winzoro.net Open in urlscan Pro
194.67.68.223 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://winzoro.net/
Effective URL:
https://winzoro.net/
Submission: On November 28 via api (November 28th 2023, 3:09:52 pm UTC) from US — Scanned from DE

Summary HTTP 268 Redirects Links 6 Behaviour Indicators

Summary

This website contacted 44 IPs in 10 countries across 33 domains to perform 268 HTTP transactions. The main IP is 194.67.68.223, located in Russian Federation and belongs to AS-REG, RU. The main domain is winzoro.net.
TLS certificate: Issued by R3 on October 12th 2023. Valid for: 3 months.

This is the only time winzoro.net was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 33	194.67.68.223 194.67.68.223	197695 (AS-REG) (AS-REG)
6	2a00:1450:400... 2a00:1450:4001:827::200a	15169 (GOOGLE) (GOOGLE)
4	2606:4700:e2:... 2606:4700:e2::ac40:8d0d	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	2a02:6b8:a::a 2a02:6b8:a::a	208722 (GLOBAL_DC) (GLOBAL_DC)
37	2a00:1450:400... 2a00:1450:4001:806::2002	15169 (GOOGLE) (GOOGLE)
1	185.177.94.152 185.177.94.152	39572 (ADVANCEDH...) (ADVANCEDHOSTERS-AS)
6	2a00:1450:400... 2a00:1450:4001:827::2003	15169 (GOOGLE) (GOOGLE)
4 14	2a02:6b8::1:119 2a02:6b8::1:119	208722 (GLOBAL_DC) (GLOBAL_DC)
1 2	88.212.201.198 88.212.201.198	39134 (UNITEDNET) (UNITEDNET)
19	2a00:1450:400... 2a00:1450:4001:827::2002	15169 (GOOGLE) (GOOGLE)
8	2a02:6b8:20::215 2a02:6b8:20::215	208722 (GLOBAL_DC) (GLOBAL_DC)
23	2a00:1450:400... 2a00:1450:4001:800::2001	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:830::2003	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:813::2004	15169 (GOOGLE) (GOOGLE)
9 16	142.250.184.226 142.250.184.226	15169 (GOOGLE) (GOOGLE)
6 12	104.18.36.155 104.18.36.155	13335 (CLOUDFLAR...) (CLOUDFLARENET)
7 10	37.252.173.215 37.252.173.215	29990 (ASN-APPNEX) (ASN-APPNEX)
1	2a02:2638:3::12 2a02:2638:3::12	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
3 9	142.250.186.166 142.250.186.166	15169 (GOOGLE) (GOOGLE)
12	138.201.84.244 138.201.84.244	24940 (HETZNER-AS) (HETZNER-AS)
1	2620:116:800d... 2620:116:800d:21:de2e:c7b3:55c0:d5a0	16509 (AMAZON-02) (AMAZON-02)
1	35.71.131.137 35.71.131.137	16509 (AMAZON-02) (AMAZON-02)
1 1	85.114.159.93 85.114.159.93	24961 (MYLOC-AS ...) (MYLOC-AS IP Backbone of myLoc managed IT AG)
1	18.197.5.251 18.197.5.251	16509 (AMAZON-02) (AMAZON-02)
1 1	2a05:d018:d29... 2a05:d018:d29:3601:4b10:b0d1:bea:379d	16509 (AMAZON-02) (AMAZON-02)
1	178.250.1.9 178.250.1.9	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
2 2	37.157.6.237 37.157.6.237	198622 (ADFORM) (ADFORM)
1	2a02:2638:d::c 2a02:2638:d::c	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
9	2a02:2638:3::3 2a02:2638:3::3	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1	178.250.1.6 178.250.1.6	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1	2606:4700::68... 2606:4700::6811:190e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 5	176.9.26.250 176.9.26.250	24940 (HETZNER-AS) (HETZNER-AS)
1 5	144.76.238.55 144.76.238.55	24940 (HETZNER-AS) (HETZNER-AS)
1 5	138.201.63.150 138.201.63.150	24940 (HETZNER-AS) (HETZNER-AS)
8	2a02:2638:3::10 2a02:2638:3::10	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
2	2a02:2638:3::1a 2a02:2638:3::1a	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
5 8	145.239.193.130 145.239.193.130	16276 (OVH) (OVH)
5	88.198.250.30 88.198.250.30	24940 (HETZNER-AS) (HETZNER-AS)
3	2a0b:4d07:101::1 2a0b:4d07:101::1	44239 (PROINITY ...) (PROINITY PROINITY)
3	23.192.250.178 23.192.250.178	16625 (AKAMAI-AS) (AKAMAI-AS)
3	18.130.109.49 18.130.109.49	16509 (AMAZON-02) (AMAZON-02)
1 1	94.23.99.218 94.23.99.218	16276 (OVH) (OVH)
7	2a00:1450:400... 2a00:1450:4001:82b::2008	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:82f::2002	15169 (GOOGLE) (GOOGLE)
3	18.66.147.98 18.66.147.98	16509 (AMAZON-02) (AMAZON-02)
3	99.86.4.52 99.86.4.52	16509 (AMAZON-02) (AMAZON-02)
6	18.134.20.61 18.134.20.61	16509 (AMAZON-02) (AMAZON-02)
268	44

33 194.67.68.223 (Russian Federation) 1 redirects

ASN197695 (AS-REG, RU)
PTR: 194-67-68-223.cloudvps.regruhosting.ru

winzoro.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:4001:827::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2606:4700:e2::ac40:8d0d (United States)

ASN13335 (CLOUDFLARENET, US)

use.fontawesome.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a02:6b8:a::a (Moscow, Russian Federation)

ASN208722 (GLOBAL_DC, FI)

yandex.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

37 2a00:1450:4001:806::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.177.94.152 (Amsterdam, Netherlands)

ASN39572 (ADVANCEDHOSTERS-AS, NL)
PTR: ip-185-177-94-152.ah-server.com

broluckycode.site	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:4001:827::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 2a02:6b8::1:119 (Moscow, Russian Federation) 4 redirects

ASN208722 (GLOBAL_DC, FI)

mc.yandex.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
mc.yandex.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 88.212.201.198 (Russian Federation) 1 redirects

ASN39134 (UNITEDNET, RU)
PTR: host198.rax.ru

counter.yadro.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

19 2a00:1450:4001:827::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2a02:6b8:20::215 (Moscow, Russian Federation)

ASN208722 (GLOBAL_DC, FI)

yastatic.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

23 2a00:1450:4001:800::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:830::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:813::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

16 142.250.184.226 (United States) 9 redirects

ASN15169 (GOOGLE, US)
PTR: fra24s12-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 104.18.36.155 (None, ) 6 redirects

ASN13335 (CLOUDFLARENET, US)

dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 37.252.173.215 (Frankfurt am Main, Germany) 7 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 867.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:2638:3::12 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

ads.eu.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 142.250.186.166 (United States) 3 redirects

ASN15169 (GOOGLE, US)
PTR: fra24s08-in-f6.1e100.net

ad.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
5994599.fls.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 138.201.84.244 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.244.84.201.138.clients.your-server.de

hal9000.redintelligence.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:116:800d:21:de2e:c7b3:55c0:d5a0 (United States)

ASN16509 (AMAZON-02, US)

cms.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.71.131.137 (United States)

ASN16509 (AMAZON-02, US)
PTR: a6370ebea231e0c9a.awsglobalaccelerator.com

match.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 85.114.159.93 (Loerrach, Germany) 1 redirects

ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE)
PTR: dsp.adfarm1.adition.com

dsp.adfarm1.adition.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.197.5.251 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-197-5-251.eu-central-1.compute.amazonaws.com

x.bidswitch.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a05:d018:d29:3601:4b10:b0d1:bea:379d (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)

pr-bh.ybp.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 178.250.1.9 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

dis.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 37.157.6.237 (Denmark) 2 redirects

ASN198622 (ADFORM, DK)

c1.adform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:2638:d::c (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

rtb.fr3.eu.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2a02:2638:3::3 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

static.criteo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 178.250.1.6 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

cat.nl3.eu.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:190e (United States)

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 176.9.26.250 (Berlin, Germany) 1 redirects

ASN24940 (HETZNER-AS, DE)
PTR: static.250.26.9.176.clients.your-server.de

hal900014.redintelligence.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 144.76.238.55 (Nuremberg, Germany) 1 redirects

ASN24940 (HETZNER-AS, DE)
PTR: static.55.238.76.144.clients.your-server.de

hal900021.redintelligence.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 138.201.63.150 (Germany) 1 redirects

ASN24940 (HETZNER-AS, DE)
PTR: static.150.63.201.138.clients.your-server.de

hal90008.redintelligence.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2a02:2638:3::10 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

imageproxy.eu.criteo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:2638:3::1a (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

csm.eu.criteo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 145.239.193.130 (France) 5 redirects

ASN16276 (OVH, FR)

pv.medialead.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 88.198.250.30 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.88-198-250-30.clients.your-server.de

pb.media01.eu	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a0b:4d07:101::1 (Switzerland)

ASN44239 (PROINITY PROINITY, CH)

adv.office-partner.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 23.192.250.178 (Düsseldorf, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-192-250-178.deploy.static.akamaitechnologies.com

www.awin1.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 18.130.109.49 (London, United Kingdom)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-130-109-49.eu-west-2.compute.amazonaws.com

track.webgains.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 94.23.99.218 (France) 1 redirects

ASN16276 (OVH, FR)
PTR: ip218.ip-94-23-99.eu

medialead.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a00:1450:4001:82b::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:82f::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 18.66.147.98 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-147-98.fra60.r.cloudfront.net

analytics.webgains.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 99.86.4.52 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-99-86-4-52.fra6.r.cloudfront.net

cdn.track.production.webgains.team	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 18.134.20.61 (London, United Kingdom)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-134-20-61.eu-west-2.compute.amazonaws.com

api.webgains.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
60	googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 97 tpc.googlesyndication.com — Cisco Umbrella Rank: 149	586 KB
39	doubleclick.net 12 redirects googleads.g.doubleclick.net — Cisco Umbrella Rank: 33 cm.g.doubleclick.net — Cisco Umbrella Rank: 245 ad.doubleclick.net — Cisco Umbrella Rank: 154 5994599.fls.doubleclick.net — Cisco Umbrella Rank: 154836	156 KB
33	winzoro.net 1 redirects winzoro.net	2 MB
27	redintelligence.net 3 redirects hal9000.redintelligence.net — Cisco Umbrella Rank: 38186 hal900014.redintelligence.net — Cisco Umbrella Rank: 286354 hal900021.redintelligence.net — Cisco Umbrella Rank: 239187 hal90008.redintelligence.net — Cisco Umbrella Rank: 263856	218 KB
19	criteo.net static.criteo.net — Cisco Umbrella Rank: 668 imageproxy.eu.criteo.net — Cisco Umbrella Rank: 10986 csm.eu.criteo.net — Cisco Umbrella Rank: 10557	396 KB
12	casalemedia.com 6 redirects dsum-sec.casalemedia.com — Cisco Umbrella Rank: 625	7 KB
12	yandex.com 3 redirects mc.yandex.com — Cisco Umbrella Rank: 8755	5 KB
10	adnxs.com 7 redirects ib.adnxs.com — Cisco Umbrella Rank: 246	8 KB
9	webgains.io analytics.webgains.io — Cisco Umbrella Rank: 30616 api.webgains.io — Cisco Umbrella Rank: 91573	57 KB
9	medialead.de 6 redirects pv.medialead.de — Cisco Umbrella Rank: 44040 medialead.de — Cisco Umbrella Rank: 43761	6 KB
9	gstatic.com fonts.gstatic.com www.gstatic.com	135 KB
8	yastatic.net yastatic.net — Cisco Umbrella Rank: 6894	214 KB
7	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 35	463 KB
6	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 31	4 KB
5	media01.eu pb.media01.eu — Cisco Umbrella Rank: 74479	1 KB
5	google.com www.google.com — Cisco Umbrella Rank: 2 adservice.google.com — Cisco Umbrella Rank: 105	2 KB
5	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 212	319 KB
5	yandex.ru 1 redirects yandex.ru — Cisco Umbrella Rank: 2158 mc.yandex.ru — Cisco Umbrella Rank: 4034	164 KB
4	criteo.com ads.eu.criteo.com — Cisco Umbrella Rank: 10450 dis.criteo.com — Cisco Umbrella Rank: 597 rtb.fr3.eu.criteo.com — Cisco Umbrella Rank: 17732 cat.nl3.eu.criteo.com — Cisco Umbrella Rank: 11552	55 KB
4	fontawesome.com use.fontawesome.com — Cisco Umbrella Rank: 1002	150 KB
3	webgains.team cdn.track.production.webgains.team — Cisco Umbrella Rank: 107304	9 KB
3	webgains.com track.webgains.com — Cisco Umbrella Rank: 62639	6 KB
3	awin1.com www.awin1.com — Cisco Umbrella Rank: 18131	2 KB
3	office-partner.de adv.office-partner.de — Cisco Umbrella Rank: 217997	3 KB
2	adform.net 2 redirects c1.adform.net — Cisco Umbrella Rank: 599	1 KB
2	yadro.ru 1 redirects counter.yadro.ru — Cisco Umbrella Rank: 11595	1 KB
1	cloudflare.com cdnjs.cloudflare.com — Cisco Umbrella Rank: 223	5 KB
1	yahoo.com 1 redirects pr-bh.ybp.yahoo.com — Cisco Umbrella Rank: 492	716 B
1	bidswitch.net x.bidswitch.net — Cisco Umbrella Rank: 351	146 B
1	adition.com 1 redirects dsp.adfarm1.adition.com — Cisco Umbrella Rank: 1533	586 B
1	adsrvr.org match.adsrvr.org — Cisco Umbrella Rank: 353	149 B
1	quantserve.com cms.quantserve.com — Cisco Umbrella Rank: 764	464 B
1	broluckycode.site broluckycode.site	320 B
268	33

	Domain	Requested by
37	pagead2.googlesyndication.com	winzoro.net pagead2.googlesyndication.com tpc.googlesyndication.com googleads.g.doubleclick.net www.googletagservices.com
33	winzoro.net	1 redirects winzoro.net
23	tpc.googlesyndication.com	pagead2.googlesyndication.com winzoro.net googleads.g.doubleclick.net tpc.googlesyndication.com
16	cm.g.doubleclick.net	9 redirects googleads.g.doubleclick.net
14	googleads.g.doubleclick.net	pagead2.googlesyndication.com winzoro.net googleads.g.doubleclick.net
12	hal9000.redintelligence.net	googleads.g.doubleclick.net hal900021.redintelligence.net hal90008.redintelligence.net hal900014.redintelligence.net
12	dsum-sec.casalemedia.com	6 redirects googleads.g.doubleclick.net
12	mc.yandex.com	3 redirects winzoro.net mc.yandex.ru
10	ib.adnxs.com	7 redirects googleads.g.doubleclick.net
9	static.criteo.net	ads.eu.criteo.com
8	pv.medialead.de	5 redirects hal900014.redintelligence.net googleads.g.doubleclick.net hal90008.redintelligence.net
8	imageproxy.eu.criteo.net	ads.eu.criteo.com
8	yastatic.net	yandex.ru
7	www.googletagmanager.com	adv.office-partner.de www.googletagmanager.com googleads.g.doubleclick.net
6	api.webgains.io	analytics.webgains.io
6	5994599.fls.doubleclick.net	3 redirects winzoro.net googleads.g.doubleclick.net
6	fonts.gstatic.com	fonts.googleapis.com
6	fonts.googleapis.com	winzoro.net googleads.g.doubleclick.net hal900021.redintelligence.net hal90008.redintelligence.net hal900014.redintelligence.net
5	pb.media01.eu	hal900014.redintelligence.net googleads.g.doubleclick.net hal900021.redintelligence.net hal90008.redintelligence.net
5	hal90008.redintelligence.net	1 redirects googleads.g.doubleclick.net hal90008.redintelligence.net
5	hal900021.redintelligence.net	1 redirects googleads.g.doubleclick.net hal900021.redintelligence.net
5	hal900014.redintelligence.net	1 redirects googleads.g.doubleclick.net hal900014.redintelligence.net
5	www.googletagservices.com	winzoro.net googleads.g.doubleclick.net
4	use.fontawesome.com	winzoro.net use.fontawesome.com
3	cdn.track.production.webgains.team	googleads.g.doubleclick.net
3	analytics.webgains.io	track.webgains.com
3	adservice.google.com	5994599.fls.doubleclick.net
3	track.webgains.com	winzoro.net googleads.g.doubleclick.net
3	www.awin1.com	hal900014.redintelligence.net googleads.g.doubleclick.net hal90008.redintelligence.net
3	adv.office-partner.de	hal900014.redintelligence.net hal900021.redintelligence.net hal90008.redintelligence.net
3	ad.doubleclick.net	googleads.g.doubleclick.net
3	www.gstatic.com	winzoro.net googleads.g.doubleclick.net
3	yandex.ru	winzoro.net yandex.ru
2	csm.eu.criteo.net	ads.eu.criteo.com
2	c1.adform.net	2 redirects
2	www.google.com	tpc.googlesyndication.com googleads.g.doubleclick.net
2	counter.yadro.ru	1 redirects winzoro.net
2	mc.yandex.ru	1 redirects winzoro.net
1	medialead.de	1 redirects
1	cdnjs.cloudflare.com	ads.eu.criteo.com
1	cat.nl3.eu.criteo.com	ads.eu.criteo.com
1	rtb.fr3.eu.criteo.com	googleads.g.doubleclick.net
1	dis.criteo.com	googleads.g.doubleclick.net
1	pr-bh.ybp.yahoo.com	1 redirects
1	x.bidswitch.net	googleads.g.doubleclick.net
1	dsp.adfarm1.adition.com	1 redirects
1	match.adsrvr.org	googleads.g.doubleclick.net
1	cms.quantserve.com	googleads.g.doubleclick.net
1	ads.eu.criteo.com	googleads.g.doubleclick.net
1	broluckycode.site	winzoro.net
268	50

This site contains links to these domains. Also see Links.

Domain
oauth.vk.com
www.facebook.com
www.liveinternet.ru
vk.com
vsthemes.org
7themes.su

Subject Issuer	Validity	Valid
winzoro.net R3	`2023-10-12` - `2024-01-10`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2023-10-23` - `2024-01-15`	3 months	crt.sh
use.fontawesome.com Cloudflare Inc ECC CA-3	`2023-10-12` - `2024-10-10`	a year	crt.sh
*.xn--d1acpjx3f.xn--p1ai GlobalSign ECC OV SSL CA 2018	`2023-06-21` - `2023-12-19`	6 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2023-10-23` - `2024-01-15`	3 months	crt.sh
0.broforyou.me R3	`2023-11-01` - `2024-01-30`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2023-10-23` - `2024-01-15`	3 months	crt.sh
mc.yandex.ru GlobalSign ECC OV SSL CA 2018	`2023-08-14` - `2024-01-24`	5 months	crt.sh
*.yastatic-net.ru GlobalSign ECC OV SSL CA 2018	`2023-07-10` - `2024-01-07`	6 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2023-10-23` - `2024-01-15`	3 months	crt.sh
www.google.com GTS CA 1C3	`2023-10-23` - `2024-01-15`	3 months	crt.sh
*.eu.criteo.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-09-29` - `2023-12-23`	3 months	crt.sh
*.doubleclick.net GTS CA 1C3	`2023-10-23` - `2024-01-15`	3 months	crt.sh
redintelligence.net R3	`2023-10-10` - `2024-01-08`	3 months	crt.sh
quantserve.com R3	`2023-10-28` - `2024-01-26`	3 months	crt.sh
*.adsrvr.org GlobalSign GCC R3 DV TLS CA 2020	`2023-04-12` - `2024-05-13`	a year	crt.sh
*.bidswitch.net Sectigo RSA Domain Validation Secure Server CA	`2023-03-23` - `2024-03-23`	a year	crt.sh
*.criteo.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-09-26` - `2023-12-23`	3 months	crt.sh
*.fr3.eu.criteo.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-10-07` - `2023-12-30`	3 months	crt.sh
*.criteo.net DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-10-09` - `2024-01-06`	3 months	crt.sh
*.nl3.eu.criteo.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-09-30` - `2023-12-25`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2023-07-03` - `2024-07-02`	a year	crt.sh
*.eu.criteo.net DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-10-17` - `2024-01-18`	3 months	crt.sh
*.media01.eu RapidSSL TLS RSA CA G1	`2023-05-16` - `2024-05-15`	a year	crt.sh
adv.office-partner.de R3	`2023-10-28` - `2024-01-26`	3 months	crt.sh
pv.medialead.de R3	`2023-10-12` - `2024-01-10`	3 months	crt.sh
www.awin1.com DigiCert TLS RSA SHA256 2020 CA1	`2023-03-10` - `2024-03-09`	a year	crt.sh
*.webgains.com Amazon RSA 2048 M01	`2023-05-15` - `2024-06-13`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2023-10-23` - `2024-01-15`	3 months	crt.sh
*.google.com GTS CA 1C3	`2023-10-23` - `2024-01-15`	3 months	crt.sh
*.webgains.io Amazon RSA 2048 M01	`2023-07-24` - `2024-08-22`	a year	crt.sh
cdn.track.production.webgains.team Amazon RSA 2048 M03	`2023-08-30` - `2024-09-27`	a year	crt.sh

This page contains 36 frames:

Primary Page: https://winzoro.net/
Frame ID: 2542309BB5BEF5242E78D77D40549710
Requests: 69 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20190131/zrt_lookup_nohtml_fy2021.html?hello=world
Frame ID: 80605E026211917FB7B32938A720658D
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4379353840599633&output=html&adk=1812271804&adf=3025194257&lmt=1701184184&plat=2%3A16777216%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&plas=188x810_l%7C188x810_r&format=0x0&url=https%3A%2F%2Fwinzoro.net%2F&ea=0&pra=5&wgl=1&easpi=0&asro=0&asiscm=1&aslmt=0.4&asamt=-1&asedf=0&asefa=1&aseiel=1~2&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1701184184647&bpp=3&bdt=235&idt=286&shv=r20231109&mjsv=m202311140101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=575793446681&frm=20&pv=2&ga_vid=1577247992.1701184185&ga_sid=1701184185&ga_hid=624964592&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44809005%2C31078297%2C31079756%2C44807763%2C44808148%2C44808285%2C44809053%2C44809072%2C318512602&oid=2&pvsid=3572195228664700&tmod=761175717&uas=0&nvt=1&fsapi=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=1&uci=a!1&fsb=1&dtd=314
Frame ID: BAF8F2B56E5BDA57BAFB76E3F24D5D5B
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4379353840599633&output=html&h=280&adk=281093907&adf=495251238&pi=t.aa~a.3502614405~i.2~rp.1&w=960&fwrn=4&fwrnh=100&lmt=1701184185&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=7633074340&ad_type=text_image&format=960x280&url=https%3A%2F%2Fwinzoro.net%2F&ea=0&fwr=0&pra=3&rh=200&rw=960&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1701184185611&bpp=3&bdt=1199&idt=3&shv=r20231109&mjsv=m202311140101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=2&correlator=575793446681&frm=20&pv=1&ga_vid=1577247992.1701184185&ga_sid=1701184185&ga_hid=624964592&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=440&ady=2294&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44809005%2C31078297%2C31079756%2C44807763%2C44808148%2C44808285%2C44809053%2C44809072%2C318512602&oid=2&pvsid=3572195228664700&tmod=761175717&uas=0&nvt=1&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&btvi=1&fsb=1&dtd=7
Frame ID: 93360DC5722FB84C11A673FF346BA570
Requests: 8 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_nohtml_fy2021.html?hello=world&fsb=1
Frame ID: 73C09C33552AFDB6C2C2DFDA56E7E7CF
Requests: 6 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_nohtml_fy2021.html?hello=world&fsb=1
Frame ID: B82E2F2C399AC75905457D8D62E26F08
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_nohtml_fy2021.html?hello=world&fsb=1
Frame ID: 67BBBAC8E59FEA667F611023E3684A0D
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_nohtml_fy2021.html?hello=world&fsb=1
Frame ID: 73B6452CA92D06B22E09E97BBE157DBC
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4379353840599633&output=html&h=280&adk=281093907&adf=495251238&pi=t.aa~a.3502614405~i.2~rp.1&w=960&fwrn=4&fwrnh=100&lmt=1701184185&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=7633074340&ad_type=text_image&format=960x280&url=https%3A%2F%2Fwinzoro.net%2F&ea=0&fwr=0&pra=3&rh=200&rw=960&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1701184185611&bpp=3&bdt=1199&idt=3&shv=r20231109&mjsv=m202311140101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=2&correlator=575793446681&frm=20&pv=1&ga_vid=1577247992.1701184185&ga_sid=1701184185&ga_hid=624964592&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=440&ady=2294&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44809005%2C31078297%2C31079756%2C44807763%2C44808148%2C44808285%2C44809053%2C44809072%2C318512602&oid=2&pvsid=3572195228664700&tmod=761175717&uas=0&nvt=1&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&btvi=1&fsb=1&dtd=7
Frame ID: E5B984F3BB7B390E648633A3331BDC99
Requests: 1 HTTP requests in this frame

Frame: https://fonts.googleapis.com/css?family=Roboto%3A300%2C400%2C700
Frame ID: 094C87E8C80FBF0C9E6DA3991366A0D9
Requests: 7 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxjT7bvGATAB&v=APEucNUKt5HzesRxutZPjV4KjBeQopK6VTkbHSDHTfBKzCc7b6u3vHadshNo9aMt6lQrDEPP6hQqQcPnFvVZ8JxHTYLRByk0lBPtz7F_F8my8YRkwkEaH8_voGbgSUqZjT9JSm7XgQ11m9MKXvQqci0uoD9IOObB-RpmSY0yi-a6lams-U74SWc
Frame ID: 23EBCC38E24B44435A5B20DFB9E2BA64
Requests: 5 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/js/dv3.js
Frame ID: 561E10BA00858066944FD459F5B4B904
Requests: 22 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxjT7bvGATAB&v=APEucNWlAbLgouVIVSvkmpg8asl_26hBcR_8D9sVx53CPGUE6WCGB0kDD8AKDEDJL107UMbANqzo-XOWT0GzjrEYO48FmkewtUFWIeJemWQYhKwT76glIOxh_CiQQUA2mDuTB78QEz90B-56fLBGYANrhbSIqzxn0K6EaR-SyME2FwXbdaxSDfc
Frame ID: BF23F40310F770E6D8F373BAAF4BD405
Requests: 5 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/js/dv3.js
Frame ID: 6F955C092CC9C6C551B781EFF81E5ABC
Requests: 23 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxj-rbvGATAB&v=APEucNWfwGEBqz5OkG941nQyYC2sznB-WzjZkB9zMSA67ga5j3OyOXbfj3AJpS1iW2ta6DPFEAmABbiruvhfYGIcwThVEvAlXMyrhrgCrPFa5YETbZ1RpiVbj8ghTnKB8y-2Q8pN9rOPKbKQoWc2YP04dO1DvDL9TbjcHc02Ku5M47x_uH-9294
Frame ID: 29C3BA221D56E5F82DC277C8A954E0B8
Requests: 5 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/js/dv3.js
Frame ID: ED07D68EEEA028CB5919054132262C3E
Requests: 23 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 792BF52FFA1CC89AF9DEA1EA260018D7
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: B964D4A771CBA02219AA3982D3C95AA0
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/Yf5BzeG23wDzTlqXlXQekm6IYbjoDTlv95nUi6zaUwA.js
Frame ID: 3A2E790FCBC9563ABD4B32A56460459A
Requests: 1 HTTP requests in this frame

Frame: https://ads.eu.criteo.com/delivery/r/afr.php?z=ZWYCuQAKEaUDog43AAUgWprp-_IjW0YtOGVvgg&u=%7CaEyhkWsxNkyB7TcWkfS%2BwTFDkCLD5wQ5Km2T4QInU1M%3D%7C&c1=0n2XosTo5ckbeNFvq0zVIcsyhyT3WKD0PIixkNz--ZUG2JILUkurhSkBmqMNl2IWHL9APLQJ6z1MiR3q3hC861LGUQJ6oiMmdgvDfbq_QsY80a5vG587ggvq0MgrkNquaOmQj0A5QSwY4hoARDSqAESCwPhposuw2JMD9J5qoFsOjn8YjC9Eh0kNSZTQ-FFLQ09iDDS_mRfbIVrpe_9ALuALuPRBgKS5IpkSR_2W_pDnyVg15iLPj7mhj_mhMfsFzfQl6R4pCqZH7xcVIo--nd5tJBJc9ONE_lYxKvSkDjU05RyMOwgQjTrMZJjGn9M57HLhelGHqLDVIeWz_PEsntxHgNFU-qObtabLqHY0VkcUHZGbC2aSoC4AhLp-Spder7U3YWKIvvkNMgNvPpJacvOqa-QkAUNYVfW5yrAaHnJaaTqv9Ut5xAl22kVcflIBFIuUvMYrPxNcxaONRgOKJMiB4RsatHRGdH_SX-z5ij7LJ8Ja8I-YStpR_FTR59RFoJdROBy9Sd5r0bnmdpeklPsa8X1RoRc4UGpd2rHlFCiR-BtpdYIUEZSdrH0s1IqFdEl3EQQ3S6OZzlnU-uqOk5Ev7J6mc2VnGsiHP7dfq7F-Tnf85wjQs53Y-58oDOtVuYSMdcgZZ7ERR6kXvfqlwg&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCKePPuQJmZaWjKLeciM0P2sCU6AzJntKxXPXalvdwwI23ARABIABglfrwgYwHggEXY2EtcHViLTQzNzkzNTM4NDA1OTk2MzPIAQmpAtTCo7LyXrI-qAMByAMCqgS5AU_QBccK0ts-0oKdKDsYBvFeNiMInDCvE-yMG7Q8vQfVOjSm3iwPW1TGYkD5trfZEsjyRz-qJAFR7aWBlCZUq3diyGNw5uOxXI-vW5lzL-lq61RxLXSgmM-eiWk2XGiq3eY1MBr3lQqKWpI7h-rHR0eDbN-_l-74AMRYZ7A4ZyDcOCYyWAsmwmQRd6FRm2pb8DfGIg_D4vyoIjZ0S5c_MfO7Ooq4C_7u3xmPno9smx4fZ4aCufV4T1hxgAbcioG9gIPG97YBoAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIFAiA4YAQEAEyAqoCOgKAQEi9_cE6-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_1T8rvXO3XHPzaS3m3HjZiHWhECSQ%26client%3Dca-pub-4379353840599633%26adurl%3D
Frame ID: 226EFB05AF379916F876671D692C3C02
Requests: 22 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: E334950A22E2B9D26AC99BAD656A831B
Requests: 9 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/62bHydCX.html
Frame ID: 305226A06043731EAFC58E9B9ACDD4BC
Requests: 3 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/62bHydCX.html
Frame ID: 12A4FECD2ADA598DBA55218C5F369DD5
Requests: 3 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/62bHydCX.html
Frame ID: F5F302AF3E82C30F38651525FF71C6FF
Requests: 3 HTTP requests in this frame

Frame: https://pb.media01.eu/view.aspx?trackid=529D4F146E3238B0FD87AE72E1190AD4&dt_subid1=52180&dt_subid2=68041300110481104444550012522014&actionid=879111&produktid=ratenkredit&dt_url=
Frame ID: 91C98EE96513BFBBC06B6AE720AC6B42
Requests: 1 HTTP requests in this frame

Frame: https://adv.office-partner.de/?utm_source=webgains&utm_campaign=webgains
Frame ID: E6C529CB365B07389CD063C4156B0F9A
Requests: 4 HTTP requests in this frame

Frame: https://pb.media01.eu/view.aspx?trackid=529D4F146E3238B0FD87AE72E1190AD4&dt_subid1=52180&dt_subid2=43386400105630004444556012522021&actionid=879111&produktid=ratenkredit&dt_url=
Frame ID: CBBA196EE9898016B9395E31771A5474
Requests: 1 HTTP requests in this frame

Frame: https://adv.office-partner.de/?utm_source=webgains&utm_campaign=webgains
Frame ID: A57AA651F4FC8DE73D9F250EA3C65AF7
Requests: 3 HTTP requests in this frame

Frame: https://5994599.fls.doubleclick.net/activityi;dc_pre=CImwk_n85oIDFXzVOwIdTr0CEw;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=1810338386504.3154
Frame ID: B141DE95A0BAC9B3F95AE9E579F2FEE5
Requests: 2 HTTP requests in this frame

Frame: https://hal900021.redintelligence.net/request_content.php?s=43386400105630004444556012522021&a=e746b33f
Frame ID: 09829187B366B03080D130915D882D77
Requests: 9 HTTP requests in this frame

Frame: https://pb.media01.eu/view.aspx?trackid=529D4F146E3238B0FD87AE72E1190AD4&dt_subid1=52180&dt_subid2=36625300121049404444556012522008&actionid=879111&produktid=ratenkredit&dt_url=
Frame ID: 211E76F4F9C5545F676EA279D82F319F
Requests: 1 HTTP requests in this frame

Frame: https://adv.office-partner.de/?utm_source=webgains&utm_campaign=webgains
Frame ID: 903D644F324C09450E8E48F36AD308EB
Requests: 3 HTTP requests in this frame

Frame: https://5994599.fls.doubleclick.net/activityi;dc_pre=CPekrvn85oIDFQLaOwId_T0NhQ;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=4140058036090.002
Frame ID: EBA1B9670F3A398B48796C64FEFF3574
Requests: 2 HTTP requests in this frame

Frame: https://hal90008.redintelligence.net/request_content.php?s=36625300121049404444556012522008&a=212165bc
Frame ID: 722BC3C38279A82FE5E56FEC6CE6C75C
Requests: 9 HTTP requests in this frame

Frame: https://5994599.fls.doubleclick.net/activityi;dc_pre=CL7HsPn85oIDFYGpmgodizcGlA;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=7471630469792.987
Frame ID: 6C51F2CDB8E141D821D58E05A0B23A8C
Requests: 2 HTTP requests in this frame

Frame: https://hal900014.redintelligence.net/request_content.php?s=68041300110481104444550012522014&a=20187ac1
Frame ID: C46298DDCAB0BFABF896D7A8AFCE35CD
Requests: 7 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Оформление интерфейса рабочего стола windows 11/10/8/7/XP

Page URL History Show full URLs

http://winzoro.net/ HTTP 301
https://winzoro.net/ Page URL

Detected technologies

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

Webgains (Affiliate programs) Expand

Overall confidence: 100%
Detected patterns

analytics\.webgains\.io

Yandex.Metrika (Analytics) Expand

Overall confidence: 100%
Detected patterns

mc\.yandex\.ru/metrika/(?:tag|watch)\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

268
Requests

90 %
HTTPS

47 %
IPv6

33
Domains

50
Subdomains

44
IPs

10
Countries

4560 kB
Transfer

9197 kB
Size

43
Cookies

6 Outgoing links

These are links going to different origins than the main page.

