aa6c527e41e336e9cd392fffa550353f896f71a3c632a5bdd51e22de4ca0f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Fri, 17 Nov 2023 09:25:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 95905
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4753
x-xss-protection: 0
last-modified: Tue, 14 Nov 2023 14:10:21 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Thu, 15 Feb 2024 09:25:14 GMT

GET
H2 200 css
fonts.googleapis.com/ Frame 060B 14 KB
1 KB 16ms
16ms Stylesheet
text/css 2a00:1450:4001:827::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

aade7746342f608807b7eb107059c842fe200e1ff09e146db822250055cecaed

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Sat, 18 Nov 2023 12:03:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Sat, 18 Nov 2023 11:46:44 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sat, 18 Nov 2023 12:03:39 GMT

GET
H3 200 load_preloaded_resource_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/ Frame 060B 2 KB
822 B 7ms
6ms Script
text/javascript 2a00:1450:4001:800::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/load_preloaded_resource_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

41d2526e9c4595fc1fc747555bda18a041033a863a9b2ed180e7b5836918facd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Fri, 17 Nov 2023 15:51:29 GMT
content-encoding: br
x-content-type-options: nosniff
age: 72730
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 795
x-xss-protection: 0
server: cafe
etag: 4925184154378345226
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 01 Dec 2023 15:51:29 GMT

GET
H3 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231109/r20110914/ Frame 060B 23 KB
9 KB 8ms
6ms Script
text/javascript 2a00:1450:4001:800::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231109/r20110914/abg_lite_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8f665ba5c27890ebed553836dee5572ad583c0a65374373741ec0a5309df2b5a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Sat, 18 Nov 2023 02:17:25 GMT
content-encoding: br
x-content-type-options: nosniff
age: 35174
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9282
x-xss-protection: 0
server: cafe
etag: 14645652906762492339
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 02 Dec 2023 02:17:25 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/ Frame 060B 3 KB
1 KB 10ms
8ms Script
text/javascript 2a00:1450:4001:800::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/window_focus_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Sat, 18 Nov 2023 11:19:13 GMT
content-encoding: br
x-content-type-options: nosniff
age: 2666
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 02 Dec 2023 11:19:13 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/ Frame 060B 20 KB
8 KB 8ms
8ms Script
text/javascript 2a00:1450:4001:800::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/qs_click_protection_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3c30eaaa059a466037880c18c01c2fe94183d8e67eaab42061d4d2a180114658

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Fri, 17 Nov 2023 23:16:57 GMT
content-encoding: br
x-content-type-options: nosniff
age: 46002
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8541
x-xss-protection: 0
server: cafe
etag: 737174102934380276
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 01 Dec 2023 23:16:57 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame 060B 0
0 15ms
14ms Image
text/html 2a00:1450:4001:829::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaQoxtg8E4t5Dw_tnygWJIFPZAl3Y0I-gLkb5WM5NZazFtiA95Wc8z40FW8JX6h-uiZk-fsAKVPIWQUjhpvgCDXH9kSjTA
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5677349133508739&output=html&h=90&slotname=4706457386&adk=4108698210&adf=3173046727&pi=t.ma~as.4706457386&w=970&format=970x90&url=https%3A%2F%2Fbfa.herodamage.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1700309018930&bpp=4&bdt=123&idt=166&shv=r20231109&mjsv=m202311150101&ptt=9&saldr=aa&correlator=2401878791743&frm=24&ife=3&pv=2&ga_vid=1854778231.1700309019&ga_sid=1700309019&ga_hid=1334383617&ga_fc=0&nhd=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=970&ish=90&ifk=1083495207&scr_x=-12245933&scr_y=-12245933&eid=44759875%2C44759926%2C31079437%2C31079606%2C42532265%2C44795922%2C44809317%2C31078297%2C31079757%2C44807764%2C44808149%2C44808285%2C44809053&oid=2&pvsid=589745120229187&tmod=810727195&uas=0&nvt=1&etu=AA-V4qMZOgiCtPIjdJOUQQONkWOdFRMkM73TdY2nvRGSf9W2ezaO7Bg4EqKy2j-ADKkAyTQA3SqMuH8tJPPfGQ&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C970%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=1&uci=1.lv4nnqyox4yq&fsb=1&dtd=213
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:829::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

GET
H3 200 ufs_web_display.js Show response
www.googletagservices.com/activeview/js/current/ Frame 060B 202 KB
64 KB 47ms
46ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d00881661ce5e766ce98430f69d6d217ab80bdfa98811e039afc92a327d57a68

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Sat, 18 Nov 2023 12:03:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 65070
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1700193896630564"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 18 Nov 2023 12:03:39 GMT

GET
H2 200 a6de5423b7c632060e8f86136bd5d27a.js Show response
www.gstatic.com/mysidia/ Frame 060B 37 KB
15 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:806::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/a6de5423b7c632060e8f86136bd5d27a.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0c21f21f7b1658ed6ab5c0461020a21d62f9e0a7cd7cf3d9e6ef61a2c481f31e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Fri, 17 Nov 2023 09:24:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 95930
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15478
x-xss-protection: 0
last-modified: Tue, 14 Nov 2023 14:10:21 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Thu, 15 Feb 2024 09:24:49 GMT

GET
H3 200 rar Show response
as.ad4m.at/ad/ Frame BFE4 9 KB
4 KB 38ms
37ms Document
text/html 2606:4700:20::681a:bd1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://as.ad4m.at/ad/rar?a=23576%2C19769%2C117569&b=YX1Hrf15spBpHVH9HetQtRR8cAT1T6mHr%2C2xqt6fRQfDrbSVHWHkt8txZPcWT7TEYcg%2CApEhYf9mueRQdhAHRH4tkt3D6c7T4T1Ec9&f=qDRUmfD7H757CZHgHDtRCXXxaPTgTVZF3%2C4BxHEf1Ks2P6fGH9HdtzCmwPFZTpTjRHK%2CMYrCzfjQsGkwrSWHEHGtQCDkPF9T4T2gu3&c=120&d=600&e=&g=5c6246739380ff4ca0b05413f9f052e8%2F11311168656511010473&i=20774%2C21630%2C29981&j=14%2C16%2C16&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach13_BlackFridayPush&r=1700309019696&h=https%3A%2F%2Fas.ad4m.at%2Fdct%3Fed%3D1hcj519efmfzfj26axg5heycq21yq5h8v7d6z5j99ahjgn1jcy91j22h4kphsea8k499j7jenwva59kqm5m969v75jcqfczedjcjqra7zm68yjvt71yfcznr2dhxcsbfsbrbnvfgy3fw956afsvd5j5n3kdenanzdwfbdhnebhgtp1x72dykt15rh2ssm3zcm7vw1m8qv8e2qbpsxnf0tczb4a8m2w8qy11j7hj61bh4nhmfprkqrg41g4re1xq9p9ydtj1vff4n4nx3n8h0%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DC591tG6hYZbjXA72v5LcPn_SFuASQ4YGEXLaoworwAsCNtwEQASAAYJXikIKgB4IBF2NhLXB1Yi01Njc3MzQ5MTMzNTA4NzM5yAEJqQImacesD1CyPqgDAcgDAqoEygFP0CCdjpfdt3weGszg1eopW6c3nU-DnQW_ulEb9k2Yt6U5uLb9zj96L0gNnI0EOOAqY2pZTzt2YnmT8DcogHlIMlQpVwPu5V_c_nLfpHYQhpiA9Cu46407SA7Q6qvz4vcEX_k_hcp6q8A31yRAoyvOQ1nqBrQLosDfD7Fy3zAoNmlRP66GgB9aAQDRWgQxfBDIuJ_VzYrGWYtrlk6Cg64eAC89eu1DSP8kaIv8dnhlVtLE2Qm3APnG2ilCsCRSNIfYuY5Otp_SxPcIgAa4nvrVpfLFg9YBoAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIFAiA4YAQEAEyAqoCOgKAQEi9_cE6-gsCCAGADAHQFQGAFwE%2526num%253D1%2526sig%253DAOD64_1aIb8ng9LutqtYaI3RgO0EYBu3ng%2526client%253Dca-pub-5677349133508739%2526adurl%253D&y=1&s=&z=0

Requested by

Host: ad4m.at
URL: https://ad4m.at/r62eglto.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::681a:bd1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

29f618a7f02a6d894d2d6d85ee4bd5133fc05f95c03cfa0ac3ac0438f7f54f58

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; report-to report-endpoint;report-uri /ad/rcv; upgrade-insecure-requests;sandbox allow-scripts allow-same-origin allow-popups allow-popups-to-escape-sandbox;base-uri https:;child-src ;connect-src https:;default-src 'self';font-src ;form-action 'none';frame-src ;img-src https: data:;manifest-src 'none';media-src 'none';object-src 'none';worker-src 'none';script-src https: 'unsafe-inline' 'unsafe-eval';style-src 'unsafe-inline'
Strict-Transport-Security	max-age=86400; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://as.ad4m.at/ad/dr?ed=1jg9ngq5s4mafyba71gg1pc3tz9mtgfd4veyhww57zen98gefd4pw6ss5bq7dspam48mx6xwajdddyeay3sm0zznsj8fynvamgc0rfb0fvgqmrm5rs984nefqcxyqp48fcyas09td25reerjh4hhvh8df2dh0wnnh61vrppem2jxs15a3p0yrqkjew6nyxb2hkkm7m0q3tezhk204qqymhwjhwx6cb3mk3mkhpe77kvhsxv3dv1bdsdjn2b30mq394z7hsgdzyhe69vpaw6cyxb6b9p7x9bs3drwhzb9x0085re7523zfrcyx2p9h5m0fdn3ay6753yt8ej4g7q0bq4xep2tzkxh05ww3kscbwmkx4z37z7hje2zpm8prf0x71ht1jspp6rwkwaqa7xfzqzjjypmw875dk7h8fh1hj54z0rphbzz2&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC591tG6hYZbjXA72v5LcPn_SFuASQ4YGEXLaoworwAsCNtwEQASAAYJXikIKgB4IBF2NhLXB1Yi01Njc3MzQ5MTMzNTA4NzM5yAEJqQImacesD1CyPqgDAcgDAqoEygFP0CCdjpfdt3weGszg1eopW6c3nU-DnQW_ulEb9k2Yt6U5uLb9zj96L0gNnI0EOOAqY2pZTzt2YnmT8DcogHlIMlQpVwPu5V_c_nLfpHYQhpiA9Cu46407SA7Q6qvz4vcEX_k_hcp6q8A31yRAoyvOQ1nqBrQLosDfD7Fy3zAoNmlRP66GgB9aAQDRWgQxfBDIuJ_VzYrGWYtrlk6Cg64eAC89eu1DSP8kaIv8dnhlVtLE2Qm3APnG2ilCsCRSNIfYuY5Otp_SxPcIgAa4nvrVpfLFg9YBoAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIFAiA4YAQEAEyAqoCOgKAQEi9_cE6-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_1aIb8ng9LutqtYaI3RgO0EYBu3ng%26client%3Dca-pub-5677349133508739%26adurl%3D
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate
cf-cache-status: DYNAMIC
cf-ray: 8280124d5b945b2c-FRA
content-encoding: br
content-security-policy: block-all-mixed-content; report-to report-endpoint;report-uri /ad/rcv; upgrade-insecure-requests;sandbox allow-scripts allow-same-origin allow-popups allow-popups-to-escape-sandbox;base-uri https:;child-src *;connect-src https:;default-src 'self';font-src *;form-action 'none';frame-src *;img-src https: data:;manifest-src 'none';media-src 'none';object-src 'none';worker-src 'none';script-src https: 'unsafe-inline' 'unsafe-eval';style-src * 'unsafe-inline'
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: unsafe-none
cross-origin-opener-policy: unsafe-none
cross-origin-resource-policy: cross-origin
date: Sat, 18 Nov 2023 12:03:39 GMT
expires: 0
nel: {"failure_fraction":"1.0","max_age":86400,"report_to":"report-endpoint","success_fraction":"0.0","include_subdomains":true}
permissions-policy: accelerometer=(),autoplay=(self),camera=(),display-capture=(),encrypted-media=(self),fullscreen=(),gamepad=(),geolocation=(),gyroscope=(),hid=(),identity-credentials-get=(),idle-detection=*,local-fonts=*,magnetometer=(),microphone=(),midi=(),otp-credentials=(),payment=(),picture-in-picture=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=(),web-share=*,xr-spatial-tracking=()
pragma: no-cache
referrer-policy: same-origin
report-to: {"endpoints":[{"url":"/ad/vre"}],"group":"report-endpoint","max_age":86400}
server: cloudflare
strict-transport-security: max-age=86400; includeSubDomains; preload
surrogate-control: no-store
vary: accept-encoding
via: 1.1 google
x-content-type-options: nosniff
x-download-options: noopen
x-xss-protection: 1; mode=block

GET
H3 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame FCED 143 B
166 B 18ms
15ms Document
text/html 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5677349133508739&output=html&h=90&slotname=4706457386&adk=4108698210&adf=3173046727&pi=t.ma~as.4706457386&w=970&format=970x90&url=https%3A%2F%2Fbfa.herodamage.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1700309018930&bpp=4&bdt=123&idt=166&shv=r20231109&mjsv=m202311150101&ptt=9&saldr=aa&correlator=2401878791743&frm=24&ife=3&pv=2&ga_vid=1854778231.1700309019&ga_sid=1700309019&ga_hid=1334383617&ga_fc=0&nhd=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=970&ish=90&ifk=1083495207&scr_x=-12245933&scr_y=-12245933&eid=44759875%2C44759926%2C31079437%2C31079606%2C42532265%2C44795922%2C44809317%2C31078297%2C31079757%2C44807764%2C44808149%2C44808285%2C44809053&oid=2&pvsid=589745120229187&tmod=810727195&uas=0&nvt=1&etu=AA-V4qMZOgiCtPIjdJOUQQONkWOdFRMkM73TdY2nvRGSf9W2ezaO7Bg4EqKy2j-ADKkAyTQA3SqMuH8tJPPfGQ&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C970%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=1&uci=1.lv4nnqyox4yq&fsb=1&dtd=213
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 3109
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=3600
content-encoding: gzip
content-length: 145
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sat, 18 Nov 2023 11:11:50 GMT
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame DAAF 1 KB
644 B 11ms
11ms Document
text/html 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 9504
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sat, 18 Nov 2023 09:25:15 GMT
etag: 48472445140208031
expires: Sun, 19 Nov 2023 09:25:15 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame 060B 217 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: bfa45c2447ef138fbcc490d0ba14eb2d79093735da57013261c1a2f7ce2ef779