URL: https://oauth.vk.com/authorize?client_id=3469268&redirect_uri=https%3A%2F%2Fwinzoro.net%2Findex.php%3Fdo%3Dauth-social%26provider%3Dvk&scope=offline%2Cemail&state=b19fb1c1c78e2de5744af95c66bc4775&response_type=code&v=5.90
Title: Вконтакте

Search URL Search Domain Scan URL

URL: https://www.facebook.com/dialog/oauth?client_id=405359266316555&redirect_uri=https%3A%2F%2Fwinzoro.net%2Findex.php%3Fdo%3Dauth-social%26provider%3Dfc&scope=public_profile%2Cemail&display=popup&state=b19fb1c1c78e2de5744af95c66bc4775&response_type=code
Title: Facebook

Search URL Search Domain Scan URL

URL: https://www.liveinternet.ru/click

Search URL Search Domain Scan URL

URL: https://vk.com/winzoro

Search URL Search Domain Scan URL

URL: https://vsthemes.org/
Title: VSThemes.org

Search URL Search Domain Scan URL

URL: http://7themes.su/
Title: 7themes.su

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://winzoro.net/ HTTP 301
https://winzoro.net/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 42

https://counter.yadro.ru/hit?t45.1;r;s1600*1200*24;uhttps%3A//winzoro.net/;0.6642285998837609 HTTP 302
https://counter.yadro.ru/hit?q;t45.1;r;s1600*1200*24;uhttps%3A//winzoro.net/;0.6642285998837609

Request Chain 56

https://mc.yandex.com/sync_cookie_image_check HTTP 302
https://mc.yandex.ru/sync_cookie_image_start?redirect_domain=mc.yandex.com&token=10201.twVjEA5oCoBvTQ9DKd-4cT9of69zBPtO1oVv51RIH7nEORqMuNPFnQvsX1AC_exS.eYNnSoxZuYKYRyumV5-nZIXBmH8%2C HTTP 302
https://mc.yandex.com/sync_cookie_image_decide?token=10201.vwNEFRvo8xF4S2mHXONR_6yAGf2wu6tASjrmL5Q8XnHZple3_8eCmQVSYqUE499WwKluQxSD-PMVIFqRhmdJ0gPM0rjdQVWaVomMG1K5MT4rK2SYLA4qmN08QSIiWe9iXUR3LzXmyIML1-fNi3Q1DNad2OeSpJXGJ9v4i4l6gj-ybaWQXnEcpYoSdPK3tPfOHNx26Xk3mTWccXXRdxZXJ-9eeWpDWCKyTBNgKi27ilw%2C.jGwX26FVw6Fn01Lnx5RsVlHp3kI%2C

Request Chain 58

https://mc.yandex.com/watch/294956?wmode=7&page-url=https%3A%2F%2Fwinzoro.net%2F&nohit=1&charset=utf-8&cnt-class=1&uah=chm%0A%3F0&browser-info=pv%3A1%3Avf%3A3akmpckrufnt9afj6lckkvrv%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A1170%3Acn%3A2%3Adp%3A1%3Als%3A748019000995%3Ahid%3A534226000%3Az%3A60%3Ai%3A20231128160945%3Aet%3A1701184185%3Ac%3A1%3Arn%3A782383970%3Au%3A1701184185575133139%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Acpf%3A1%3Ans%3A1701184183737%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1701184185%3At%3A%D0%9E%D1%84%D0%BE%D1%80%D0%BC%D0%BB%D0%B5%D0%BD%D0%B8%D0%B5%20%D0%B8%D0%BD%D1%82%D0%B5%D1%80%D1%84%D0%B5%D0%B9%D1%81%D0%B0%20%D1%80%D0%B0%D0%B1%D0%BE%D1%87%D0%B5%D0%B3%D0%BE%20%D1%81%D1%82%D0%BE%D0%BB%D0%B0%20windows%2011%2F10%2F8%2F7%2FXP&t=mc(p-1)clc(0-0-0)lt(10500)aw(1)ti(1) HTTP 302
https://mc.yandex.com/watch/294956/1?wmode=7&page-url=https%3A%2F%2Fwinzoro.net%2F&nohit=1&charset=utf-8&cnt-class=1&uah=chm%0A%3F0&browser-info=pv%3A1%3Avf%3A3akmpckrufnt9afj6lckkvrv%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A1170%3Acn%3A2%3Adp%3A1%3Als%3A748019000995%3Ahid%3A534226000%3Az%3A60%3Ai%3A20231128160945%3Aet%3A1701184185%3Ac%3A1%3Arn%3A782383970%3Au%3A1701184185575133139%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Acpf%3A1%3Ans%3A1701184183737%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1701184185%3At%3A%D0%9E%D1%84%D0%BE%D1%80%D0%BC%D0%BB%D0%B5%D0%BD%D0%B8%D0%B5%20%D0%B8%D0%BD%D1%82%D0%B5%D1%80%D1%84%D0%B5%D0%B9%D1%81%D0%B0%20%D1%80%D0%B0%D0%B1%D0%BE%D1%87%D0%B5%D0%B3%D0%BE%20%D1%81%D1%82%D0%BE%D0%BB%D0%B0%20windows%2011%2F10%2F8%2F7%2FXP&t=mc%28p-1%29clc%280-0-0%29lt%2810500%29aw%281%29ti%281%29

Request Chain 59

https://mc.yandex.com/watch/9377854?wmode=7&page-url=https%3A%2F%2Fwinzoro.net%2F&charset=utf-8&uah=chm%0A%3F0&browser-info=pv%3A1%3Avf%3A3akmpckrufnt9afj6lckkvrv%3Afp%3A852%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A1170%3Acn%3A1%3Adp%3A0%3Als%3A172014433624%3Ahid%3A534226000%3Az%3A60%3Ai%3A20231128160944%3Aet%3A1701184185%3Ac%3A1%3Arn%3A349566294%3Arqn%3A1%3Au%3A1701184185575133139%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Awv%3A2%3Ads%3A0%2C124%2C149%2C1%2C400%2C0%2C%2C321%2C9%2C%2C%2C%2C1151%3Aco%3A0%3Acpf%3A1%3Ans%3A1701184183737%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1701184185%3At%3A%D0%9E%D1%84%D0%BE%D1%80%D0%BC%D0%BB%D0%B5%D0%BD%D0%B8%D0%B5%20%D0%B8%D0%BD%D1%82%D0%B5%D1%80%D1%84%D0%B5%D0%B9%D1%81%D0%B0%20%D1%80%D0%B0%D0%B1%D0%BE%D1%87%D0%B5%D0%B3%D0%BE%20%D1%81%D1%82%D0%BE%D0%BB%D0%B0%20windows%2011%2F10%2F8%2F7%2FXP&t=gdpr(14)mc(p-1)clc(0-0-0)rqnt(1)aw(1)ti(1) HTTP 302
https://mc.yandex.com/watch/9377854/1?wmode=7&page-url=https%3A%2F%2Fwinzoro.net%2F&charset=utf-8&uah=chm%0A%3F0&browser-info=pv%3A1%3Avf%3A3akmpckrufnt9afj6lckkvrv%3Afp%3A852%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A1170%3Acn%3A1%3Adp%3A0%3Als%3A172014433624%3Ahid%3A534226000%3Az%3A60%3Ai%3A20231128160944%3Aet%3A1701184185%3Ac%3A1%3Arn%3A349566294%3Arqn%3A1%3Au%3A1701184185575133139%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Awv%3A2%3Ads%3A0%2C124%2C149%2C1%2C400%2C0%2C%2C321%2C9%2C%2C%2C%2C1151%3Aco%3A0%3Acpf%3A1%3Ans%3A1701184183737%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1701184185%3At%3A%D0%9E%D1%84%D0%BE%D1%80%D0%BC%D0%BB%D0%B5%D0%BD%D0%B8%D0%B5%20%D0%B8%D0%BD%D1%82%D0%B5%D1%80%D1%84%D0%B5%D0%B9%D1%81%D0%B0%20%D1%80%D0%B0%D0%B1%D0%BE%D1%87%D0%B5%D0%B3%D0%BE%20%D1%81%D1%82%D0%BE%D0%BB%D0%B0%20windows%2011%2F10%2F8%2F7%2FXP&t=gdpr%2814%29mc%28p-1%29clc%280-0-0%29rqnt%281%29aw%281%29ti%281%29

Request Chain 107

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESECPqORw-JV9wMHzVmKYsUXE&google_cver=1

Request Chain 108

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZWYCuabJ0JuIVs.9sROKUQAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEPB5G88FSxaPRUG1_IfRT7Q&google_cver=1&google_hm=2

Request Chain 109

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEL-TrxWe22QXGqHTsuxmd-k&google_cver=1 HTTP 307
https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEL-TrxWe22QXGqHTsuxmd-k%26google_cver%3D1

Request Chain 110

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NDkyMjI5MTc1MDIyMjQxODc3Mg%3D%3D

Request Chain 111

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEBZzZJHRrU9htbNXkRebSho&google_cver=1

Request Chain 112

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZWYCuSNc382f5UZ9xLtAugAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEPB5G88FSxaPRUG1_IfRT7Q&google_cver=1

Request Chain 113

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEPrcKhaHER8cs3EyiWTj6MQ&google_cver=1

Request Chain 114

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MjUyMTQzMjkwNjA4OTgxMjYzMA%3D%3D

Request Chain 118

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEBZzZJHRrU9htbNXkRebSho&google_cver=1

Request Chain 119

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZWYCuVn71Hl5WK8fBnTHKgAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEPB5G88FSxaPRUG1_IfRT7Q&google_cver=1

Request Chain 120

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEPrcKhaHER8cs3EyiWTj6MQ&google_cver=1

Request Chain 121

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NDUxNzEyNDk1OTcxNDE3OTczNg%3D%3D

Request Chain 146

https://dsp.adfarm1.adition.com/cookie/?ssp=2&google_gid=CAESEIVrJEIUuU8FE_LWXm3HDBY&google_cver=1&google_push=AXcoOmSJuYoUAGX9jdnQSVjE-UQd8jbze6AB7KqJ81uWAO5PvUqUwhuZWTqTytgf5uf4wCYlC7xGfudlJUXKo-TdjRw6fgQWhFbBaA HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=NzMwNjUzMDQ0MzM1MTQyMzEyMw%3D%3D&google_push=AXcoOmSJuYoUAGX9jdnQSVjE-UQd8jbze6AB7KqJ81uWAO5PvUqUwhuZWTqTytgf5uf4wCYlC7xGfudlJUXKo-TdjRw6fgQWhFbBaA

Request Chain 148

https://pr-bh.ybp.yahoo.com/sync/adx?google_gid=CAESEKAxGehJH0CVfV4ABL9tfXY&google_cver=1&google_push=AXcoOmTekG1taTGKCe5usqIPMrZp9R_M-ghyaM-skI5cT2fCUWLefaIdVyO7SCY-rUkTpOoWW383QHsT8LYSeY0utH2HNSy6KZtGNQ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AXcoOmTekG1taTGKCe5usqIPMrZp9R_M-ghyaM-skI5cT2fCUWLefaIdVyO7SCY-rUkTpOoWW383QHsT8LYSeY0utH2HNSy6KZtGNQ&google_hm=eS1VVnIuWFdaRTJwSGQwVUFURmFIZTFPSERMNWY0VDVTRX5B

Request Chain 150

https://c1.adform.net/serving/cookie/match/?party=1&google_gid=CAESEOMLUMQL_fGGZ4KEl9FpISk&google_cver=1&google_push=AXcoOmS5NEmgIC5a0W1eiHsjE8RU5RnrOossek99Z51gy9YSI6DTn7sw2IrZpFU1yfQEKoRgE8Aq5HwPTy-lWLJVTDwgjlUgDLi1bA HTTP 302
https://c1.adform.net/serving/cookie/match/?CC=1&party=1&google_gid=CAESEOMLUMQL_fGGZ4KEl9FpISk&google_cver=1&google_push=AXcoOmS5NEmgIC5a0W1eiHsjE8RU5RnrOossek99Z51gy9YSI6DTn7sw2IrZpFU1yfQEKoRgE8Aq5HwPTy-lWLJVTDwgjlUgDLi1bA HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=ODMwNDg5MjcyMTczNTUzODc5OQ&google_push=AXcoOmS5NEmgIC5a0W1eiHsjE8RU5RnrOossek99Z51gy9YSI6DTn7sw2IrZpFU1yfQEKoRgE8Aq5HwPTy-lWLJVTDwgjlUgDLi1bA

Request Chain 167

https://hal900014.redintelligence.net/request.php?zone=g72h7lz2c4az&nw=20&renderingType=javascript&namespace=9f7375be84&subid=&uid=6bb70c5d9c2a7028&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCdfeSuQJmZbRctpuIzQ_HnK-QBqblvaBphZWcp8kP8C4QASDjkNURYJX68IGMB8gBCakCA7dZa_pfsj6oAwHIA5sEqgTbAU_QakQG_05Y1OpEMFtqpP4k0-34IAWP_USdkMN-7FWHb8L5gXopPagSOrYgF5n1qzR0f2UUrwk9UlWtF0vltLVHtVHj6YjPCzcz_irxCwHTfa4PpK40JawhvmoZ-Ziot_FhR-0K00IL4yC88VH1WlFnhQ5R1k_Y_1tc7-UhLgpsEpWd-zJPh9CGceYRJp4TNRUnJAaQBQWZ9jVtIHD0G5POgOW9JaoVA7FMaAuBLsW7Z5ivzeQDMfW6ZluVLZKvMzVIjhASrRQcRF101jC22PSh9KsBssMW83iogsAE64_8jvcD4AQDiAXvr5aIPpAGAaAGTYAHrK31nwOoB9m2sQKoB47OG6gHk9gbqAfulrECqAf-nrECqAfVyRuoB6a-G6gHmgaoB_PRG6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggfCIDhgBAQARgfMgKqAjoCgEBIvf3BOlj44Kz4_OaCA4AKAZgLAcgLAYAMAaIMGCoWChTktLEC7rWxArW4sQLktLEC7rWxAqoNAkRFsBOH77EV0BMA2BMDiBQB2BQB0BUB-BYBgBcB%26ae%3D1%26num%3D1%26cid%3DCAQSTwDICaaNxYoVwZ0MAhokayQsDWi_3xXlWWVNNCWhnPDnV8vjOTyq4IRVgKeK27hO6iR9x8L9ZyPeRAqQyxsk7NHRyhPc0uzfNGG1KaUBJccYAQ%26sig%3DAOD64_1KXZVMqe_g1TKXZteoNF5vFvCmRQ%26client%3Dca-pub-4379353840599633%26dbm_c%3DAKAmf-DNEbKhKsMdkQkH-GRIBSToWzFBV6yj57dQNQtesw994iqCJNzwLW8lF7PIM0X-YxAfFRHOHTnTQBv7Cn1ahJpMiBvcBDUgc_mG-1PepIzDlO6EXNbhvoIUDi5flbyx-L35BbBkvemxhdUivYj9-KsF9k89pWf13bAQiW1_LdeCGqD5B-4%26cry%3D1%26dbm_d%3DAKAmf-Drs6y5mpPSgTMMH5HdOkC-CJo83JPJ28kPjKOadGdv9CyrIvjzrrrP5z0m4RsG3Lg4ucAyK-WEZhJUkfUwbUxWhufacLGBaDvaTifPl65EPuIDGdWC7sqKwEkQj3bjTmYFHcGJKKVKCxXxErO2JLLirojjS6GJVvsVm-twk4IkEX8-PFaG_EAVI6zCz6HvGqEfFkyChdEU7tUMBwGWa10_qXCTLcyFD4QjHHjwD6s3jdkKQSvKtS6eai1y2STmmti-K8ThH68l3n2mxz7JK8JdKmN99kRqsREeBhsjn_J5td-eaq_iMk-Wcn3v6Q0_UE0nvsr6GVD-N1hL5IxqbdSD-CUok1hAFVvnnGCYX6SpC11xv8lPfk7yKOXx0NdqfIkh8sxa9K4DYC3wH_StjUfl9tDlVPtsN1AievylL4MBGTKcc1_1fVva9CQzCI5FvDIKdzSgS_jOM_BQkx3T6L1gy-HQ0-eoLg1mF3sdg7ep03q4Qa5YlSP1tvs46Zqvm_QB9ifOfXFqGcOQerIuE5tvjO75g4gwobZloDjhOSC-DjP4IWU%26adurl%3D&documentReferer=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fhtml%2Fr20231109%2Fr20110914%2Fzrt_lookup_nohtml_fy2021.html%3Fhello%3Dworld%26fsb%3D1%23RS-3-%26adk%3D1812271801%26client%3Dca-pub-4379353840599633%26fa%3D1%26ifi%3D6%26uci%3Da!6%26btvi%3D4&ancestorOrigins=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Chttps%3A%2F%2Fwinzoro.net&random=9249579024511&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0 HTTP 302
https://hal900014.redintelligence.net/request.php?zone=g72h7lz2c4az&nw=20&renderingType=javascript&namespace=9f7375be84&subid=&uid=6bb70c5d9c2a7028&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCdfeSuQJmZbRctpuIzQ_HnK-QBqblvaBphZWcp8kP8C4QASDjkNURYJX68IGMB8gBCakCA7dZa_pfsj6oAwHIA5sEqgTbAU_QakQG_05Y1OpEMFtqpP4k0-34IAWP_USdkMN-7FWHb8L5gXopPagSOrYgF5n1qzR0f2UUrwk9UlWtF0vltLVHtVHj6YjPCzcz_irxCwHTfa4PpK40JawhvmoZ-Ziot_FhR-0K00IL4yC88VH1WlFnhQ5R1k_Y_1tc7-UhLgpsEpWd-zJPh9CGceYRJp4TNRUnJAaQBQWZ9jVtIHD0G5POgOW9JaoVA7FMaAuBLsW7Z5ivzeQDMfW6ZluVLZKvMzVIjhASrRQcRF101jC22PSh9KsBssMW83iogsAE64_8jvcD4AQDiAXvr5aIPpAGAaAGTYAHrK31nwOoB9m2sQKoB47OG6gHk9gbqAfulrECqAf-nrECqAfVyRuoB6a-G6gHmgaoB_PRG6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggfCIDhgBAQARgfMgKqAjoCgEBIvf3BOlj44Kz4_OaCA4AKAZgLAcgLAYAMAaIMGCoWChTktLEC7rWxArW4sQLktLEC7rWxAqoNAkRFsBOH77EV0BMA2BMDiBQB2BQB0BUB-BYBgBcB%26ae%3D1%26num%3D1%26cid%3DCAQSTwDICaaNxYoVwZ0MAhokayQsDWi_3xXlWWVNNCWhnPDnV8vjOTyq4IRVgKeK27hO6iR9x8L9ZyPeRAqQyxsk7NHRyhPc0uzfNGG1KaUBJccYAQ%26sig%3DAOD64_1KXZVMqe_g1TKXZteoNF5vFvCmRQ%26client%3Dca-pub-4379353840599633%26dbm_c%3DAKAmf-DNEbKhKsMdkQkH-GRIBSToWzFBV6yj57dQNQtesw994iqCJNzwLW8lF7PIM0X-YxAfFRHOHTnTQBv7Cn1ahJpMiBvcBDUgc_mG-1PepIzDlO6EXNbhvoIUDi5flbyx-L35BbBkvemxhdUivYj9-KsF9k89pWf13bAQiW1_LdeCGqD5B-4%26cry%3D1%26dbm_d%3DAKAmf-Drs6y5mpPSgTMMH5HdOkC-CJo83JPJ28kPjKOadGdv9CyrIvjzrrrP5z0m4RsG3Lg4ucAyK-WEZhJUkfUwbUxWhufacLGBaDvaTifPl65EPuIDGdWC7sqKwEkQj3bjTmYFHcGJKKVKCxXxErO2JLLirojjS6GJVvsVm-twk4IkEX8-PFaG_EAVI6zCz6HvGqEfFkyChdEU7tUMBwGWa10_qXCTLcyFD4QjHHjwD6s3jdkKQSvKtS6eai1y2STmmti-K8ThH68l3n2mxz7JK8JdKmN99kRqsREeBhsjn_J5td-eaq_iMk-Wcn3v6Q0_UE0nvsr6GVD-N1hL5IxqbdSD-CUok1hAFVvnnGCYX6SpC11xv8lPfk7yKOXx0NdqfIkh8sxa9K4DYC3wH_StjUfl9tDlVPtsN1AievylL4MBGTKcc1_1fVva9CQzCI5FvDIKdzSgS_jOM_BQkx3T6L1gy-HQ0-eoLg1mF3sdg7ep03q4Qa5YlSP1tvs46Zqvm_QB9ifOfXFqGcOQerIuE5tvjO75g4gwobZloDjhOSC-DjP4IWU%26adurl%3D&documentReferer=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fhtml%2Fr20231109%2Fr20110914%2Fzrt_lookup_nohtml_fy2021.html%3Fhello%3Dworld%26fsb%3D1%23RS-3-%26adk%3D1812271801%26client%3Dca-pub-4379353840599633%26fa%3D1%26ifi%3D6%26uci%3Da!6%26btvi%3D4&ancestorOrigins=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Chttps%3A%2F%2Fwinzoro.net&random=9249579024511&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1

Request Chain 168

https://hal900021.redintelligence.net/request.php?zone=33lgkyejwpt3&nw=20&renderingType=javascript&namespace=638bfa079b&subid=&uid=252e23df6f0af527&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=0x0&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCmpGhuQJmZbJctpuIzQ_HnK-QBqblvaBpnZycp8kP8C4QASDjkNURYJX68IGMB8gBCakCA7dZa_pfsj6oAwHIA5sEqgTaAU_QsWD68xTfwghn6e1fdh9N-hXdHKZvwcifkLIokQS5Oe534hQDZwhCk1tHJqurbh4zdmzeG6Ljk8SOjJVpCGv1v56rLEJmXZojlPobJlBcV-_wGhY5WVilBgzqtpTfugcRvlEqcbmefUxEio0phXDl_z5wP7Oh6jMYFOL6_43ZTPio4FaUt596E53cbIdpuNZUjzcZgpqo9xYABniZxWlqyaGgu3S2yUyUdL2pjPdtmnA0g9mq83LQtEb4w7q_CWwOnG0FoC_fZxG4dPvbI6B39bngIQWOuNc_wATrj_yO9wPgBAOIBe-vlog-kAYBoAZNgAesrfWfA6gH2baxAqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCB8IgOGAEBABGB8yAqoCOgKAQEi9_cE6WPjgrPj85oIDgAoBmAsByAsBgAwBogwYKhYKFOS0sQLutbECtbixAuS0sQLutbECqg0CREWwE4fvsRXQEwDYEwOIFAHYFAHQFQH4FgGAFwE%26ae%3D1%26num%3D1%26cid%3DCAQSTwDICaaNxYoVwZ0MAhokayQsDWi_3xXlWWVNNCWhnPDnV8vjOTyq4IRVgKeK27hO6iR9x8L9ZyPeRAqQyxsk7NHRyhPc0uzfNGG1KaUBJccYAQ%26sig%3DAOD64_3TFRKf0Gt_dMg5crG6bOOqwajkfQ%26client%3Dca-pub-4379353840599633%26dbm_c%3DAKAmf-B6vTSZai_eZjl35Yqt4Rg6cr_AENJOJBUcQxQddagVRZdSZRYVSICZXBksg4BTWPN-KwPLVupTXHpUuUU9OYN-dgC8jkBEzkVkm2rTawPH6Woc6R-0DdQ0e5Ch5KjlqpYMfNTBW6uWD9kYhr-Ap4Sq_krMti0theYhaI4N_zHyd4Ksiwo%26cry%3D1%26dbm_d%3DAKAmf-AFLQt33uIhJ4Dy6ywp761nqJjwOSuX4T2JnBOILKCzrSaBpvueUCLXoobTKApM9Zq5UD_r_3QkxW680lC_BWvhwUQu1P9WjKA8bB0ST5KTqtKK7cfNPQ6ONWcrVtemZHHpaX4PODdM0wd8QKJmefbHF4Ym06kOnHHyQidrzc82GoosxsjvGxoPx-TzlRD2fG5JuaBJEhu3JkSQnj1T_fHYJ7Ssy1wO0gGiP14ByHtiIokuH6jJwGlJABWACjZlGp1Ndh0md4GzU4Gs8-DlLBcQ7EUavhA6MQMsyLKnQr86uXwi237S9VZ60jJeOvtYVSYUB5MNhJ0P7TERkZjgGgKchjY0RgjiKj10mhMIKYDe8_T_ReuOMkFXYCy_bfG3DMSDg7Cp-CXjA8WpSp8SVGJSq72C7a4lRf6fRsKhAA4Vm4Rgxki3GzYK-k-6px06F8bzYJpQcxjsf1obzFOdp1XSxld-kPD1Atk9s0L5UA05XhuckpwKPNRIjYBn_2d_BaK0I5C7XgKehrSxn_F-jYfUJIRk1dNUw6VuYgB-vC0XKS5A284%26adurl%3D&documentReferer=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fhtml%2Fr20231109%2Fr20110914%2Fzrt_lookup_nohtml_fy2021.html%3Fhello%3Dworld%26fsb%3D1%23RS-1-%26adk%3D1812271803%26client%3Dca-pub-4379353840599633%26fa%3D3%26ifi%3D4%26uci%3Da!4%26btvi%3D2&ancestorOrigins=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Chttps%3A%2F%2Fwinzoro.net&random=648595421891&isIframe=1&container=&adPos=0x0&adPosCheck=0x0&adtagId=0 HTTP 302
https://hal900021.redintelligence.net/request.php?zone=33lgkyejwpt3&nw=20&renderingType=javascript&namespace=638bfa079b&subid=&uid=252e23df6f0af527&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=0x0&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCmpGhuQJmZbJctpuIzQ_HnK-QBqblvaBpnZycp8kP8C4QASDjkNURYJX68IGMB8gBCakCA7dZa_pfsj6oAwHIA5sEqgTaAU_QsWD68xTfwghn6e1fdh9N-hXdHKZvwcifkLIokQS5Oe534hQDZwhCk1tHJqurbh4zdmzeG6Ljk8SOjJVpCGv1v56rLEJmXZojlPobJlBcV-_wGhY5WVilBgzqtpTfugcRvlEqcbmefUxEio0phXDl_z5wP7Oh6jMYFOL6_43ZTPio4FaUt596E53cbIdpuNZUjzcZgpqo9xYABniZxWlqyaGgu3S2yUyUdL2pjPdtmnA0g9mq83LQtEb4w7q_CWwOnG0FoC_fZxG4dPvbI6B39bngIQWOuNc_wATrj_yO9wPgBAOIBe-vlog-kAYBoAZNgAesrfWfA6gH2baxAqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCB8IgOGAEBABGB8yAqoCOgKAQEi9_cE6WPjgrPj85oIDgAoBmAsByAsBgAwBogwYKhYKFOS0sQLutbECtbixAuS0sQLutbECqg0CREWwE4fvsRXQEwDYEwOIFAHYFAHQFQH4FgGAFwE%26ae%3D1%26num%3D1%26cid%3DCAQSTwDICaaNxYoVwZ0MAhokayQsDWi_3xXlWWVNNCWhnPDnV8vjOTyq4IRVgKeK27hO6iR9x8L9ZyPeRAqQyxsk7NHRyhPc0uzfNGG1KaUBJccYAQ%26sig%3DAOD64_3TFRKf0Gt_dMg5crG6bOOqwajkfQ%26client%3Dca-pub-4379353840599633%26dbm_c%3DAKAmf-B6vTSZai_eZjl35Yqt4Rg6cr_AENJOJBUcQxQddagVRZdSZRYVSICZXBksg4BTWPN-KwPLVupTXHpUuUU9OYN-dgC8jkBEzkVkm2rTawPH6Woc6R-0DdQ0e5Ch5KjlqpYMfNTBW6uWD9kYhr-Ap4Sq_krMti0theYhaI4N_zHyd4Ksiwo%26cry%3D1%26dbm_d%3DAKAmf-AFLQt33uIhJ4Dy6ywp761nqJjwOSuX4T2JnBOILKCzrSaBpvueUCLXoobTKApM9Zq5UD_r_3QkxW680lC_BWvhwUQu1P9WjKA8bB0ST5KTqtKK7cfNPQ6ONWcrVtemZHHpaX4PODdM0wd8QKJmefbHF4Ym06kOnHHyQidrzc82GoosxsjvGxoPx-TzlRD2fG5JuaBJEhu3JkSQnj1T_fHYJ7Ssy1wO0gGiP14ByHtiIokuH6jJwGlJABWACjZlGp1Ndh0md4GzU4Gs8-DlLBcQ7EUavhA6MQMsyLKnQr86uXwi237S9VZ60jJeOvtYVSYUB5MNhJ0P7TERkZjgGgKchjY0RgjiKj10mhMIKYDe8_T_ReuOMkFXYCy_bfG3DMSDg7Cp-CXjA8WpSp8SVGJSq72C7a4lRf6fRsKhAA4Vm4Rgxki3GzYK-k-6px06F8bzYJpQcxjsf1obzFOdp1XSxld-kPD1Atk9s0L5UA05XhuckpwKPNRIjYBn_2d_BaK0I5C7XgKehrSxn_F-jYfUJIRk1dNUw6VuYgB-vC0XKS5A284%26adurl%3D&documentReferer=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fhtml%2Fr20231109%2Fr20110914%2Fzrt_lookup_nohtml_fy2021.html%3Fhello%3Dworld%26fsb%3D1%23RS-1-%26adk%3D1812271803%26client%3Dca-pub-4379353840599633%26fa%3D3%26ifi%3D4%26uci%3Da!4%26btvi%3D2&ancestorOrigins=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Chttps%3A%2F%2Fwinzoro.net&random=648595421891&isIframe=1&container=&adPos=0x0&adPosCheck=0x0&adtagId=0&uidRedirect=1

Request Chain 169

https://hal90008.redintelligence.net/request.php?zone=33lgkyejwpt3&nw=20&renderingType=javascript&namespace=0f97c8a90e&subid=&uid=d3de573af03af6de&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=0x0&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCztzpuQJmZbNctpuIzQ_HnK-QBqblvaBpnZycp8kP8C4QASDjkNURYJX68IGMB8gBCakCA7dZa_pfsj6oAwHIA5sEqgTaAU_Q1pwmMXbxYv2hDlAa_BuV9BUEYFuq8hYvevxkFmOlhgOMx4O4rDnmg60R-DQkWl70B06xlgeQPVe1ZXhw_eQ2W-W6QkF9vt2Ot7lZ0TUcyeJ8nw__xEmuWFlyu4VJZSR_DbBURa7Q4Fh-mnqjvodmi5DYqXlAw0zo17i7ef_b7enjsJvTlbods529wLlqwq4rJ99vtbwoZO4no9JFfdyP9FQDRGbtsMnt_wyw5Dnz5OTz04ayP0KtJ-6aTyVlxPtefyHF_C_kHQ-a-UKrcO3UoYeItI_bjQjXwATrj_yO9wPgBAOIBe-vlog-kAYBoAZNgAesrfWfA6gH2baxAqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCB8IgOGAEBABGB8yAqoCOgKAQEi9_cE6WPjgrPj85oIDgAoBmAsByAsBgAwBogwYKhYKFOS0sQLutbECtbixAuS0sQLutbECqg0CREWwE4fvsRXQEwDYEwOIFAHYFAHQFQH4FgGAFwE%26ae%3D1%26num%3D1%26cid%3DCAQSTwDICaaNxYoVwZ0MAhokayQsDWi_3xXlWWVNNCWhnPDnV8vjOTyq4IRVgKeK27hO6iR9x8L9ZyPeRAqQyxsk7NHRyhPc0uzfNGG1KaUBJccYAQ%26sig%3DAOD64_2TsC5OeUrOFmcita4gFBWFFL8GmA%26client%3Dca-pub-4379353840599633%26dbm_c%3DAKAmf-C1Ses8_F1AzT5iR2MCq09nytyRfOGkjrV0qZD24IvK9WeuYuHkrUznB464SQ-UUF_hqSPYouY4122npB52auil7Iwqf7v1ICf_Q1mKgU3LczVbvbNP1heznAfgeotRW4r0mPpkupD86osdFq5FDeWw5QpF9PHqp-wdqdDEZ9y3jdGEStQ%26cry%3D1%26dbm_d%3DAKAmf-CDnMHjLQwt3Gg2GyNWcDmh9LeDEVnCmAhWI82o95KQiwVy4Up-qVkxb09N2ZAwn-86cVON_oA0UU2N8mRLW5rlB-QyVNt2aDSe_8ygal-Xm5pwhdN1V7gL3Avsb0QVJ4BiBFphDy2K4t42QXqph9uAHRUIcepXm-bNRpOdz8O9BHzaNTsgyNWM4zj7yVszuw0JvQQkH0YT7sbOw5Lntvi-Z8qoiIGDYAUR9X2H9E6Jzrrkot7ToqvDCWQ1fRdJerV_deLZadMLEzVU5bPDjglThrvGmQ3KppN19cWlBbkMOTsNPANt9QR7-9WU4lw4CS7lZju2uoUSmYflnY8FTvJGeqXDKEa-oUvxEq2lW_Ye6lojAR4z84uGnc4z2XpU2xFBRFf_9t6gCcgmRDIwnttZ43ji-6k1QlUEJnMN6S19Pb8H2BQpo25UBCD53c8uN_Nz104OY_OgsqHJdrL0JuHe9FPGeb8ZMj7gxoO2RT8zK8ffqltRoFClry9fo5Spb7HbLxT7Smw51Lc8IywGr8zv-2fOJZufhyDAoOPB6NLCBOZuiko%26adurl%3D&documentReferer=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fhtml%2Fr20231109%2Fr20110914%2Fzrt_lookup_nohtml_fy2021.html%3Fhello%3Dworld%26fsb%3D1%23RS-2-%26adk%3D1812271804%26client%3Dca-pub-4379353840599633%26fa%3D4%26ifi%3D5%26uci%3Da!5%26btvi%3D3&ancestorOrigins=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Chttps%3A%2F%2Fwinzoro.net&random=4134827085749&isIframe=1&container=&adPos=0x0&adPosCheck=0x0&adtagId=0 HTTP 302
https://hal90008.redintelligence.net/request.php?zone=33lgkyejwpt3&nw=20&renderingType=javascript&namespace=0f97c8a90e&subid=&uid=d3de573af03af6de&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=0x0&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCztzpuQJmZbNctpuIzQ_HnK-QBqblvaBpnZycp8kP8C4QASDjkNURYJX68IGMB8gBCakCA7dZa_pfsj6oAwHIA5sEqgTaAU_Q1pwmMXbxYv2hDlAa_BuV9BUEYFuq8hYvevxkFmOlhgOMx4O4rDnmg60R-DQkWl70B06xlgeQPVe1ZXhw_eQ2W-W6QkF9vt2Ot7lZ0TUcyeJ8nw__xEmuWFlyu4VJZSR_DbBURa7Q4Fh-mnqjvodmi5DYqXlAw0zo17i7ef_b7enjsJvTlbods529wLlqwq4rJ99vtbwoZO4no9JFfdyP9FQDRGbtsMnt_wyw5Dnz5OTz04ayP0KtJ-6aTyVlxPtefyHF_C_kHQ-a-UKrcO3UoYeItI_bjQjXwATrj_yO9wPgBAOIBe-vlog-kAYBoAZNgAesrfWfA6gH2baxAqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCB8IgOGAEBABGB8yAqoCOgKAQEi9_cE6WPjgrPj85oIDgAoBmAsByAsBgAwBogwYKhYKFOS0sQLutbECtbixAuS0sQLutbECqg0CREWwE4fvsRXQEwDYEwOIFAHYFAHQFQH4FgGAFwE%26ae%3D1%26num%3D1%26cid%3DCAQSTwDICaaNxYoVwZ0MAhokayQsDWi_3xXlWWVNNCWhnPDnV8vjOTyq4IRVgKeK27hO6iR9x8L9ZyPeRAqQyxsk7NHRyhPc0uzfNGG1KaUBJccYAQ%26sig%3DAOD64_2TsC5OeUrOFmcita4gFBWFFL8GmA%26client%3Dca-pub-4379353840599633%26dbm_c%3DAKAmf-C1Ses8_F1AzT5iR2MCq09nytyRfOGkjrV0qZD24IvK9WeuYuHkrUznB464SQ-UUF_hqSPYouY4122npB52auil7Iwqf7v1ICf_Q1mKgU3LczVbvbNP1heznAfgeotRW4r0mPpkupD86osdFq5FDeWw5QpF9PHqp-wdqdDEZ9y3jdGEStQ%26cry%3D1%26dbm_d%3DAKAmf-CDnMHjLQwt3Gg2GyNWcDmh9LeDEVnCmAhWI82o95KQiwVy4Up-qVkxb09N2ZAwn-86cVON_oA0UU2N8mRLW5rlB-QyVNt2aDSe_8ygal-Xm5pwhdN1V7gL3Avsb0QVJ4BiBFphDy2K4t42QXqph9uAHRUIcepXm-bNRpOdz8O9BHzaNTsgyNWM4zj7yVszuw0JvQQkH0YT7sbOw5Lntvi-Z8qoiIGDYAUR9X2H9E6Jzrrkot7ToqvDCWQ1fRdJerV_deLZadMLEzVU5bPDjglThrvGmQ3KppN19cWlBbkMOTsNPANt9QR7-9WU4lw4CS7lZju2uoUSmYflnY8FTvJGeqXDKEa-oUvxEq2lW_Ye6lojAR4z84uGnc4z2XpU2xFBRFf_9t6gCcgmRDIwnttZ43ji-6k1QlUEJnMN6S19Pb8H2BQpo25UBCD53c8uN_Nz104OY_OgsqHJdrL0JuHe9FPGeb8ZMj7gxoO2RT8zK8ffqltRoFClry9fo5Spb7HbLxT7Smw51Lc8IywGr8zv-2fOJZufhyDAoOPB6NLCBOZuiko%26adurl%3D&documentReferer=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fhtml%2Fr20231109%2Fr20110914%2Fzrt_lookup_nohtml_fy2021.html%3Fhello%3Dworld%26fsb%3D1%23RS-2-%26adk%3D1812271804%26client%3Dca-pub-4379353840599633%26fa%3D4%26ifi%3D5%26uci%3Da!5%26btvi%3D3&ancestorOrigins=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Chttps%3A%2F%2Fwinzoro.net&random=4134827085749&isIframe=1&container=&adPos=0x0&adPosCheck=0x0&adtagId=0&uidRedirect=1

Request Chain 190

https://pv.medialead.de/trck/epv/e99aace94e6e58733936cdd965d03e75?subid=68041300110481104444550012522014&t=htlp&gdpr=1&consent=1&gdpr_consent= HTTP 302
https://pb.media01.eu/view.aspx?trackid=529D4F146E3238B0FD87AE72E1190AD4&dt_subid1=52180&dt_subid2=68041300110481104444550012522014&actionid=879111&produktid=ratenkredit&dt_url=

Request Chain 192

https://pv.medialead.de/trck/epv/e99aace94e6e58733936cdd965d03e75?subid=68041300110481104444550012522014&t=htlp&gdpr=1&consent=1&gdpr_consent= HTTP 302
https://pb.media01.eu/view.aspx?trackid=529D4F146E3238B0FD87AE72E1190AD4&dt_subid1=52180&dt_subid2=68041300110481104444550012522014&actionid=879111&produktid=ratenkredit&dt_url=

Request Chain 195

https://pv.medialead.de/trck/epv/e99aace94e6e5873881d3400993e1e7e?subid=43386400105630004444556012522021&t=htlp&gdpr=1&consent=1&gdpr_consent= HTTP 302
https://pb.media01.eu/view.aspx?trackid=529D4F146E3238B0FD87AE72E1190AD4&dt_subid1=52180&dt_subid2=43386400105630004444556012522021&actionid=879111&produktid=ratenkredit&dt_url=

Request Chain 198

https://5994599.fls.doubleclick.net/activityi;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=1810338386504.3154 HTTP 302
https://5994599.fls.doubleclick.net/activityi;dc_pre=CImwk_n85oIDFXzVOwIdTr0CEw;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=1810338386504.3154

Request Chain 200

https://medialead.de/trck/eview/e99aace94e6e5873881d3400993e1e7e?subid=43386400105630004444556012522021&t=htlp&gdpr=1&consent=1&gdpr_consent= HTTP 302
https://pv.medialead.de/trck/eview/e99aace94e6e5873881d3400993e1e7e?subid=43386400105630004444556012522021&t=htlp&gdpr=1&consent=1&gdpr_consent=

Request Chain 202

https://pv.medialead.de/trck/epv/e99aace94e6e58733936cdd965d03e75?subid=36625300121049404444556012522008&t=htlp&gdpr=1&consent=1&gdpr_consent= HTTP 302
https://pb.media01.eu/view.aspx?trackid=529D4F146E3238B0FD87AE72E1190AD4&dt_subid1=52180&dt_subid2=36625300121049404444556012522008&actionid=879111&produktid=ratenkredit&dt_url=

Request Chain 204

https://pv.medialead.de/trck/epv/e99aace94e6e58733936cdd965d03e75?subid=36625300121049404444556012522008&t=htlp&gdpr=1&consent=1&gdpr_consent= HTTP 302
https://pb.media01.eu/view.aspx?trackid=529D4F146E3238B0FD87AE72E1190AD4&dt_subid1=52180&dt_subid2=36625300121049404444556012522008&actionid=879111&produktid=ratenkredit&dt_url=

Request Chain 225

https://5994599.fls.doubleclick.net/activityi;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=4140058036090.002 HTTP 302
https://5994599.fls.doubleclick.net/activityi;dc_pre=CPekrvn85oIDFQLaOwId_T0NhQ;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=4140058036090.002

Request Chain 231

https://5994599.fls.doubleclick.net/activityi;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=7471630469792.987 HTTP 302
https://5994599.fls.doubleclick.net/activityi;dc_pre=CL7HsPn85oIDFYGpmgodizcGlA;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=7471630469792.987

268 HTTP transactions
4 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
winzoro.net/
Redirect Chain

http://winzoro.net/
https://winzoro.net/

69 KB
13 KB

273ms
149ms

Document
text/html

194.67.68.223
AS-REG

General

Check archive.org

Show headers Download Go to

Full URL

https://winzoro.net/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

194.67.68.223 , Russian Federation, ASN197695 (AS-REG, RU),

Reverse DNS

194-67-68-223.cloudvps.regruhosting.ru

Software

nginx /

Resource Hash

75c4ab09fbbd5eae0283becbdad0a345687a1f416e75b73f5bee4b859f5f7be9

Security Headers

Name	Value
X-Content-Type-Options	nosniff nosniff
X-Frame-Options	SAMEORIGIN SAMEORIGIN
X-Xss-Protection	1; mode=block 1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: no-store, no-cache, must-revalidate
content-encoding: gzip
content-type: text/html; charset=utf-8
date: Tue, 28 Nov 2023 15:09:44 GMT
expires: Thu, 19 Nov 1981 08:52:00 GMT
pragma: no-cache
referrer-policy: same-origin same-origin
server: nginx
x-content-type-options: nosniff nosniff
x-frame-options: SAMEORIGIN SAMEORIGIN
x-permitted-cross-domain-policies: master-only master-only
x-xss-protection: 1; mode=block 1; mode=block

Redirect headers

Connection: keep-alive
Content-Length: 162
Content-Type: text/html
Date: Tue, 28 Nov 2023 15:09:44 GMT
Location: https://winzoro.net/
Referrer-Policy: same-origin
Server: nginx
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-Permitted-Cross-Domain-Policies: master-only
X-XSS-Protection: 1; mode=block

GET
H2 200 css
fonts.googleapis.com/ 6 KB
1 KB 87ms
30ms Stylesheet
text/css 2a00:1450:4001:827::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Exo+2:300,400,500,700&subset=cyrillic

Requested by

Host: winzoro.net
URL: https://winzoro.net/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

1f753192dcf35c9feebe309f936821c36a397a993388b992158458c505fe386a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Tue, 28 Nov 2023 15:09:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Tue, 28 Nov 2023 15:09:44 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Tue, 28 Nov 2023 15:09:44 GMT

GET
H2 200 all.css
use.fontawesome.com/releases/v5.2.0/css/ 46 KB
10 KB 123ms
44ms Stylesheet
text/css 2606:4700:e2::ac40:8d0d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://use.fontawesome.com/releases/v5.2.0/css/all.css
Requested by: Host: winzoro.net
URL: https://winzoro.net/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:e2::ac40:8d0d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8891a160f8a2afb81de5259f9f68e5af3782348ea2927ad9e969bc88c7d39984

Request headers

Referer
Origin: https://winzoro.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 15:09:44 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Fri, 22 Sep 2023 01:45:26 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 33577
etag: W/"20a9ce516eaea76da29a23adc43e8998"
vary: Origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mCsqp3tptslR9z1zVZfhI2trdIzH3QE%2BIMPUwyl7gCIjVQNlV%2FAMJwTG7ysD5H5x2ItoD%2Bf0pFBqWLS8myuAtWAI%2BnKHXEWf%2FKIx%2FScaXoPc%2FdhWJm%2BcBzYTeR%2FZ1%2FDKdAxTz%2FolMdergQsnekV4WfZP"}],"group":"cf-nel","max_age":604800}
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31556926
cf-ray: 82d388a12e1b0baa-AMS
alt-svc: h3=":443"; ma=86400

GET
H2 200 engine.css
winzoro.net/templates/alliline/assets/min/ 24 KB
5 KB 57ms
56ms Stylesheet
text/css 194.67.68.223
AS-REG

General

Check archive.org

Show headers Download Go to

Full URL: https://winzoro.net/templates/alliline/assets/min/engine.css?1697072480
Requested by: Host: winzoro.net
URL: https://winzoro.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 194.67.68.223 , Russian Federation, ASN197695 (AS-REG, RU),
Reverse DNS: 194-67-68-223.cloudvps.regruhosting.ru
Software: nginx /
Resource Hash: 9ffef098b884c7af804c3cdc2ef744a2d3837a7fa303d317a2002cc7629463ab

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://winzoro.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 15:09:44 GMT
content-encoding: br
last-modified: Thu, 12 Oct 2023 01:01:20 GMT
server: nginx
etag: W/"65274560-60e0"
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=315360000
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 styles.css
winzoro.net/templates/alliline/assets/min/ 31 KB
7 KB 63ms
62ms Stylesheet
text/css 194.67.68.223
AS-REG

General

Check archive.org

Show headers Download Go to

Full URL: https://winzoro.net/templates/alliline/assets/min/styles.css?1697072480
Requested by: Host: winzoro.net
URL: https://winzoro.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 194.67.68.223 , Russian Federation, ASN197695 (AS-REG, RU),
Reverse DNS: 194-67-68-223.cloudvps.regruhosting.ru
Software: nginx /
Resource Hash: 3fed9e40fb165dcb840e9b2965ce16e1842a6e83aaddaf06214605437a414314

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://winzoro.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 15:09:44 GMT
content-encoding: br
last-modified: Thu, 12 Oct 2023 01:01:20 GMT
server: nginx
etag: W/"65274560-7bbd"
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=315360000
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 logo.png
winzoro.net/templates/alliline/dleimages/ 27 KB
27 KB 113ms
112ms Image
image/png 194.67.68.223
AS-REG

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://winzoro.net/templates/alliline/dleimages/logo.png
Requested by: Host: winzoro.net
URL: https://winzoro.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 194.67.68.223 , Russian Federation, ASN197695 (AS-REG, RU),
Reverse DNS: 194-67-68-223.cloudvps.regruhosting.ru
Software: nginx /
Resource Hash: 9b67e1e53d9fe07a1569190b3c25ae4ab4d57a49b2515d30c20d32a6689683bf

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://winzoro.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 15:09:44 GMT
content-encoding: br
last-modified: Thu, 12 Oct 2023 01:01:20 GMT
server: nginx
etag: W/"65274560-6b12"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=315360000
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 noavatar.png
winzoro.net/templates/alliline/dleimages/ 572 B
785 B 116ms
115ms Image
image/png 194.67.68.223
AS-REG

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://winzoro.net/templates/alliline/dleimages/noavatar.png
Requested by: Host: winzoro.net
URL: https://winzoro.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 194.67.68.223 , Russian Federation, ASN197695 (AS-REG, RU),
Reverse DNS: 194-67-68-223.cloudvps.regruhosting.ru
Software: nginx /
Resource Hash: f99a2c60ac365f5cebd3b520372c07dac909708e0fb5f8848a0a967c7fc0b98e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://winzoro.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 15:09:44 GMT
content-encoding: br
last-modified: Thu, 12 Oct 2023 01:01:20 GMT
server: nginx
etag: W/"65274560-23c"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=315360000
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 context.js Show response
yandex.ru/ads/system/ 324 KB
93 KB 233ms
83ms Script
text/javascript 2a02:6b8:a::a
GLOBAL_DC

General

Check archive.org

Show headers Download Go to

Full URL

https://yandex.ru/ads/system/context.js

Requested by

Host: winzoro.net
URL: https://winzoro.net/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:6b8:a::a Moscow, Russian Federation, ASN208722 (GLOBAL_DC, FI),

Reverse DNS

Software

Resource Hash

a7a160a806d58f8fd3dc51b97f6febc788e9b675a07f45d7c24d6f9ffc80d90a

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

content-encoding: br
x-content-type-options: nosniff
nel: {"report_to": "network-errors", "max_age": 100, "success_fraction": 0.001, "failure_fraction": 0.1}
accept-ch: Sec-CH-UA-Platform-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA, Sec-CH-UA-Full-Version-List, Sec-CH-UA-WoW64, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Platform, Sec-CH-UA-Full-Version, Viewport-Width, DPR, Device-Memory, RTT, Downlink, ECT
x-yandex-req-id: 1701184184597532-9995613547660365339-balancer-l7leveler-kubr-yp-sas-164-BAL-4198
report-to: { "group": "network-errors", "max_age": 100, "endpoints": [{"url": "https://dr.yandex.net/nel", "priority": 1}, {"url": "https://dr2.yandex.net/nel", "priority": 2}]}
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=3600
timing-allow-origin: *
x-robots-tag: noindex, noarchive, nofollow
expires: Tue, 28 Nov 2023 16:09:44 GMT

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 151 KB
52 KB 138ms
74ms Script
text/javascript 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-4379353840599633

Requested by

Host: winzoro.net
URL: https://winzoro.net/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

13367eb1ac7429c8411e33818e71f6594587db912a287099ca8d881310e85758

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
Origin: https://winzoro.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 15:09:44 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 52716
x-xss-protection: 0
server: cafe
etag: 11675434148690156056
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Tue, 28 Nov 2023 15:09:44 GMT

GET
H2 200 preview.png
winzoro.net/uploads/posts/2023-11/thumbs/ 119 KB
119 KB 117ms
110ms Image
image/png 194.67.68.223
AS-REG

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://winzoro.net/uploads/posts/2023-11/thumbs/preview.png
Requested by: Host: winzoro.net
URL: https://winzoro.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 194.67.68.223 , Russian Federation, ASN197695 (AS-REG, RU),
Reverse DNS: 194-67-68-223.cloudvps.regruhosting.ru
Software: nginx /
Resource Hash: d18f91781d6892fc24796d9253c6b82869799d2995b7ebdf90b835877df718ea

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://winzoro.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 15:09:44 GMT
content-encoding: br
last-modified: Tue, 21 Nov 2023 16:23:26 GMT
server: nginx
etag: W/"655cd97e-1daeb"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=315360000
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 gray-raven-hanying_preview.png
winzoro.net/uploads/posts/2023-11/thumbs/ 156 KB
156 KB 192ms
184ms Image
image/png 194.67.68.223
AS-REG

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://winzoro.net/uploads/posts/2023-11/thumbs/gray-raven-hanying_preview.png
Requested by: Host: winzoro.net
URL: https://winzoro.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 194.67.68.223 , Russian Federation, ASN197695 (AS-REG, RU),
Reverse DNS: 194-67-68-223.cloudvps.regruhosting.ru
Software: nginx /
Resource Hash: 5e96accf2e0a2a0978c6e5669ff9b79f65fb177ddf743a9c1e49a4462f035bb0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://winzoro.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 15:09:44 GMT
content-encoding: br
last-modified: Tue, 14 Nov 2023 12:42:19 GMT
server: nginx
etag: W/"65536b2b-26e39"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=315360000
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 snimok-jekrana-147.png
winzoro.net/uploads/posts/2023-11/thumbs/ 127 KB
127 KB 192ms
184ms Image
image/png 194.67.68.223
AS-REG

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://winzoro.net/uploads/posts/2023-11/thumbs/snimok-jekrana-147.png
Requested by: Host: winzoro.net
URL: https://winzoro.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 194.67.68.223 , Russian Federation, ASN197695 (AS-REG, RU),
Reverse DNS: 194-67-68-223.cloudvps.regruhosting.ru
Software: nginx /
Resource Hash: bd30ecd5ff9d522e69153382b6304c2b571e1a205f5b2c5728cb5e0c2e4b0181

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://winzoro.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 15:09:44 GMT
content-encoding: br
last-modified: Tue, 14 Nov 2023 11:59:51 GMT
server: nginx
etag: W/"65536137-1fb36"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=315360000
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 snimok-jekrana-142.png
winzoro.net/uploads/posts/2023-11/thumbs/ 131 KB
131 KB 191ms
185ms Image
image/png 194.67.68.223
AS-REG

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://winzoro.net/uploads/posts/2023-11/thumbs/snimok-jekrana-142.png
Requested by: Host: winzoro.net
URL: https://winzoro.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 194.67.68.223 , Russian Federation, ASN197695 (AS-REG, RU),
Reverse DNS: 194-67-68-223.cloudvps.regruhosting.ru
Software: nginx /
Resource Hash: bc8cbd85bd12b9715d6195b68e3e2c338630a13d763321cffc0a34d040c79ac7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://winzoro.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 15:09:44 GMT
content-encoding: br
last-modified: Thu, 09 Nov 2023 06:28:46 GMT
server: nginx
etag: W/"654c7c1e-20be0"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=315360000
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 snimok-jekrana-140.png
winzoro.net/uploads/posts/2023-11/thumbs/ 138 KB
138 KB 192ms
185ms Image
image/png 194.67.68.223
AS-REG

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://winzoro.net/uploads/posts/2023-11/thumbs/snimok-jekrana-140.png
Requested by: Host: winzoro.net
URL: https://winzoro.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 194.67.68.223 , Russian Federation, ASN197695 (AS-REG, RU),
Reverse DNS: 194-67-68-223.cloudvps.regruhosting.ru
Software: nginx /
Resource Hash: 093c1fcee545ef703fcb79c1c4c835a32e67081bf651d44253cfdc68a31bf869

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://winzoro.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 15:09:44 GMT
content-encoding: br
last-modified: Thu, 09 Nov 2023 06:26:04 GMT
server: nginx
etag: W/"654c7b7c-226f4"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=315360000
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 snimok-jekrana-143.png
winzoro.net/uploads/posts/2023-11/thumbs/ 135 KB
135 KB 192ms
186ms Image
image/png 194.67.68.223
AS-REG

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://winzoro.net/uploads/posts/2023-11/thumbs/snimok-jekrana-143.png
Requested by: Host: winzoro.net
URL: https://winzoro.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 194.67.68.223 , Russian Federation, ASN197695 (AS-REG, RU),
Reverse DNS: 194-67-68-223.cloudvps.regruhosting.ru
Software: nginx /
Resource Hash: 13d62575f2afbe06a27270e0ad31a53dc50a0bbea757e043cf8e2eb4d1c9fc9c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://winzoro.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 15:09:44 GMT
content-encoding: br
last-modified: Wed, 01 Nov 2023 17:27:49 GMT
server: nginx
etag: W/"65428a95-21a79"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=315360000
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 snimok-jekrana-144.png
winzoro.net/uploads/posts/2023-11/thumbs/ 136 KB
136 KB 192ms
186ms Image
image/png 194.67.68.223
AS-REG

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://winzoro.net/uploads/posts/2023-11/thumbs/snimok-jekrana-144.png
Requested by: Host: winzoro.net
URL: https://winzoro.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 194.67.68.223 , Russian Federation, ASN197695 (AS-REG, RU),
Reverse DNS: 194-67-68-223.cloudvps.regruhosting.ru
Software: nginx /
Resource Hash: 92a198bd1a2c8dec4aebbef1fe41a1219a0dd5061bf57ec3ca53773bc3169c6a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://winzoro.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 15:09:44 GMT
content-encoding: br
last-modified: Wed, 01 Nov 2023 17:26:46 GMT
server: nginx
etag: W/"65428a56-21f6f"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=315360000
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 snimok-jekrana-146.png
winzoro.net/uploads/posts/2023-11/thumbs/ 133 KB
133 KB 192ms
186ms Image
image/png 194.67.68.223
AS-REG