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 default.css
as.ad4m.at/ad/style/0.1.50/one-ad/ Frame BFE4 115 KB
14 KB 23ms
21ms Stylesheet
text/css 2606:4700:20::681a:bd1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://as.ad4m.at/ad/style/0.1.50/one-ad/default.css
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=23576%2C19769%2C117569&b=YX1Hrf15spBpHVH9HetQtRR8cAT1T6mHr%2C2xqt6fRQfDrbSVHWHkt8txZPcWT7TEYcg%2CApEhYf9mueRQdhAHRH4tkt3D6c7T4T1Ec9&f=qDRUmfD7H757CZHgHDtRCXXxaPTgTVZF3%2C4BxHEf1Ks2P6fGH9HdtzCmwPFZTpTjRHK%2CMYrCzfjQsGkwrSWHEHGtQCDkPF9T4T2gu3&c=120&d=600&e=&g=5c6246739380ff4ca0b05413f9f052e8%2F11311168656511010473&i=20774%2C21630%2C29981&j=14%2C16%2C16&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach13_BlackFridayPush&r=1700309019696&h=https%3A%2F%2Fas.ad4m.at%2Fdct%3Fed%3D1hcj519efmfzfj26axg5heycq21yq5h8v7d6z5j99ahjgn1jcy91j22h4kphsea8k499j7jenwva59kqm5m969v75jcqfczedjcjqra7zm68yjvt71yfcznr2dhxcsbfsbrbnvfgy3fw956afsvd5j5n3kdenanzdwfbdhnebhgtp1x72dykt15rh2ssm3zcm7vw1m8qv8e2qbpsxnf0tczb4a8m2w8qy11j7hj61bh4nhmfprkqrg41g4re1xq9p9ydtj1vff4n4nx3n8h0%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DC591tG6hYZbjXA72v5LcPn_SFuASQ4YGEXLaoworwAsCNtwEQASAAYJXikIKgB4IBF2NhLXB1Yi01Njc3MzQ5MTMzNTA4NzM5yAEJqQImacesD1CyPqgDAcgDAqoEygFP0CCdjpfdt3weGszg1eopW6c3nU-DnQW_ulEb9k2Yt6U5uLb9zj96L0gNnI0EOOAqY2pZTzt2YnmT8DcogHlIMlQpVwPu5V_c_nLfpHYQhpiA9Cu46407SA7Q6qvz4vcEX_k_hcp6q8A31yRAoyvOQ1nqBrQLosDfD7Fy3zAoNmlRP66GgB9aAQDRWgQxfBDIuJ_VzYrGWYtrlk6Cg64eAC89eu1DSP8kaIv8dnhlVtLE2Qm3APnG2ilCsCRSNIfYuY5Otp_SxPcIgAa4nvrVpfLFg9YBoAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIFAiA4YAQEAEyAqoCOgKAQEi9_cE6-gsCCAGADAHQFQGAFwE%2526num%253D1%2526sig%253DAOD64_1aIb8ng9LutqtYaI3RgO0EYBu3ng%2526client%253Dca-pub-5677349133508739%2526adurl%253D&y=1&s=&z=0
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::681a:bd1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5f5a0db09b2c7d59fce00d749f6b857d80edafcca6897c038c5b77fb942f1393

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://as.ad4m.at/ad/rar?a=23576%2C19769%2C117569&b=YX1Hrf15spBpHVH9HetQtRR8cAT1T6mHr%2C2xqt6fRQfDrbSVHWHkt8txZPcWT7TEYcg%2CApEhYf9mueRQdhAHRH4tkt3D6c7T4T1Ec9&f=qDRUmfD7H757CZHgHDtRCXXxaPTgTVZF3%2C4BxHEf1Ks2P6fGH9HdtzCmwPFZTpTjRHK%2CMYrCzfjQsGkwrSWHEHGtQCDkPF9T4T2gu3&c=120&d=600&e=&g=5c6246739380ff4ca0b05413f9f052e8%2F11311168656511010473&i=20774%2C21630%2C29981&j=14%2C16%2C16&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach13_BlackFridayPush&r=1700309019696&h=https%3A%2F%2Fas.ad4m.at%2Fdct%3Fed%3D1hcj519efmfzfj26axg5heycq21yq5h8v7d6z5j99ahjgn1jcy91j22h4kphsea8k499j7jenwva59kqm5m969v75jcqfczedjcjqra7zm68yjvt71yfcznr2dhxcsbfsbrbnvfgy3fw956afsvd5j5n3kdenanzdwfbdhnebhgtp1x72dykt15rh2ssm3zcm7vw1m8qv8e2qbpsxnf0tczb4a8m2w8qy11j7hj61bh4nhmfprkqrg41g4re1xq9p9ydtj1vff4n4nx3n8h0%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DC591tG6hYZbjXA72v5LcPn_SFuASQ4YGEXLaoworwAsCNtwEQASAAYJXikIKgB4IBF2NhLXB1Yi01Njc3MzQ5MTMzNTA4NzM5yAEJqQImacesD1CyPqgDAcgDAqoEygFP0CCdjpfdt3weGszg1eopW6c3nU-DnQW_ulEb9k2Yt6U5uLb9zj96L0gNnI0EOOAqY2pZTzt2YnmT8DcogHlIMlQpVwPu5V_c_nLfpHYQhpiA9Cu46407SA7Q6qvz4vcEX_k_hcp6q8A31yRAoyvOQ1nqBrQLosDfD7Fy3zAoNmlRP66GgB9aAQDRWgQxfBDIuJ_VzYrGWYtrlk6Cg64eAC89eu1DSP8kaIv8dnhlVtLE2Qm3APnG2ilCsCRSNIfYuY5Otp_SxPcIgAa4nvrVpfLFg9YBoAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIFAiA4YAQEAEyAqoCOgKAQEi9_cE6-gsCCAGADAHQFQGAFwE%2526num%253D1%2526sig%253DAOD64_1aIb8ng9LutqtYaI3RgO0EYBu3ng%2526client%253Dca-pub-5677349133508739%2526adurl%253D&y=1&s=&z=0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Sat, 18 Nov 2023 12:03:39 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 555239
cf-polished: origSize=118430
alt-svc: h3=":443"; ma=86400
cf-bgj: minify
last-modified: Thu, 02 Nov 2023 10:26:17 GMT
server: cloudflare
etag: W/"486507ccce9ac587d11c0ef3f32a109a"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YRQ1dbO03GAbQrtNPpCXgaFAHXGKOJpj4wlWYH6LqTEt%2BVTUbSRqVUWMbPNdXtQTrWnOA2kKFgdGxm0zIbDPiYantuIxgNuVUaO2%2BghBBx1Tztb%2FiJ2Dzvim94ZjXX8c9I8ZntLVDGo%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: public, max-age=86400
cf-ray: 8280124dabdb5b2c-FRA
expires: Sun, 19 Nov 2023 12:03:39 GMT

GET
H2 200 D694B3AB12381C049B127B34DC11A792684BA8B6EE8B598D6E4045678591B7D0DC6B2CEF7528F06BB05FC11826A1D16CF24DA68FCFC2416343996FBFC05A3155
assets.ad4m.at/logo/ Frame BFE4 8 KB
8 KB 52ms
17ms Image
image/webp 2606:4700:20::681a:bd1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.ad4m.at/logo/D694B3AB12381C049B127B34DC11A792684BA8B6EE8B598D6E4045678591B7D0DC6B2CEF7528F06BB05FC11826A1D16CF24DA68FCFC2416343996FBFC05A3155
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=23576%2C19769%2C117569&b=YX1Hrf15spBpHVH9HetQtRR8cAT1T6mHr%2C2xqt6fRQfDrbSVHWHkt8txZPcWT7TEYcg%2CApEhYf9mueRQdhAHRH4tkt3D6c7T4T1Ec9&f=qDRUmfD7H757CZHgHDtRCXXxaPTgTVZF3%2C4BxHEf1Ks2P6fGH9HdtzCmwPFZTpTjRHK%2CMYrCzfjQsGkwrSWHEHGtQCDkPF9T4T2gu3&c=120&d=600&e=&g=5c6246739380ff4ca0b05413f9f052e8%2F11311168656511010473&i=20774%2C21630%2C29981&j=14%2C16%2C16&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach13_BlackFridayPush&r=1700309019696&h=https%3A%2F%2Fas.ad4m.at%2Fdct%3Fed%3D1hcj519efmfzfj26axg5heycq21yq5h8v7d6z5j99ahjgn1jcy91j22h4kphsea8k499j7jenwva59kqm5m969v75jcqfczedjcjqra7zm68yjvt71yfcznr2dhxcsbfsbrbnvfgy3fw956afsvd5j5n3kdenanzdwfbdhnebhgtp1x72dykt15rh2ssm3zcm7vw1m8qv8e2qbpsxnf0tczb4a8m2w8qy11j7hj61bh4nhmfprkqrg41g4re1xq9p9ydtj1vff4n4nx3n8h0%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DC591tG6hYZbjXA72v5LcPn_SFuASQ4YGEXLaoworwAsCNtwEQASAAYJXikIKgB4IBF2NhLXB1Yi01Njc3MzQ5MTMzNTA4NzM5yAEJqQImacesD1CyPqgDAcgDAqoEygFP0CCdjpfdt3weGszg1eopW6c3nU-DnQW_ulEb9k2Yt6U5uLb9zj96L0gNnI0EOOAqY2pZTzt2YnmT8DcogHlIMlQpVwPu5V_c_nLfpHYQhpiA9Cu46407SA7Q6qvz4vcEX_k_hcp6q8A31yRAoyvOQ1nqBrQLosDfD7Fy3zAoNmlRP66GgB9aAQDRWgQxfBDIuJ_VzYrGWYtrlk6Cg64eAC89eu1DSP8kaIv8dnhlVtLE2Qm3APnG2ilCsCRSNIfYuY5Otp_SxPcIgAa4nvrVpfLFg9YBoAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIFAiA4YAQEAEyAqoCOgKAQEi9_cE6-gsCCAGADAHQFQGAFwE%2526num%253D1%2526sig%253DAOD64_1aIb8ng9LutqtYaI3RgO0EYBu3ng%2526client%253Dca-pub-5677349133508739%2526adurl%253D&y=1&s=&z=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:bd1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4275ee4b58a39dcbd59ebeb2c806cb7afc45bde82e90daf14808b64702ad40b7

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Sat, 18 Nov 2023 12:03:39 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 663172
cf-polished: qual=85, origFmt=jpeg, origSize=12951
alt-svc: h3=":443"; ma=86400
content-length: 7758
cf-bgj: imgq:85,h2pri
last-modified: Fri, 20 Oct 2023 22:22:01 GMT
server: cloudflare
etag: "12e3523b35b31c7ddfe7c77dcdb14a34"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hKWPpJK8LqqZ8qAjlbOsvb5FIICPVvobxX6EGhVoKDxsyXEA2pcgi0GdGaEVuE6yk40ZaFzEL%2FqI%2FJumoFKzbnaxpEeAHOn4TO%2BS8eahxYMXQiI5%2B9FpuCnXSX1esRrNJq8CZYlEUdAhELGk"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cache-control: public, max-age=315360000, immutable
accept-ranges: bytes
cf-ray: 8280124de8019219-FRA

GET
H2 200 F62A1DE9558535D0FF655677BD09A3CC277ACE3637CF682E0D52C0F5BBA2668E34C6194AEF65CBBC1F6ECA33D1332A3C8BE1215EA4AB0FD0FBE5F5B485AF1875
assets.ad4m.at/product_image/ Frame BFE4 20 KB
21 KB 60ms
26ms Image
image/webp 2606:4700:20::681a:bd1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.ad4m.at/product_image/F62A1DE9558535D0FF655677BD09A3CC277ACE3637CF682E0D52C0F5BBA2668E34C6194AEF65CBBC1F6ECA33D1332A3C8BE1215EA4AB0FD0FBE5F5B485AF1875
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=23576%2C19769%2C117569&b=YX1Hrf15spBpHVH9HetQtRR8cAT1T6mHr%2C2xqt6fRQfDrbSVHWHkt8txZPcWT7TEYcg%2CApEhYf9mueRQdhAHRH4tkt3D6c7T4T1Ec9&f=qDRUmfD7H757CZHgHDtRCXXxaPTgTVZF3%2C4BxHEf1Ks2P6fGH9HdtzCmwPFZTpTjRHK%2CMYrCzfjQsGkwrSWHEHGtQCDkPF9T4T2gu3&c=120&d=600&e=&g=5c6246739380ff4ca0b05413f9f052e8%2F11311168656511010473&i=20774%2C21630%2C29981&j=14%2C16%2C16&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach13_BlackFridayPush&r=1700309019696&h=https%3A%2F%2Fas.ad4m.at%2Fdct%3Fed%3D1hcj519efmfzfj26axg5heycq21yq5h8v7d6z5j99ahjgn1jcy91j22h4kphsea8k499j7jenwva59kqm5m969v75jcqfczedjcjqra7zm68yjvt71yfcznr2dhxcsbfsbrbnvfgy3fw956afsvd5j5n3kdenanzdwfbdhnebhgtp1x72dykt15rh2ssm3zcm7vw1m8qv8e2qbpsxnf0tczb4a8m2w8qy11j7hj61bh4nhmfprkqrg41g4re1xq9p9ydtj1vff4n4nx3n8h0%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DC591tG6hYZbjXA72v5LcPn_SFuASQ4YGEXLaoworwAsCNtwEQASAAYJXikIKgB4IBF2NhLXB1Yi01Njc3MzQ5MTMzNTA4NzM5yAEJqQImacesD1CyPqgDAcgDAqoEygFP0CCdjpfdt3weGszg1eopW6c3nU-DnQW_ulEb9k2Yt6U5uLb9zj96L0gNnI0EOOAqY2pZTzt2YnmT8DcogHlIMlQpVwPu5V_c_nLfpHYQhpiA9Cu46407SA7Q6qvz4vcEX_k_hcp6q8A31yRAoyvOQ1nqBrQLosDfD7Fy3zAoNmlRP66GgB9aAQDRWgQxfBDIuJ_VzYrGWYtrlk6Cg64eAC89eu1DSP8kaIv8dnhlVtLE2Qm3APnG2ilCsCRSNIfYuY5Otp_SxPcIgAa4nvrVpfLFg9YBoAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIFAiA4YAQEAEyAqoCOgKAQEi9_cE6-gsCCAGADAHQFQGAFwE%2526num%253D1%2526sig%253DAOD64_1aIb8ng9LutqtYaI3RgO0EYBu3ng%2526client%253Dca-pub-5677349133508739%2526adurl%253D&y=1&s=&z=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:bd1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8be82f349b2994d7f0ed7fcba5e50ffb8a960f135e513b34730af4578cab9883

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Sat, 18 Nov 2023 12:03:39 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 543107
cf-polished: qual=85, origFmt=jpeg, origSize=23329
alt-svc: h3=":443"; ma=86400
content-length: 20802
cf-bgj: imgq:85,h2pri
last-modified: Tue, 31 Oct 2023 16:54:32 GMT
server: cloudflare
etag: "e320c43993ae8577c544483e96756c59"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mpLVD5lYMw26MkiI3sRJOCxygPH4Ykie%2B73jCzP7vSGcrxUrtb0jXXdsBI5UVxZFz8Fbs32rDneb9I6t19xxL7pUO6U2RmTn5JKLGby6tG4GmPhTRwxQSBycr5Dsiyhf7W1%2B70iRQwuUq1S2"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cache-control: public, max-age=315360000, immutable
accept-ranges: bytes
cf-ray: 8280124de8069219-FRA

GET
H/1.1

200
OK

/
partner.o2online.de/a/ Frame BFE4
Redirect Chain

https://ad.doubleclick.net/ddm/trackimp/N773418.3417549O2_AFFILIATE/B25220131.345081615;dc_trk_aid=536683351;dc_trk_cid=176936761;ord=%7B%7Btimestamp%7D%7D;dc_lat=;dc_rdid=;tag_for_child_directed_t...
https://ad.doubleclick.net/ddm/trackimp/N773418.3417549O2_AFFILIATE/B25220131.345081615;dc_pre=CMqxitnAzYIDFT_wEQgdvj0Cpw;dc_trk_aid=536683351;dc_trk_cid=176936761;ord=%7B%7Btimestamp%7D%7D;dc_lat=...
https://www.telefonica-partner.de/tpv.php?t=120211V1226132702M&subid=viewoneidYX1Hrf15spBpHVH9HetQtRR8cAT1T6mHroneid__suite_Netmix_Reach13_BlackFridayPush&gdpr_consent=&gdpr=0&gdpr_pd=0
https://www.lead-alliance.net/tpv.php?t=120211V1226132702M&subid=viewoneidYX1Hrf15spBpHVH9HetQtRR8cAT1T6mHroneid__suite_Netmix_Reach13_BlackFridayPush&gdpr_consent=&gdpr=0&gdpr_pd=0
https://partner.o2online.de/a/?i=pview&client=o2&camp=pview&l=de&nw=lea1&affiliate=120211&s_id=2023111813033990628437083X120211V1226132702MSviewoneidYX1Hrf15spBpHVH9HetQtRR8cAT1T6mHroneid__suite_Ne...

49 B
1 KB

62ms
17ms

Image
image/gif

167.233.13.224
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://partner.o2online.de/a/?i=pview&client=o2&camp=pview&l=de&nw=lea1&affiliate=120211&s_id=2023111813033990628437083X120211V1226132702MSviewoneidYX1Hrf15spBpHVH9HetQtRR8cAT1T6mHroneid__suite_Netmix_Reach13_BlackFridayPush&gdpr_consent=&gdpr=0&cons=0&spid=2023111813033990628437083X120211V1226132702MSviewoneidYX1Hrf15spBpHVH9HetQtRR8cAT1T6mHroneid__suite_Netmix_Reach13_BlackFridayPush&wfid=120211&partnerid=12218
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=23576%2C19769%2C117569&b=YX1Hrf15spBpHVH9HetQtRR8cAT1T6mHr%2C2xqt6fRQfDrbSVHWHkt8txZPcWT7TEYcg%2CApEhYf9mueRQdhAHRH4tkt3D6c7T4T1Ec9&f=qDRUmfD7H757CZHgHDtRCXXxaPTgTVZF3%2C4BxHEf1Ks2P6fGH9HdtzCmwPFZTpTjRHK%2CMYrCzfjQsGkwrSWHEHGtQCDkPF9T4T2gu3&c=120&d=600&e=&g=5c6246739380ff4ca0b05413f9f052e8%2F11311168656511010473&i=20774%2C21630%2C29981&j=14%2C16%2C16&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach13_BlackFridayPush&r=1700309019696&h=https%3A%2F%2Fas.ad4m.at%2Fdct%3Fed%3D1hcj519efmfzfj26axg5heycq21yq5h8v7d6z5j99ahjgn1jcy91j22h4kphsea8k499j7jenwva59kqm5m969v75jcqfczedjcjqra7zm68yjvt71yfcznr2dhxcsbfsbrbnvfgy3fw956afsvd5j5n3kdenanzdwfbdhnebhgtp1x72dykt15rh2ssm3zcm7vw1m8qv8e2qbpsxnf0tczb4a8m2w8qy11j7hj61bh4nhmfprkqrg41g4re1xq9p9ydtj1vff4n4nx3n8h0%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DC591tG6hYZbjXA72v5LcPn_SFuASQ4YGEXLaoworwAsCNtwEQASAAYJXikIKgB4IBF2NhLXB1Yi01Njc3MzQ5MTMzNTA4NzM5yAEJqQImacesD1CyPqgDAcgDAqoEygFP0CCdjpfdt3weGszg1eopW6c3nU-DnQW_ulEb9k2Yt6U5uLb9zj96L0gNnI0EOOAqY2pZTzt2YnmT8DcogHlIMlQpVwPu5V_c_nLfpHYQhpiA9Cu46407SA7Q6qvz4vcEX_k_hcp6q8A31yRAoyvOQ1nqBrQLosDfD7Fy3zAoNmlRP66GgB9aAQDRWgQxfBDIuJ_VzYrGWYtrlk6Cg64eAC89eu1DSP8kaIv8dnhlVtLE2Qm3APnG2ilCsCRSNIfYuY5Otp_SxPcIgAa4nvrVpfLFg9YBoAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIFAiA4YAQEAEyAqoCOgKAQEi9_cE6-gsCCAGADAHQFQGAFwE%2526num%253D1%2526sig%253DAOD64_1aIb8ng9LutqtYaI3RgO0EYBu3ng%2526client%253Dca-pub-5677349133508739%2526adurl%253D&y=1&s=&z=0
Protocol: HTTP/1.1
Server: 167.233.13.224 Hallbergmoos, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.224.13.233.167.clients.your-server.de
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: 1cd58a827318c4a29b32a0db15c8c39d5651b42d8cad227519ad81bce4adb944

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date: Sat, 18 Nov 2023 12:03:40 GMT
X-NODEIP: 78.46.85.162
Server: nginx/1.14.0 (Ubuntu)
RM-PrivacyPolicy: https://www.nonstoppartner.net/
Content-Type: image/gif
P3P: policyref="https://a.nonstoppartner.net/w3c/p3p.a.xml", CP="NOI CUR OUR STP"
Connection: keep-alive
Keep-Alive: timeout=10
Content-Length: 49

Redirect headers

location: https://partner.o2online.de/a/?i=pview&client=o2&camp=pview&l=de&nw=lea1&affiliate=120211&s_id=2023111813033990628437083X120211V1226132702MSviewoneidYX1Hrf15spBpHVH9HetQtRR8cAT1T6mHroneid__suite_Netmix_Reach13_BlackFridayPush&gdpr_consent=&gdpr=0&cons=0&spid=2023111813033990628437083X120211V1226132702MSviewoneidYX1Hrf15spBpHVH9HetQtRR8cAT1T6mHroneid__suite_Netmix_Reach13_BlackFridayPush&wfid=120211&partnerid=12218
date: Sat, 18 Nov 2023 12:03:39 GMT
x-content-type-options: nosniff
server: nginx
x-xss-protection: 1; mode=block
content-type: text/html; charset=UTF-8

GET
H2 200 90E11D2E4CFB32857DB7C2E1317DD53401EA4F6F6F9CD68E6E871CA9D0C876402E8B3C561F20D09E5FFCF6D6F6634B28F60F47276020F60158747BE09B58F826
assets.ad4m.at/logo/ Frame BFE4 4 KB
5 KB 48ms
18ms Image
image/webp 2606:4700:20::681a:bd1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.ad4m.at/logo/90E11D2E4CFB32857DB7C2E1317DD53401EA4F6F6F9CD68E6E871CA9D0C876402E8B3C561F20D09E5FFCF6D6F6634B28F60F47276020F60158747BE09B58F826
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=23576%2C19769%2C117569&b=YX1Hrf15spBpHVH9HetQtRR8cAT1T6mHr%2C2xqt6fRQfDrbSVHWHkt8txZPcWT7TEYcg%2CApEhYf9mueRQdhAHRH4tkt3D6c7T4T1Ec9&f=qDRUmfD7H757CZHgHDtRCXXxaPTgTVZF3%2C4BxHEf1Ks2P6fGH9HdtzCmwPFZTpTjRHK%2CMYrCzfjQsGkwrSWHEHGtQCDkPF9T4T2gu3&c=120&d=600&e=&g=5c6246739380ff4ca0b05413f9f052e8%2F11311168656511010473&i=20774%2C21630%2C29981&j=14%2C16%2C16&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach13_BlackFridayPush&r=1700309019696&h=https%3A%2F%2Fas.ad4m.at%2Fdct%3Fed%3D1hcj519efmfzfj26axg5heycq21yq5h8v7d6z5j99ahjgn1jcy91j22h4kphsea8k499j7jenwva59kqm5m969v75jcqfczedjcjqra7zm68yjvt71yfcznr2dhxcsbfsbrbnvfgy3fw956afsvd5j5n3kdenanzdwfbdhnebhgtp1x72dykt15rh2ssm3zcm7vw1m8qv8e2qbpsxnf0tczb4a8m2w8qy11j7hj61bh4nhmfprkqrg41g4re1xq9p9ydtj1vff4n4nx3n8h0%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DC591tG6hYZbjXA72v5LcPn_SFuASQ4YGEXLaoworwAsCNtwEQASAAYJXikIKgB4IBF2NhLXB1Yi01Njc3MzQ5MTMzNTA4NzM5yAEJqQImacesD1CyPqgDAcgDAqoEygFP0CCdjpfdt3weGszg1eopW6c3nU-DnQW_ulEb9k2Yt6U5uLb9zj96L0gNnI0EOOAqY2pZTzt2YnmT8DcogHlIMlQpVwPu5V_c_nLfpHYQhpiA9Cu46407SA7Q6qvz4vcEX_k_hcp6q8A31yRAoyvOQ1nqBrQLosDfD7Fy3zAoNmlRP66GgB9aAQDRWgQxfBDIuJ_VzYrGWYtrlk6Cg64eAC89eu1DSP8kaIv8dnhlVtLE2Qm3APnG2ilCsCRSNIfYuY5Otp_SxPcIgAa4nvrVpfLFg9YBoAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIFAiA4YAQEAEyAqoCOgKAQEi9_cE6-gsCCAGADAHQFQGAFwE%2526num%253D1%2526sig%253DAOD64_1aIb8ng9LutqtYaI3RgO0EYBu3ng%2526client%253Dca-pub-5677349133508739%2526adurl%253D&y=1&s=&z=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:bd1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7df956c080a1bb3ed36decdc5b978505ddf07aa8d4b1b69e6ded3a9773464a2b

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Sat, 18 Nov 2023 12:03:39 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 667709
cf-polished: qual=85, origFmt=jpeg, origSize=7258
alt-svc: h3=":443"; ma=86400
content-length: 4294
cf-bgj: imgq:85,h2pri
last-modified: Wed, 01 Nov 2023 09:56:16 GMT
server: cloudflare
etag: "679602b08629bcaaabfcfad4e68fe53a"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=y4N4qu9in7kmkOTQPHf%2Ft4Qm%2F%2Bt2lJCHoO9tiy5k5IJmCMI1S3YvfS5lIhoBiaCYNb0HAwmHuPurIYPuwDmkzR%2FddZW3C4dyz4CrXg7ZjHhNYRZu2YItLe%2BVW5F%2BphRk61ianjX0sgXsQBa9"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cache-control: public, max-age=315360000, immutable
accept-ranges: bytes
cf-ray: 8280124de8039219-FRA