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://winzoro.net/uploads/posts/2023-11/thumbs/snimok-jekrana-146.png
Requested by: Host: winzoro.net
URL: https://winzoro.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 194.67.68.223 , Russian Federation, ASN197695 (AS-REG, RU),
Reverse DNS: 194-67-68-223.cloudvps.regruhosting.ru
Software: nginx /
Resource Hash: 574b35072c523a94f489167282a8ce8eff008f8817d84aed7a8740190f04bdf2

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://winzoro.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 15:09:44 GMT
content-encoding: br
last-modified: Wed, 01 Nov 2023 17:25:41 GMT
server: nginx
etag: W/"65428a15-212d5"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=315360000
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 cat_amp_girl_in_a_rainy_purple_sunset_preview.png
winzoro.net/uploads/posts/2023-10/thumbs/ 97 KB
97 KB 192ms
186ms Image
image/png 194.67.68.223
AS-REG

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://winzoro.net/uploads/posts/2023-10/thumbs/cat_amp_girl_in_a_rainy_purple_sunset_preview.png
Requested by: Host: winzoro.net
URL: https://winzoro.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 194.67.68.223 , Russian Federation, ASN197695 (AS-REG, RU),
Reverse DNS: 194-67-68-223.cloudvps.regruhosting.ru
Software: nginx /
Resource Hash: 227ebeadeabf720faa659ed7547a50ca7e2a9a19648ca781a13dbba37d04f958

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://winzoro.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 15:09:44 GMT
content-encoding: br
last-modified: Thu, 26 Oct 2023 15:40:35 GMT
server: nginx
etag: W/"653a8873-183b8"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=315360000
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 1488560026_monstercat.png
winzoro.net/uploads/posts/2017-03/thumbs/ 87 KB
87 KB 192ms
187ms Image
image/png 194.67.68.223
AS-REG

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://winzoro.net/uploads/posts/2017-03/thumbs/1488560026_monstercat.png
Requested by: Host: winzoro.net
URL: https://winzoro.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 194.67.68.223 , Russian Federation, ASN197695 (AS-REG, RU),
Reverse DNS: 194-67-68-223.cloudvps.regruhosting.ru
Software: nginx /
Resource Hash: 0fc9bc566d462bf9fc08a942fd9d9929a9686911e4298abe8dec926e11b783f7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://winzoro.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 15:09:44 GMT
content-encoding: br
last-modified: Thu, 12 Oct 2023 01:08:10 GMT
server: nginx
etag: W/"652746fa-15c1b"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=315360000
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 1681151376_igniculus_cursor_project.jpg
winzoro.net/uploads/posts/2023-04/thumbs/ 20 KB
20 KB 192ms
187ms Image
image/jpeg 194.67.68.223
AS-REG

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://winzoro.net/uploads/posts/2023-04/thumbs/1681151376_igniculus_cursor_project.jpg
Requested by: Host: winzoro.net
URL: https://winzoro.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 194.67.68.223 , Russian Federation, ASN197695 (AS-REG, RU),
Reverse DNS: 194-67-68-223.cloudvps.regruhosting.ru
Software: nginx /
Resource Hash: b3feee2c145f698c99c7558c6ccacb5c6438df8877989807e1534886357ee022

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://winzoro.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 15:09:44 GMT
content-encoding: br
last-modified: Thu, 12 Oct 2023 01:10:32 GMT
server: nginx
etag: W/"65274788-50d2"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=315360000
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 1325795856_2901.jpg
winzoro.net/uploads/posts/2012-06/thumbs/ 15 KB
15 KB 192ms
187ms Image
image/jpeg 194.67.68.223
AS-REG

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://winzoro.net/uploads/posts/2012-06/thumbs/1325795856_2901.jpg
Requested by: Host: winzoro.net
URL: https://winzoro.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 194.67.68.223 , Russian Federation, ASN197695 (AS-REG, RU),
Reverse DNS: 194-67-68-223.cloudvps.regruhosting.ru
Software: nginx /
Resource Hash: 014c970a6e4fbbdc28b8b1a08630101d8a8d3b5ced10682e10d48cf868812828

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://winzoro.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 15:09:44 GMT
content-encoding: br
last-modified: Thu, 12 Oct 2023 01:08:31 GMT
server: nginx
etag: W/"6527470f-3cb7"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=315360000
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 1391088427_autumn_for_windowblids_7_by_tochpcru.jpg
winzoro.net/uploads/posts/2014-01/thumbs/ 17 KB
17 KB 192ms
187ms Image
image/jpeg 194.67.68.223
AS-REG

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://winzoro.net/uploads/posts/2014-01/thumbs/1391088427_autumn_for_windowblids_7_by_tochpcru.jpg
Requested by: Host: winzoro.net
URL: https://winzoro.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 194.67.68.223 , Russian Federation, ASN197695 (AS-REG, RU),
Reverse DNS: 194-67-68-223.cloudvps.regruhosting.ru
Software: nginx /
Resource Hash: f32a046c87aa4c622f8be287992a528bca419797b13844839eb00abce53e025c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://winzoro.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 15:09:44 GMT
content-encoding: br
last-modified: Thu, 12 Oct 2023 01:10:48 GMT
server: nginx
etag: W/"65274798-44bf"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=315360000
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 1551886601_aurora-borealis-windows-animated-wallpaper.jpg
winzoro.net/uploads/posts/2019-03/thumbs/ 5 KB
5 KB 193ms
188ms Image
image/jpeg 194.67.68.223
AS-REG

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://winzoro.net/uploads/posts/2019-03/thumbs/1551886601_aurora-borealis-windows-animated-wallpaper.jpg
Requested by: Host: winzoro.net
URL: https://winzoro.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 194.67.68.223 , Russian Federation, ASN197695 (AS-REG, RU),
Reverse DNS: 194-67-68-223.cloudvps.regruhosting.ru
Software: nginx /
Resource Hash: b2c615821feb3d5f6b8f8ccdfde002b4ba2001cf0aa87af786c0a4420fdbf149

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://winzoro.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 15:09:44 GMT
content-encoding: br
last-modified: Thu, 12 Oct 2023 01:09:35 GMT
server: nginx
etag: W/"6527474f-15ad"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=315360000
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 1349986029_osennee-volshebstvo.jpg
winzoro.net/uploads/posts/2012-10/thumbs/ 17 KB
17 KB 193ms
188ms Image
image/jpeg 194.67.68.223
AS-REG

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://winzoro.net/uploads/posts/2012-10/thumbs/1349986029_osennee-volshebstvo.jpg
Requested by: Host: winzoro.net
URL: https://winzoro.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 194.67.68.223 , Russian Federation, ASN197695 (AS-REG, RU),
Reverse DNS: 194-67-68-223.cloudvps.regruhosting.ru
Software: nginx /
Resource Hash: c7d6d7bc7e1a3bf037dbfa0411eefd9fd5374b0e49e92bf4ddd22fa110c6dc10

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://winzoro.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 15:09:44 GMT
content-encoding: br
last-modified: Thu, 12 Oct 2023 01:08:48 GMT
server: nginx
etag: W/"65274720-4527"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=315360000
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 snimok-jekrana-135.webp
winzoro.net/uploads/posts/2023-09/thumbs/ 11 KB
12 KB 193ms
188ms Image
image/webp 194.67.68.223
AS-REG

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://winzoro.net/uploads/posts/2023-09/thumbs/snimok-jekrana-135.webp
Requested by: Host: winzoro.net
URL: https://winzoro.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 194.67.68.223 , Russian Federation, ASN197695 (AS-REG, RU),
Reverse DNS: 194-67-68-223.cloudvps.regruhosting.ru
Software: nginx /
Resource Hash: 138313ba91a77c618c029500c84ae2867deb4eb88560b177941c913fa5e9917b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://winzoro.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 15:09:44 GMT
last-modified: Thu, 12 Oct 2023 01:08:19 GMT
server: nginx
etag: "65274703-2d2c"
vary: Accept-Encoding
content-type: image/webp
access-control-allow-origin: *
cache-control: max-age=315360000
accept-ranges: bytes
content-length: 11564
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 1686656890_yae-miko-lying-down-relaxing-genshin-impact_previe.jpg
winzoro.net/uploads/posts/2023-06/thumbs/ 23 KB
23 KB 193ms
188ms Image
image/jpeg 194.67.68.223
AS-REG

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://winzoro.net/uploads/posts/2023-06/thumbs/1686656890_yae-miko-lying-down-relaxing-genshin-impact_previe.jpg
Requested by: Host: winzoro.net
URL: https://winzoro.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 194.67.68.223 , Russian Federation, ASN197695 (AS-REG, RU),
Reverse DNS: 194-67-68-223.cloudvps.regruhosting.ru
Software: nginx /
Resource Hash: db191b86ceb259d81e84aea4841313360880f32a21236bdfd20a9ced1bc0e8ed

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://winzoro.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 15:09:44 GMT
content-encoding: br
last-modified: Thu, 12 Oct 2023 01:08:43 GMT
server: nginx
etag: W/"6527471b-5d09"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=315360000
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 1691583879_texas-cyberpunk-city-street-arknights_preview.jpg
winzoro.net/uploads/posts/2023-08/thumbs/ 13 KB
13 KB 193ms
189ms Image
image/jpeg 194.67.68.223
AS-REG

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://winzoro.net/uploads/posts/2023-08/thumbs/1691583879_texas-cyberpunk-city-street-arknights_preview.jpg
Requested by: Host: winzoro.net
URL: https://winzoro.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 194.67.68.223 , Russian Federation, ASN197695 (AS-REG, RU),
Reverse DNS: 194-67-68-223.cloudvps.regruhosting.ru
Software: nginx /
Resource Hash: b306ba1af362db6ca00b654c6ddf9c3c84a448bacaf741277e525c782db9f336

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://winzoro.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 15:09:44 GMT
content-encoding: br
last-modified: Thu, 12 Oct 2023 01:08:45 GMT
server: nginx
etag: W/"6527471d-3563"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=315360000
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 1689924976_snimok-jekrana-134.png
winzoro.net/uploads/posts/2023-07/thumbs/ 62 KB
62 KB 193ms
189ms Image
image/png 194.67.68.223
AS-REG

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://winzoro.net/uploads/posts/2023-07/thumbs/1689924976_snimok-jekrana-134.png
Requested by: Host: winzoro.net
URL: https://winzoro.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 194.67.68.223 , Russian Federation, ASN197695 (AS-REG, RU),
Reverse DNS: 194-67-68-223.cloudvps.regruhosting.ru
Software: nginx /
Resource Hash: f3901fe1a0442e50f28c14d6eae3dec8c35e6271d6b8bff15df81b6d5f7495f1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://winzoro.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 15:09:44 GMT
content-encoding: br
last-modified: Thu, 12 Oct 2023 01:07:57 GMT
server: nginx
etag: W/"652746ed-f710"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=315360000
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 1693025324_preview.jpg
winzoro.net/uploads/posts/2023-08/thumbs/ 10 KB
10 KB 193ms
189ms Image
image/jpeg 194.67.68.223
AS-REG

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://winzoro.net/uploads/posts/2023-08/thumbs/1693025324_preview.jpg
Requested by: Host: winzoro.net
URL: https://winzoro.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 194.67.68.223 , Russian Federation, ASN197695 (AS-REG, RU),
Reverse DNS: 194-67-68-223.cloudvps.regruhosting.ru
Software: nginx /
Resource Hash: 39fe29cf7b41b3c265736d9c0a69cc6986ca78ccc31fdec26b8e25fba2cf2d99

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://winzoro.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 15:09:44 GMT
content-encoding: br
last-modified: Thu, 12 Oct 2023 01:08:45 GMT
server: nginx
etag: W/"6527471d-2613"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=315360000
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 1690385572_racing-in-the-rain-initial-d_preview.jpg
winzoro.net/uploads/posts/2023-07/thumbs/ 12 KB
12 KB 193ms
189ms Image
image/jpeg 194.67.68.223
AS-REG

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://winzoro.net/uploads/posts/2023-07/thumbs/1690385572_racing-in-the-rain-initial-d_preview.jpg
Requested by: Host: winzoro.net
URL: https://winzoro.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 194.67.68.223 , Russian Federation, ASN197695 (AS-REG, RU),
Reverse DNS: 194-67-68-223.cloudvps.regruhosting.ru
Software: nginx /
Resource Hash: 2236f8f79b3e2936da97c0a0f8da93b3e821e353f9ab1036ebb505c8c8714aff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://winzoro.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 15:09:44 GMT
content-encoding: br
last-modified: Thu, 12 Oct 2023 01:07:57 GMT
server: nginx
etag: W/"652746ed-31c6"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=315360000
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 index.php
winzoro.net/engine/classes/min/ 2 KB
1 KB 192ms
185ms Stylesheet
text/css 194.67.68.223
AS-REG

General

Check archive.org

Show headers Download Go to

Full URL

https://winzoro.net/engine/classes/min/index.php?f=engine/editor/css/default.css&v=yqxkp

Requested by

Host: winzoro.net
URL: https://winzoro.net/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

194.67.68.223 , Russian Federation, ASN197695 (AS-REG, RU),

Reverse DNS

194-67-68-223.cloudvps.regruhosting.ru

Software

nginx /

Resource Hash

f55a11baf33fb17425e40acd9266d2277424db4e0ae3bf3c703418de8b13101d

Security Headers

Name	Value
X-Content-Type-Options	nosniff, nosniff
X-Frame-Options	SAMEORIGIN, SAMEORIGIN
X-Xss-Protection	1; mode=block, 1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://winzoro.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 15:09:44 GMT
content-encoding: gzip
x-content-type-options: nosniff, nosniff
referrer-policy: same-origin, same-origin
last-modified: Thu, 12 Oct 2023 01:00:39 GMT
server: nginx
x-permitted-cross-domain-policies: master-only, master-only
etag: "pub1697072439;gz"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN, SAMEORIGIN
content-type: text/css; charset=utf-8
cache-control: max-age=31536000
content-length: 721
x-xss-protection: 1; mode=block, 1; mode=block
expires: Wed, 27 Nov 2024 15:09:44 GMT

GET
H2 200 index.php Show response
winzoro.net/engine/classes/min/ 84 KB
30 KB 192ms
185ms Script
application/x-javascript 194.67.68.223
AS-REG

General

Check archive.org

Show headers Download Go to

Full URL

https://winzoro.net/engine/classes/min/index.php?g=general&v=yqxkp

Requested by

Host: winzoro.net
URL: https://winzoro.net/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

194.67.68.223 , Russian Federation, ASN197695 (AS-REG, RU),

Reverse DNS

194-67-68-223.cloudvps.regruhosting.ru

Software

nginx /

Resource Hash

05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e

Security Headers

Name	Value
X-Content-Type-Options	nosniff, nosniff
X-Frame-Options	SAMEORIGIN, SAMEORIGIN
X-Xss-Protection	1; mode=block, 1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://winzoro.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 15:09:44 GMT
content-encoding: gzip
x-content-type-options: nosniff, nosniff
referrer-policy: same-origin, same-origin
last-modified: Thu, 12 Oct 2023 01:00:39 GMT
server: nginx
x-permitted-cross-domain-policies: master-only, master-only
etag: "pub1697072439;gz"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN, SAMEORIGIN
content-type: application/x-javascript; charset=utf-8
cache-control: max-age=31536000
content-length: 29771
x-xss-protection: 1; mode=block, 1; mode=block
expires: Wed, 27 Nov 2024 15:09:44 GMT

GET
H2 200 index.php Show response
winzoro.net/engine/classes/min/ 155 KB
39 KB 295ms
292ms Script
application/x-javascript 194.67.68.223
AS-REG

General

Check archive.org

Show headers Download Go to

Full URL

https://winzoro.net/engine/classes/min/index.php?f=engine/classes/js/jqueryui.js,engine/classes/js/dle_js.js&v=yqxkp

Requested by

Host: winzoro.net
URL: https://winzoro.net/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

194.67.68.223 , Russian Federation, ASN197695 (AS-REG, RU),

Reverse DNS

194-67-68-223.cloudvps.regruhosting.ru

Software

nginx /

Resource Hash

df301479921863d00f49551cae9e1cf786a17544c23839747864617049f9b51f

Security Headers

Name	Value
X-Content-Type-Options	nosniff, nosniff
X-Frame-Options	SAMEORIGIN, SAMEORIGIN
X-Xss-Protection	1; mode=block, 1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://winzoro.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 15:09:44 GMT
content-encoding: gzip
x-content-type-options: nosniff, nosniff
referrer-policy: same-origin, same-origin
last-modified: Thu, 12 Oct 2023 01:00:39 GMT
server: nginx
x-permitted-cross-domain-policies: master-only, master-only
etag: "pub1697072439;gz"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN, SAMEORIGIN
content-type: application/x-javascript; charset=utf-8
cache-control: max-age=31536000
content-length: 39723
x-xss-protection: 1; mode=block, 1; mode=block
expires: Wed, 27 Nov 2024 15:09:44 GMT

GET
H2 200 readmore.js Show response
winzoro.net/templates/alliline/scripts/min/ 4 KB
2 KB 193ms
190ms Script
application/javascript 194.67.68.223
AS-REG

General

Check archive.org

Show headers Download Go to

Full URL: https://winzoro.net/templates/alliline/scripts/min/readmore.js?1697072480
Requested by: Host: winzoro.net
URL: https://winzoro.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 194.67.68.223 , Russian Federation, ASN197695 (AS-REG, RU),
Reverse DNS: 194-67-68-223.cloudvps.regruhosting.ru
Software: nginx /
Resource Hash: 300f5b02f9f5a3977cefc61c55e73223b22aac671597c11012f4c8112a2af5f5

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://winzoro.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 15:09:44 GMT
content-encoding: br
last-modified: Thu, 12 Oct 2023 01:01:20 GMT
server: nginx
etag: W/"65274560-101d"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=315360000
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 scripts.js Show response
winzoro.net/templates/alliline/scripts/min/ 60 KB
16 KB 193ms
190ms Script
application/javascript 194.67.68.223
AS-REG

General

Check archive.org

Show headers Download Go to

Full URL: https://winzoro.net/templates/alliline/scripts/min/scripts.js?1699970664
Requested by: Host: winzoro.net
URL: https://winzoro.net/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 194.67.68.223 , Russian Federation, ASN197695 (AS-REG, RU),
Reverse DNS: 194-67-68-223.cloudvps.regruhosting.ru
Software: nginx /
Resource Hash: 6b9d2722f54eab704e54d8f412c8958a14729d81c74422a483e2d5daea80deca

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://winzoro.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 15:09:44 GMT
content-encoding: br
last-modified: Tue, 14 Nov 2023 14:04:24 GMT
server: nginx
etag: W/"65537e68-f172"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=315360000
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 me4winzyha5ha3ddf4ztmobt Show response
broluckycode.site/code/ 10 B
320 B 140ms
42ms Script
application/javascript 185.177.94.152
ADVANCEDHOSTERS-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://broluckycode.site/code/me4winzyha5ha3ddf4ztmobt

Requested by

Host: winzoro.net
URL: https://winzoro.net/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

185.177.94.152 Amsterdam, Netherlands, ASN39572 (ADVANCEDHOSTERS-AS, NL),

Reverse DNS

ip-185-177-94-152.ah-server.com

Software

nginx /

Resource Hash

3df65d7d6add27dd11c6f6a174f7940f193a6283948ad989f1462923cde8f229

Security Headers

Name	Value
Content-Security-Policy	img-src https: data:; upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

access-control-allow-origin: *
date: Tue, 28 Nov 2023 15:09:44 GMT
strict-transport-security: max-age=31536000
content-security-policy: img-src https: data:; upgrade-insecure-requests
server: nginx
content-type: application/javascript; charset=UTF-8

GET
H2 200 joinchat Show response
winzoro.net/ 11 KB
8 KB 295ms
292ms Script
application/javascript 194.67.68.223
AS-REG

General

Check archive.org

Show headers Download Go to

Full URL

https://winzoro.net/joinchat

Requested by

Host: winzoro.net
URL: https://winzoro.net/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

194.67.68.223 , Russian Federation, ASN197695 (AS-REG, RU),

Reverse DNS

194-67-68-223.cloudvps.regruhosting.ru

Software

nginx /

Resource Hash

749a7c498aaf5b833bade4cdaa38bf40057a38c5f69a43e128c97c794d88398a

Security Headers

Name	Value
X-Content-Type-Options	nosniff, nosniff
X-Frame-Options	SAMEORIGIN, SAMEORIGIN
X-Xss-Protection	1; mode=block, 1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://winzoro.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 28 Nov 2023 15:09:44 GMT
content-encoding: br
x-content-type-options: nosniff, nosniff
referrer-policy: same-origin, same-origin
server: nginx
x-permitted-cross-domain-policies: master-only, master-only
vary: Accept-Encoding
x-frame-options: SAMEORIGIN, SAMEORIGIN
content-type: application/javascript
cache-control: no-store, no-cache, must-revalidate
x-xss-protection: 1; mode=block, 1; mode=block
expires: Thu, 19 Nov 1981 08:52:00 GMT

GET
H2 200 7cHmv4okm5zmbtYoK-4.woff2
fonts.gstatic.com/s/exo2/v21/ 39 KB
40 KB 97ms
42ms Font
font/woff2 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/exo2/v21/7cHmv4okm5zmbtYoK-4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Exo+2:300,400,500,700&subset=cyrillic

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c9c1caceee24c82513919d61734ad3ccb66800fa0a92f71da617c49b8a872fb1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://winzoro.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Fri, 24 Nov 2023 18:19:06 GMT
x-content-type-options: nosniff
age: 334238
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 40316
x-xss-protection: 0
last-modified: Wed, 13 Sep 2023 22:31:28 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 23 Nov 2024 18:19:06 GMT

GET
H2 200 fa-solid-900.woff2
use.fontawesome.com/releases/v5.2.0/webfonts/ 61 KB
61 KB 44ms
41ms Font
font/woff2 2606:4700:e2::ac40:8d0d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://use.fontawesome.com/releases/v5.2.0/webfonts/fa-solid-900.woff2
Requested by: Host: use.fontawesome.com
URL: https://use.fontawesome.com/releases/v5.2.0/css/all.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:e2::ac40:8d0d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5c7df99df232586111917083a85aa31b82ee29e48ca2990e13fae0c0663a923f

Request headers

Referer: https://use.fontawesome.com/releases/v5.2.0/css/all.css
Origin: https://winzoro.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 15:09:44 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2278878
alt-svc: h3=":443"; ma=86400
content-length: 62472
last-modified: Fri, 22 Sep 2023 01:45:27 GMT
server: cloudflare
etag: "b75b4bfe0d58faeced5006c785eaae23"
vary: Origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IWiZN58Q5CePuv7gbXF%2B1kOArlBLOspoPJ41xxNLZvCHuivc8iW%2BnM8%2BCUDQFVlGQZCkEW1y2L760qTTsRBD0V8Il2wIJXXadbpLCHHMQexyv87JF3%2B9N7CrFlQ2Y%2FDD9L2%2B5rAKgI4I3hsMMo8U0zLy"}],"group":"cf-nel","max_age":604800}
content-type: font/woff2
access-control-allow-origin: *
cache-control: max-age=31556926
accept-ranges: bytes
cf-ray: 82d388a1aec60baa-AMS

GET
H2 200 7cHmv4okm5zmbtYsK-4E4Q.woff2
fonts.gstatic.com/s/exo2/v21/ 20 KB
20 KB 78ms
25ms Font
font/woff2 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/exo2/v21/7cHmv4okm5zmbtYsK-4E4Q.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Exo+2:300,400,500,700&subset=cyrillic

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

20ac558ae4e736f5a22d58c1bcdab41693e106fb485d0c582be711621ef6456d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://winzoro.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Fri, 24 Nov 2023 03:53:53 GMT
x-content-type-options: nosniff
age: 386151
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20400
x-xss-protection: 0
last-modified: Wed, 13 Sep 2023 22:26:48 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 23 Nov 2024 03:53:53 GMT

GET
H2 200 fa-regular-400.woff2
use.fontawesome.com/releases/v5.2.0/webfonts/ 15 KB
15 KB 82ms
80ms Font
font/woff2 2606:4700:e2::ac40:8d0d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://use.fontawesome.com/releases/v5.2.0/webfonts/fa-regular-400.woff2
Requested by: Host: use.fontawesome.com
URL: https://use.fontawesome.com/releases/v5.2.0/css/all.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:e2::ac40:8d0d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0ecd9f5bb492be71e3aacc8ca4f170c8f9890242a25e2c6ec9a42f13561b028f

Request headers

Referer: https://use.fontawesome.com/releases/v5.2.0/css/all.css
Origin: https://winzoro.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 15:09:44 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2362844
alt-svc: h3=":443"; ma=86400
content-length: 14888
last-modified: Fri, 22 Sep 2023 01:45:27 GMT
server: cloudflare
etag: "8d9ab84bfe87a3f77112a6698cf639fb"
vary: Origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YYPhh4Uvt6EB%2FLHOcJ5LR7%2Bgo7o2dFT8SL7ZB27g%2B1g6dXJGh191m6GbUh%2FinWNZfehT3A9WDLXAGhY0%2BhJGkYuFZkV%2BSsnKkzoTc3V9Q1Se2dR%2Fv8XqeSLS44Um5GttJ9uzP%2FgCJIuVnCUyt51Dm5lp"}],"group":"cf-nel","max_age":604800}
content-type: font/woff2
access-control-allow-origin: *
cache-control: max-age=31556926
accept-ranges: bytes
cf-ray: 82d388a1aeca0baa-AMS

GET
H2 200 fa-brands-400.woff2
use.fontawesome.com/releases/v5.2.0/webfonts/ 63 KB
63 KB 82ms
80ms Font
font/woff2 2606:4700:e2::ac40:8d0d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://use.fontawesome.com/releases/v5.2.0/webfonts/fa-brands-400.woff2
Requested by: Host: use.fontawesome.com
URL: https://use.fontawesome.com/releases/v5.2.0/css/all.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:e2::ac40:8d0d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4d0130d314f1669c9ea5a911d401d6250f96386a52b0c38f7b3fb43cdcd10589

Request headers

Referer: https://use.fontawesome.com/releases/v5.2.0/css/all.css
Origin: https://winzoro.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 15:09:44 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1656246
alt-svc: h3=":443"; ma=86400
content-length: 64144
last-modified: Fri, 22 Sep 2023 01:45:27 GMT
server: cloudflare
etag: "6814d0e8136d34e313623eb7129d538e"
vary: Origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PJtzYJ9HiNc1RXuz3t%2Fl3nN8vnhaLXbnYUp6pARYoZpYkLwnAjB%2Bsz0%2BVJ1vs5PNgkygsGipM6lr%2FLb145L%2BN2q0t7X3qNTSoNg%2Bs8XPRsLepl4txrbIxWIDRlsr3My2jv2n%2Foha0LXe8INrW%2BHVrvP2"}],"group":"cf-nel","max_age":604800}
content-type: font/woff2
access-control-allow-origin: *
cache-control: max-age=31556926
accept-ranges: bytes
cf-ray: 82d388a1aecb0baa-AMS

GET
H2 200 tag.js Show response
mc.yandex.ru/metrika/ 200 KB
70 KB 310ms
173ms Script
application/javascript 2a02:6b8::1:119
GLOBAL_DC

General

Check archive.org

Show headers Download Go to

Full URL

https://mc.yandex.ru/metrika/tag.js

Requested by

Host: winzoro.net
URL: https://winzoro.net/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:6b8::1:119 Moscow, Russian Federation, ASN208722 (GLOBAL_DC, FI),

Reverse DNS

Software

Resource Hash

c3d606568f389989dd02561ca2b0d20d29eeb477ed633a690a518879748f487a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 15:09:44 GMT
content-encoding: br
strict-transport-security: max-age=31536000
last-modified: Fri, 24 Nov 2023 08:37:03 GMT
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
etag: "656060af-113c3"
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=3600
timing-allow-origin: *
content-length: 70595
expires: Tue, 28 Nov 2023 16:09:44 GMT

GET
H/1.1

200
OK

hit
counter.yadro.ru/
Redirect Chain

https://counter.yadro.ru/hit?t45.1;r;s1600*1200*24;uhttps%3A//winzoro.net/;0.6642285998837609
https://counter.yadro.ru/hit?q;t45.1;r;s1600*1200*24;uhttps%3A//winzoro.net/;0.6642285998837609

112 B
598 B

59ms
58ms

Image
image/gif

88.212.201.198
UNITEDNET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://counter.yadro.ru/hit?q;t45.1;r;s1600*1200*24;uhttps%3A//winzoro.net/;0.6642285998837609

Requested by

Host: winzoro.net
URL: https://winzoro.net/

Protocol

HTTP/1.1

Server

88.212.201.198 , Russian Federation, ASN39134 (UNITEDNET, RU),

Reverse DNS

host198.rax.ru

Software

nginx/1.17.9 /

Resource Hash

bb51b9caddb8a0e55d70c819b8a8903fbf2f94b7ad453653ec6aa0e823524276

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 28 Nov 2023 15:09:44 GMT
Strict-Transport-Security: max-age=86400
Server: nginx/1.17.9
Content-Type: image/gif
P3P: policyref="/w3c/p3p.xml", CP="UNI"
Access-Control-Allow-Origin: *
Cache-control: no-cache
Connection: keep-alive
Content-Length: 112
Expires: Sun, 27 Nov 2022 21:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Tue, 28 Nov 2023 15:09:44 GMT
Strict-Transport-Security: max-age=86400
Server: nginx/1.17.9
Content-Type: text/html
Location: https://counter.yadro.ru/hit?q;t45.1;r;s1600*1200*24;uhttps%3A//winzoro.net/;0.6642285998837609
P3P: policyref="/w3c/p3p.xml", CP="UNI"
Cache-control: no-cache
Connection: keep-alive
Content-Length: 32
Expires: Sun, 27 Nov 2022 21:00:00 GMT

GET
H3 200 show_ads_impl_with_ama_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202311140101/ 397 KB
134 KB 139ms
96ms Script
text/javascript 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202311140101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-4379353840599633&plah=winzoro.net&bust=31079756

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-4379353840599633

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c045c55ea725d7522824719c00c918ec02f0d4f7f77d9b71e1654c67ed04bb36

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 15:09:44 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 137291
x-xss-protection: 0
server: cafe
etag: 727658682299672333
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Tue, 28 Nov 2023 15:09:44 GMT