GET
H2 200 287435BEDBEF5210566F91ED2E6D57494D1CBA241E887A111712FB8ADF6747B3B44CBC7EE390AD74BB6985CDD69339A9B2EDEE7334ACD70F503D0812F8C7EBF1
assets.ad4m.at/ Frame BFE4 15 KB
16 KB 49ms
20ms Image
image/jpeg 2606:4700:20::681a:bd1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.ad4m.at/287435BEDBEF5210566F91ED2E6D57494D1CBA241E887A111712FB8ADF6747B3B44CBC7EE390AD74BB6985CDD69339A9B2EDEE7334ACD70F503D0812F8C7EBF1
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=23576%2C19769%2C117569&b=YX1Hrf15spBpHVH9HetQtRR8cAT1T6mHr%2C2xqt6fRQfDrbSVHWHkt8txZPcWT7TEYcg%2CApEhYf9mueRQdhAHRH4tkt3D6c7T4T1Ec9&f=qDRUmfD7H757CZHgHDtRCXXxaPTgTVZF3%2C4BxHEf1Ks2P6fGH9HdtzCmwPFZTpTjRHK%2CMYrCzfjQsGkwrSWHEHGtQCDkPF9T4T2gu3&c=120&d=600&e=&g=5c6246739380ff4ca0b05413f9f052e8%2F11311168656511010473&i=20774%2C21630%2C29981&j=14%2C16%2C16&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach13_BlackFridayPush&r=1700309019696&h=https%3A%2F%2Fas.ad4m.at%2Fdct%3Fed%3D1hcj519efmfzfj26axg5heycq21yq5h8v7d6z5j99ahjgn1jcy91j22h4kphsea8k499j7jenwva59kqm5m969v75jcqfczedjcjqra7zm68yjvt71yfcznr2dhxcsbfsbrbnvfgy3fw956afsvd5j5n3kdenanzdwfbdhnebhgtp1x72dykt15rh2ssm3zcm7vw1m8qv8e2qbpsxnf0tczb4a8m2w8qy11j7hj61bh4nhmfprkqrg41g4re1xq9p9ydtj1vff4n4nx3n8h0%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DC591tG6hYZbjXA72v5LcPn_SFuASQ4YGEXLaoworwAsCNtwEQASAAYJXikIKgB4IBF2NhLXB1Yi01Njc3MzQ5MTMzNTA4NzM5yAEJqQImacesD1CyPqgDAcgDAqoEygFP0CCdjpfdt3weGszg1eopW6c3nU-DnQW_ulEb9k2Yt6U5uLb9zj96L0gNnI0EOOAqY2pZTzt2YnmT8DcogHlIMlQpVwPu5V_c_nLfpHYQhpiA9Cu46407SA7Q6qvz4vcEX_k_hcp6q8A31yRAoyvOQ1nqBrQLosDfD7Fy3zAoNmlRP66GgB9aAQDRWgQxfBDIuJ_VzYrGWYtrlk6Cg64eAC89eu1DSP8kaIv8dnhlVtLE2Qm3APnG2ilCsCRSNIfYuY5Otp_SxPcIgAa4nvrVpfLFg9YBoAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIFAiA4YAQEAEyAqoCOgKAQEi9_cE6-gsCCAGADAHQFQGAFwE%2526num%253D1%2526sig%253DAOD64_1aIb8ng9LutqtYaI3RgO0EYBu3ng%2526client%253Dca-pub-5677349133508739%2526adurl%253D&y=1&s=&z=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:bd1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5c8aaf3a0a4a9840eef8109904bf9d8ca3cf0933567fc63c82f239b7bd344ce3

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Sat, 18 Nov 2023 12:03:39 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 537921
cf-polished: status=not_needed
alt-svc: h3=":443"; ma=86400
content-length: 15521
cf-bgj: imgq:85,h2pri
last-modified: Thu, 09 Nov 2023 08:09:52 GMT
server: cloudflare
etag: "269bd58060bc660c3aec98b388bae571"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=64pfi3qJlVs%2B94K6rb8efD3X9kFUMhpWfC0%2BgcgSPrs2oyDKnMLAeoRlRXV8EMOoM1NoyVgagXFdU3HW7DhWs%2B%2BuLUOJW%2BjFTiwyFtZ1ogcT3eahMVmWXXzoFfXlUZZUZvDbJlblvq5EbZvx"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: public, max-age=315360000, immutable
accept-ranges: bytes
cf-ray: 8280124de8049219-FRA

GET
H/1.1 200
OK cshow.php
www.awin1.com/ Frame BFE4 43 B
702 B 127ms
58ms Image
image/gif 92.123.148.9
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.awin1.com/cshow.php?s=2531885&v=14702&q=365825&r=412871&pv=1&pref3=oneid2xqt6fRQfDrbSVHWHkt8txZPcWT7TEYcgoneid__suite_Netmix_Reach13_BlackFridayPush&gdpr_consent=&gdpr=0&gdpr_pd=0

Requested by

Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=23576%2C19769%2C117569&b=YX1Hrf15spBpHVH9HetQtRR8cAT1T6mHr%2C2xqt6fRQfDrbSVHWHkt8txZPcWT7TEYcg%2CApEhYf9mueRQdhAHRH4tkt3D6c7T4T1Ec9&f=qDRUmfD7H757CZHgHDtRCXXxaPTgTVZF3%2C4BxHEf1Ks2P6fGH9HdtzCmwPFZTpTjRHK%2CMYrCzfjQsGkwrSWHEHGtQCDkPF9T4T2gu3&c=120&d=600&e=&g=5c6246739380ff4ca0b05413f9f052e8%2F11311168656511010473&i=20774%2C21630%2C29981&j=14%2C16%2C16&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach13_BlackFridayPush&r=1700309019696&h=https%3A%2F%2Fas.ad4m.at%2Fdct%3Fed%3D1hcj519efmfzfj26axg5heycq21yq5h8v7d6z5j99ahjgn1jcy91j22h4kphsea8k499j7jenwva59kqm5m969v75jcqfczedjcjqra7zm68yjvt71yfcznr2dhxcsbfsbrbnvfgy3fw956afsvd5j5n3kdenanzdwfbdhnebhgtp1x72dykt15rh2ssm3zcm7vw1m8qv8e2qbpsxnf0tczb4a8m2w8qy11j7hj61bh4nhmfprkqrg41g4re1xq9p9ydtj1vff4n4nx3n8h0%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DC591tG6hYZbjXA72v5LcPn_SFuASQ4YGEXLaoworwAsCNtwEQASAAYJXikIKgB4IBF2NhLXB1Yi01Njc3MzQ5MTMzNTA4NzM5yAEJqQImacesD1CyPqgDAcgDAqoEygFP0CCdjpfdt3weGszg1eopW6c3nU-DnQW_ulEb9k2Yt6U5uLb9zj96L0gNnI0EOOAqY2pZTzt2YnmT8DcogHlIMlQpVwPu5V_c_nLfpHYQhpiA9Cu46407SA7Q6qvz4vcEX_k_hcp6q8A31yRAoyvOQ1nqBrQLosDfD7Fy3zAoNmlRP66GgB9aAQDRWgQxfBDIuJ_VzYrGWYtrlk6Cg64eAC89eu1DSP8kaIv8dnhlVtLE2Qm3APnG2ilCsCRSNIfYuY5Otp_SxPcIgAa4nvrVpfLFg9YBoAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIFAiA4YAQEAEyAqoCOgKAQEi9_cE6-gsCCAGADAHQFQGAFwE%2526num%253D1%2526sig%253DAOD64_1aIb8ng9LutqtYaI3RgO0EYBu3ng%2526client%253Dca-pub-5677349133508739%2526adurl%253D&y=1&s=&z=0

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

92.123.148.9 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a92-123-148-9.deploy.static.akamaitechnologies.com

Software

Resource Hash

2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 18 Nov 2023 12:03:39 GMT
Strict-Transport-Security: max-age=86400
Node: Helix
Content-Type: image/gif
P3P: policyref="http://www.awin1.com/w3c/p3p.xml", CP="NOI NID CURa ADMa PSAa HISa OUR IND UNI PUR COM NAV"
Cache-Control: no-store, no-cache, max-age=0, must-revalidate
Awin-Akamai-Rule-Set: default
Connection: keep-alive
Content-Length: 43
Expires: 0

GET
H2 200 A0843E9156C9D7335C02FDBAB8781B4AFFEEE9E59ABD085E1EDF62037D970710A817E95DBBFD727CE4E28B26524C9A8F4A33EB1E826BD3A7B2541F094E39D266
assets.ad4m.at/logo/ Frame BFE4 2 KB
2 KB 64ms
35ms Image
image/webp 2606:4700:20::681a:bd1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.ad4m.at/logo/A0843E9156C9D7335C02FDBAB8781B4AFFEEE9E59ABD085E1EDF62037D970710A817E95DBBFD727CE4E28B26524C9A8F4A33EB1E826BD3A7B2541F094E39D266
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=23576%2C19769%2C117569&b=YX1Hrf15spBpHVH9HetQtRR8cAT1T6mHr%2C2xqt6fRQfDrbSVHWHkt8txZPcWT7TEYcg%2CApEhYf9mueRQdhAHRH4tkt3D6c7T4T1Ec9&f=qDRUmfD7H757CZHgHDtRCXXxaPTgTVZF3%2C4BxHEf1Ks2P6fGH9HdtzCmwPFZTpTjRHK%2CMYrCzfjQsGkwrSWHEHGtQCDkPF9T4T2gu3&c=120&d=600&e=&g=5c6246739380ff4ca0b05413f9f052e8%2F11311168656511010473&i=20774%2C21630%2C29981&j=14%2C16%2C16&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach13_BlackFridayPush&r=1700309019696&h=https%3A%2F%2Fas.ad4m.at%2Fdct%3Fed%3D1hcj519efmfzfj26axg5heycq21yq5h8v7d6z5j99ahjgn1jcy91j22h4kphsea8k499j7jenwva59kqm5m969v75jcqfczedjcjqra7zm68yjvt71yfcznr2dhxcsbfsbrbnvfgy3fw956afsvd5j5n3kdenanzdwfbdhnebhgtp1x72dykt15rh2ssm3zcm7vw1m8qv8e2qbpsxnf0tczb4a8m2w8qy11j7hj61bh4nhmfprkqrg41g4re1xq9p9ydtj1vff4n4nx3n8h0%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DC591tG6hYZbjXA72v5LcPn_SFuASQ4YGEXLaoworwAsCNtwEQASAAYJXikIKgB4IBF2NhLXB1Yi01Njc3MzQ5MTMzNTA4NzM5yAEJqQImacesD1CyPqgDAcgDAqoEygFP0CCdjpfdt3weGszg1eopW6c3nU-DnQW_ulEb9k2Yt6U5uLb9zj96L0gNnI0EOOAqY2pZTzt2YnmT8DcogHlIMlQpVwPu5V_c_nLfpHYQhpiA9Cu46407SA7Q6qvz4vcEX_k_hcp6q8A31yRAoyvOQ1nqBrQLosDfD7Fy3zAoNmlRP66GgB9aAQDRWgQxfBDIuJ_VzYrGWYtrlk6Cg64eAC89eu1DSP8kaIv8dnhlVtLE2Qm3APnG2ilCsCRSNIfYuY5Otp_SxPcIgAa4nvrVpfLFg9YBoAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIFAiA4YAQEAEyAqoCOgKAQEi9_cE6-gsCCAGADAHQFQGAFwE%2526num%253D1%2526sig%253DAOD64_1aIb8ng9LutqtYaI3RgO0EYBu3ng%2526client%253Dca-pub-5677349133508739%2526adurl%253D&y=1&s=&z=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:bd1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: bfe58c3e4f67928f320950cb05524dc012abf7ab1096958560101be80f83d447

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Sat, 18 Nov 2023 12:03:39 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 444303
cf-polished: origFmt=png, origSize=2170
alt-svc: h3=":443"; ma=86400
content-length: 1662
cf-bgj: imgq:85,h2pri
last-modified: Mon, 13 Nov 2023 08:38:25 GMT
server: cloudflare
etag: "4721aa7c2d5fa652c8092463f9a485bd"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=59Kk5yZqY4qqVfiMVdGmj%2BLwR1CdebcQMHM5TGmr3n4X1rjG7sw1lIUrsTUS%2Bf9Z0Skf1d2gyFTOQrNnpUy0Am5BaK%2Bb3zov0ujXx29cSbUGbaGSr9paX1j410Voc6%2FVUsHkEXr8WFJ3etVB"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cache-control: public, max-age=315360000, immutable
accept-ranges: bytes
cf-ray: 8280124de8079219-FRA

GET
H2 200 B4A4D4AE24A1FC5067FA06DB00E21DA5A143F663CF3153C1D2812B519806D793E1E07140C733352966C6C7C037FF39882FAEB141999BF28A93837E2C21DB35B1
assets.ad4m.at/ Frame BFE4 23 KB
23 KB 64ms
36ms Image
image/jpeg 2606:4700:20::681a:bd1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.ad4m.at/B4A4D4AE24A1FC5067FA06DB00E21DA5A143F663CF3153C1D2812B519806D793E1E07140C733352966C6C7C037FF39882FAEB141999BF28A93837E2C21DB35B1
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=23576%2C19769%2C117569&b=YX1Hrf15spBpHVH9HetQtRR8cAT1T6mHr%2C2xqt6fRQfDrbSVHWHkt8txZPcWT7TEYcg%2CApEhYf9mueRQdhAHRH4tkt3D6c7T4T1Ec9&f=qDRUmfD7H757CZHgHDtRCXXxaPTgTVZF3%2C4BxHEf1Ks2P6fGH9HdtzCmwPFZTpTjRHK%2CMYrCzfjQsGkwrSWHEHGtQCDkPF9T4T2gu3&c=120&d=600&e=&g=5c6246739380ff4ca0b05413f9f052e8%2F11311168656511010473&i=20774%2C21630%2C29981&j=14%2C16%2C16&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach13_BlackFridayPush&r=1700309019696&h=https%3A%2F%2Fas.ad4m.at%2Fdct%3Fed%3D1hcj519efmfzfj26axg5heycq21yq5h8v7d6z5j99ahjgn1jcy91j22h4kphsea8k499j7jenwva59kqm5m969v75jcqfczedjcjqra7zm68yjvt71yfcznr2dhxcsbfsbrbnvfgy3fw956afsvd5j5n3kdenanzdwfbdhnebhgtp1x72dykt15rh2ssm3zcm7vw1m8qv8e2qbpsxnf0tczb4a8m2w8qy11j7hj61bh4nhmfprkqrg41g4re1xq9p9ydtj1vff4n4nx3n8h0%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DC591tG6hYZbjXA72v5LcPn_SFuASQ4YGEXLaoworwAsCNtwEQASAAYJXikIKgB4IBF2NhLXB1Yi01Njc3MzQ5MTMzNTA4NzM5yAEJqQImacesD1CyPqgDAcgDAqoEygFP0CCdjpfdt3weGszg1eopW6c3nU-DnQW_ulEb9k2Yt6U5uLb9zj96L0gNnI0EOOAqY2pZTzt2YnmT8DcogHlIMlQpVwPu5V_c_nLfpHYQhpiA9Cu46407SA7Q6qvz4vcEX_k_hcp6q8A31yRAoyvOQ1nqBrQLosDfD7Fy3zAoNmlRP66GgB9aAQDRWgQxfBDIuJ_VzYrGWYtrlk6Cg64eAC89eu1DSP8kaIv8dnhlVtLE2Qm3APnG2ilCsCRSNIfYuY5Otp_SxPcIgAa4nvrVpfLFg9YBoAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIFAiA4YAQEAEyAqoCOgKAQEi9_cE6-gsCCAGADAHQFQGAFwE%2526num%253D1%2526sig%253DAOD64_1aIb8ng9LutqtYaI3RgO0EYBu3ng%2526client%253Dca-pub-5677349133508739%2526adurl%253D&y=1&s=&z=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:bd1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 873e5c46cc8ce0b17fbe1f11dd95e9f15dbfa715e3e407d97f31611b5a460d8d