GET
H2 200 zrt_lookup_nohtml_fy2021.html Show response
googleads.g.doubleclick.net/pagead/html/r20231109/r20190131/ Frame 8060 9 KB
4 KB 74ms
23ms Document
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20231109/r20190131/zrt_lookup_nohtml_fy2021.html?hello=world

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-4379353840599633

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

fe20ff2859b2752e04b026435eb9651c339d0a6a5805f825151bb11521bd644c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 19967
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4102
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 28 Nov 2023 09:36:57 GMT
etag: 111328227650088477
expires: Tue, 12 Dec 2023 09:36:57 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 0d452bb36fbd52d71853.js Show response
yastatic.net/partner-code-bundles/916422/ 14 KB
5 KB 305ms
186ms Script
text/javascript 2a02:6b8:20::215
GLOBAL_DC

General

Check archive.org

Show headers Download Go to

Full URL

https://yastatic.net/partner-code-bundles/916422/0d452bb36fbd52d71853.js

Requested by

Host: yandex.ru
URL: https://yandex.ru/ads/system/context.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:6b8:20::215 Moscow, Russian Federation, ASN208722 (GLOBAL_DC, FI),

Reverse DNS

Software

nginx/1.17.9 /

Resource Hash

a0935a5cceb67e31427704dbca2ab5b032e012c9e6a15ef7e2b601eeb885a4d7

Security Headers

Name	Value
Strict-Transport-Security	max-age=43200000; includeSubDomains;

Request headers

Referer
Origin: https://winzoro.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 15:09:44 GMT
content-encoding: br
strict-transport-security: max-age=43200000; includeSubDomains;
nel: {"report_to": "network-errors", "max_age": 7200, "success_fraction": 0.001, "failure_fraction": 0.01}
content-length: 4773
last-modified: Sat, 25 Nov 2023 11:26:05 GMT
server: nginx/1.17.9
etag: "053c3c9130b57ea18361af7304bed7b1"
vary: Accept-Encoding
report-to: { "group": "network-errors", "max_age": 7200, "endpoints": [ { "url": "https://dr.yandex.net/nel"}]}
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=946708560
accept-ranges: bytes
timing-allow-origin: *
x-robots-tag: noindex, noarchive, nofollow
expires: Thu, 27 Nov 2053 21:40:53 GMT

GET
H2 200 89a91b205cd96c954e5f.js Show response
yastatic.net/partner-code-bundles/916422/ 24 KB
8 KB 294ms
176ms Script
text/javascript 2a02:6b8:20::215
GLOBAL_DC

General

Check archive.org

Show headers Download Go to

Full URL

https://yastatic.net/partner-code-bundles/916422/89a91b205cd96c954e5f.js

Requested by

Host: yandex.ru
URL: https://yandex.ru/ads/system/context.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:6b8:20::215 Moscow, Russian Federation, ASN208722 (GLOBAL_DC, FI),

Reverse DNS

Software

nginx/1.17.9 /

Resource Hash

5460f776f1ca266be63f7b0ac3a19682db0a3ec42be65a8e4d68751e101ce874

Security Headers

Name	Value
Strict-Transport-Security	max-age=43200000; includeSubDomains;

Request headers

Referer
Origin: https://winzoro.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 15:09:44 GMT
content-encoding: br
strict-transport-security: max-age=43200000; includeSubDomains;
nel: {"report_to": "network-errors", "max_age": 7200, "success_fraction": 0.001, "failure_fraction": 0.01}
content-length: 7945
last-modified: Sat, 25 Nov 2023 11:26:05 GMT
server: nginx/1.17.9
etag: "175acabc4644585c37f98db487b6e7c1"
vary: Accept-Encoding
report-to: { "group": "network-errors", "max_age": 7200, "endpoints": [ { "url": "https://dr.yandex.net/nel"}]}
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=946708560
accept-ranges: bytes
timing-allow-origin: *
x-robots-tag: noindex, noarchive, nofollow
expires: Thu, 27 Nov 2053 21:40:53 GMT

GET
H2 200 04dc35b6ded6468565c0.js Show response
yastatic.net/partner-code-bundles/916422/ 117 KB
25 KB 277ms
159ms Script
text/javascript 2a02:6b8:20::215
GLOBAL_DC

General

Check archive.org

Show headers Download Go to

Full URL

https://yastatic.net/partner-code-bundles/916422/04dc35b6ded6468565c0.js

Requested by

Host: yandex.ru
URL: https://yandex.ru/ads/system/context.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:6b8:20::215 Moscow, Russian Federation, ASN208722 (GLOBAL_DC, FI),

Reverse DNS

Software

nginx/1.17.9 /

Resource Hash

7130e32e6ada0df807e9016a918a0a812efa084fd33d52dd5a0d5b891240d33f

Security Headers

Name	Value
Strict-Transport-Security	max-age=43200000; includeSubDomains;

Request headers

Referer
Origin: https://winzoro.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 15:09:44 GMT
content-encoding: br
strict-transport-security: max-age=43200000; includeSubDomains;
nel: {"report_to": "network-errors", "max_age": 7200, "success_fraction": 0.001, "failure_fraction": 0.01}
content-length: 24582
last-modified: Sat, 25 Nov 2023 11:26:05 GMT
server: nginx/1.17.9
etag: "b007aa54bb8c9b88ffe67896e2f40d69"
vary: Accept-Encoding
report-to: { "group": "network-errors", "max_age": 7200, "endpoints": [ { "url": "https://dr.yandex.net/nel"}]}
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=946708560
accept-ranges: bytes
timing-allow-origin: *
x-robots-tag: noindex, noarchive, nofollow
expires: Thu, 27 Nov 2053 21:40:53 GMT

GET
H2 200 host.js Show response
yastatic.net/safeframe-bundles/0.83/ 33 KB
9 KB 252ms
135ms Script
text/javascript 2a02:6b8:20::215
GLOBAL_DC

General

Check archive.org

Show headers Download Go to

Full URL

https://yastatic.net/safeframe-bundles/0.83/host.js

Requested by

Host: yandex.ru
URL: https://yandex.ru/ads/system/context.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:6b8:20::215 Moscow, Russian Federation, ASN208722 (GLOBAL_DC, FI),

Reverse DNS

Software

nginx/1.17.9 /

Resource Hash

34806ef573086241dd1a596a860b0295b51c24f1c37eab36eb9d0665683abb55

Security Headers

Name	Value
Strict-Transport-Security	max-age=43200000; includeSubDomains;

Request headers

Referer
Origin: https://winzoro.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 15:09:44 GMT
content-encoding: br
strict-transport-security: max-age=43200000; includeSubDomains;
nel: {"report_to": "network-errors", "max_age": 7200, "success_fraction": 0.001, "failure_fraction": 0.01}
content-length: 8878
last-modified: Wed, 03 Nov 2021 13:42:58 GMT
server: nginx/1.17.9
etag: "f80882bf67cf261aa08d636da095149a"
vary: Accept-Encoding
report-to: { "group": "network-errors", "max_age": 7200, "endpoints": [ { "url": "https://dr.yandex.net/nel"}]}
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=946708560
accept-ranges: bytes
timing-allow-origin: *
x-robots-tag: noindex, noarchive, nofollow
expires: Thu, 27 Nov 2053 21:43:25 GMT

GET
H2 200 text-variable-full.woff2
yastatic.net/s3/home/fonts/ys/3/ 25 KB
26 KB 222ms
106ms Font
font/woff2 2a02:6b8:20::215
GLOBAL_DC

General

Check archive.org

Show headers Download Go to

Full URL

https://yastatic.net/s3/home/fonts/ys/3/text-variable-full.woff2

Requested by

Host: yandex.ru
URL: https://yandex.ru/ads/system/context.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:6b8:20::215 Moscow, Russian Federation, ASN208722 (GLOBAL_DC, FI),

Reverse DNS

Software

nginx/1.17.9 /

Resource Hash

033696b7f1ac04d1dcc102be84550e146236ceffc25a6cabc12aa51a6ee410b9

Security Headers

Name	Value
Strict-Transport-Security	max-age=43200000; includeSubDomains;

Request headers

Referer
Origin: https://winzoro.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 15:09:44 GMT
strict-transport-security: max-age=43200000; includeSubDomains;
nel: {"report_to": "network-errors", "max_age": 7200, "success_fraction": 0.001, "failure_fraction": 0.01}
content-length: 26004
x-amz-meta-owner: {"role":"admin","login":"4eb0da"}
last-modified: Mon, 25 Apr 2022 14:02:39 GMT
server: nginx/1.17.9
etag: "7f0cdaf91230f9789ca4162aedff612e"
vary: Accept-Encoding
report-to: { "group": "network-errors", "max_age": 7200, "endpoints": [ { "url": "https://dr.yandex.net/nel"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31556952
x-nginx-request-id: e8214a9c69999047
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 27 Nov 2024 20:56:30 GMT

GET
H2 200 11bd203a603de1a67c3c.js Show response
yastatic.net/partner-code-bundles/916422/ 34 KB
11 KB 275ms
186ms Script
text/javascript 2a02:6b8:20::215
GLOBAL_DC

General

Check archive.org

Show headers Download Go to

Full URL

https://yastatic.net/partner-code-bundles/916422/11bd203a603de1a67c3c.js

Requested by

Host: yandex.ru
URL: https://yandex.ru/ads/system/context.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:6b8:20::215 Moscow, Russian Federation, ASN208722 (GLOBAL_DC, FI),

Reverse DNS

Software

nginx/1.17.9 /

Resource Hash

35ef3d202ba98e9336c842fa83a4fce325d34fd54773907d3391bbeaf476bc5d

Security Headers

Name	Value
Strict-Transport-Security	max-age=43200000; includeSubDomains;

Request headers

Referer
Origin: https://winzoro.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 15:09:44 GMT
content-encoding: br
strict-transport-security: max-age=43200000; includeSubDomains;
nel: {"report_to": "network-errors", "max_age": 7200, "success_fraction": 0.001, "failure_fraction": 0.01}
content-length: 10648
last-modified: Sat, 25 Nov 2023 11:26:05 GMT
server: nginx/1.17.9
etag: "c42666d54e1e33297829cb6682bee98b"
vary: Accept-Encoding
report-to: { "group": "network-errors", "max_age": 7200, "endpoints": [ { "url": "https://dr.yandex.net/nel"}]}
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=946708560
accept-ranges: bytes
timing-allow-origin: *
x-robots-tag: noindex, noarchive, nofollow
expires: Thu, 27 Nov 2053 21:41:50 GMT

GET
H2 200 294956 Show response
yandex.ru/ads/meta/ 437 B
682 B 143ms
142ms XHR
application/json 2a02:6b8:a::a
GLOBAL_DC

General

Check archive.org

Show headers Download Go to

Full URL

https://yandex.ru/ads/meta/294956?target-ref=https%3A%2F%2Fwinzoro.net%2F&charset=utf-8&pcode-test-ids=918196%2C0%2C78%3B913081%2C0%2C66%3B901446%2C0%2C98%3B909919%2C0%2C18%3B897722%2C0%2C83%3B911253%2C0%2C24%3B907876%2C0%2C37%3B918087%2C0%2C84%3B907474%2C0%2C13%3B901183%2C0%2C47%3B908763%2C0%2C33%3B917804%2C0%2C57%3B910731%2C0%2C62%3B908467%2C0%2C47%3B882595%2C0%2C84%3B907884%2C0%2C37%3B892905%2C0%2C73%3B906703%2C0%2C40%3B911315%2C0%2C82%3B910216%2C0%2C22%3B910552%2C0%2C89%3B914205%2C0%2C51%3B916924%2C0%2C93%3B914600%2C0%2C32%3B681841%2C0%2C87&pcode-flags-map=eJy1Wdly2zgW%2FRc9OxmCO%2FMGkqCEMbcBQdtKKoXSOJq0p7xMOU53T1L597lYKBGyDLXTPXlwRFr3ALjLuefC3xcXeBDDqrsUuBQ1zkktqo4J2oocty1hi3cfvi9%2B3dx%2B3S7eLTgbyeJs8bT98kQ%2FwXMcB0GYLH58PNvD9Kwrx4IPomtFj8eBOBESlIWBRijpgPOaiKIbWy4YKSkjBYed4L53Y%2FheGPq7XcCSohlrTllX14DWcvmBMHGJebEipeC0IaKrqoFwN27ge8n%2BdIxwtpanagm%2F7Ni5IIx1bv8kURwm2Q4BVi%2FOwcnrbuRiqDv4Qd8TkcOBS8woGdxgSYpCpMDkCSRGz4g65P64F7QknTC%2Ft%2BCQB%2F8svCzIEu8EXj5WFbiOND1fi5o29BD01YgXPablX7%2FDaoTPP4vaylz9i3f6Auafis9xzP%2BfB342%2BjLZlwznoibtkq8sIyjWdG6WeqmXhDsz0ioS4AxDqVzQYcS15hXJSuSKE9bCm3JwU0KK%2FNj7CVD1YsAVERXDjZu61BqaHhiTPDPAN4CwYEEuybTHEgKwB4WKx5J2omAEc3pxotTT0PNRtNv%2BFCTeAQkNHDMuaaiiDBYqVmN7LipMawsxsiOehn7i7wEx5zKmw2sQAxcgnBVYt6gpAequyRK8SduqE5crqhi9vSCwhE5%2B6Z8Tp4%2B8NJ3xbltCEuJcugCXEokO8GJktdz0Jcm7U95MvHDPwksCZxwH3jXiosH9zrsXuB7tiMcHdZPGURDvGw0pAKLgWCdNg%2BvavY0kDcPwubWyFJeUrwSHXHwNxhS7ZuTQ18AZz1tSZJlnPvJiZT6AV4VpuaVMV77uiWz7fXdJGKkqWkAwi7UFtv39PzacVbq4LKdK6%2FESWmzPKVSFLgSZasrdNW3P3WfMssz0uamdt0TJk6l4ZOhd%2B8qQB5pAIfRFV5I%2FiaGkDVfnguQb4EyWIXwzyCLb1g%2BNmydRY8RMMTDXolGGIMDKUJGwlmBibGlFIUq0BTapcEHcGKlvVIs8MoQSsmQl6m5JC5ddjNIg1mtDvQIVNCJfT8UnMxzaQ05LJwRkl4%2Bsc4PnGeRCy434kU1qgBiQVgwHHP5sPxkyqV7IAunaiQgq8IKgiqDhWLgk7k0laRbr6pdpUIHOast6rQleJvyhvHTb5%2BdKtGlO14QGGFDLeedGyULTLCRKTSAVAaFx2sRpGGt3zty2ZCBKSjKc88697zQOUTD3nyIHoGQAmeG1IENVwJcjaG5o%2BVJ7FwRKxOnWBHlhEk3dT2caH1lrwgOtAKLNV6wblytnuScITexc4%2FdrFVGhynZu9n3xr%2B3T9S%2FN5vHzzf3iHYq8s8Xdwz9vbrfD9eb25v7z4p3%2Fw0KNoAw00zWSIv8xkpFAr%2B9FXksVUFO7C31Y3G1ubt8%2BfoW9%2FXdz%2F2n7O3z%2B283d5vP2i%2FXq8%2BZOvfn0bXuvv7759ebpQX%2B8ezt7%2BHR%2FY95K5B0CvHjcfLt9%2BPaL%2BfW3R%2F3%2F18fN2%2Fvtb1%2BefeHfm4e7G2X68fgRW01pDWFL%2BbOkWHC8HJzxC3zfJJcqCwKxB2osFGW7DaPA800P4ZCJFQaq0ozfjk1OnAyXRCgwIlENh2q8k70C5k1S6IoEgUaBO07AJJ7OPqAR4PVGEtxSUQ4tK%2Fw8vJbn0ijKDLdbFTyvC96NxUpXR90Naoe62TLyd6DyE9UBxRemx1bQshMKMpdZ2MMPeKPUF20pP9LAnyGHYYRs5NmuFUXRpcADBGdQVOVEyxCE84QnJKYUKrgt95cEZq52p8oR9BluTZcrELUr0vzRPQLTGIEho66EttGWbgBgUp2xazCBWil0vud1BzEAOgWZyskRSmBv6Bs%2FhHbuhW8QQM6f%2FYPn4OA5VM%2F4jR%2FB%2FJX4YD9PwdTLYqQlQkWvwK24VyWsLwTGpVN2oSiMwhm3SUVLG1mA0i2aDJwAEQozDVANUDgdzD30ym0RBKaZGK4BppBTlOxhWKWvTAiQr0A%2F7eiGCjMjrEwsVA9XV04nJEEa%2B1Gqd7HCrFTSTm9gAB7iuFg5rYHy4ngnjJY9F5CItHfmjjQyrlLqS56%2Bk8Piq%2FcOUjkOjgD1Yw69EpiAu3e%2Ft99flDWS%2BvT4Ya%2F%2BIctke0j8swwiF3pBfBYHGXTsILKyMAUqzyxQM7wVchz8U7iB9tqsXuXEUUDc3Oo%2FjRJTGIw0ncw0IPfcyTMpJIYRV9UwaaNpuBFQ26LBcrKBCnGPM8hLsxNkqMbPQt4WdKo5yKGHKSKT9FiTiuv7AwzN9MRisdHKLRmZ9LmsYPc5wcbkP6ZMi6TZZGJPJR5wXmhbB2GS7qyhl0nekIGhpbXsB%2BRFnvfxZdNX5%2F7RldU97%2BGtJ6ztZclZlkVnyINwnMnnAJ5D9Sl6YVd73gN9rLq3pCLVBJ1DnudF0VEhABEuJo5bEXXOU7008yA6aJ70071H18OOGM9hXsBC9rCrE0X10YL140zDSgjlNTkTDooAGsW86pW1t83trb23AGYJPQyoOUw6jBEQxdBCYczTWeA%2BXYKMTFdfVu1GDoiSx8xl%2F5I8S6UgBjsvsw8EE6o3XUJgciGQtfD1w%2F3T44O9fZSiLJ6ZWAZGiiDbIvBMMHZSQbpsDVVKoN%2B2JyIZGm9Zxq3sNfKOlUNwZbkD1agOcnglcH3%2FZONlGdpfQDGg7Z3w06lyghOzJPGP3DsN5xTGGSCa876DpmJhgMQciO0R5E9ibALpeiMcBol3wt5L0iR%2B2R7DqDeQ%2Bg%2BD4HIoz5%2BxFkrCKD4IvZcmx0pURmSaPnRIaAU6pq7Vn3imEOVd6bzDgh2F0x2WUwHvbknVeEJryteiywfCDrTW9dNB5SGUzjVwN%2FKBQ8wahWquZ9xDUwYeiI9j7Ox315h6%2FtbfkwqhJtzaoC%2F%2FGvBa8AZfTXQxaL6ZQ6LjcPJ8PV438vZHtV%2FG7fb2uP1khzpJvaOhMHw6Jb7T38hLAl34K1AP8krDzEIr6NJq5LDMv2xvt9dPBxvxgCyTOZOX7%2BVNiW4wem9SHK06Rt8D%2BWDzd50TIsWPsug06E5gvAry0GF2dboTNEnNneOkmC5pyVcCnMZp675FSDM%2FM3P4C5djFYwXDFSSO7%2FjxAvmmi%2FvmGq5B7riWaxRgParT9ufKkFuouyKUSUgpDTmZLmrWXYiiXwjQieGscsW10bCq9Dt%2BGC3CLkq6hHEWcPwQVt9vlIU%2BS%2B1Vbdl6M%2BuQCgM%2BxD1tjwus5%2FdbseZb0ZIeeli2mLZSaF8YtXYk837x%2F8AK5Ni6w%3D%3D&pcode-active-testids=914600%2C0%2C32&pcode-icookie=xeLv2zTIXJ9vrYrAICQ7SBX7cVU89tPuU320DbHPgEVkt%2BL%2FBHycFePrOOwDnrPD8LXOutZxrR8WvXWxSiR4ppzxZ9s%3D&imp-id=12&enable-flat-highlight=1&comboblock-unencoded-vast=1&test-tag=531064116215810&ad-session-id=1219681701184184845&target-id=1192038&tga-with-creatives=1&top-ancestor=https%3A%2F%2Fwinzoro.net&top-ancestor-undetermined=0&pcode-version=916422&pcodever=916422&flash-ver=0&layout-config=%7B%22win_width%22%3A1600%2C%22win_height%22%3A1200%2C%22pixel_ratio%22%3A1%2C%22bandwidth%22%3A10%2C%22isInIframe%22%3Afalse%2C%22w%22%3A220%2C%22h%22%3A0%2C%22width%22%3A220%2C%22height%22%3A0%2C%22visible%22%3A1%2C%22fullscreenHeaderHeight%22%3A80%2C%22left%22%3A200%2C%22top%22%3A769%2C%22ad_no%22%3A0%2C%22safeArea%22%3A%7B%22top%22%3A0%2C%22bottom%22%3A0%2C%22left%22%3A0%2C%22right%22%3A0%7D%2C%22req_no%22%3A0%7D&grab-orig-len=3940&grab=eyJncmFiX3ZlcnNpb24iOjJ9CiKkpIzsNuoB1FgDU19UbmrNUR1t-v2T17spZENKWk7Lp2WuGU2hEuxJPD1pQvR-VTLpqp78Npyt2nN6etM2gJ4Z4BpjLMytFJlba5pv4NMwGosIRoGCRVgwjS7WaKlpdGU3UNPERawtqUOoAaBCcQAvlIa4oSKUhPJQ8QcsCUhCRQDvoClC8AFpqPxbVoaQbgnOwYUYij8gvWXxyVQ-WZEbMrLkHQ6Xw-midVlcoCCicTXuaTRl3D_vmhItvaFMjGmhjossp39jlsdlHqOlZ2N4Xo7df7OufGkoP_HFIcEgSAKiEHw1jnyR_IH-dk-MEH83AlL3L8-hNCByt235jS537_yyW5cckPxvBzeA9SHOCYdzsGQHAcKtExy_N5R4ed5Nyc12-wtFFhDfEKTb54py1VSe0BCuXZKA6HdHehvirdqKjn-bxD7ySZWFyptEeUuEf2IoDi7OVuUGPLn0LsFKkZcqsiw1JHWxvGa9Mfwyuq-KB-h0P637LW7upXF7A4h5cu3mWC2veNsCf42qyvGUetra4Ymqerm9uoxkcJUc-9hX8NXB3ebDv5HEokQK8xAQbpVczb0pM4OquXSZvlHbkwQtvY9Iqc2M5Aez7Ck9NY2hANmDQJZ2tbrkh9fkIikp4i9ybZGXrz0U_mUkmT6roLyuMBjK_FY7NU2i7jk1VZEDJkszGtcg0rgOhuuE94B4-UNY6HXYcme6EYy6xqe_SpnahRxRZKnmxPAB8nIOuOTqntac71RVx0UuhD7ThDCuJOC3LByb94HaAFzr9Oq00PRU1boWXE_iwkiugg_oqBwoeT8okdaDNOk8ONpCWK8Q-sbuxft5UgBLcNjdFNwCyEQTcSjlvikaP6JEXObR18kMIQs4HlVzPNbEBob3lVkTHxDX30bH9iRjRQrQQu9hTRq0yiNYkwS9ciTWJAHofnlfVcKKNCje37LU1nzGvKn3SawJD9ScKMQZRLrBjE28QbtN2V-BWqIkc4TyfTdwSlzGZM9CFoBwXbGULZiXNbgbcLwSXdHZ6K5xxMrTCkNJ2VM0KE3vOR-PO9QLy3r2-_KUw43Wljv_7egcomUEa4ILQGGaTaxzcG26x12b6UV9VIdps1U3JAAt0WVp7A_RHmdvhn8Z-Xxby3IFo-qDzOF0iv5iz_NyQXrhNQwITo3upbxzbz0BPctiEVsoYuGrdVQ9rrmbYbl_6d9tQ2y3L-JYeC-JKe5xIiByFUY1kCc77XGR62OVulRro4SeGp1VFGsCACu3H7i2s33pRFAEoToF4bRYwTaewH7aUKRd9Qg7yCck8p6rrviYm0CYvmGqYGr67HRspc_-douVkdJH1S_dFF2rxdw8LhvdbBz8UMnUHNrY8UDHW5w2RsohwjJOM7LzwDdFeVLGj7rsZ7eAjhwl5qYMYMfE4g1rwEy_s1rY8Dub2cJISUOk7fmlL6P4Q--vWYtYW1yWyM7H1P1o4xjWvewOtlJlRsdAH4W0zOPsQbuEaYoHQgQ_ipPokfYiOREw0beYwahZ0LHhXbROBwNlLKMs8-KRF_qe6ApV13QMmzqznQ1jipZxfonf8VD0XP9WpBg6dbRW1p3OykAvtfXQF6n2ePv-6dErVK-OUvWtJGP0Ym6-oA_FAcw2maxv4ehndtaydUAxaCVZwk9Q3gifRERU2hx1nLc8t8WKICkEamkGY975xBmKAHgvDDiTGSURJVcCbSghbkC8xBAh-EZiAaYHH-IsTy5yjRfVoBZJ1LUFiMw2LUWkfkcrKXJNGS_XTA5Kh40daqz5bXScD9wGBhw4Mn1eGKNr5lFFaZKljyjN4JdGpj-5ICEMLwEEc6myrLMZZqeTcVj-1FDkXfsm8mP3EZYG5iewBhX_yIxZjqgbybueic7nZJ0-ZGEgk6VHcaTJ_9h93-cptYUheQvz0-eBBG0co772DMx0QwfrBHlWdIyUQjRRmqX9UWdpeQxh4h3mo8kLTY9Lw1NhDkk6zBDSguQe8NmyBeHQLHuwkxuH8-mstIyUmhDqMaQLflVyQIrFTS8-JhT2IU9NFoH5GRIAt6PEVLIctpJF904bZ9PEgcWmCdYbKOzZKSs6TkC81vYVCAy2Ukw9ztLoUWTwsycrYt2Sj-hXbplgXDqFw2xmKxYtbzfbsDgWwX7GANvLR1yQZ49kQe49yoxsbUptB2kRUZR5ojsTEplG3Y0xRk4SHTtJstG91WZnJLYdQQlSP5qrirJM1VFO_qiKWPWmOC3L-NGk5PliM00wcKbYoaY66N5idjCSM6EsNVn-Jm1XXZZRFKoII2fPyo6bORxvdjiwmLgSrGcvi7v9rI34jA19-VRARPZJpNFgnrHBjKxZWHc5s41xwAp04zJqyPJHoCuH4O9Qirjo2sfIoF8dTjbA2znfaqdlFqkIltoevBxij5XPjh1WPiiDo2Ox9SwmmsFhsPRNDvr5Hva-sw8kgwFCudg0xjKQ0rh0doFJj-GIK-4qqh_W46jziPdvemCPBkcUwF0Km2JIuXYUwJvco0g_vQ--l8UEQPKjGI_radcvR3gbe0Pbuql3c_GxKI6mJfG58nEpKH-wPSl21MGdJR5q05TzOJshfbwuFyF4S44_uIp2foKZf3vd_cUusDMqfnBEz3AjR1Sx0dWXDKaBGyYAbjqZoUeqN89QXpQhBE_ukvgohlZ01E9f6Ea-IyD6qowv_acVbPqFW2d_GiDZ1W15CWWuPJv0pr6N46vc79qoak8_N5dP1EJSK9QPpIYDSOyred8sskm-fBPl0QO-gWy-Ssh3aOmovjfuV-gTcrtWCqvhq5mPfnzTPSdYIvqfTMtHYT3E-030QbnYntj109N6gN1GrDqWBcR1gRXHnXSr7gs5CVCeeBK_itvGiO2Tz0NqOunedF4EkQRE6D8EeAslELM0Q7-YjE8U8WZxm-DVAefV8B58L1deYD1FYWJe5WdeJWMvRgEwrWA8ASwKtY4whCqRnnbwJBJnCKlhNeLMlrc95-Y949c4W8ThsK1PCJJOIuA1fCGrJC2eNGw5JE1PtyVc1laEHiThe3ap8Nv9uJSeJMJLQItYJe_TB6TVjYtwRjwoiNwWN617VXWXb5LBZ7Fd1LhaRnN4Q-9CYa-yVdD39cnYDQDbc9ktBP4-GM5MQyA8wJsETW5Is8KAPoRxrBwwF9JQm3zpxNJV-jiFs23O-Q9PG6bwNleSNp_YXxc5V40VAVuV3Vqd1z_FSmG0-TSceZYAuBlmDrjt8yqs8jnobQLffMZ_yA0ezr64Zw_CiIznHVQLXe4_1GK4_qH2nXtoiAtjmiXZmatUIidvAQxh_-39uJ4K4bTYaN6pbEEOu93KsXRTb-XG2LfxJ4okNTOoaLIboc65QnNr6dSAeG_85vVPcdzm1mDVV9FO0u94uRyW5z4Eb6667cp3pvmBe8cAkPXJ-4-n8D57TlU2_988un32MLk4q6s-8kSTy-tz9X5Z7jPRI5HAa2B9qIFHvYTIp0kv5XK2GLpRgBT7zO78Z5N6z-SxRaS1v1fMBD_TsjMTcDfmv7Uyrrx7-OeU7e0PLt4y4K05yBMvE4gE8xqVTrYocIT-2BxPVJ_JrYd7f1144_tKN1lowbKRMby2dM5Ihwp3yGIknsabx_7A8vTuNvy29HPgMNZBJb5aHsQxv30VYMJNd4t2fwrcAVfgM0cHk3CekrtO3JYcHKrfbo5lm7CFOBa61908Tgs53FFra_zjNQvtgfwDKuW-EtqHAD1TDPKh3UXeMQJ9KADmqNM4QBSNRu4baxQVHZyDah1XRWuKeBXrUI80Af1jPmo4RWzKjEvvFdi85qE203ec1bcYx61Wy7b7tHxB3katTpCzUdSjp_4zDIYxn1g4NgVIW1tQTUfn1JQJ-izVr3DvWliWuMFLIp6ytnofelMWc43eCwD_&uniformat=true&callback=Ya%5B9248775542226%5D

Requested by

Host: yandex.ru
URL: https://yandex.ru/ads/system/context.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:6b8:a::a Moscow, Russian Federation, ASN208722 (GLOBAL_DC, FI),

Reverse DNS

Software

Resource Hash

9a5283f1a9e148ac5f8e2ebb5c8d08c63c9ba7d4c47bd19ecb882fdcdb883648

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Tue, 28 Nov 2023 15:09:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
nel: {"report_to": "network-errors", "max_age": 100, "success_fraction": 0.001, "failure_fraction": 0.1}
x-yandex-req-id: 1701184184895404-7979987386849412376-balancer-l7leveler-kubr-yp-sas-164-BAL-5816
p3p: CP="NOI DEVa TAIa OUR BUS UNI STA"
uniformat-product-type: None
x-xss-protection: 1; mode=block
pragma: no-cache
last-modified: Tue, 28 Nov 2023 15:09:44 GMT
accept-ch: Sec-CH-UA-Platform-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA, Sec-CH-UA-Full-Version-List, Sec-CH-UA-WoW64, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Platform, Sec-CH-UA-Full-Version, Viewport-Width, DPR, Device-Memory, RTT, Downlink, ECT
uniformat: true
report-to: { "group": "network-errors", "max_age": 100, "endpoints": [{"url": "https://dr.yandex.net/nel", "priority": 1}, {"url": "https://dr2.yandex.net/nel", "priority": 2}]}
content-type: application/json; charset=utf-8
access-control-allow-origin: https://winzoro.net
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials: true
timing-allow-origin: *
expires: Tue, 28 Nov 2023 15:09:44 GMT

GET
H2 200 38c76556f728f62addb4.js Show response
yastatic.net/partner-code-bundles/916422/ 59 KB
15 KB 158ms
158ms Script
text/javascript 2a02:6b8:20::215
GLOBAL_DC

General

Check archive.org

Show headers Download Go to

Full URL

https://yastatic.net/partner-code-bundles/916422/38c76556f728f62addb4.js

Requested by

Host: yandex.ru
URL: https://yandex.ru/ads/system/context.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:6b8:20::215 Moscow, Russian Federation, ASN208722 (GLOBAL_DC, FI),

Reverse DNS

Software

nginx/1.17.9 /

Resource Hash

327f27e8dadc7186a5425643fa096960251b33ad2cc3570a9aa564802c327217

Security Headers

Name	Value
Strict-Transport-Security	max-age=43200000; includeSubDomains;

Request headers

Referer
Origin: https://winzoro.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 15:09:44 GMT
content-encoding: br
strict-transport-security: max-age=43200000; includeSubDomains;
nel: {"report_to": "network-errors", "max_age": 7200, "success_fraction": 0.001, "failure_fraction": 0.01}
content-length: 14845
last-modified: Sat, 25 Nov 2023 11:26:05 GMT
server: nginx/1.17.9
etag: "bff11b55879f085c86136d8809b2c205"
vary: Accept-Encoding
report-to: { "group": "network-errors", "max_age": 7200, "endpoints": [ { "url": "https://dr.yandex.net/nel"}]}
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=946708560
accept-ranges: bytes
timing-allow-origin: *
x-robots-tag: noindex, noarchive, nofollow
expires: Thu, 27 Nov 2053 21:40:53 GMT

GET
H2 200 3504af7a9f6c0b9e8cd1.js Show response
yastatic.net/partner-code-bundles/916422/ 598 KB
115 KB 159ms
158ms Script
text/javascript 2a02:6b8:20::215
GLOBAL_DC

General

Check archive.org

Show headers Download Go to

Full URL

https://yastatic.net/partner-code-bundles/916422/3504af7a9f6c0b9e8cd1.js

Requested by

Host: yandex.ru
URL: https://yandex.ru/ads/system/context.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:6b8:20::215 Moscow, Russian Federation, ASN208722 (GLOBAL_DC, FI),

Reverse DNS

Software

nginx/1.17.9 /

Resource Hash

1dcbf404e84d061249df6c089462866088e2f3a0c016fc6e465311df8d6f860c

Security Headers

Name	Value
Strict-Transport-Security	max-age=43200000; includeSubDomains;

Request headers

Referer
Origin: https://winzoro.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 15:09:44 GMT
content-encoding: br
strict-transport-security: max-age=43200000; includeSubDomains;
nel: {"report_to": "network-errors", "max_age": 7200, "success_fraction": 0.001, "failure_fraction": 0.01}
content-length: 117232
last-modified: Sat, 25 Nov 2023 11:26:05 GMT
server: nginx/1.17.9
etag: "96b82e3b810ed1b42b71010843d70906"
vary: Accept-Encoding
report-to: { "group": "network-errors", "max_age": 7200, "endpoints": [ { "url": "https://dr.yandex.net/nel"}]}
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=946708560
accept-ranges: bytes
timing-allow-origin: *
x-robots-tag: noindex, noarchive, nofollow
expires: Thu, 27 Nov 2053 21:40:51 GMT

GET
H2 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame BAF8 328 KB
73 KB 581ms
580ms Document
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4379353840599633&output=html&adk=1812271804&adf=3025194257&lmt=1701184184&plat=2%3A16777216%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&plas=188x810_l%7C188x810_r&format=0x0&url=https%3A%2F%2Fwinzoro.net%2F&ea=0&pra=5&wgl=1&easpi=0&asro=0&asiscm=1&aslmt=0.4&asamt=-1&asedf=0&asefa=1&aseiel=1~2&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1701184184647&bpp=3&bdt=235&idt=286&shv=r20231109&mjsv=m202311140101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=575793446681&frm=20&pv=2&ga_vid=1577247992.1701184185&ga_sid=1701184185&ga_hid=624964592&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44809005%2C31078297%2C31079756%2C44807763%2C44808148%2C44808285%2C44809053%2C44809072%2C318512602&oid=2&pvsid=3572195228664700&tmod=761175717&uas=0&nvt=1&fsapi=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=1&uci=a!1&fsb=1&dtd=314

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202311140101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-4379353840599633&plah=winzoro.net&bust=31079756

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b2fec35aca5888e44e2a651e9414626158e83e6f88413aa9d02367e8ea57093e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 74239
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 28 Nov 2023 15:09:45 GMT
expires: Tue, 28 Nov 2023 15:09:45 GMT
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
20 B 56ms
56ms Image
image/gif 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=ach_evt&tn=HEADER&cls=header%20block%20clear&ign=false&pw=1600&ph=1200&x=0&y=0

Requested by

Host: winzoro.net
URL: https://winzoro.net/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 28 Nov 2023 15:09:44 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

sync_cookie_image_decide
mc.yandex.com/
Redirect Chain

https://mc.yandex.com/sync_cookie_image_check
https://mc.yandex.ru/sync_cookie_image_start?redirect_domain=mc.yandex.com&token=10201.twVjEA5oCoBvTQ9DKd-4cT9of69zBPtO1oVv51RIH7nEORqMuNPFnQvsX1AC_exS.eYNnSoxZuYKYRyumV5-nZIXBmH8%2C
https://mc.yandex.com/sync_cookie_image_decide?token=10201.vwNEFRvo8xF4S2mHXONR_6yAGf2wu6tASjrmL5Q8XnHZple3_8eCmQVSYqUE499WwKluQxSD-PMVIFqRhmdJ0gPM0rjdQVWaVomMG1K5MT4rK2SYLA4qmN08QSIiWe9iXUR3LzXmyI...

43 B
672 B

72ms
72ms

Image
image/gif

2a02:6b8::1:119
GLOBAL_DC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://mc.yandex.com/sync_cookie_image_decide?token=10201.vwNEFRvo8xF4S2mHXONR_6yAGf2wu6tASjrmL5Q8XnHZple3_8eCmQVSYqUE499WwKluQxSD-PMVIFqRhmdJ0gPM0rjdQVWaVomMG1K5MT4rK2SYLA4qmN08QSIiWe9iXUR3LzXmyIML1-fNi3Q1DNad2OeSpJXGJ9v4i4l6gj-ybaWQXnEcpYoSdPK3tPfOHNx26Xk3mTWccXXRdxZXJ-9eeWpDWCKyTBNgKi27ilw%2C.jGwX26FVw6Fn01Lnx5RsVlHp3kI%2C

Requested by

Host: winzoro.net
URL: https://winzoro.net/

Protocol

Server

2a02:6b8::1:119 Moscow, Russian Federation, ASN208722 (GLOBAL_DC, FI),

Reverse DNS

Software

Resource Hash

548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 15:09:45 GMT
strict-transport-security: max-age=31536000
content-length: 43
x-xss-protection: 1; mode=block
content-type: image/gif

Redirect headers

location: https://mc.yandex.com/sync_cookie_image_decide?token=10201.vwNEFRvo8xF4S2mHXONR_6yAGf2wu6tASjrmL5Q8XnHZple3_8eCmQVSYqUE499WwKluQxSD-PMVIFqRhmdJ0gPM0rjdQVWaVomMG1K5MT4rK2SYLA4qmN08QSIiWe9iXUR3LzXmyIML1-fNi3Q1DNad2OeSpJXGJ9v4i4l6gj-ybaWQXnEcpYoSdPK3tPfOHNx26Xk3mTWccXXRdxZXJ-9eeWpDWCKyTBNgKi27ilw%2C.jGwX26FVw6Fn01Lnx5RsVlHp3kI%2C
date: Tue, 28 Nov 2023 15:09:45 GMT
strict-transport-security: max-age=31536000
x-xss-protection: 1; mode=block

GET
H2 200 advert.gif
mc.yandex.com/metrika/ 43 B
495 B 105ms
104ms Image
image/gif 2a02:6b8::1:119
GLOBAL_DC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://mc.yandex.com/metrika/advert.gif

Requested by

Host: winzoro.net
URL: https://winzoro.net/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:6b8::1:119 Moscow, Russian Federation, ASN208722 (GLOBAL_DC, FI),

Reverse DNS

Software

Resource Hash

548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 15:09:45 GMT
strict-transport-security: max-age=31536000
last-modified: Fri, 24 Nov 2023 08:37:03 GMT
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
etag: "656060af-2b"
content-type: image/gif
access-control-allow-origin: *
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 43
expires: Tue, 28 Nov 2023 16:09:45 GMT

GET
H2

200

1 Show response
mc.yandex.com/watch/294956/
Redirect Chain

https://mc.yandex.com/watch/294956?wmode=7&page-url=https%3A%2F%2Fwinzoro.net%2F&nohit=1&charset=utf-8&cnt-class=1&uah=chm%0A%3F0&browser-info=pv%3A1%3Avf%3A3akmpckrufnt9afj6lckkvrv%3Afu%3A0%3Aen%3...
https://mc.yandex.com/watch/294956/1?wmode=7&page-url=https%3A%2F%2Fwinzoro.net%2F&nohit=1&charset=utf-8&cnt-class=1&uah=chm%0A%3F0&browser-info=pv%3A1%3Avf%3A3akmpckrufnt9afj6lckkvrv%3Afu%3A0%3Aen...

256 B
292 B

69ms
68ms

Fetch
application/json

2a02:6b8::1:119
GLOBAL_DC

General

Check archive.org

Show headers Download Go to

Full URL

https://mc.yandex.com/watch/294956/1?wmode=7&page-url=https%3A%2F%2Fwinzoro.net%2F&nohit=1&charset=utf-8&cnt-class=1&uah=chm%0A%3F0&browser-info=pv%3A1%3Avf%3A3akmpckrufnt9afj6lckkvrv%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A1170%3Acn%3A2%3Adp%3A1%3Als%3A748019000995%3Ahid%3A534226000%3Az%3A60%3Ai%3A20231128160945%3Aet%3A1701184185%3Ac%3A1%3Arn%3A782383970%3Au%3A1701184185575133139%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Acpf%3A1%3Ans%3A1701184183737%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1701184185%3At%3A%D0%9E%D1%84%D0%BE%D1%80%D0%BC%D0%BB%D0%B5%D0%BD%D0%B8%D0%B5%20%D0%B8%D0%BD%D1%82%D0%B5%D1%80%D1%84%D0%B5%D0%B9%D1%81%D0%B0%20%D1%80%D0%B0%D0%B1%D0%BE%D1%87%D0%B5%D0%B3%D0%BE%20%D1%81%D1%82%D0%BE%D0%BB%D0%B0%20windows%2011%2F10%2F8%2F7%2FXP&t=mc%28p-1%29clc%280-0-0%29lt%2810500%29aw%281%29ti%281%29

Requested by

Host: winzoro.net
URL: https://winzoro.net/

Protocol

Server

2a02:6b8::1:119 Moscow, Russian Federation, ASN208722 (GLOBAL_DC, FI),

Reverse DNS

Software

Resource Hash

250748f80f74f0169390658ebbc6c133615c91172246a7befcbe3f9210f8e562

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 28 Nov 2023 15:09:45 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
last-modified: Tue, 28-Nov-2023 15:09:45 GMT
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
content-type: application/json; charset=utf-8
access-control-allow-origin: https://winzoro.net
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials: true
content-length: 256
x-xss-protection: 1; mode=block
expires: Tue, 28-Nov-2023 15:09:45 GMT

Redirect headers

pragma: no-cache
date: Tue, 28 Nov 2023 15:09:45 GMT
strict-transport-security: max-age=31536000
last-modified: Tue, 28-Nov-2023 15:09:45 GMT
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
location: /watch/294956/1?wmode=7&page-url=https%3A%2F%2Fwinzoro.net%2F&nohit=1&charset=utf-8&cnt-class=1&uah=chm%0A%3F0&browser-info=pv%3A1%3Avf%3A3akmpckrufnt9afj6lckkvrv%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A1170%3Acn%3A2%3Adp%3A1%3Als%3A748019000995%3Ahid%3A534226000%3Az%3A60%3Ai%3A20231128160945%3Aet%3A1701184185%3Ac%3A1%3Arn%3A782383970%3Au%3A1701184185575133139%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Acpf%3A1%3Ans%3A1701184183737%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1701184185%3At%3A%D0%9E%D1%84%D0%BE%D1%80%D0%BC%D0%BB%D0%B5%D0%BD%D0%B8%D0%B5%20%D0%B8%D0%BD%D1%82%D0%B5%D1%80%D1%84%D0%B5%D0%B9%D1%81%D0%B0%20%D1%80%D0%B0%D0%B1%D0%BE%D1%87%D0%B5%D0%B3%D0%BE%20%D1%81%D1%82%D0%BE%D0%BB%D0%B0%20windows%2011%2F10%2F8%2F7%2FXP&t=mc%28p-1%29clc%280-0-0%29lt%2810500%29aw%281%29ti%281%29
access-control-allow-origin: https://winzoro.net
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials: true
x-xss-protection: 1; mode=block
expires: Tue, 28-Nov-2023 15:09:45 GMT

GET
H2

200

1 Show response
mc.yandex.com/watch/9377854/
Redirect Chain

https://mc.yandex.com/watch/9377854?wmode=7&page-url=https%3A%2F%2Fwinzoro.net%2F&charset=utf-8&uah=chm%0A%3F0&browser-info=pv%3A1%3Avf%3A3akmpckrufnt9afj6lckkvrv%3Afp%3A852%3Afu%3A0%3Aen%3Autf-8%3...
https://mc.yandex.com/watch/9377854/1?wmode=7&page-url=https%3A%2F%2Fwinzoro.net%2F&charset=utf-8&uah=chm%0A%3F0&browser-info=pv%3A1%3Avf%3A3akmpckrufnt9afj6lckkvrv%3Afp%3A852%3Afu%3A0%3Aen%3Autf-8...

420 B
511 B

68ms
68ms

Fetch
application/json

2a02:6b8::1:119
GLOBAL_DC

General

Check archive.org

Show headers Download Go to

Full URL

https://mc.yandex.com/watch/9377854/1?wmode=7&page-url=https%3A%2F%2Fwinzoro.net%2F&charset=utf-8&uah=chm%0A%3F0&browser-info=pv%3A1%3Avf%3A3akmpckrufnt9afj6lckkvrv%3Afp%3A852%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A1170%3Acn%3A1%3Adp%3A0%3Als%3A172014433624%3Ahid%3A534226000%3Az%3A60%3Ai%3A20231128160944%3Aet%3A1701184185%3Ac%3A1%3Arn%3A349566294%3Arqn%3A1%3Au%3A1701184185575133139%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Awv%3A2%3Ads%3A0%2C124%2C149%2C1%2C400%2C0%2C%2C321%2C9%2C%2C%2C%2C1151%3Aco%3A0%3Acpf%3A1%3Ans%3A1701184183737%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1701184185%3At%3A%D0%9E%D1%84%D0%BE%D1%80%D0%BC%D0%BB%D0%B5%D0%BD%D0%B8%D0%B5%20%D0%B8%D0%BD%D1%82%D0%B5%D1%80%D1%84%D0%B5%D0%B9%D1%81%D0%B0%20%D1%80%D0%B0%D0%B1%D0%BE%D1%87%D0%B5%D0%B3%D0%BE%20%D1%81%D1%82%D0%BE%D0%BB%D0%B0%20windows%2011%2F10%2F8%2F7%2FXP&t=gdpr%2814%29mc%28p-1%29clc%280-0-0%29rqnt%281%29aw%281%29ti%281%29

Requested by

Host: winzoro.net
URL: https://winzoro.net/

Protocol

Server

2a02:6b8::1:119 Moscow, Russian Federation, ASN208722 (GLOBAL_DC, FI),

Reverse DNS

Software

Resource Hash

bc32bb0e9f860432ddbbc0ae8e7deba4520701d86fe5f46e05f86cf70aaac180

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 28 Nov 2023 15:09:45 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
last-modified: Tue, 28-Nov-2023 15:09:45 GMT
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
content-type: application/json; charset=utf-8
access-control-allow-origin: https://winzoro.net
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials: true
content-length: 420
x-xss-protection: 1; mode=block
expires: Tue, 28-Nov-2023 15:09:45 GMT

Redirect headers

pragma: no-cache
date: Tue, 28 Nov 2023 15:09:45 GMT
strict-transport-security: max-age=31536000
last-modified: Tue, 28-Nov-2023 15:09:45 GMT
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
location: /watch/9377854/1?wmode=7&page-url=https%3A%2F%2Fwinzoro.net%2F&charset=utf-8&uah=chm%0A%3F0&browser-info=pv%3A1%3Avf%3A3akmpckrufnt9afj6lckkvrv%3Afp%3A852%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A1170%3Acn%3A1%3Adp%3A0%3Als%3A172014433624%3Ahid%3A534226000%3Az%3A60%3Ai%3A20231128160944%3Aet%3A1701184185%3Ac%3A1%3Arn%3A349566294%3Arqn%3A1%3Au%3A1701184185575133139%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Awv%3A2%3Ads%3A0%2C124%2C149%2C1%2C400%2C0%2C%2C321%2C9%2C%2C%2C%2C1151%3Aco%3A0%3Acpf%3A1%3Ans%3A1701184183737%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1701184185%3At%3A%D0%9E%D1%84%D0%BE%D1%80%D0%BC%D0%BB%D0%B5%D0%BD%D0%B8%D0%B5%20%D0%B8%D0%BD%D1%82%D0%B5%D1%80%D1%84%D0%B5%D0%B9%D1%81%D0%B0%20%D1%80%D0%B0%D0%B1%D0%BE%D1%87%D0%B5%D0%B3%D0%BE%20%D1%81%D1%82%D0%BE%D0%BB%D0%B0%20windows%2011%2F10%2F8%2F7%2FXP&t=gdpr%2814%29mc%28p-1%29clc%280-0-0%29rqnt%281%29aw%281%29ti%281%29
access-control-allow-origin: https://winzoro.net
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials: true
x-xss-protection: 1; mode=block
expires: Tue, 28-Nov-2023 15:09:45 GMT

POST
H2 200 1
mc.yandex.com/watch/9377854/ 43 B
86 B 67ms
66ms Ping
image/gif 2a02:6b8::1:119
GLOBAL_DC

General

Check archive.org

Show headers Download Go to

Full URL

https://mc.yandex.com/watch/9377854/1?page-url=https%3A%2F%2Fwinzoro.net%2F&charset=utf-8&uah=chm%0A%3F0&hittoken=1701184185_da0a222c412b639b8256b7961069aa5ec71c6bbf07109e7bcb65fede99cc489e&browser-info=pa%3A1%3Aar%3A1%3Avf%3A3akmpckrufnt9afj6lckkvrv%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A1170%3Acn%3A1%3Adp%3A1%3Als%3A172014433624%3Ahid%3A534226000%3Az%3A60%3Ai%3A20231128160945%3Aet%3A1701184185%3Ac%3A1%3Arn%3A902360026%3Arqn%3A2%3Au%3A1701184185575133139%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Acpf%3A1%3Ans%3A1701184183737%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1701184185&t=gdpr(14%2C14)mc(p-2-h-1)clc(0-0-0)rqnt(2)lt(10500)aw(1)ti(0)&force-urlencoded=1&site-info=%7B%22__ym%22%3A%7B%22adSessionID%22%3A%221219681701184184845%22%7D%7D

Requested by

Host: mc.yandex.ru
URL: https://mc.yandex.ru/metrika/tag.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:6b8::1:119 Moscow, Russian Federation, ASN208722 (GLOBAL_DC, FI),

Reverse DNS

Software

Resource Hash

548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 28 Nov 2023 15:09:45 GMT
strict-transport-security: max-age=31536000
last-modified: Tue, 28-Nov-2023 15:09:45 GMT
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
content-type: image/gif
access-control-allow-origin: https://winzoro.net
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials: true
content-length: 43
x-xss-protection: 1; mode=block
expires: Tue, 28-Nov-2023 15:09:45 GMT

POST
H2 200 1
mc.yandex.com/watch/294956/ 43 B
74 B 73ms
73ms Ping
image/gif 2a02:6b8::1:119
GLOBAL_DC

General

Check archive.org

Show headers Download Go to

Full URL

https://mc.yandex.com/watch/294956/1?page-url=https%3A%2F%2Fwinzoro.net%2F&charset=utf-8&cnt-class=1&uah=chm%0A%3F0&hittoken=1701184185_8437c3c0800a80f9ed6891e6a0137190b0ed0970ea45ebd99baa7c2892337218&browser-info=pa%3A1%3Aar%3A1%3Avf%3A3akmpckrufnt9afj6lckkvrv%3Afp%3A852%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A1170%3Acn%3A2%3Adp%3A1%3Als%3A748019000995%3Ahid%3A534226000%3Az%3A60%3Ai%3A20231128160945%3Aet%3A1701184185%3Ac%3A1%3Arn%3A322509052%3Arqn%3A1%3Au%3A1701184185575133139%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Awv%3A2%3Ads%3A0%2C124%2C149%2C1%2C400%2C0%2C%2C321%2C9%2C%2C%2C%2C1151%3Aco%3A0%3Acpf%3A1%3Aeu%3A1%3Ans%3A1701184183737%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1701184185&t=mc(p-2-h-1)clc(0-0-0)rqnt(1)lt(10500)aw(1)ti(0)&force-urlencoded=1&site-info=%7B%22__ym%22%3A%7B%22adSessionID%22%3A%221219681701184184845%22%7D%7D

Requested by

Host: mc.yandex.ru
URL: https://mc.yandex.ru/metrika/tag.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:6b8::1:119 Moscow, Russian Federation, ASN208722 (GLOBAL_DC, FI),

Reverse DNS

Software

Resource Hash

548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 28 Nov 2023 15:09:45 GMT
strict-transport-security: max-age=31536000
last-modified: Tue, 28-Nov-2023 15:09:45 GMT
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
content-type: image/gif
access-control-allow-origin: https://winzoro.net
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials: true
content-length: 43
x-xss-protection: 1; mode=block
expires: Tue, 28-Nov-2023 15:09:45 GMT

GET
H2 200 294956
mc.yandex.com/watch/ 43 B
0 75ms
74ms Fetch
image/gif 2a02:6b8::1:119
GLOBAL_DC

General

Check archive.org

Show headers Download Go to

Full URL

https://mc.yandex.com/watch/294956?page-url=https%3A%2F%2Fwinzoro.net%2F&charset=utf-8&cnt-class=1&uah=chm%0A%3F0&hittoken=1701184185_8437c3c0800a80f9ed6891e6a0137190b0ed0970ea45ebd99baa7c2892337218&browser-info=pv%3A1%3Aar%3A1%3Avf%3A3akmpckrufnt9afj6lckkvrv%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A1170%3Acn%3A2%3Adp%3A1%3Als%3A748019000995%3Ahid%3A534226000%3Az%3A60%3Ai%3A20231128160945%3Aet%3A1701184185%3Ac%3A1%3Arn%3A115714222%3Arqn%3A2%3Au%3A1701184185575133139%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Acpf%3A1%3Aeu%3A1%3Ans%3A1701184183737%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1701184185%3At%3A%D0%9E%D1%84%D0%BE%D1%80%D0%BC%D0%BB%D0%B5%D0%BD%D0%B8%D0%B5%20%D0%B8%D0%BD%D1%82%D0%B5%D1%80%D1%84%D0%B5%D0%B9%D1%81%D0%B0%20%D1%80%D0%B0%D0%B1%D0%BE%D1%87%D0%B5%D0%B3%D0%BE%20%D1%81%D1%82%D0%BE%D0%BB%D0%B0%20windows%2011%2F10%2F8%2F7%2FXP&t=mc(p-2-h-1)clc(0-0-0)rqnt(2)lt(10500)aw(1)ti(1)

Requested by

Host: mc.yandex.ru
URL: https://mc.yandex.ru/metrika/tag.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:6b8::1:119 Moscow, Russian Federation, ASN208722 (GLOBAL_DC, FI),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 28 Nov 2023 15:09:45 GMT
strict-transport-security: max-age=31536000
last-modified: Tue, 28-Nov-2023 15:09:45 GMT
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
content-type: image/gif
access-control-allow-origin: https://winzoro.net
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials: true
content-length: 43
x-xss-protection: 1; mode=block
expires: Tue, 28-Nov-2023 15:09:45 GMT

GET
H2 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 16 KB
12 KB 73ms
73ms XHR
application/json 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20231109&st=env

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5a92789530d5fd1cf161d3da8128ce0466ca2087dbeaf3f7fae2f3c86d5cacbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 15:09:45 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12338
x-xss-protection: 0

GET
H3 200 reactive_library_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202311140101/ 160 KB
55 KB 79ms
79ms Script
text/javascript 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202311140101/reactive_library_fy2021.js?bust=31079756

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e6f64fd1d9f408249bad441e006c941278314946c96f6d844d521f11425710bf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 15:09:45 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 55848
x-xss-protection: 0
server: cafe
etag: 10462183402240173727
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=1209600
timing-allow-origin: *
expires: Tue, 28 Nov 2023 15:09:45 GMT

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 9336 39 KB
16 KB 389ms
389ms Document
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4379353840599633&output=html&h=280&adk=281093907&adf=495251238&pi=t.aa~a.3502614405~i.2~rp.1&w=960&fwrn=4&fwrnh=100&lmt=1701184185&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=7633074340&ad_type=text_image&format=960x280&url=https%3A%2F%2Fwinzoro.net%2F&ea=0&fwr=0&pra=3&rh=200&rw=960&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1701184185611&bpp=3&bdt=1199&idt=3&shv=r20231109&mjsv=m202311140101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=2&correlator=575793446681&frm=20&pv=1&ga_vid=1577247992.1701184185&ga_sid=1701184185&ga_hid=624964592&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=440&ady=2294&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44809005%2C31078297%2C31079756%2C44807763%2C44808148%2C44808285%2C44809053%2C44809072%2C318512602&oid=2&pvsid=3572195228664700&tmod=761175717&uas=0&nvt=1&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&btvi=1&fsb=1&dtd=7

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d709abf2cdc89b8f3cc482791df808b15c9e71dcbdb65718a3f4bb5c24eddb89

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 16382
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 28 Nov 2023 15:09:45 GMT
expires: Tue, 28 Nov 2023 15:09:45 GMT
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
7 KB 79ms
30ms Script
text/javascript 2a00:1450:4001:800::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 15:09:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Tue, 28 Nov 2023 15:09:45 GMT

GET
H3 200 zrt_lookup_nohtml_fy2021.html Show response
googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/ Frame 73C0 9 KB
4 KB 22ms
22ms Document
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_nohtml_fy2021.html?hello=world&fsb=1

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

fe20ff2859b2752e04b026435eb9651c339d0a6a5805f825151bb11521bd644c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 19957
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4102
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 28 Nov 2023 09:37:08 GMT
etag: 111328227650088477
expires: Tue, 12 Dec 2023 09:37:08 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 zrt_lookup_nohtml_fy2021.html Show response
googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/ Frame B82E 9 KB
4 KB 21ms
21ms Document
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_nohtml_fy2021.html?hello=world&fsb=1

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

fe20ff2859b2752e04b026435eb9651c339d0a6a5805f825151bb11521bd644c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 19957
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4102
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 28 Nov 2023 09:37:08 GMT
etag: 111328227650088477
expires: Tue, 12 Dec 2023 09:37:08 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 zrt_lookup_nohtml_fy2021.html Show response
googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/ Frame 67BB 9 KB
4 KB 22ms
22ms Document
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_nohtml_fy2021.html?hello=world&fsb=1

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

fe20ff2859b2752e04b026435eb9651c339d0a6a5805f825151bb11521bd644c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 19957
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4102
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 28 Nov 2023 09:37:08 GMT
etag: 111328227650088477
expires: Tue, 12 Dec 2023 09:37:08 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 zrt_lookup_nohtml_fy2021.html Show response
googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/ Frame 73B6 9 KB
4 KB 23ms
22ms Document
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_nohtml_fy2021.html?hello=world&fsb=1

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

fe20ff2859b2752e04b026435eb9651c339d0a6a5805f825151bb11521bd644c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 19957
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4102
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 28 Nov 2023 09:37:08 GMT
etag: 111328227650088477
expires: Tue, 12 Dec 2023 09:37:08 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET ads
googleads.g.doubleclick.net/pagead/ Frame E5B9 0
0

GET
H2 200 css2
fonts.googleapis.com/ Frame 73C0 4 KB
767 B 30ms
30ms Stylesheet
text/css 2a00:1450:4001:827::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Roboto:wght@400;700&display=swap

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_nohtml_fy2021.html?hello=world&fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

2d0922bd18f06df3c7413fcd6a3f1c5ec9545b4b07b131e362f30df7275fc058

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Tue, 28 Nov 2023 15:09:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Tue, 28 Nov 2023 14:15:21 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Tue, 28 Nov 2023 15:09:45 GMT

GET
H2 200 css
fonts.googleapis.com/ Frame 094C 6 KB
779 B 39ms
39ms Stylesheet
text/css 2a00:1450:4001:827::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto%3A300%2C400%2C700

Requested by

Host: winzoro.net
URL: https://winzoro.net/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

9a4eb2c9445287c34cb0a9ed5cc673460362483f0855bc91f8230dfa46a955e1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Tue, 28 Nov 2023 15:09:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Tue, 28 Nov 2023 14:17:56 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Tue, 28 Nov 2023 15:09:45 GMT