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Sat, 18 Nov 2023 12:03:39 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 791701
cf-polished: status=not_needed
alt-svc: h3=":443"; ma=86400
content-length: 23392
cf-bgj: imgq:85,h2pri
last-modified: Thu, 09 Nov 2023 08:08:23 GMT
server: cloudflare
etag: "faa9f958d13ef03f911b71f117846705"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=h5BVZe4BqTdB%2B8YeAEUCkl0Z2Zetl5fx05X0MHx0bQPfDUXrth3jaMRqa8fFjdzHkQBmhIOkCvy%2BqEhwVjLLLR7hISm8OCAbXnA0zE%2BZhzlD9Y6evjTWkiWiiquDVw9Hl08RETW9zRGiCx0l"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: public, max-age=315360000, immutable
accept-ranges: bytes
cf-ray: 8280124de8089219-FRA

GET
H/1.1 200
OK cshow.php
www.awin1.com/ Frame BFE4 43 B
702 B 127ms
59ms Image
image/gif 92.123.148.9
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.awin1.com/cshow.php?s=2904924&v=20044&q=415363&r=412871&pv=1&pref3=oneidApEhYf9mueRQdhAHRH4tkt3D6c7T4T1Ec9oneid__suite_Netmix_Reach13_BlackFridayPush&gdpr_consent=&gdpr=0&gdpr_pd=0

Requested by

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

92.123.148.9 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a92-123-148-9.deploy.static.akamaitechnologies.com

Software

Resource Hash

2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 18 Nov 2023 12:03:39 GMT
Strict-Transport-Security: max-age=86400
Node: Helix
Content-Type: image/gif
P3P: policyref="http://www.awin1.com/w3c/p3p.xml", CP="NOI NID CURa ADMa PSAa HISa OUR IND UNI PUR COM NAV"
Cache-Control: no-store, no-cache, max-age=0, must-revalidate
Awin-Akamai-Rule-Set: default
Connection: keep-alive
Content-Length: 43
Expires: 0

GET
H2 200 dpixel
cms.quantserve.com/ Frame DAAF 35 B
463 B 72ms
12ms Image
image/gif 2620:116:800d:21:93ca:31d8:d86e:38f6
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESELQkAiSexFS1Kdb8JUsy084&google_cver=1&google_push=AXcoOmQFmaSXci9GfGgZnlj1ZMF80MEp5IrFqeCiITB7QuvmCPExfYtnvOzCrhQTp-MNGOFb8gSDzXEf3nZHBM6SvOp2VZbC4_whI-LySXwFdWqbDtaLdtRSUtdbANdVXfvYhV7ethZ7Jzslaa8x2Tt2taFhpPE

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:116:800d:21:93ca:31d8:d86e:38f6 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 18 Nov 2023 12:03:39 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
content-type: image/gif
cache-control: private, no-cache, no-store, proxy-revalidate
content-length: 35
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H2 204 current
dclk-match.dotomi.com/match/bounce/ Frame DAAF 0
103 B 19ms
14ms Image
text/plain 2a02:fa8:8806:16::1370
VCLK-EU-SE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dclk-match.dotomi.com/match/bounce/current?networkId=14000&version=1&google_gid=CAESEILsafLZDD5NP5EvLgCqlv0&google_cver=1&google_push=AXcoOmRnxWe-axXChS-WC6I1YFiRAKbTdeg7cZdwcc3I3FZ69bdBUm5mzBIgh_FPumjuUeLbNyIFycnUIAvbdHyn4FVHiaC0hBYbAoQw-1HXc4IsJrNP16ZAaHvOAZRF_nTlEDM6errJ-xvW1Bvxl-D3lMBc2gw
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5677349133508739&output=html&h=90&slotname=4706457386&adk=4108698210&adf=3173046727&pi=t.ma~as.4706457386&w=970&format=970x90&url=https%3A%2F%2Fbfa.herodamage.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1700309018930&bpp=4&bdt=123&idt=166&shv=r20231109&mjsv=m202311150101&ptt=9&saldr=aa&correlator=2401878791743&frm=24&ife=3&pv=2&ga_vid=1854778231.1700309019&ga_sid=1700309019&ga_hid=1334383617&ga_fc=0&nhd=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=970&ish=90&ifk=1083495207&scr_x=-12245933&scr_y=-12245933&eid=44759875%2C44759926%2C31079437%2C31079606%2C42532265%2C44795922%2C44809317%2C31078297%2C31079757%2C44807764%2C44808149%2C44808285%2C44809053&oid=2&pvsid=589745120229187&tmod=810727195&uas=0&nvt=1&etu=AA-V4qMZOgiCtPIjdJOUQQONkWOdFRMkM73TdY2nvRGSf9W2ezaO7Bg4EqKy2j-ADKkAyTQA3SqMuH8tJPPfGQ&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C970%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=1&uci=1.lv4nnqyox4yq&fsb=1&dtd=213
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2a02:fa8:8806:16::1370 , Singapore, ASN41041 (VCLK-EU-SE, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 18 Nov 2023 12:03:39 GMT
cache-control: no-cache, private, max-age=0, no-store
server: nginx
expires: 0

GET
H2 200 i.match
a.tribalfusion.com/ Frame DAAF 43 B
420 B 207ms
203ms Image
image/gif 2606:4700::6812:19ad
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://a.tribalfusion.com/i.match?p=b6&u=CAESEEp_vBFZAR-cxak9cUhesmk&google_cver=1&google_push=AXcoOmQlQvITVsFuPH5r2AHmvdNWZSZkuGeBfm9qSAFtXNIzdUQtnB1VdcJRlgroiQPVh9f2rq6fIeOehMW2b-VXR0XZi1YG60pxc-ppeA3NdNFGf_BLainRvRtM6Mi3F6LikhHRqoGud6zlKFJChib6R5uKzA8&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAXcoOmQlQvITVsFuPH5r2AHmvdNWZSZkuGeBfm9qSAFtXNIzdUQtnB1VdcJRlgroiQPVh9f2rq6fIeOehMW2b-VXR0XZi1YG60pxc-ppeA3NdNFGf_BLainRvRtM6Mi3F6LikhHRqoGud6zlKFJChib6R5uKzA8%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5677349133508739&output=html&h=90&slotname=4706457386&adk=4108698210&adf=3173046727&pi=t.ma~as.4706457386&w=970&format=970x90&url=https%3A%2F%2Fbfa.herodamage.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1700309018930&bpp=4&bdt=123&idt=166&shv=r20231109&mjsv=m202311150101&ptt=9&saldr=aa&correlator=2401878791743&frm=24&ife=3&pv=2&ga_vid=1854778231.1700309019&ga_sid=1700309019&ga_hid=1334383617&ga_fc=0&nhd=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=970&ish=90&ifk=1083495207&scr_x=-12245933&scr_y=-12245933&eid=44759875%2C44759926%2C31079437%2C31079606%2C42532265%2C44795922%2C44809317%2C31078297%2C31079757%2C44807764%2C44808149%2C44808285%2C44809053&oid=2&pvsid=589745120229187&tmod=810727195&uas=0&nvt=1&etu=AA-V4qMZOgiCtPIjdJOUQQONkWOdFRMkM73TdY2nvRGSf9W2ezaO7Bg4EqKy2j-ADKkAyTQA3SqMuH8tJPPfGQ&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C970%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=1&uci=1.lv4nnqyox4yq&fsb=1&dtd=213
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:19ad , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 18 Nov 2023 12:03:40 GMT
cf-cache-status: DYNAMIC
x-function: 302
server: cloudflare
content-type: image/gif; charset=utf-8
p3p: CP="NOI DEVo TAIa OUR BUS"
cache-control: no-cache, private
cf-ray: 8280124dfdff37f5-FRA
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 204 pixelSync
pixel-sync.sitescout.com/dmp/ Frame DAAF 0
187 B 75ms
13ms Image
text/plain 98.98.134.242
ZEN-ECN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel-sync.sitescout.com/dmp/pixelSync?nid=8&google_gid=CAESECATEazbwm3oOy9tdjrrZNw&google_cver=1&google_push=AXcoOmQrSyVJkLnNNQyBbdJBLpqWhBZIQXH9DwcQjCJ5Y4ZQAGNou9Lvy8Hf_PDroH4VCGdsoOeGQdKrBTErLu5g_tBIdQYJIvp4YPvFK6E60OhAWgfso6oPeG0ZKeCVIXz085yuEoZQw-6dDwxC-fNfMr4Bxns
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5677349133508739&output=html&h=90&slotname=4706457386&adk=4108698210&adf=3173046727&pi=t.ma~as.4706457386&w=970&format=970x90&url=https%3A%2F%2Fbfa.herodamage.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1700309018930&bpp=4&bdt=123&idt=166&shv=r20231109&mjsv=m202311150101&ptt=9&saldr=aa&correlator=2401878791743&frm=24&ife=3&pv=2&ga_vid=1854778231.1700309019&ga_sid=1700309019&ga_hid=1334383617&ga_fc=0&nhd=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=970&ish=90&ifk=1083495207&scr_x=-12245933&scr_y=-12245933&eid=44759875%2C44759926%2C31079437%2C31079606%2C42532265%2C44795922%2C44809317%2C31078297%2C31079757%2C44807764%2C44808149%2C44808285%2C44809053&oid=2&pvsid=589745120229187&tmod=810727195&uas=0&nvt=1&etu=AA-V4qMZOgiCtPIjdJOUQQONkWOdFRMkM73TdY2nvRGSf9W2ezaO7Bg4EqKy2j-ADKkAyTQA3SqMuH8tJPPfGQ&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C970%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=1&uci=1.lv4nnqyox4yq&fsb=1&dtd=213
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 98.98.134.242 , United States, ASN21859 (ZEN-ECN, US),
Reverse DNS
Software: A /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

p3p: CP="NON DEVa PSAa PSDa OUR NOR NAV",policyref="/w3c/p3p.xml"
pragma: no-cache
date: Sat, 18 Nov 2023 12:03:39 GMT
cache-control: max-age=0,no-cache,no-store
server: A
expires: Tue, 11 Oct 1977 12:34:56 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame DAAF
Redirect Chain

https://ads.travelaudience.com/google_pixel?google_gid=CAESED7pRi0bQobp6C3Y7FNUkmc&google_cver=1&google_push=AXcoOmQVEljLFnGFfkOPKeoXaIDEW4MJUmmvVcsMm6_SLr2yboXOMkxFOUnxtIESaMAQVvAtn_vtTSTNCOVrBR9N...
https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=P7WF2lMWQj8xSpwt0Lr9bA&google_push=AXcoOmQVEljLFnGFfkOPKeoXaIDEW4MJUmmvVcsMm6_SLr2yboXOMkxFOUnxtIESaMAQVvAtn_vtTSTNCOVrBR9NoBdDezWKUjjwFM5...

170 B
188 B

20ms
20ms

Image
image/png

142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=P7WF2lMWQj8xSpwt0Lr9bA&google_push=AXcoOmQVEljLFnGFfkOPKeoXaIDEW4MJUmmvVcsMm6_SLr2yboXOMkxFOUnxtIESaMAQVvAtn_vtTSTNCOVrBR9NoBdDezWKUjjwFM5AHUBdHczi0MTOg1RvNemc49DJsuiUcUYZ544SGPnm1a5XFzwVq54FwcI

Requested by

Protocol

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 18 Nov 2023 12:03:39 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Sat, 18 Nov 2023 12:03:39 GMT
via: 1.1 google
x-engine-version: 0.0.0
server: nginx/1.21.6
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR LAW CUR DEV PSA PSD IVA OUR BUS UNI COM NAV INT CNT LOC"
location: https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=P7WF2lMWQj8xSpwt0Lr9bA&google_push=AXcoOmQVEljLFnGFfkOPKeoXaIDEW4MJUmmvVcsMm6_SLr2yboXOMkxFOUnxtIESaMAQVvAtn_vtTSTNCOVrBR9NoBdDezWKUjjwFM5AHUBdHczi0MTOg1RvNemc49DJsuiUcUYZ544SGPnm1a5XFzwVq54FwcI
x-host: tde-deliveryengine-production-bb588bf9-q42n8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H2 200 sync
x.bidswitch.net/ Frame DAAF 43 B
145 B 14ms
12ms Image
image/gif 3.127.95.101
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://x.bidswitch.net/sync?ssp=google&google_gid=CAESEGa7mvEaPJ9Aqb5nxWXihgw&google_cver=1&google_push=AXcoOmQXeYsUzOQRTftc_vmyFs_SW2Hw7K4XRQ5Q6p3zJpQKM1ZM-5jZcswtufKPvMc_B4yvJXinA8hmHpH_Hdzysb81vkV7IfWICSwO9yD-fzVrpsNkrl9CpwGOcL23wmHXDYGE_MYAlQ8mCmfu5bKA04uRU-A
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5677349133508739&output=html&h=90&slotname=4706457386&adk=4108698210&adf=3173046727&pi=t.ma~as.4706457386&w=970&format=970x90&url=https%3A%2F%2Fbfa.herodamage.com%2F&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1700309018930&bpp=4&bdt=123&idt=166&shv=r20231109&mjsv=m202311150101&ptt=9&saldr=aa&correlator=2401878791743&frm=24&ife=3&pv=2&ga_vid=1854778231.1700309019&ga_sid=1700309019&ga_hid=1334383617&ga_fc=0&nhd=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=970&ish=90&ifk=1083495207&scr_x=-12245933&scr_y=-12245933&eid=44759875%2C44759926%2C31079437%2C31079606%2C42532265%2C44795922%2C44809317%2C31078297%2C31079757%2C44807764%2C44808149%2C44808285%2C44809053&oid=2&pvsid=589745120229187&tmod=810727195&uas=0&nvt=1&etu=AA-V4qMZOgiCtPIjdJOUQQONkWOdFRMkM73TdY2nvRGSf9W2ezaO7Bg4EqKy2j-ADKkAyTQA3SqMuH8tJPPfGQ&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C970%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=1&uci=1.lv4nnqyox4yq&fsb=1&dtd=213
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.127.95.101 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-127-95-101.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Sat, 18 Nov 2023 12:03:39 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 43
content-type: image/gif

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame DAAF
Redirect Chain

https://ius.ctnsnet.com/int/cm?exc=1&acc=crimtan_holdings_limited&google_gid=CAESEGIqeaXfD2FBdPZNotNE_Is&google_cver=1&google_push=AXcoOmRnrwjDJrbHEfPWSTZB1Ph5Sui4g252Npz6PNVLAEML62Z5qqke_ij2L9AW80...
https://cm.g.doubleclick.net/pixel?google_nid=crimtan_holdings_limited&google_push=AXcoOmRnrwjDJrbHEfPWSTZB1Ph5Sui4g252Npz6PNVLAEML62Z5qqke_ij2L9AW80ft7cs6Uy6g3nf5HKQCUc7l5Qw8CzAhD4-nVe2Gns_-vWYD5d...