GET
H2 200 load_preloaded_resource_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/ Frame 094C 2 KB
1 KB 23ms
22ms Script
text/javascript 2a00:1450:4001:800::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/load_preloaded_resource_fy2021.js

Requested by

Host: winzoro.net
URL: https://winzoro.net/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

41d2526e9c4595fc1fc747555bda18a041033a863a9b2ed180e7b5836918facd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Mon, 27 Nov 2023 15:51:29 GMT
content-encoding: br
x-content-type-options: nosniff
age: 83896
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 795
x-xss-protection: 0
server: cafe
etag: 4925184154378345226
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 11 Dec 2023 15:51:29 GMT

GET
H2 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231109/r20110914/ Frame 094C 23 KB
9 KB 26ms
25ms Script
text/javascript 2a00:1450:4001:800::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231109/r20110914/abg_lite_fy2021.js

Requested by

Host: winzoro.net
URL: https://winzoro.net/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8f665ba5c27890ebed553836dee5572ad583c0a65374373741ec0a5309df2b5a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 07:50:48 GMT
content-encoding: br
x-content-type-options: nosniff
age: 26337
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9282
x-xss-protection: 0
server: cafe
etag: 14645652906762492339
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 12 Dec 2023 07:50:48 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/ Frame 094C 3 KB
1 KB 29ms
28ms Script
text/javascript 2a00:1450:4001:800::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/window_focus_fy2021.js

Requested by

Host: winzoro.net
URL: https://winzoro.net/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 12:29:41 GMT
content-encoding: br
x-content-type-options: nosniff
age: 9604
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 12 Dec 2023 12:29:41 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/ Frame 094C 20 KB
8 KB 24ms
23ms Script
text/javascript 2a00:1450:4001:800::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: winzoro.net
URL: https://winzoro.net/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3c30eaaa059a466037880c18c01c2fe94183d8e67eaab42061d4d2a180114658

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Mon, 27 Nov 2023 23:16:58 GMT
content-encoding: br
x-content-type-options: nosniff
age: 57167
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8541
x-xss-protection: 0
server: cafe
etag: 737174102934380276
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 11 Dec 2023 23:16:58 GMT

GET
H2 200 ufs_web_display.js Show response
www.googletagservices.com/activeview/js/current/ Frame 094C 202 KB
64 KB 76ms
48ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Requested by

Host: winzoro.net
URL: https://winzoro.net/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d00881661ce5e766ce98430f69d6d217ab80bdfa98811e039afc92a327d57a68

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 15:09:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 65070
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1700193896630564"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 28 Nov 2023 15:09:45 GMT

GET
H2 200 a6de5423b7c632060e8f86136bd5d27a.js Show response
www.gstatic.com/mysidia/ Frame 094C 37 KB
16 KB 74ms
22ms Script
text/javascript 2a00:1450:4001:830::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/a6de5423b7c632060e8f86136bd5d27a.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Host: winzoro.net
URL: https://winzoro.net/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0c21f21f7b1658ed6ab5c0461020a21d62f9e0a7cd7cf3d9e6ef61a2c481f31e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 10:09:15 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 18030
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15478
x-xss-protection: 0
last-modified: Tue, 14 Nov 2023 14:10:21 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Mon, 26 Feb 2024 10:09:15 GMT

GET
H2 200 fullscreen_api_adapter_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231109/r20110914/elements/html/ Frame 73C0 15 KB
7 KB 27ms
25ms Script
text/javascript 2a00:1450:4001:800::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231109/r20110914/elements/html/fullscreen_api_adapter_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_nohtml_fy2021.html?hello=world&fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

2881d8eadc298102d2462e8d32e40792adce37b6cd89d99045f574eb3ecbb748

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Mon, 27 Nov 2023 23:27:01 GMT
content-encoding: br
x-content-type-options: nosniff
age: 56564
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6702
x-xss-protection: 0
server: cafe
etag: 11213825687312121238
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 11 Dec 2023 23:27:01 GMT

GET
H2 200 feedback_grey600_24dp.png
www.gstatic.com/images/icons/material/system/2x/ Frame 73C0 205 B
295 B 76ms
28ms Image
image/png 2a00:1450:4001:830::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/images/icons/material/system/2x/feedback_grey600_24dp.png

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_nohtml_fy2021.html?hello=world&fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4d45982f2dc34f36c9045ee46a75a1943666bb7fd64e103cac8c7429e7012840

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 07:42:07 GMT
x-content-type-options: nosniff
age: 26858
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 205
x-xss-protection: 0
last-modified: Thu, 20 Jul 2023 22:48:00 GMT
server: sffe
vary: Origin
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Wed, 27 Nov 2024 07:42:07 GMT

GET
H2 200 settings_grey600_24dp.png
www.gstatic.com/images/icons/material/system/2x/ Frame 73C0 604 B
919 B 75ms
28ms Image
image/png 2a00:1450:4001:830::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/images/icons/material/system/2x/settings_grey600_24dp.png

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_nohtml_fy2021.html?hello=world&fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5c4a713ee4250851232be9f9f68d41586be39b299528cfc7266e0b0e7e582e1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Mon, 27 Nov 2023 18:12:33 GMT
x-content-type-options: nosniff
age: 75432
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 604
x-xss-protection: 0
last-modified: Thu, 20 Jul 2023 22:48:00 GMT
server: sffe
vary: Origin
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Tue, 26 Nov 2024 18:12:33 GMT

GET
H2 200 interstitial_ad_frame_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231109/r20110914/elements/html/ Frame 73C0 21 KB
9 KB 27ms
27ms Script
text/javascript 2a00:1450:4001:800::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231109/r20110914/elements/html/interstitial_ad_frame_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_nohtml_fy2021.html?hello=world&fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

25b1b4e9934aa4cb8e8bdf5fd7911f6ec67acde6b6b39f1561aec2244f7826af

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 03:59:33 GMT
content-encoding: br
x-content-type-options: nosniff
age: 40212
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8781
x-xss-protection: 0
server: cafe
etag: 9666818975682992898
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 12 Dec 2023 03:59:33 GMT

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 23EB 624 B
246 B 65ms
61ms Document
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxjT7bvGATAB&v=APEucNUKt5HzesRxutZPjV4KjBeQopK6VTkbHSDHTfBKzCc7b6u3vHadshNo9aMt6lQrDEPP6hQqQcPnFvVZ8JxHTYLRByk0lBPtz7F_F8my8YRkwkEaH8_voGbgSUqZjT9JSm7XgQ11m9MKXvQqci0uoD9IOObB-RpmSY0yi-a6lams-U74SWc

Requested by

Host: winzoro.net
URL: https://winzoro.net/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_nohtml_fy2021.html?hello=world&fsb=1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 222
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 28 Nov 2023 15:09:45 GMT
expires: Tue, 28 Nov 2023 15:09:45 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame 561E 89 KB
31 KB 73ms
70ms Script
text/javascript 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Host: winzoro.net
URL: https://winzoro.net/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

38eb0379c855f10a0e69073af6b54582216fa37b7e2b1563a1246bbf1ef49642

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 15:09:45 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 31485
x-xss-protection: 0
server: cafe
etag: 7119415641918660631
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Tue, 28 Nov 2023 15:09:45 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/ Frame 561E 3 KB
1 KB 28ms
24ms Script
text/javascript 2a00:1450:4001:800::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/window_focus_fy2021.js

Requested by

Host: winzoro.net
URL: https://winzoro.net/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 12:29:41 GMT
content-encoding: br
x-content-type-options: nosniff
age: 9604
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 12 Dec 2023 12:29:41 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/ Frame 561E 20 KB
8 KB 24ms
20ms Script
text/javascript 2a00:1450:4001:800::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: winzoro.net
URL: https://winzoro.net/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3c30eaaa059a466037880c18c01c2fe94183d8e67eaab42061d4d2a180114658

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Mon, 27 Nov 2023 23:16:58 GMT
content-encoding: br
x-content-type-options: nosniff
age: 57167
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8541
x-xss-protection: 0
server: cafe
etag: 737174102934380276
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 11 Dec 2023 23:16:58 GMT

GET
H2 200 ufs_web_display.js Show response
www.googletagservices.com/activeview/js/current/ Frame 561E 202 KB
64 KB 104ms
98ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Requested by

Host: winzoro.net
URL: https://winzoro.net/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d00881661ce5e766ce98430f69d6d217ab80bdfa98811e039afc92a327d57a68

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 15:09:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 65070
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1700193896630564"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 28 Nov 2023 15:09:45 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 561E 42 B
63 B 57ms
54ms Image
image/gif 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-D6ojUvwhB5R3LJadV30nlYmaCt9VgqKqq_amNXb37OF_QnObtGW8-Y9cSCp59Sj6l0Y85FzhG3xa80mr7ss3dPXeugkbP1teI6_riGyDBGNgLwvPA

Requested by

Host: winzoro.net
URL: https://winzoro.net/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 28 Nov 2023 15:09:45 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 561E 0
20 B 59ms
56ms Image
image/gif 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=fetch&cor=16107867791024476667&x=1&ct=77

Requested by

Host: winzoro.net
URL: https://winzoro.net/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 28 Nov 2023 15:09:45 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame BF23 624 B
246 B 64ms
62ms Document
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxjT7bvGATAB&v=APEucNWlAbLgouVIVSvkmpg8asl_26hBcR_8D9sVx53CPGUE6WCGB0kDD8AKDEDJL107UMbANqzo-XOWT0GzjrEYO48FmkewtUFWIeJemWQYhKwT76glIOxh_CiQQUA2mDuTB78QEz90B-56fLBGYANrhbSIqzxn0K6EaR-SyME2FwXbdaxSDfc

Requested by

Host: winzoro.net
URL: https://winzoro.net/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_nohtml_fy2021.html?hello=world&fsb=1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 222
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 28 Nov 2023 15:09:45 GMT
expires: Tue, 28 Nov 2023 15:09:45 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame 6F95 89 KB
31 KB 144ms
144ms Script
text/javascript 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Host: winzoro.net
URL: https://winzoro.net/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

38eb0379c855f10a0e69073af6b54582216fa37b7e2b1563a1246bbf1ef49642

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 15:09:45 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 31485
x-xss-protection: 0
server: cafe
etag: 7119415641918660631
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Tue, 28 Nov 2023 15:09:45 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/ Frame 6F95 3 KB
1 KB 26ms
25ms Script
text/javascript 2a00:1450:4001:800::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/window_focus_fy2021.js

Requested by

Host: winzoro.net
URL: https://winzoro.net/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 12:29:41 GMT
content-encoding: br
x-content-type-options: nosniff
age: 9604
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 12 Dec 2023 12:29:41 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/ Frame 6F95 20 KB
8 KB 23ms
22ms Script
text/javascript 2a00:1450:4001:800::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: winzoro.net
URL: https://winzoro.net/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3c30eaaa059a466037880c18c01c2fe94183d8e67eaab42061d4d2a180114658

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Mon, 27 Nov 2023 23:16:58 GMT
content-encoding: br
x-content-type-options: nosniff
age: 57167
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8541
x-xss-protection: 0
server: cafe
etag: 737174102934380276
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 11 Dec 2023 23:16:58 GMT

GET
H2 200 ufs_web_display.js Show response
www.googletagservices.com/activeview/js/current/ Frame 6F95 202 KB
64 KB 102ms
101ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Requested by

Host: winzoro.net
URL: https://winzoro.net/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d00881661ce5e766ce98430f69d6d217ab80bdfa98811e039afc92a327d57a68

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 15:09:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 65070
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1700193896630564"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 28 Nov 2023 15:09:45 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 6F95 42 B
63 B 59ms
58ms Image
image/gif 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-DaSuWj4wR9AfPRu3YNfaFQzhMmB18RNgKZuKulbsuB80xzgxl3yuKKnsnUHIujQXInvteikUPUb7pHEERBQQkCUu6YnO_ns9PhlXGakOSh2-RgtbM

Requested by

Host: winzoro.net
URL: https://winzoro.net/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 28 Nov 2023 15:09:45 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 6F95 0
20 B 58ms
57ms Image
image/gif 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=fetch&cor=1279753561619869517&x=1&ct=77

Requested by

Host: winzoro.net
URL: https://winzoro.net/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 28 Nov 2023 15:09:45 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 29C3 624 B
246 B 65ms
64ms Document
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxj-rbvGATAB&v=APEucNWfwGEBqz5OkG941nQyYC2sznB-WzjZkB9zMSA67ga5j3OyOXbfj3AJpS1iW2ta6DPFEAmABbiruvhfYGIcwThVEvAlXMyrhrgCrPFa5YETbZ1RpiVbj8ghTnKB8y-2Q8pN9rOPKbKQoWc2YP04dO1DvDL9TbjcHc02Ku5M47x_uH-9294

Requested by

Host: winzoro.net
URL: https://winzoro.net/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_nohtml_fy2021.html?hello=world&fsb=1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 222
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 28 Nov 2023 15:09:45 GMT
expires: Tue, 28 Nov 2023 15:09:45 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame ED07 89 KB
31 KB 128ms
128ms Script
text/javascript 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Host: winzoro.net
URL: https://winzoro.net/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

38eb0379c855f10a0e69073af6b54582216fa37b7e2b1563a1246bbf1ef49642

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 15:09:45 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 31485
x-xss-protection: 0
server: cafe
etag: 7119415641918660631
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Tue, 28 Nov 2023 15:09:45 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/ Frame ED07 3 KB
1 KB 22ms
21ms Script
text/javascript 2a00:1450:4001:800::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/window_focus_fy2021.js

Requested by

Host: winzoro.net
URL: https://winzoro.net/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 12:29:41 GMT
content-encoding: br
x-content-type-options: nosniff
age: 9604
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 12 Dec 2023 12:29:41 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/ Frame ED07 20 KB
8 KB 23ms
22ms Script
text/javascript 2a00:1450:4001:800::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: winzoro.net
URL: https://winzoro.net/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3c30eaaa059a466037880c18c01c2fe94183d8e67eaab42061d4d2a180114658

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Mon, 27 Nov 2023 23:16:58 GMT
content-encoding: br
x-content-type-options: nosniff
age: 57167
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8541
x-xss-protection: 0
server: cafe
etag: 737174102934380276
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 11 Dec 2023 23:16:58 GMT

GET
H2 200 ufs_web_display.js Show response
www.googletagservices.com/activeview/js/current/ Frame ED07 202 KB
64 KB 59ms
58ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Requested by

Host: winzoro.net
URL: https://winzoro.net/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d00881661ce5e766ce98430f69d6d217ab80bdfa98811e039afc92a327d57a68

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 15:09:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 65070
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1700193896630564"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 28 Nov 2023 15:09:45 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame ED07 42 B
63 B 56ms
55ms Image
image/gif 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-DOij5Odyz0ET5imTIq0X25PsOkzr2m8EwVfGEWxwEamNdjw_ihQBmtr1O0rIMiB3loWMmhxgGDVYEgG6tOS4DPts41otlkVk7bW3DLLMbE6YkT2zk

Requested by

Host: winzoro.net
URL: https://winzoro.net/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 28 Nov 2023 15:09:45 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame ED07 0
20 B 56ms
56ms Image
image/gif 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=fetch&cor=10760258440664095082&x=1&ct=77

Requested by

Host: winzoro.net
URL: https://winzoro.net/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 28 Nov 2023 15:09:45 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 792B 13 KB
5 KB 22ms
21ms Document
text/html 2a00:1450:4001:800::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 3074
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 28 Nov 2023 14:18:31 GMT
expires: Wed, 27 Nov 2024 14:18:31 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 aframe Show response
www.google.com/recaptcha/api2/ Frame B964 829 B
1 KB 88ms
33ms Document
text/html 2a00:1450:4001:813::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

2c62322e627a43c88c5c4c00a0d4fed80f2b82a7570e38de76fb28490a9b4b67

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-UXhuG-g6FGP18EOBdt6D0g' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=300
content-encoding: gzip
content-security-policy: script-src 'report-sample' 'nonce-UXhuG-g6FGP18EOBdt6D0g' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Tue, 28 Nov 2023 15:09:45 GMT
expires: Tue, 28 Nov 2023 15:09:45 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H2

200

rum
dsum-sec.casalemedia.com/ Frame 23EB
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESECPqORw-JV9wMHzVmKYsUXE&google_cver=1

43 B
568 B

36ms
35ms

Image
image/gif

104.18.36.155
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESECPqORw-JV9wMHzVmKYsUXE&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxjT7bvGATAB&v=APEucNUKt5HzesRxutZPjV4KjBeQopK6VTkbHSDHTfBKzCc7b6u3vHadshNo9aMt6lQrDEPP6hQqQcPnFvVZ8JxHTYLRByk0lBPtz7F_F8my8YRkwkEaH8_voGbgSUqZjT9JSm7XgQ11m9MKXvQqci0uoD9IOObB-RpmSY0yi-a6lams-U74SWc
Protocol: H2
Server: 104.18.36.155 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 28 Nov 2023 15:09:46 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GzQYPEhytkOtaDpsby6wGD%2BvuZvaxhjL%2Bp5lAkY%2B%2FX%2B0XFU%2FHWNRVAxVMbKf87ABCD9zj9tv8yk9km5%2FNX%2BnDkapesorbnP3w7Zl94oxXvjFrq5eZrQIZ3Rfq0iaHqM9HcBbP6iS28DP%2FA%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 82d388aa7a381953-FRA
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Tue, 28 Nov 2023 15:09:45 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESECPqORw-JV9wMHzVmKYsUXE&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

rum
dsum-sec.casalemedia.com/ Frame 23EB
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZWYCuabJ0JuIVs.9sROKUQAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEPB5G88FSxaPRUG1_IfRT7Q&google_cver=1&google_hm=2

43 B
771 B

55ms
55ms

Image
image/gif

104.18.36.155
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEPB5G88FSxaPRUG1_IfRT7Q&google_cver=1&google_hm=2
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxjT7bvGATAB&v=APEucNUKt5HzesRxutZPjV4KjBeQopK6VTkbHSDHTfBKzCc7b6u3vHadshNo9aMt6lQrDEPP6hQqQcPnFvVZ8JxHTYLRByk0lBPtz7F_F8my8YRkwkEaH8_voGbgSUqZjT9JSm7XgQ11m9MKXvQqci0uoD9IOObB-RpmSY0yi-a6lams-U74SWc
Protocol: H3
Server: 104.18.36.155 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 28 Nov 2023 15:09:46 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JNNurEjdlxUD5oU%2Fk6K4heTY%2BAB73W2q1mAwIQTIL9dy3ZmyBrsS4ks8JRsnVjuSFiaWTupxLtQWpWPnCO0jAzj9KxNtWZYfiy8FB3GeVSyPdzrUhilhyJE%2BTvh%2FpjaJXHNCmrc1jjRFZw%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 82d388aafb34914d-FRA
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Tue, 28 Nov 2023 15:09:46 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEPB5G88FSxaPRUG1_IfRT7Q&google_cver=1&google_hm=2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 329
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

bounce
ib.adnxs.com/ Frame 23EB
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEL-TrxWe22QXGqHTsuxmd-k&google_cver=1
https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEL-TrxWe22QXGqHTsuxmd-k%26google_cver%3D1

43 B
890 B

32ms
31ms

Image
image/gif

37.252.173.215
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEL-TrxWe22QXGqHTsuxmd-k%26google_cver%3D1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxjT7bvGATAB&v=APEucNUKt5HzesRxutZPjV4KjBeQopK6VTkbHSDHTfBKzCc7b6u3vHadshNo9aMt6lQrDEPP6hQqQcPnFvVZ8JxHTYLRByk0lBPtz7F_F8my8YRkwkEaH8_voGbgSUqZjT9JSm7XgQ11m9MKXvQqci0uoD9IOObB-RpmSY0yi-a6lams-U74SWc

Protocol

Server

37.252.173.215 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

867.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.23.4 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 28 Nov 2023 15:09:46 GMT
an-x-request-uuid: 1e56cbae-7e78-4f43-9b42-69b441f2dde3
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: image/gif
access-control-allow-origin: *
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
x-proxy-origin: 217.114.218.26; 217.114.218.26; 867.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
content-length: 43
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 28 Nov 2023 15:09:45 GMT
an-x-request-uuid: c781bcbf-4ae4-4b08-9285-f53b455779b1
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
location: https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEL-TrxWe22QXGqHTsuxmd-k%26google_cver%3D1
cache-control: no-store, no-cache, private
x-proxy-origin: 217.114.218.26; 217.114.218.26; 867.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 23EB
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NDkyMjI5MTc1MDIyMjQxODc3Mg%3D%3D

170 B
188 B

40ms
39ms

Image
image/png

142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NDkyMjI5MTc1MDIyMjQxODc3Mg%3D%3D

Requested by

Protocol

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 28 Nov 2023 15:09:46 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 28 Nov 2023 15:09:46 GMT
an-x-request-uuid: e6437b15-e4a7-4c97-b4af-789a04693aa0
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NDkyMjI5MTc1MDIyMjQxODc3Mg%3D%3D
x-proxy-origin: 217.114.218.26; 217.114.218.26; 867.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2

200

rum
dsum-sec.casalemedia.com/ Frame BF23
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEBZzZJHRrU9htbNXkRebSho&google_cver=1

43 B
330 B

43ms
43ms

Image
image/gif

104.18.36.155
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEBZzZJHRrU9htbNXkRebSho&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxjT7bvGATAB&v=APEucNWlAbLgouVIVSvkmpg8asl_26hBcR_8D9sVx53CPGUE6WCGB0kDD8AKDEDJL107UMbANqzo-XOWT0GzjrEYO48FmkewtUFWIeJemWQYhKwT76glIOxh_CiQQUA2mDuTB78QEz90B-56fLBGYANrhbSIqzxn0K6EaR-SyME2FwXbdaxSDfc
Protocol: H2
Server: 104.18.36.155 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 28 Nov 2023 15:09:46 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=AnBeyviHYvPorGgMprSInoCX%2FtmB63lp8LjOJL7O%2FKz0ow%2BDbN96Zhr3F8yArfiKu%2BGS2vT4ha47jJInRjkKFLL1cDJKc5ysSTH5xeIgap7fGioPFK6yCD%2BT%2BXTAmNZKuZh8EG67xufdog%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 82d388aa7a461953-FRA
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Tue, 28 Nov 2023 15:09:45 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEBZzZJHRrU9htbNXkRebSho&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

rum
dsum-sec.casalemedia.com/ Frame BF23
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZWYCuSNc382f5UZ9xLtAugAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEPB5G88FSxaPRUG1_IfRT7Q&google_cver=1

43 B
737 B

58ms
58ms

Image
image/gif

104.18.36.155
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEPB5G88FSxaPRUG1_IfRT7Q&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxjT7bvGATAB&v=APEucNWlAbLgouVIVSvkmpg8asl_26hBcR_8D9sVx53CPGUE6WCGB0kDD8AKDEDJL107UMbANqzo-XOWT0GzjrEYO48FmkewtUFWIeJemWQYhKwT76glIOxh_CiQQUA2mDuTB78QEz90B-56fLBGYANrhbSIqzxn0K6EaR-SyME2FwXbdaxSDfc
Protocol: H3
Server: 104.18.36.155 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 28 Nov 2023 15:09:46 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=63lugjf%2BGNVKpqQHCmPTVSpGkzaukYAu4polzfaYTF5qo1CPn4EItPGulpfCt%2BzXTUksXQHnlYSN8JC0KfHDqaJmvn%2F3flV6PNNnrHImIgXyXTeMVn%2BZLyNY4o%2FqzGRJa2Qqyb9A38T5Og%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 82d388aafb30914d-FRA
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Tue, 28 Nov 2023 15:09:46 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEPB5G88FSxaPRUG1_IfRT7Q&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

setuid
ib.adnxs.com/ Frame BF23
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEPrcKhaHER8cs3EyiWTj6MQ&google_cver=1

43 B
841 B

30ms
29ms

Image
image/gif

37.252.173.215
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESEPrcKhaHER8cs3EyiWTj6MQ&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxjT7bvGATAB&v=APEucNWlAbLgouVIVSvkmpg8asl_26hBcR_8D9sVx53CPGUE6WCGB0kDD8AKDEDJL107UMbANqzo-XOWT0GzjrEYO48FmkewtUFWIeJemWQYhKwT76glIOxh_CiQQUA2mDuTB78QEz90B-56fLBGYANrhbSIqzxn0K6EaR-SyME2FwXbdaxSDfc

Protocol

Server

37.252.173.215 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

867.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.23.4 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 28 Nov 2023 15:09:46 GMT
an-x-request-uuid: 149a03ae-1d11-483b-ad7f-9a1970a6cbe8
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: image/gif
cache-control: no-store, no-cache, private
x-proxy-origin: 217.114.218.26; 217.114.218.26; 867.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
content-length: 43
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 28 Nov 2023 15:09:45 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://ib.adnxs.com/setuid?entity=101&code=CAESEPrcKhaHER8cs3EyiWTj6MQ&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame BF23
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MjUyMTQzMjkwNjA4OTgxMjYzMA%3D%3D

170 B
188 B

42ms
42ms

Image
image/png

142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MjUyMTQzMjkwNjA4OTgxMjYzMA%3D%3D

Requested by

Protocol

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 28 Nov 2023 15:09:46 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 28 Nov 2023 15:09:46 GMT
an-x-request-uuid: 10f2f3eb-3178-428a-b5c4-0a0db590a11a
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MjUyMTQzMjkwNjA4OTgxMjYzMA%3D%3D
x-proxy-origin: 217.114.218.26; 217.114.218.26; 867.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 561E 0
20 B 54ms
54ms Ping
image/gif 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=715989759997&version=m202309260101