170 B
188 B

22ms
21ms

Image
image/png

142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=crimtan_holdings_limited&google_push=AXcoOmRnrwjDJrbHEfPWSTZB1Ph5Sui4g252Npz6PNVLAEML62Z5qqke_ij2L9AW80ft7cs6Uy6g3nf5HKQCUc7l5Qw8CzAhD4-nVe2Gns_-vWYD5d1cY6QJc_dqEiOD5zb4689qv0Oy4_7DsoF6_mMdz9COCopc&google_hm=Re4ocx1ARXiHjbzMYUr6KEw

Requested by

Protocol

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 18 Nov 2023 12:03:39 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Sat, 18 Nov 2023 12:03:39 GMT
via: 1.1 google
server: Apache-Coyote/1.1
p3p: CP="NOI DSP COR NID CUR OUR NOR"
status: 302
location: https://cm.g.doubleclick.net/pixel?google_nid=crimtan_holdings_limited&google_push=AXcoOmRnrwjDJrbHEfPWSTZB1Ph5Sui4g252Npz6PNVLAEML62Z5qqke_ij2L9AW80ft7cs6Uy6g3nf5HKQCUc7l5Qw8CzAhD4-nVe2Gns_-vWYD5d1cY6QJc_dqEiOD5zb4689qv0Oy4_7DsoF6_mMdz9COCopc&google_hm=Re4ocx1ARXiHjbzMYUr6KEw
content-type: text/html;charset=UTF-8
cache-control: no-cache, must-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 1; mode=block
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame DAAF 0
12 B 23ms
22ms Image
text/html 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13KRLYUCRnHyNKVQE_C2RG1kvUZw0Tun7gBXQrZbcwO86fbclpW-d6zNBddw37f-A1csIQscSg

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Sat, 18 Nov 2023 12:03:39 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame FCED
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
17 B

18ms
18ms

Document
text/html

2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sat, 18 Nov 2023 12:03:39 GMT
expires: Sat, 18 Nov 2023 12:03:39 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sat, 18 Nov 2023 12:03:39 GMT
location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2
fonts.gstatic.com/s/googlesans/v58/ Frame 060B 33 KB
33 KB 15ms
14ms Font
font/woff2 2a00:1450:4001:811::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesans/v58/4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

65c99d3b9f1a1b905046e30d00a97f2d4d605e565c32917e7a89a35926e04b98

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Wed, 15 Nov 2023 21:01:51 GMT
x-content-type-options: nosniff
age: 226908
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 34108
x-xss-protection: 0
last-modified: Tue, 23 May 2023 16:35:55 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 14 Nov 2024 21:01:51 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 2984 42 B
64 B 44ms
44ms Fetch
image/gif 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstEsXcInn4Ug8MgQPC2v7GFToBR1gp-OmnjtkuBaU25dIeClIOMmTEriuYaDMBSQKcGDq3Lr9IuQaolidYB-P6HRu4phxvoTbrf0NY6p6OZwURPX6DcB01ruQ6s9pk-BNBQd7NK642H0A&sig=Cg0ArKJSzD1Jm5_tu83VEAE&id=lidar2&mcvt=1014&p=96,436,186,1164&mtos=1014,1014,1014,1014,1014&tos=1014,0,0,0,0&v=20231116&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=19&adk=2442461151&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&vs=4&r=v&rst=1700309018480&rpt=367&isd=0&lsd=0&met=ie&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://52d9ebb87ca617cc5c6c4da4f45f7058.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 18 Nov 2023 12:03:39 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 2984 0
0 51ms
51ms Image
text/html 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gda_r20231109&jk=1585363892244544&bg=!U1ClUB_NAAZxrfrxUa07ADQBe5WfOLvDB3m-_xr2pUv8DSsvKyWU8zLBSZsj8j70LP-cXM6PFOczmAF7GxasEfG-a5jSAgAAAKxSAAAABGgBB5kDFi1bh4L4kSp-4MZAHfOrNzk-wXIX_ufdg--7sZHU_kGL4cZMUx_EFhh6yg-l2Zarf3dLiAEMneTbs-Zx4gB6qY0oSHlPAXmR_zdJgmyAlGBUAaeMaoD990utOASZHXNBFhYiw-ijKeTgmfYURyiYK2_jWJXXxP9rz9Q9XZhiPnVNat81yFOk0Tdkaw-HQHcReoNT-6RSID9eF-RQV3h_ONEEqtd8r20KblDrOE6escXdKLTjuD0XsBGGijEPSq4UW8fD8XTq6Ef4kAmi9arQ3tjIwQlOXkweY96UGoKo4cbGcPC2tshMvf2tfuZuuf5fZtWPuZykFkO3HHvI9cU8XLgIJZjJauYO9B3kfwujJFA_1LlE1QZGbr_eXq3dNWDoOifkh4xxMbf5LMnWF8vyKBjuSAvyVCHQhgAoW8_ZiAX1Z7PF7jNouUsoetAhZlKXI-8Rhb63woPAQqXzbi_52jfvOtp5w_UcfacOa3Q6nPFjbdoqFmXb2jQC_8kMZtpXjhFMKK73GQ67aQ5MgoRCEXWKKE9ihEbHuOmrpEX0L-ZRb9b-Bz4WmutPXOjF5-y_22XpQ0-7ZsvuaVYAl7VZ6v7VU_zh2069YyaL-rlEUPk17u_UUTGGFgJOvCpewAFP9sal_6_-u3m9Zx1hFO5TR5bFLSkVdBe9oeCG7XupgxbGq3nTsQjUuWVjNgas8s6JmuzvTCoAY0beX59dsc-1zcWyDlGMoYCSjdHKLiyNYdxDbug2U_AkLoetfrazCIbZd2HWKGZ0EQfu1cn1OGMi3qHVk-HEx533KqoWQ7znRPUbUAiIzX2ChJ4rqEUjVwsiGAF5nPFHqiaphKgJJ_7JeyNDC7S48KDNmPZAC5Lq45Ps5aN3iipo5D3ywT8Dl9KP9zRouIoA7PO3QNpSxN5QOJFCpdhcSMR-XpjUETz_AOUr1VLlfxRaiw4W3shLtDEmGFZ93lloRjmVzSG3gTjwKlDf7dwrqGxznnJNmiL_odaJaTsUpSSs3Rr7_6ZtG7jURjPbPIYXtwJerPPUJG3gifwx-Jf8ZW0
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://52d9ebb87ca617cc5c6c4da4f45f7058.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

GET
H3

200

/
www.googleadservices.com/pagead/ar-adview/ Frame 060B
Redirect Chain

https://googleads.g.doubleclick.net/pagead/adview?ai=CQHP0G6hYZaaxDtjsuvQPkLa9kAy87JCmdNPwy9vfEc-N56rmBBABIKmnl1hgleKQgqAHoAHy34aLA8gBAagDAcgDywSqBMgBT9CnZcwtSGreY_19jXzbInE673yNWqa6760SEDEnWYEjMKE...
https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%221066527311818025305%22,%22debug_reporting%22:true,%22destination%22:%22https://youtu.be%22,%22event_report_window%22:%2225...

0
0

58ms
42ms

Fetch
text/css

142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%221066527311818025305%22,%22debug_reporting%22:true,%22destination%22:%22https://youtu.be%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%22828485618%22],%224%22:[%2211-18%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%222971596728703442993%22}&andc=true

Protocol

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Sat, 18 Nov 2023 12:03:40 GMT
x-content-type-options: nosniff
attribution-reporting-register-source: {"debug_key":"1066527311818025305","debug_reporting":true,"destination":"https://youtu.be","event_report_window":"259200","expiry":"2592000","filter_data":{"2":["828485618"],"4":["11-18"],"6":["true"]},"priority":"500","source_event_id":"2971596728703442993"}
server: cafe
content-type: text/css; charset=UTF-8
access-control-allow-origin: https://googleads.g.doubleclick.net
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Sat, 18 Nov 2023 12:03:40 GMT

Redirect headers

content-security-policy: script-src 'none'; object-src 'none'
date: Sat, 18 Nov 2023 12:03:39 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
location: https://www.googleadservices.com/pagead/ar-adview/?nrh={"debug_key":"1066527311818025305","debug_reporting":true,"destination":"https://youtu.be","event_report_window":"259200","expiry":"2592000","filter_data":{"2":["828485618"],"4":["11-18"],"6":["true"]},"priority":"500","source_event_id":"2971596728703442993"}&andc=true
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3 200 6h7OZzYWuChAMW0yNvwaAqN_brH89lOBLHEXo8EbMVo.js Show response
pagead2.googlesyndication.com/bg/ Frame ACE5 39 KB
15 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/6h7OZzYWuChAMW0yNvwaAqN_brH89lOBLHEXo8EbMVo.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ea1ece673616b82840316d3236fc1a02a37f6eb1fcf653812c7117a3c11b315a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 23:16:17 GMT
content-encoding: br
x-content-type-options: nosniff
age: 132442
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15097
x-xss-protection: 0
last-modified: Mon, 06 Nov 2023 16:38:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 15 Nov 2024 23:16:17 GMT

OPTIONS
H2 204 /
www.googleadservices.com/pagead/ar-adview/ Frame 0
0 78ms
41ms Preflight
text/html 142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: attribution-reporting-eligible
Access-Control-Request-Method: GET
Origin: https://googleads.g.doubleclick.net
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: attribution-reporting-eligible
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-origin: https://googleads.g.doubleclick.net
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
content-type: text/html; charset=UTF-8
date: Sat, 18 Nov 2023 12:03:40 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 70F7 42 B
64 B 45ms
45ms Fetch
image/gif 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjssG_zpyzMFU8WNQ0KVDT0hXaI9T6yTlF-ENa9gcJnUExW4Ztso0KQicj4TlQzkt3DFyrllGAoet1NFbWDRWm7iky0O94IvE6oqW7dPBTS8O5eegFg1d2mAOYQdpRu2m6awLLmNnf_FcpQ&sig=Cg0ArKJSzJ35Fviok1BnEAE&id=lidar2&mcvt=1018&p=308,1460,908,1580&mtos=1018,1018,1018,1018,1018&tos=1018,0,0,0,0&v=20231116&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=19&adk=786808259&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&vs=4&r=v&rst=1700309018508&rpt=457&isd=0&lsd=0&met=ie&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://52d9ebb87ca617cc5c6c4da4f45f7058.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 18 Nov 2023 12:03:40 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 70F7 0
0 43ms
43ms Image
text/html 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gda_r20231109&jk=1056821916372595&bg=!z8ylzIPNAAZxrfrxUa07ADQBe5WfOK91WF7fL0FM3glGZYA4PlupkQoH1M8N-vu7OymK4CafgdTZxkkjlSL3b6ycFrj6AgAAAPxSAAAAA2gBB5kDEpbA30LdroyxTLjVpADO95j5UrzDPWeAOLI8r7mWnnaMo7UF4UZTFrJTyUhnL6qrBp68ujo7OpYF5I4yUR_N9pSj-WtTbDKIOqhZYh97y4oHGBtwSRB1GD17fdqmw2aBMErzHoMxpFUiZbgR116xUA3lDjNgzG8t-qwYk84ZD4yBmjSXN3IBDo8ABbUAfTfuCO1oDotKw8HhBHhdE7O-78iS3lW3MHnSALQKtQW1zrpLl6eRUo9g5o_aXuZv-KqtqxtPGpgw5xQiwSDwIo_1jDZJamhaP9FNWkHbcJ1HZGJ8hH5lD8ssVmPEPfOR1ZVvgeVkadNXtgFZI68gE2f-njhpc3GnkZu0ESf4dnlLj0HdPOtu1NgSMvJeKHXvZABh7CzR2DnEzoZ-Mr5GizlzYDGzKtxFwxQ88YE6j-jnnPlda3eY-7fnXRMeLCK5ztX3MGUAVX-hDmxmWyovOFeDr4ekWdJm1tb2CBLC2fhOqCYZaWGPfFni6T2FDryMfVucYbDLHBGAdVKWtw5Wc0jsPmFpdzVKbY9EHj5N2hhqlx7QOgdu68u-YoJb9V89btdlStJtreY57YcMuDVQbCvx1qC0YnLt6DRnj9iXlIMs5iY-QeZJ6Chi8EpvvhDudEMY74909_G80c7tJ4PZ0M0CRtHgQk2npL4xE_--wOWye0GFvZgXYHbzA6hgDe_7jMGnCuprLE2ufZKre7jBAne6-MawUMAkoivBt1gRvJ_20atUhQc8ebSvzZCKD4cgEbXb__07E-EQdC21iVV17G4tkLDJ7oA7T7SrofUutKoG5b32XevfTkPblj3n9RSUHd5rJJNzGmlXnc1b_vIWwSaQHDGezY5QExInPjgBhaxNX67RxXHnGzjGW_hefdsEVT4xWS9qN4_Njp9QUdZWx-eOQz5TJZ9uOWSrUvfZLP86Isq-noL5q8ZyJg7e3uwXN9QqXNeI3XA3pnWKGFkNfqZZAobZGDgzU7PzLx1DDWJZgvVpKc0C-8JiCJWmJtix1WMhd_Q5Z-lLptlX4Lk7J1Di6VcznQ
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://52d9ebb87ca617cc5c6c4da4f45f7058.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 46B0 42 B
64 B 45ms
45ms Fetch
image/gif 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjssqUWzTUlo2GwKoihyqekDvngHP6Quh1_szcEwbbz4HaV2-OjaOMkZuf93m2HWJhx5RD1QA3NaQSRqbv849OHYTXhjevwdn4-uh9gDGSszuO0Q94JSMPDdlVfhZoQVDO0rDk5q04t6Zpw&sig=Cg0ArKJSzJ0N0QkFPTVFEAE&id=lidar2&mcvt=1000&p=946,315,1036,1285&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20231116&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=19&adk=3937002543&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&vs=4&r=v&rst=1700309018797&rpt=313&isd=0&lsd=0&met=ie&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://52d9ebb87ca617cc5c6c4da4f45f7058.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 18 Nov 2023 12:03:40 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 46B0 0
0 44ms
43ms Image
text/html 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gda_r20231109&jk=589745120229187&bg=!lJell9jNAAZxrfrxUa07ADQBe5WfOP66UZi4prdPRm_RhIKMM2-AWSRUivs51m1t8o6Nztdc0md0qbVUZO5HqYZ93dTnAgAAANtSAAAABGgBB5kDA69c7DsAS3yn5XOa0LUBQF3gVVbYZNvmReDoDmiawSBV588qMuSVpe9rNZpL1b2yy5ylGwS7h63q_zo4F1MLnQd4_XdMPPa7b6UX9WwpbGXBYrj_HUt7kWS8RJ9r1tjBuOVFYTOlvMj1g2p_-bEzLyOHq8MmM3JpTaLKf8WkpPqjgHaLPyPAKV2bhkgAV2H-pn1lSkaI5Au0C0zZ-nN7fe-ofqSzUgGTbSQfOOo2sUgShqYPxLUlrQJekhN_qJVSfsJ_8aW6OQgfbAdQzJAgLymYzhLYSKrFBCsH1BgO_kqwtGrccro3HNvms1aHqrgTwtKpftcEn_s5tAxEkRI2RDO6bRw7HraqHrV60Vmkj8FuTq4A58e-bpHBYRUiGBh5o_yi1FJSRrlEXKIr3Ib2_kvs0Cmt4jte9_2RACQ0gzH_T2jynSV1fOWacSwQCFobdMR1sYzYtkSbuQB0JUz-8IFBFNfc0wUna3Uom7GvGCqqe7nPNIXNv3IrN7uUZ-wNcJl6bZB5jqDq9Y6CJMDbUXzr8des5xCzxF12YpLfSHudyfxizigNY0D-YqfBSlo8Jruk7l1jRRnI6ZMsfbrjNLeUNKJ8lxcfXYVn9OIsHaySDWoXBzc-0ccS7267HvJq5Hfb99fmsg-qJZ3pYp_Y-6NzN6uA-VqjYAkpKvBsnWw_f_I8sEORM53DkoGmTyGb9gHqFQiAkCivqRJcjJPDyP1naFQt5Nknp9bHGtG8m9oK8uj6bGMWZTKakdKJEkf33QFjgNS8Xm_2hSLGh4fIhuW6SCGlkMuie5A0gGbsD7i-kXDVcBnvjdVSoH49iiaB8f8y3Xgi8tOkQ3uMxUjcwJMKhtGD_uSCUyppSjKTzb7-Hk2s9KWuW9y_cCoD8BdRUxgkUfjai8TRnws94Hfwap2hXzuwtyo1vjVOVXEoU90f9z8XVnYKY70JeUC2GBVIPe2Sm9JrWtZAmMDeEg3X1TQ9tSXSLCSrKaXgkV5eHRnuqtSXZVSYHJrgRai_PebOVwyiSA
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://52d9ebb87ca617cc5c6c4da4f45f7058.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame AB70 42 B
64 B 45ms
45ms Fetch
image/gif 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsveJUjm__LJC4h0KXIMjOKMVwFz-k_zH99O6R1rfxss4Yq1igRkKheJMCQpM2r-qHw4O1PXvPH76G6PIrlcaPBiTXzUmuxqo9xieFYGHT7NzvyPsb-p1Q&sig=Cg0ArKJSzJRyn0kJyrPqEAE&id=lidar2&mcvt=1000&p=0,0,90,728&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20231116&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=3547755940&rs=2&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&vs=4&r=v&rst=1700309018878&rpt=466&met=ie&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 18 Nov 2023 12:03:40 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame AF82 42 B
64 B 45ms
44ms Fetch
image/gif 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstlZEiyMgjQ8WREFv2BvrRa6_fk6iVMXasIq9UVitJdqL7WcyqoRk5M97K1Noy97pxTs-XYv22LsDLJiUDFz5EJgDutqH_CiW6l1HAuUchcQEq-TSJ3Mg&sig=Cg0ArKJSzG310ZCRM9IaEAE&id=lidar2&mcvt=1001&p=0,0,600,120&mtos=1001,1001,1001,1001,1001&tos=1001,0,0,0,0&v=20231116&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=2350305474&rs=2&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&vs=4&r=v&rst=1700309018978&rpt=594&met=ie&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 18 Nov 2023 12:03:40 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 060B 42 B
64 B 50ms
50ms Fetch
image/gif 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstPxhds3Z1GD2LUMy6ifARRWQsNHTF2C876xjNVKjPIp2uxtfNXItmLnbqSNQ2DS41hCHzSRgIR10sESzOJl6yLItclHVm8O7kvHqdkle3lflkUa0yenSBdIJhzZ-imUluWEwXsNKqeLufZG08gPVkkwRJCFXXtSh9Dh6hDsBhee9KCT55ym9OEAFxevEmdCr0rldfAM7XWaekd3j5cOfZUPlWcNV_OYVHVClAkGfoG48DY_Khv5S-x3JM-uTUn5N2gsD8An25IrxCt2b8sN5WmkC2WqQNmLCgOucLH0btN_vvIp-x6Rj4iTYN2Fdgc4w1WVipBst9MZFygTgZvRQnYIpVQ30M0lVlOV7yFkyb3esZHkexcRPUpabE2o0izVccfsRcmiiUt2QrsoV0kLBX7rBMJB-bhKLaIG95JNfp9mrH3Yp8gpsRxwxgC28DjooE5mvoULcRNXx47koti-z8wMd6hFAD0ZxJxLNXAauOkpGfZHpDbZfTt-bZ0pklhAJamo1HQbIA4IxjCVmi_ZR1yF0L3dpnFSxZg2lw6-sObCGyExWFwamXliopAcXyE1KlJtBu1Uo-ZulMn_DZB_J0IjqPUgC2ypT1JZiBwOD0m_KqxHSLglC1fmVioBRmvoC1eH7N3jI12bSXh4tE1K0L36SosyUiriG-WaKkB1gqWJGKynRcXQEuaXb_6Qc_445M9aO7PLjELhDoSp5qVgeRF0r9fFsHzXK5_F-TVCYWCo6JGf1a1smj9dsERc94DR375fGt2z6mGMyai1saRP5nXbp0B91pEyVrkvr1mEH1RjmjpMbL3YEl15apFY7iMJfPAWyRkM6H8it-3l8-m0C_kcALhKg6v5W1TzASffHpGB-x5ytfqnNDPBCj6j54VPDCbbSH5tuQ5X7H-jRPn3NQViSO2fnQEvQ91UpTehEMeLhHkjVL6KNTJgvgIDwlOuQ7B0YHj36tf8oTpcC1lTtWC60hIPZ7l8YWJiONjVB1fAbvcGHuhjm4MQPTdGIbQ9E8MUTxmrwyxuI46CeJxQF6V4DW9sadGdGYwh6r7mwSJpk_s41sXkCJXIT5wy5dQUTpt8us&sai=AMfl-YT3BysqXUeUTgBxCTLXy6Lh3QwoQRn_GTjDurFCQJlLvq8d0vSdPV5bmVMwjIyY7kQcGH0t9DUAEB26cyRmgEq6pFl5nc9av62nZ9df1oeQ84naf1axyok7GRYQNRYCEfGCur96Ns6o&sig=Cg0ArKJSzPMVPnImrctqEAE&cid=CAQSOwDICaaNjKxSCcJmlqtMBiSazLgJqVMWCA7Ma8B3WCGTTITiCdUlZZqzHMwHpkDQXOiMHIj71tha1utaGAE&id=lidar2&mcvt=1000&p=0,0,90,970&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20231116&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=22&adk=4108698210&rs=2&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&vs=4&r=v&rst=1700309019145&rpt=784&met=mue&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 18 Nov 2023 12:03:40 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Verdicts & Comments Add Verdict or Comment

52 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

32 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.herodamage.com/	1970-01-21 01:54:29	Name: _ga Value: GA1.2.1217902598.1700309018
.herodamage.com/	1970-01-20 16:19:55	Name: _gid Value: GA1.2.300620259.1700309018
.herodamage.com/	1970-01-20 16:18:29	Name: _gat Value: 1
.herodamage.com/	1970-01-21 01:54:29	Name: _ga_XWQCTYETBQ Value: GS1.2.1700309018.1.0.1700309018.0.0.0
.doubleclick.net/	1970-01-21 01:40:05	Name: IDE Value: AHWqTUltqAY6YYgTvV3mLsXXi1ZIwFFAT1TBNYHmweEIqA4Swu3X0g9CKROgsbCR5Dg
.doubleclick.net/	1970-01-20 16:18:29	Name: test_cookie Value: CheckForPermission
.herodamage.com/	1970-01-21 01:40:05	Name: __gads Value: ID=4114d15facf00427:T=1700309017:RT=1700309017:S=ALNI_MaCr6OmhZSPV5fgg8zVG0MrGyJpQQ
.herodamage.com/	1970-01-21 01:40:05	Name: __gpi Value: UID=00000ccb9581acbb:T=1700309017:RT=1700309017:S=ALNI_MaZksqwP9jjgmHAWPI5jARj5aQYRg
.w55c.net/	1970-01-21 01:48:43	Name: wfivefivec Value: 7AHnIeIl1R4k315
.hspvst.com/	1969-12-31 23:59:59	Name: VI2677 Value: %7B%22time%22%3A1700309019%2C%22utid%22%3A%222a5a255c62ff87abb38009c5a27c1241%22%2C%22t%22%3A%22P%22%2C%22s%22%3A%22%22%7D
.hspvst.com/	1969-12-31 23:59:59	Name: VIP2677 Value: 1
.ctnsnet.com/	1970-01-21 01:04:05	Name: gid_CAESEJ-1I2_K5Ei_a_Lxj7VivmU Value: 1
.de17a.com/	1970-01-21 00:56:53	Name: guid Value: 1.6748332201294703924
.adform.net/	1970-01-20 17:01:41	Name: C Value: 1
.ctnsnet.com/	1970-01-21 01:04:05	Name: cid Value: 45ee28731d404578878dbccc614afa28
.ctnsnet.com/	1970-01-21 01:04:05	Name: gid_CAESEGIqeaXfD2FBdPZNotNE_Is Value: 1
.simpli.fi/	1970-01-21 01:05:31	Name: suid Value: 72B59F185B47462B869C3A6764FC07E2
.adform.net/	1970-01-20 17:44:53	Name: uid Value: 2254220285994856074
.everesttech.net/	1970-01-21 01:04:05	Name: everest_g_v2 Value: g_surferid~ZVioGwAAAnLDrwBd
.doubleclick.net/	1970-01-20 20:37:41	Name: APC Value: AfxxVi7qfz-ujjL3IwnKE9HO-uA7tfltHlbhKatYVRYldcdX9QV6CQ
.travelaudience.com/	1970-01-21 01:48:43	Name: _tracker Value: %7B%22UUID%22%3A%223FB585DA-5316-423F-314A-9C2DD0BAFD6C%22%7D
.quantserve.com/	1970-01-20 18:28:05	Name: d Value: EAgBCQG6KoEA
.quantserve.com/	1970-01-21 01:48:43	Name: mc Value: 6558a81b-da7d3-5adc1-91eda
.doubleclick.net/	1970-01-20 16:18:32	Name: DSID Value: NO_DATA
.awin1.com/	1970-01-20 16:21:21	Name: awpv14702 Value: 412871\|1700309019\|82e673c0-860a-11ee-bbbe-22643cd2ee20
.awin1.com/	1970-01-20 16:21:21	Name: awpv20044 Value: 412871\|1700309019\|82e64cb0-860a-11ee-98d5-22653d8c0e4c
.awin1.com/	1969-12-31 23:59:59	Name: AWSESS Value: 415363:2904924
.tribalfusion.com/	1970-01-20 18:28:05	Name: ANON_ID Value: aYntmIyKalHobWm8ZaGyPtrotDvaZdeCJ1twlhDI1kWiekLBaZcUxFHSLPFA4OQt05XrZdxwEUORnJyrtjOrfBpyDPLv
.o2online.de/	1970-01-20 16:28:33	Name: nscT485 Value: v01MTQyMTExMzExMTExMTExMTEwMTQyMTMwMDAwMDAwMDA2MTcwMDMwOTAyMHZsZWExZGUyMDIzMTExODEzMDMzOTkwNjI4NDM3MDgzWDEyMDIxMVYxMjI2MTMyNzAyTVN2aWV3b25laWRZWDFIcmYxNXNwQnBIVkg5SGV0UXRSUjhjQVQxVDZtSHJvbmVpZF9fc3VpdGVfTmV0bWl4X1JlYWNoMTNfQmxhY2tGcmlkYXlQdXNoMTIwMjEx
.o2online.de/	1970-01-20 16:28:33	Name: nscQ485 Value: V
.o2online.de/	1970-01-20 16:28:33	Name: webShopPV Value: ?partnerId=O2_AFF_POV_EXA_15008&mediacode=AFF_la_120211_-HTLP&utm_term=AFF_la_120211_-HTLP&utm_content=O2_AFF_POV_EXA_15008&spid=2023111813033990628437083X120211V1226132702MSviewoneidYX1Hrf15spBpHVH9HetQtRR8cAT1T6mHroneid__suite_Netmix_Reach13_BlackFridayPush&wfid=120211&affiliateId=v01MTQyMTExMzExMTExMTExMTEwMTQyMTMwMDAwMDAwMDA2MTcwMDMwOTAyMHZsZWExZGUyMDIzMTExODEzMDMzOTkwNjI4NDM3MDgzWDEyMDIxMVYxMjI2MTMyNzAyT
.googleadservices.com/	1970-01-20 18:28:05	Name: ar_debug Value: 1

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	warning	Message: Error with Permissions-Policy header: Unrecognized feature: 'web-share'.
security	warning	Message: Error with Permissions-Policy header: Unrecognized feature: 'web-share'.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

52d9ebb87ca617cc5c6c4da4f45f7058.safeframe.googlesyndication.com
a.tribalfusion.com
ad.doubleclick.net
ad4m.at
ads.travelaudience.com
ads.w55c.net
as.ad4m.at
assets.ad4m.at
bfa.herodamage.com
c1.adform.net
cdnjs.cloudflare.com
cm.g.doubleclick.net
cms.quantserve.com
cti.w55c.net
d5p.de17a.com
dclk-match.dotomi.com
fonts.googleapis.com
fonts.gstatic.com
gcm.ctnsnet.com
googleads.g.doubleclick.net
i.w55c.net
ius.ctnsnet.com
match.adsrvr.org
onetag-sys.com
pagead2.googlesyndication.com
partner.o2online.de
pixel-sync.sitescout.com
prod-rtb.ad4mat.net
region1.google-analytics.com
s.tribalfusion.com
securepubads.g.doubleclick.net
static-de.ad4mat.net
stats.g.doubleclick.net
sync-tm.everesttech.net
sync.teads.tv
t.hspvst.com
tpc.googlesyndication.com
um.simpli.fi
wow.zamimg.com
www.awin1.com
www.google-analytics.com
www.google.com
www.googleadservices.com
www.googletagmanager.com
www.googletagservices.com
www.gstatic.com
www.lead-alliance.net
www.telefonica-partner.de
x.bidswitch.net
142.250.185.66
142.250.186.130
142.250.186.38
151.101.130.49
154.58.197.185
167.233.13.224
18.66.112.120
2.16.97.41
2001:4860:4802:32::36
213.155.156.165
2600:1901:0:76b9::
2600:9000:206f:5400:1b:f040:3600:93a1
2600:9000:2251:6600:3:4706:a6c0:93a1
2606:4700:20::681a:61b
2606:4700:20::681a:bd1
2606:4700:20::681a:e4e
2606:4700:20::ac43:466f
2606:4700::6811:190e
2606:4700::6812:19ad
2620:116:800d:21:93ca:31d8:d86e:38f6
2a00:1450:4001:800::2001
2a00:1450:4001:806::2003
2a00:1450:4001:811::2003
2a00:1450:4001:812::2001
2a00:1450:4001:812::2002
2a00:1450:4001:827::200a
2a00:1450:4001:828::2002
2a00:1450:4001:829::2004
2a00:1450:4001:829::200e
2a00:1450:4001:82a::2002
2a00:1450:4001:830::2008
2a00:1450:400c:c06::9b
2a02:fa8:8806:16::1370
3.121.142.228
3.127.95.101
35.186.193.173
35.190.0.66
35.204.74.118
35.71.131.137
37.157.2.228
51.75.86.98
84.200.5.215
92.123.148.9
98.98.134.242
00f357bb1a907149c8ef8d29a494f56ba138ea9f4bccb941549cc597fd6cd328
02deb9318a3a7a31a1dfa12696aa22f2b415527d997cdbd77d21009274b467ed
04e740dbc5882a8d358d086a88c960d18ac79c2a0583ad5843c1735e10eff231
068ec451d90e4ced3dabadc0273fdfff2dd82a18f15cee48b0ac74b863136754
08204982c484faf6890c60557a4e642971f17625ddddc0559dc0e3ca728ac9e0
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0c21f21f7b1658ed6ab5c0461020a21d62f9e0a7cd7cf3d9e6ef61a2c481f31e
0c68134667bad499154dfe2614ffb0ff76fad9563890be13eb10fb733c1f39be
1539a4e70ec940e7fd6240291869a8515b863e8c8ac3c20a28e10edd0e4a9d49
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
18e6b664af7bc55ab0f963920f0da5a86e15f25fea4e223924d8f4b6723a37cf
19ed69dbc1555727c93a9a43979a6464d99106b52789f9ea880d99679e808af9
1cd58a827318c4a29b32a0db15c8c39d5651b42d8cad227519ad81bce4adb944
1ed0a5a2d6c6f9977288dfcbcf800d3fcf971a4e24273ffa378c5121a6390bdb
29f618a7f02a6d894d2d6d85ee4bd5133fc05f95c03cfa0ac3ac0438f7f54f58
2b1a0190f30ddb1918878bff2f3aec5c0e3d70629fbe368c97ee5f03a2afe6cd
2d41426eb6ee42b6c5f9cfab4cb41aea704671de238a5a195db0d4cd9da603af
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
2eeaed1b310e214596abec926291c1a41c6333ddaeac312886fc0b5930d71f0e
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7
3342cd3835ef04948548fe58d9da2f7ef94b7649376864b2b078b59842fcdb0c
38d740777ac8b3dabb5cf3f9ce653e5aa8d12afbc545c56f98b36b07cd0521ba
3c30eaaa059a466037880c18c01c2fe94183d8e67eaab42061d4d2a180114658
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517
41d2526e9c4595fc1fc747555bda18a041033a863a9b2ed180e7b5836918facd
4275ee4b58a39dcbd59ebeb2c806cb7afc45bde82e90daf14808b64702ad40b7
446bdacd5729489ed719aab21ead795632289590e3954cac6fe1f821f0884557
456ab1a71507ed91abae14c9d08faffb373a7bc711a66e44341b7b8b7bb72ab4
45e00e923de55aa533a168acb196626cf537bfe8d1e629e44f73f448ad5aeea8
468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99
47043e4823a6c21a8881de789b4185355330b5804629d23f6b43dd93f5265292
49525f03040b7b6e0350423d205f13fbe567b9cf560a4b6bfa13fd5142b1f8e8
4b0951038d1c687b1acd43587bbd48df066f7f8dc6673832ccf230f11746e887
5114447784fd9c26afdbf18b5633f3c1f76f8f14b5bac736803716d6d7ef6304
5350f09961e598ccf57c00ed08f2e124c45e84262d3761772a8ab323222d069a
5431263fbec0b183a9e81fd3e7cc930fd5df7afacf78646dd68a85619770480d
5454ec0e034476877e6c1e6efa5e5a021e70751c049b544b1ed382d5964dd56d
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
57f34736bb717fdea5df544a1b51513195f993dcd6f6f2dbb6f00b583b1273e3
5b9cc455f98c02c68f1380e99b6ec823f6a4aa6c62fb6478c334437e1603ee80
5c8aaf3a0a4a9840eef8109904bf9d8ca3cf0933567fc63c82f239b7bd344ce3
5e6d1b4b7677f1e2467f4ef4047b6467bebce6b59db266ce2c7e2736359a7975
5f5a0db09b2c7d59fce00d749f6b857d80edafcca6897c038c5b77fb942f1393
60f58e4ee8610241cd953f095fbe84b0d58b0619552edc742f3e23b1abbedb03
61bb554f7f2636654d8753efec0e55ae8e1ff4853af1942d7efd1f28f54e783a
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
620b88ff10935df735bfd61c0cfb6e085d7a7c5da7fabadfc8ff14c2434f6bb1
623c81b092a6116d4d60ff89b14803818efb0b9aebf6e4e2c50241e802f6e016
6400f4f1b40440fd918fae095c77dd1a2bb81f51f0591ded108bd784cb8e6398
65c99d3b9f1a1b905046e30d00a97f2d4d605e565c32917e7a89a35926e04b98
66acb0da63a6bd83ae216a67aff9dd0e5cb8ce062cbb0bd3cb753f571cd9a761
6730f11bfada53b9ad60b760a43a1c35f8977d01f9e2559e59c5d8ad06dc1019
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
6c159cf6007687abdc31baa2d94751c3dd870995ea1f3924059cf375b1a8da52
6d322f983f072ad2cf681f4714e0230f8343e4ca7086a35308da4096ea433401
6dd4a26d545dea4e011150e4f56d261520d253112ff5e6ba7249f085e749a397
6e861c355c5f49881d244f057d7507ce62adedbc0f576fc3bb13446e9401bfd6
704cf5bab5a2e3185bec4628f6cb67ff4dbb3d1461fef03500caf8be7e3f97b1
70602b2d4f8fd19b95f522d3f3334ada3b3ff4647b4e81c7285b885977fd9ac4
7abab7a5fed6d1eb8dcfed4e7f6bfcbc1a1a1dfbf95d281b008f04245b26c769
7baeed10edafe308895332f44136187b0bd76371d2d9ed32080f3a31890904e9
7db902484287395505a02d032422d854888c93570cceb79b6640de614c31e1e7
7df956c080a1bb3ed36decdc5b978505ddf07aa8d4b1b69e6ded3a9773464a2b
7e41ca21e421f129d3881e345f990027b66c0ab3c5580e549575f9393d117cbd
818c36ce9833503e0323ef64a4606d0a6c53f57524cbf07dbf6020387c4cba8a
858b37a0ff36dd140629d8bccc256e18891617313cab8f2feb68ea5b3f5f4781
85ae913c6d302b0fe6d5d62faeb9421c8140be1854a13d813b2fc3a34d091741
873e5c46cc8ce0b17fbe1f11dd95e9f15dbfa715e3e407d97f31611b5a460d8d
8be82f349b2994d7f0ed7fcba5e50ffb8a960f135e513b34730af4578cab9883
8c2f09a78b5ce85d7ff639976859716e29c71318b65c1675effd83e2e9f05a22
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0
8f665ba5c27890ebed553836dee5572ad583c0a65374373741ec0a5309df2b5a
905cdb7b18899ebd1d25653b8d9e494f83b17118d0aa2674187b7103d25de1f2
926adc95260da5515310b0e8b71ef602ed232743ca517a0057a1df8433d80d41
96e22a33f827f042ac4b239c21f468a17c87545df3f6b90e100d3a91b253a1e7
97422d7b26df52d564a27e6f32134e20b42ccb8fc2e19f0f9093218d4aaf7c3a
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
9aec201e6e90d9603968696b342007b01ccb92ecfebed473db89535c0f43c4b0
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
a4610f7adc11a3c837ffb721cd445355e5a4621af4ea9029a4fbba03e60c953b
aade7746342f608807b7eb107059c842fe200e1ff09e146db822250055cecaed
ad0ae9cecb4a8b0d618ccbc1264c973e0a041f19f7c5225e6fc197c4cd3f04cd
b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e
b04dfae5d49297b8b6a514bd8bf1c7bea7ebe622232401a5abed5a92809a2b66
b82aa6c527e41e336e9cd392fffa550353f896f71a3c632a5bdd51e22de4ca0f
ba4a0c91bdda0c6f615970c6c39dbe9e47f84613f5460c2b21bf5d1eec6277a3
bcd62a111e3278ea98f4cc21bc277e03ae6457f87a517a7b34acdd5248d6f195
bd30dff0abda0512504cb0b5802fb096c363ef02fe3efc803515854edc95fd6e
bfa45c2447ef138fbcc490d0ba14eb2d79093735da57013261c1a2f7ce2ef779
bfe58c3e4f67928f320950cb05524dc012abf7ab1096958560101be80f83d447
c518d6d2fa7bbf076b184c286e65f24ab3f54a6cb7f75b44bc27932c32706118
c9761aba60411cb1187c930a4710be96ddfc50758b1e7b1d1403c0d696881bf3
cb41292903f6bd996333bdfe6fbc58e1dbdb6109074505ee3ea46373bb23be70
cbacf395316f8dcadfa44e800002ab71226764120ff9ace1ea94d37a1fb89012
cead1229ba5aaea56b38b0428aef22261f3ac494ebc4d287153391003d18ec48
d00881661ce5e766ce98430f69d6d217ab80bdfa98811e039afc92a327d57a68
d129f5136479f6d49637b240db29c36a1dc31520043613776f7ccfd0b07c5c2d
d40b01890b8c0c1c5a4327322e14922a245d4161ae76cb7e4969051ba381dcd5
dbc208b5a01acfcbbd9fd849df9e467943022aacac49a8ceffaaa914245d1f52
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
e1e5aa81dcf2e6d598f3d92d9bb419bf994674557bb5593233b164de2787f57a
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e3cf5fce44262770cfdfa2699de435eac0a15df80907cd8fb937fb33071b997f
e42563b61e8389678b35e95153b6aacbc43203a880f241a5304cf5747ba9bd7b
e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e
e8090651b52c256938df2fb0582f24521fe0476939aab81d01b7f31a7ac75beb
ea1ece673616b82840316d3236fc1a02a37f6eb1fcf653812c7117a3c11b315a
ea28dc2d9037f31ab60130e288ec35489142eb67ab6c9cb5282d660c8668b5e9
eb6f93058fdc6d325f62a3eb19e1f4836fe4c3aa6ea6cbbbe6e85663ae7810ab
ee4b51e5091b6ce52cbe00780f0a2381d39596eecc92406370d57bbeae4375c8
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
fc44e6a8272cb1516b475c614771458410760532c46c086358a0c9c752949e3f
fde5403c7eea70aa9f82010d8cb58f3012e4a0249431dd06371b6912d8c83379
fe490520db47ae2f5224af30b3cb4f60a508e4e84a66a25ab97b558f2e8bc31b

bfa.herodamage.com Open in urlscan Pro 2606:4700:20::681a:e4e Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

201 Requests

93 %HTTPS

55 %IPv6

34 Domains

49 Subdomains

35 IPs

9 Countries

2231 kBTransfer

6884 kBSize

32 Cookies

6 Outgoing links

Page URL History

Redirected requests

201 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 20 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

bfa.herodamage.com Open in urlscan Pro
2606:4700:20::681a:e4e Public Scan

Screenshot
Live screenshot

Full Image

201
Requests

93 %
HTTPS

55 %
IPv6

34
Domains

49
Subdomains

35
IPs

9
Countries

2231 kB
Transfer

6884 kB
Size

32
Cookies

201 HTTP transactions
20 data transactions