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 28 Nov 2023 15:09:45 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 561E 0
20 B 54ms
54ms Ping
image/gif 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=715989759997&version=m202309260101&ct=77&x=1&cor=16107867791024476000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 28 Nov 2023 15:09:45 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 561E 20 KB
14 KB 91ms
90ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-D0vhmnJhCV0eckJvjm-bepF7QeZTKBNrI-JJ56PN1Un_C90Tnv3CJ1cE1Qvp5Kh47i5qJWeJlhiJKR06hnMLru7e06ZlZZbnKa2v9JBvdEpFyQmTpWlGRdEiHCLZcuqMIWT4tyZTbkdQBySVV-sblj4nO4SJj1OuvlU-69t1zPiFV9ZHY&cry=1&dbm_d=AKAmf-ADH1q6WEcfspFAvYYbUTD1rvXHp544ndUWPqCZ6zee_CHVfhqTlL9SHqkx-5tsBdn8uwr4LUV0uQ4IrgDAo8xhT9lOmaurBHj9-LXBNYv5-HHQ2p32YgmpVjtnEvceq3YQd7cBgkkx2I571oLili7QcRjFhmJs5FRIMHe5-gwHveI8V5RMw-LcrRaWp6Xllzf7csUr7zcNMiBaEMFnjTXqL-nzzQEiTTpcb_goGAS35OL2bmfxF7kp9PkCHzaB_GHRFZZhCQF3To0xHEUniaUkcJjfm9Rxk_AqHm9uMdurkEQCwRj3fohUYAtocv3CekFDSkOLxsFfqUk6QHORMlFy76Ufo9pFs0aLKJOTed0JBHV5Apzk8595sjaa9wDjMbmSi7IsVHzw6D2J8XAM20SDOXuR8-aQEDtDcp8_AhhDTEc4vlT60G0GIK9bjwNi54PUTHZSyM4C84GlVOowkc1lE4ORDSPJlXZ24A6E8d46bXBbCmFTg3vbuqVtFwFP5Tpen3KByPaUn-b5FjM9Ao9wtgvu3GnH_gI9s7hndooeGtiQtULKgjWS-ZOt5IkB5gfRETZ7lBQ9R8L6RjqnWXQpqSVj7T4RJk9dcOtPn2P2raNoJTrwWOGdkiDX7i83haiYbwM905j3TTVpAyu2ovTt6QMQ0S-7YH9bzFfkYclDrMjCOeXvWOELUkD5G7-R403TyBgspqATX2O4EyPsj3FQ29Pl-z1aqyS105gX82UkIhtTAhcLhTBMxc0btR15s1EP7u4iMmOLzHh27MHaGrUsIGxWeh015rHAwgYUibgWFK1lkNJ_ccGDf0X7giw-4HqZKipRCxGLa2XZqUoXXnJn_k7-ZPNZCzoKSBM6t58p_5pvU-unqDSZFL2oO3E6i8Bl5uuuBww_Ku7wGIv4DhEhNCs61WJTlVaKpElbYRbkhRcxDPdmb-Y63RpUV8D1huyAM0sjCZ3aJYohQiwxamX2LzVCHoZKuJGYcGAb7jVuAUCyYZWBcsrtgo5FboFfXQlnTsC2cyLJI6IOxjpR9dEpbWcx4Olb8qqqD2GLq_mv_VG-HXxK9yyQoPqpxSu4XpBMK6SMOmFNDX3sxHGfwqKiJRUsXZzKkbQ61rmqM2CREkRRrqlxEDFsgs16mUsIGrWQZ3tYB-ijk5y3LBgSdjGofay2FgV5ZnPWXSkPwbYHr2Rg5Y9Iu3WwBLL2qjaF2jcHOqqCUZZPEQ5FNrIViUTkAcHBUBoP-F0Sdv2pSEZ-wCnV9SJDExNDlXtSBXEbPgwOYvyKsO6te0kARWSeZHslsEqDwTInZa5nRpgTdPKPGOlCv4XgTyPr15uasEY7iLesIK8nPblfdczW-WgPyD-fmlES10EM_MROG_ETYhJzRcZG_Su7MUjNi2jpOaQCAVScjTtjg42Nh0tKbQLKyPtvZLrUdiaSnd0gHzFMdypOyRs-1WYgPKXeWsXjYrFY2xMqr7bdwkJ6NdWaFNMIYL-ahPe-9P9j_ER9gcKLnO3ho0e8ZDbGVAgXhN57w1V-dCtYkIK9bDN_DZWocdkzVLcI6KUvsRQZ-VAyRfPY8w-_vUNEq2KvCHeRdtn8biS9VcLxU7i6wWf26swZNJCDX4tBzd3GUT2miSHvLYkuvEwl9gAs3pMAQEXpEoWVkihftZo4vvuOxmaAaJGSGeqsOMnccxW-OsPaZ1FXRNMHxzh2U5xOumI6weg9SAof71m5Zx9dlgyqUZRgUS4vHLtq6nZ3vGUfqbs67iA8tLZ2rLyOnYCRiJJyqVxxTpiHJF6HwjpVeYme4xiychUxrdg44H9bj7Sbxiys9wzFUUo7JS_o2EqI63S5_EqyjYbO_VY1rZVJvAbxNciy7cvZVhEfQsapVRf0Od0yuX61uTsJA8XcTevezKNzBZBV7E-jumted9G8rmB1U5psbkh_EW2nTuth9iYwJWIrANFeE5jFqhoyxGVGegwzRER16z3SuqNhk8NrOmXXThiuHyRSuqLQA-91LQsRASfBQbrIs3Tk45JXCyGnun5hyr62KpFRH--CnbVYBWv52VHJETISiDrshdIxhpPFLjCS3j8U-EpJXPIpX82yisga4INtc0VxID1VrFeKiX6BzILvkZN897FnAoxmu9H__PcQ7_ZZt0vdkCr6Uk-7IBPZv_z_uoYvbRkYbT2C4ZXKUgpyDrg9-9-ql_Xp1pat51OYpPiTy5-GhAuaSPmok3BuuokQh5s4YRNHC-NbGgwg4xG0X7YhJsbbkcKV4rn4Umwa7WWXjzzphM3QYrJN6rJSXqQRFygRNMk470x59r-wEnUODhnCExuXSQJbeBhWGdWuACoORLbQZEIvZ_nvpNErm2uuJ2BFXwLfKgYC2blGmptOnIRgWnHCVlBTb7fJoESOh3pZgdkttm8F8pR5TqhethkfYz0aCWt7zy14tFmGRnM4R24XfOJsZIi7CD3fcBtM8IO_mBdf6K5FzNjBVSvNnIBu3cldsBaLwKAQA3eebgafxZDof-aK-4URgHWPOM0m7utzVrkE0sT87pxQta7gmO1AcoGjI2IFWtAPz3qAXA2P52a5bwJg8WwfMU5DlBuhdmUtJmCoyg7U65wyyL0X873BRXQgJVIN5-WuGM-oLEa2ucO_O9tkQMWDOD7NZYiL4EZ083BDLa1Oh74C58DozrIhTA_n8roCnuG7v_pl4IrqHh7dXYSOVMLS2bDrJb6rKIeDXC9bOQlEh-c_v_QG4q4x9PHFLeof4UuDvGgvocbKqa0Ww236jxtVGsPiEu3iz_aIuvlVtAGpRlU-rkvmPp5kkuPbWc5NBbc8v0RLrinda_UjFpoRNh6W0k-S6FHIVWlk2N798Akr8Z8y68-yUyuuFV8uSjZHiWfqmComn7eXbj7FMlAyA5cZoTkxYJZucZSlqO08vOizq48JRaf9K5gJL_fwG7WylS8EkJxz7rVCsJZYhzyAm9h84bnfht4HxxvVlyz6mBhQSawsFzh8MbU5dcyYoGUbV46ymRO-_u8kdEB0RziRVp_HRHyDZJEvsp5jIIp_a-WVg8wLtad1uw8OAmon3ettuPo1hKc6cIAeYT5mnAbUm-LHJuyImrV9rYbvIKtqO2Wz84CUbGMiO2CB6LlY6ipn9U5yoN4ZDjZDdf1UmpehdT7IguvgF23W6_yR_cOjABHX8tXZ8tXE_alq4tmnxQeVAkt0jLIJh2QEjyPkmSLOVc2rK7ZkNl6F85F1PGySSfx0E3EOhA7KcmY6UH8Y88Z-6mMKCL_KWMBzx6MHajCEJeLyFsF67mr8mulxUIvar2LdTOTMoqIvEUloqDv6X3qy_m9vq6h3QiinpqlvHV6i8-aMHCL0Glhg1BJkS4M56yXWwKchb1Da3OXPUh1-iCS8yXhTJTHWVUn4nwWEiJSngqLFu3mLQrwjoLrRrI4QUqrzwmAoTdS_Q5av5P8akbecaGSSgcYnvVu6t6hucsCPPryVbiURKuJkTNsz6h_zx598RUUSAO7hGhuIOvu4nUoEegVAV4AjcJFDDsvDh0kz1S2Hg-i3fBXYWpnaSRWnyYRqWA-6daw9tqMcj4VVMScZ9AIcoBGUTJZy35Vq5mmy8e0eHijJ-jL8CB1XapaZVzqy_w2tf1FkJTgb4OI1mm-EU6FVZZSeyPdgnCI_Rh0QmJwv14gFjIBshnXOmtPIlGfZ4MS1nry58Nr7OeUtLeIOmAy3Y4dbJ1BkLNueu5avY1j0-r4c0KyMqU7-HsFzyNeLYGAy5m3YP1SykbeqmHvZ6pIwcBt9yIOYkLKaZTQEZyZSMWrX-YZSiyBgt3hjS-IfCl48xuENppgglAt5kn38t-mZIa5NWOyMEJpf4yXTN2EmCBYgqmeQ__S7NKUTn7IDUgRCGNK1xrvDeW26itnWQgxArGlDffBlek-smlmuC1_7BSjJivooQHUKjjj1SC4S4uxb1k04UmJyD65Dj22SpQim4ppLyFqpbwArPcmBOZYho2EHMwd6Dcw7m6U1285hrvV9BfMIo7p78HXcH7bfE170501dgan_WMd8PVwtm51ilauSBg&cid=CAQSTwDICaaNxYoVwZ0MAhokayQsDWi_3xXlWWVNNCWhnPDnV8vjOTyq4IRVgKeK27hO6iR9x8L9ZyPeRAqQyxsk7NHRyhPc0uzfNGG1KaUBJccYAQ&dv3_ver=m202309260101&rfl=https%3A%2F%2Fwinzoro.net&ds=l&xdt=1&iif=1&cor=16107867791024476000&adk=1761367587&idt=80&cac=0&dtd=18

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

6048fb97cce71aada540634afd784f93811f0c26788ba0f2abd832d1c27dc4b3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_nohtml_fy2021.html?hello=world&fsb=1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 28 Nov 2023 15:09:45 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13906
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

rum
dsum-sec.casalemedia.com/ Frame 29C3
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEBZzZJHRrU9htbNXkRebSho&google_cver=1

43 B
331 B

37ms
37ms

Image
image/gif

104.18.36.155
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEBZzZJHRrU9htbNXkRebSho&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxj-rbvGATAB&v=APEucNWfwGEBqz5OkG941nQyYC2sznB-WzjZkB9zMSA67ga5j3OyOXbfj3AJpS1iW2ta6DPFEAmABbiruvhfYGIcwThVEvAlXMyrhrgCrPFa5YETbZ1RpiVbj8ghTnKB8y-2Q8pN9rOPKbKQoWc2YP04dO1DvDL9TbjcHc02Ku5M47x_uH-9294
Protocol: H2
Server: 104.18.36.155 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 28 Nov 2023 15:09:46 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IAWfpwLiheGwqJbL0LWEk71Y7MpWKQNl0BdLoGWVbIrT%2F%2Bh6yu9yXCZ%2BbFrI%2BSAOCvE8ajonvIPgEj5Od7FVnrnabd15QHH6EGCmors3odqJOolZjQNdanmZ%2FSNBGis7XLOVRT%2FXYVVoGQ%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 82d388aa8a551953-FRA
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Tue, 28 Nov 2023 15:09:45 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEBZzZJHRrU9htbNXkRebSho&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

rum
dsum-sec.casalemedia.com/ Frame 29C3
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZWYCuVn71Hl5WK8fBnTHKgAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEPB5G88FSxaPRUG1_IfRT7Q&google_cver=1

43 B
735 B

52ms
51ms

Image
image/gif

104.18.36.155
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEPB5G88FSxaPRUG1_IfRT7Q&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxj-rbvGATAB&v=APEucNWfwGEBqz5OkG941nQyYC2sznB-WzjZkB9zMSA67ga5j3OyOXbfj3AJpS1iW2ta6DPFEAmABbiruvhfYGIcwThVEvAlXMyrhrgCrPFa5YETbZ1RpiVbj8ghTnKB8y-2Q8pN9rOPKbKQoWc2YP04dO1DvDL9TbjcHc02Ku5M47x_uH-9294
Protocol: H3
Server: 104.18.36.155 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 28 Nov 2023 15:09:46 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mxtkRX3S7THxKB%2BygTRHSBV26dh5fwbHQch1NlgNB8sovz71ueQnQ6Ppyvk4Lgnx%2BrC%2BWB3iZsupr7N%2Fvpxyso%2BmVLcirsJlFWNdUG82m6k5zt1ZBv0goy1ymVQVey4u6fX0CQz7mRrkjQ%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 82d388ab4bbc914d-FRA
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Tue, 28 Nov 2023 15:09:46 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEPB5G88FSxaPRUG1_IfRT7Q&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

setuid
ib.adnxs.com/ Frame 29C3
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEPrcKhaHER8cs3EyiWTj6MQ&google_cver=1

43 B
841 B

28ms
28ms

Image
image/gif

37.252.173.215
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESEPrcKhaHER8cs3EyiWTj6MQ&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxj-rbvGATAB&v=APEucNWfwGEBqz5OkG941nQyYC2sznB-WzjZkB9zMSA67ga5j3OyOXbfj3AJpS1iW2ta6DPFEAmABbiruvhfYGIcwThVEvAlXMyrhrgCrPFa5YETbZ1RpiVbj8ghTnKB8y-2Q8pN9rOPKbKQoWc2YP04dO1DvDL9TbjcHc02Ku5M47x_uH-9294

Protocol

Server

37.252.173.215 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

867.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.23.4 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 28 Nov 2023 15:09:46 GMT
an-x-request-uuid: 21d6fe86-6f14-4ad1-87be-bdf547bccef7
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: image/gif
cache-control: no-store, no-cache, private
x-proxy-origin: 217.114.218.26; 217.114.218.26; 867.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
content-length: 43
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 28 Nov 2023 15:09:46 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://ib.adnxs.com/setuid?entity=101&code=CAESEPrcKhaHER8cs3EyiWTj6MQ&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 29C3
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NDUxNzEyNDk1OTcxNDE3OTczNg%3D%3D

170 B
188 B

40ms
40ms

Image
image/png

142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NDUxNzEyNDk1OTcxNDE3OTczNg%3D%3D

Requested by

Protocol

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 28 Nov 2023 15:09:46 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 28 Nov 2023 15:09:46 GMT
an-x-request-uuid: 919abfc3-953a-48ab-abf4-5cc92280c94f
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NDUxNzEyNDk1OTcxNDE3OTczNg%3D%3D
x-proxy-origin: 217.114.218.26; 217.114.218.26; 867.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3 200 Yf5BzeG23wDzTlqXlXQekm6IYbjoDTlv95nUi6zaUwA.js Show response
pagead2.googlesyndication.com/bg/ Frame 3A2E 38 KB
15 KB 23ms
23ms Script
text/javascript 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/Yf5BzeG23wDzTlqXlXQekm6IYbjoDTlv95nUi6zaUwA.js

Requested by

Host: winzoro.net
URL: https://winzoro.net/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61fe41cde1b6df00f34e5a9795741e926e8861b8e80d396ff799d48bacda5300

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Sat, 25 Nov 2023 07:37:31 GMT
content-encoding: br
x-content-type-options: nosniff
age: 286334
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14900
x-xss-protection: 0
last-modified: Mon, 06 Nov 2023 16:38:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sun, 24 Nov 2024 07:37:31 GMT

GET
H3 200 GOa2ZK97xVqw-WOSDw2lqG4V8l_qTiI5JNj0tnI6N88.js Show response
pagead2.googlesyndication.com/bg/ Frame 792B 39 KB
15 KB 20ms
20ms Script
text/javascript 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/GOa2ZK97xVqw-WOSDw2lqG4V8l_qTiI5JNj0tnI6N88.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

18e6b664af7bc55ab0f963920f0da5a86e15f25fea4e223924d8f4b6723a37cf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 13:51:42 GMT
content-encoding: br
x-content-type-options: nosniff
age: 4684
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15296
x-xss-protection: 0
last-modified: Mon, 06 Nov 2023 16:38:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 27 Nov 2024 13:51:42 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 6F95 0
20 B 56ms
55ms Ping
image/gif 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=7363901102716&version=m202309260101

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 28 Nov 2023 15:09:46 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 6F95 0
20 B 55ms
55ms Ping
image/gif 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=7363901102716&version=m202309260101&ct=77&x=1&cor=1279753561619869400

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 28 Nov 2023 15:09:46 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 6F95 20 KB
14 KB 86ms
85ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-CNss2NCHaytxngJrx5mfd6rb95_gNPUEqTmWXWXHuueUqzfSf6a0jKjrdLDQ9Iz3t3rBx-bdTabJv_qsstKwFcjQTDdT0_5OlupqOOIrkbZc-YMqnaH_L1XNpZ0RctlIJM90SJUgjykhgG9DU__2hj_CGWiIoEFucNVrdzjGXwVFpIKgI&cry=1&dbm_d=AKAmf-DKy9kOl8U-JNe_6wcN5wrmKAzVcYWWLqx-d9U4WP4yJSOTJO49DqgHTzgH1FRWgfpneVZJ-sOpvqccT6eSDuqO6jrjLtLOG2fLQs-_5HNAh-coVrehXs__FyUI64lzT63f6dr0tPvtQfFmJktjE6z4ElML2PqB8lzz9B_sTVHEikWOVWDY5ORyX31MBd4hULfIcgZW0zNcQY8d7JWvGga9tVMdDcRXLrC97T-askBxFhjHrqN4eBEAL0QEj-CXa47XXnb1m2wgf69GvWFxgoZdqF9vsf7gskhCmoFEsHcuzgkFKTibM_WxO1TumyW-tEdIfXiPTaDpeYafz57LcZthb6QIgxPn3N9MdvarOoxK4ARLyZK-EwmG9qB6gYBL1jNq4dyPHGl95IVTE5HyGo4l4w_ZTxxXlW2VJVOkAQ2ZbPeLzXN2WWRJcKVT0wo4cgmWhI6YoA4kyFtkEj1-JvmqN5gKsCJ7dVPAdF0_bDc-EtsbmvtkORbahQn-MDHUB1kncmRX9eiEIIieYoUQHsDcfnt0gayCCEEAM-SevotDaTFXrrESmosagFsLpLFpQ4_LKDj4uOTLjVc_2w_t1M9qEn91ftP7SBqc9g2O5vrHA_6sEvERbREUfPTGj1FlcRRIARRBcNGdISCO0gtoZ_ZIKQmqU44X5hG2RuL9xkW4oqie4g4IQmuKvfRapqyCX7hXmv87Lkmldi_d24NVX1fxrveNYGaz5hOrTb7HMGxUmtvuvzs0okoPvVoYSPq0isaQq8KpyWyYoS5Gk6S32EQ_TCxfReriudDHjx4gc4MInI8WcCzgIJuQtMgRQdfiOubfMCH5K7qRMxxNpio-sDa7bicFojPTmxHJO9LnDdrKaL7s_VvRrF3NQWohtnRO3eww3kcPXJJ2Eo7cb61q7twjDkBQJHBszmWh1Hc4XN2HFirpyjyQm4ZHiM2bthV-oYPMIwzkNHP-MNv_BPtbMVhtRt9CA0JX-YwcECKqEVLYRizpAcAm9k5tM-Z8V4hr8Ql4CdhaFnDlg8gSnnc8Od6vBWUQGxY5qhVuwtDntjyzlrTq1AXQvys5dqcRXnEIu-32BP_JPd7IpTgu9OVz7EbWfHI-SgdcnvNl2PpxCjfzcobZ1UVKW45h22kngkIINqpiUPs5cj2_BhbrduICGf8rsH82k8FUTde7f80iBdG4c2WgEUO915vWlK-En_YH2QffuECZaUQh_N24IcXAotY6_Vm2Qo7fT9g59bHQHUfg953J_6x3T91N2l8JPu-2zghZAJUQDjnz9ue_dXXoiVviDTL3LE_vvT-rm4q0yOPP9vCxSfI542hvqYBvP3fAtaUb64y9P9lCcNGkYIEMl8uZDf5i3Tkl_Xi9-QVEONu3fc9KcDYKJPMdRSXyjZ4jF9Yw1oFIDNW2DNxVEZtId6ybjVwVxxkBAvHyIWI7RAnMfqFxIr0SMENzZgAGLcjNJX_vq3zgS20nOafrYvWMcSaZJo0KNryx8vmoClZyTFT3aKmmuhK06mvZTjaOLXRpseu4sTDsaFeO0ysIIF-Axw4Qbd4pZwq_XK4QvZYYGucdgOV6nj4O2DMGSklpRyt5DoVtpDY2TeL8ZdPhHpsmcvhDDDkjKgBwnOdn7JbwcVbZsEYp_EJ7d77Chf_-dx54KomN6mt9iRyeB2YkQhyePJB8CujGIcD-nbtxO7eZSYEDNxRmncfg9y22K0R-po3SMxqAz02BHdNEh2R1c3p6D50FKnKW6IjjgnZIyZ567QOJFVjeG9B0PQelghhvyLokTXXjzkpKdokTTyuVCvaQ61VTUaaaM0AJBpqi6PI5iq6FPiHWWaleJKxXmRUN_fTBaezPx5WUXTCksGFoxf1ti3jCheBBO4FL-TmqtZQ6kbqsQ-DprO8JU01GDgOb8rVA1LJAHnstESf6BhVrhiawtBDsZuZ3vq-SXJ-KxiRBYzSk2Qkr29i3xgd8x6YBqV_6ps-Xzvnjc0zL_s0dRv0_2MqBKZJ5NcCR0YdgCJfBLU0mQvV7HGNSMsatQI24t_h2gg915e17MFIDVdWOqcLUQhRTe_Jrf9iWlqZugYxVtsu7PRT85vJfcTCi3sHg2YFe7ETdFusFztY67g6nAhxp2My_6NueBNE1lyCcfFyL5jxwEuGnAo93aM1-TheoS8xcIpzzHNMUMcPOyntJ54_9kHPCItYyokZkZ_39_x7dMzzX5BNnSVGzh2Ma5IQrf6fwn8I_7QAuQwo2f9ng7q3EtKFzhpy0jQSqwkeYD9IFhSxdHu3E1f14w23xXb7Pv0FWofqEAFI4bh05I3tEtwciF-FouCcwGT-qih7IORcv7otOS0Xo4lu5LljzbDQaFfMS5tU1ebMXh1HDaWTHGDzfYJBphfY0-9HUmauCgCkiojWTARl9PNz0KadiTnnyIUXqxLTFf2_qqhgbbazerYEtUFQL7UnDOdfDV5Y9yZVyQd8Qu9iop8_K-Isu7ZIeLeWhwTkwzdsofbSyKBBEdvo5TxVDvbcM2or23gRINw9NkmeIvj1F1ElsOdA1RBiRe8iLOjY7hn05YPL4H_uYaAy5qgcwR5j7eQzETXPxAqdyhdZwX0JplOGrz7gWogSjeO8LWDVugQrmxpefGvuFrQQCJ8lCFOW2Vx0yUuHHJlgXyFFEkvzZHRHBbdg9uWobZvF8Es0E-GFaBsHrtcn25ppd7FHxrK-0HeqV3FD6vTqERtt0mERL6qaQ6Q0LM6KpvtlrB-gWEJJZmbtE09hWMqSocGd4K-AkwyLCjQyeBNWo5lBkOYRpN2ifkHV6dcrcT4LGBQVSdNFA3gZW4uXVk_lN1RSlYw3N-FPApNDyG40uQhk_TcRehngfubTnTkbeuZcGaJWkMVh5KO0j3lNOHI68HazTYS-FycM_7m7duN0gDKcAsMgfrogOA4DKRfTdZnB6xWuvC_kiWSX1wTxycRVQneWbbSMS4p7MF9Z-TnhmGM4cFwW_0gLx74QmBKhw_jEai9P3V6deDPcyFdKKZC6UFW5M3ghtafb2vlpnSsmXiPwfbYer8aorpQs3JcsXdQXuORtD1bKSu7YHmaCPXCoXTGRM0YehabF0qVSIY2tibGy1GG--hEPKftVq9pQgvJ3fVuR1SXgZOgpW4ZL5uXiP2inEAu170bI03bodkl6bLDVmTG1VAX1iucNOhcWV7KrrG5CIW_UHR_4c_7_8r4cjBvo9zvf3tW8kIEn75rvOdpq7DAiWPQn5eku5lmgwZHfxcoNMT_ltROLr1jo765W4vsN6I8rNB6mA_4dP6-ngn-aFLRlXgpsN32vJJxef4n6HoNjl50w84UWFky19iNl_JZr2IPP108fgpfCxDfqhlRwxsU5jERSwKN-5mq-BUJscXAI8eSVTIViE-yFpbNCJygPif7bPKmYB2OhmBBFGCOsYvy4k8pcQIxBVRHmfltUPBb6vnU2S3P071eWLIKHt__JOPCeie_K6pUmXVK90TE6VVSgikDuY4ByBhp5CvEDTWvpwB85JXTTssVe3RSKD6JFhanzoLw9qCFDim0cIhPWYdeobfvTQd3gFfOSGle488KCx17QMU6sksYg2B09ZRqcZj5Gg_qDOJE1ON3igka3xnHzD2rpdbiraKsHD9oyFaZpI0qcBZXLrsTAW-gx4-5GyZv5Zn6b1Lb3NIhvUPBtHe9mf3yPUShcl2rEIDdq6n6-aqY1mKE38FgV3I9Chfl1XEZyL3ZQUf3bOwtHaHTlBfnpUcfdlDLRLvNc0Q7YEWSA9znioTaP9mY8SEYSwDFAgMV8EDBL25ALl62hw93CmBojCiST8A6vMROiBc1EFaoz1yB0njbnYanxUdt5586VQuuCzImVUSuChghN768ImqW-qjRohxCsu9fJmYDOpxnnKNmDEEg_lPwSjLAXDCaPaguIqGPSv9gew2aEMNLHcZXJgNp34PFkmcJEWj-hHkKx22bQ9TJR7cxDuPWUFztJo6jiBYshUR60X2hGkOPhRWZe57WKoIyWJm-s3V_W-Kf9FtpfMdHrPVWSPdIrCn-BIsylXBw&cid=CAQSTwDICaaNxYoVwZ0MAhokayQsDWi_3xXlWWVNNCWhnPDnV8vjOTyq4IRVgKeK27hO6iR9x8L9ZyPeRAqQyxsk7NHRyhPc0uzfNGG1KaUBJccYAQ&dv3_ver=m202309260101&rfl=https%3A%2F%2Fwinzoro.net&ds=l&xdt=1&iif=1&cor=1279753561619869400&adk=1726166460&idt=153&cac=0&dtd=2

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

402b1a076f92e1dbef0f0889cd311b456d17ef23ad82daa68fbbafca8603b675

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_nohtml_fy2021.html?hello=world&fsb=1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 28 Nov 2023 15:09:46 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13943
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame ED07 0
20 B 54ms
53ms Ping
image/gif 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=4856194032011&version=m202309260101

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 28 Nov 2023 15:09:46 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame ED07 0
20 B 53ms
53ms Ping
image/gif 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=4856194032011&version=m202309260101&ct=77&x=1&cor=10760258440664095000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 28 Nov 2023 15:09:46 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame ED07 20 KB
14 KB 99ms
99ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-A_71jDWphtWbqwo5WgJoq3c4spSuvWuQoeqvbUEaFCP8MI7ayc1UrgvJWx5TCOzKdhFuSTddOGfpdnrSL0icxLnZ1IMQ6ixBJ9RPEG4-A-5F4j2O5jEdqygC3BpAZsQ5mgodTGkcmYev2l03S3-XY6TZb0YKCGhlKGtFaGXyOw8zETC-s&cry=1&dbm_d=AKAmf-CGVPeLpl9spMQ6omTNnVVIRMfjUdRaxoVDc0-ha-RbGCa24bv9uFoAa7fGUwrggH2bjlOFQIa473TuL1zlO3VuRvUKyCMsj-liHnAo9xmH0Zplg7hVyBUMom7i6D_haEo5e8yaVmsKtWy6mbymP8e-Jequ428sfdhSQLlfvVF3lGDeuOMwWmRPLk0nxUP5qvHPxx2vb1pajJ9P24VqepR6ouEoQXJwAxAY5_HLK1Dad2ywen4hsi9SskXc-YQvGU6EJYUlDLV4Z5DZWnQljb9QLkPWX8RZ4tFYXb6jGiB6xy3HQ5YboN0F2eJd0KXeXUL2HIgdUhCxx0XHNX2znYjEc6Ss6-1eD9KX34P9fjmNdKPCassjGDZC1-Wv5rTWbwVYyxL2Nw35rTU80_43pvMD8RKkslbd_TK2mTUBdcQb7jtwHEFnoFl4OanN2o9Kg8T5CxiiWQvA-XALryHwzuEqrRSjlggdgAyWLjCuMttfy2opTCYl7Si7hZPxV5gC5W0K-BXtV7IG1UAdHh3KHXjHw97lPj68VHzKm0t_nlGpz0Rru4wMYeTIhL3iruiX-xF_2YDM7Fa-xV8_NE3J05OMpAgxuvKrTN4-OGNxJvGiR7MiHKRJel_35pfGMzaYwdE5QFKeiufC0smfHkHq2o2w2niBcFhORCpB6p-IXbQdbBChXrTToLOiK0qqeVJaSeY9qnR0ioh0mDKiXsu1CK7oe3-82OcwDFnkoSDtjLaIAVyY4CMO4ry3ZdwnnxkoeUL5ETHxZPCroaEmzD5_rXX_2IwrKghtBEaozen1LmjluN-ryYIOv8brAGzFeVDo_7hU8gQ4futllLPe4rVdIu1EBT1b_X9Kc0N59gLi9VvfAsmyML6KyFiauIF8KUp0Zqo2QcMY0EUAbZdzlF6SHAiKHnxIhDcEug1a21-04bL3jhAnue3Udb36UmvlQMIGZf2D9LxcjBYMKXHcuV407YkxYLLu9ZGI9dZ2lE_r2EV3EDBQfOxYh2OZZabmwpYdQu58Nm5tARvEvIgb7rsMwPTwg6lkfcl3SV0bDGEDAxj58FFkYa8QD_uhH0q-o28SS9Aw1LbtW98Y6Ca7wan0kYd27ijqNEYvgx845mvh1TvIxodcDixohHtxx9BDu5cvrRtnQHKdsvJHsgZKkX2BSEnW8omy562rcc5EHI_QqHwLD20aF9A6c8_4mEeMod-4GuFB6KRvix8-6LXGzgMTOKcRkrq_nuOfHFqcqOHtqMaUbTlhWAS7tWwEsRpxGapYO9L-sx__HbKMB5NM3_aP_VCnhMiPOHUgVrD2H30uC_uFp-5Q4iva7zQIGI4AwuoCTYqX7FuIE9rbp6vk1uv4D1VbHfTc8bPzGg6azViqzs_jz1bfKyTAlP9HfYKDpWR-6AuZ3rksGbeZ7JHf1SF-RQEBJ50qujxGh5dUDv83dqKbmUgM4mg1gKWAIWckHRHC6IpXi64AzSEzrRRauc-f2Mz1lFHyZytUzM0GmHXeG3VMGwbB7KpkNPvHwYFIWpFdfHU4tNErltgShuRXyXcG2sYGMYYP0I3mIlxX-VW5g5Rg5g3lxbZ4rhtf6uw1WmhYp8guf7xNamzEu1tIro-f1pKt3MlCU_LAHqYFpAK38wWwPaXXcFZeENrahIfpO6pPJ8rhzzuL78IYD8bGKEfAxgBVKudKPyZAbBRQepq1ib_PHZqv8_Smek9OJIGRxICKN95jET4Z9C_BBFeQWE7xt2eu-MPGZoyAObz2gWU9znTVb9MJDAGgMrXNvlEYtuCr9WuecWEn_Vod9ug6ahGSNFNY277QfUwqTRKlgDXfMtmk-tUDgB_mO_49h28RZcqZevTpR07ana3YDkowAETNqhRx2uwSsp5blCh18HPrVzeAS9hRc1hvHlybMeqAaIqULBo54mxSKqRhNK2N2B15Xiz3tytSyzU0e9qQSf7sJAtTdGv8Gl0KVBWeif7Yt8H-5Roynzo8bd_Yhmp7yH2WFjdkeqePxkFm8qr9vaKPoko0XOskQeQPf2Qgi_fZan5v_xDnZcK2jt1pmY7mUzfFSty3AN09yX3ghD5qbzk7nqlgD0iFf33Vk0FcIYdoxYqXpbjltBvNG2TZVMhIzpO87ADp1ioV54359DJzYAeV3i7-vYaPzcOm0HGGcs6aASug-x_bPKb9lz6KZWgkh6mtKnTDtLVbwbG0o37WyQQ_RdGlO6Ntgq_GtWIk6UkFmJHss_-BCyp4znXSgNqU-NcUTY-zYecbSEuYztigsAw_zrfF1irk-EqidmSglPjggPzaV_nWga5jRs-wPbXiHcDxiZ-P1anJynjQEn0FnP2Wos4P8HsNI4o7eOuI1SX2HPJE8UtJXumGNMGk2JzsCL8DNUQuM7vbX6MqAU4WmKj5_slHEb6NW8pluNNirFrSfvUBCvZ0L7iwzF9wsKFD5SfSQgzWucoZhJs1W3KX68sRnM3dU6gySmJspccv95HsO-o_QipFBmnZv-P-bpcrRZad0ctC9ZEqYxVtT3_UIhKHYEI1i0S-KFQ8-zJ4ffWXYQSHzAXwqfmoUTqmQvGvs755Ue3wY1wEzqUjh1TQOoKgcD1q_InCS45wKsTnlFiVG6o-tovz8AZJkw9aQYzDi7KiLlt0hOZIngkv-SoZCl7hrUyIjXQ4rLcMHaIxw_trrTAeQtyhuPKPC3tsDt2HnCOhanFJyf7rg5_gU_wI3oJLwZRmHpHRoCg-ZebBcDNBzOqVI3BJv4UZ6h8dhy-QdYNDmciVu5-7mwBrtMm44DkybicwqyQrurxijnV9HLx_mjBgfsxlbrzuQ53eI1YqFdcx-mI_oKBzV5H6_egBwFA_oK-L4RyI3YnYlvq66zfLT1lfiMCjUQF96Apa5ysiiE35Sac4Ffboc4IetVNyLx59ed0Ib9YPcQckx5zn41ABtC0JNO2IvuUrCIv1Mt2YXnqGjiFegs6S_ej0BafjdBn0R-EPKh5OpkVFmZlPa93serSstqtXk0Ui0SrEQHSndGwRdLBvEnOnMkCFKQT1nQMWW-5vCwdXISGeGKYm2Uvlfd2FwdktHV1YcLrijWZRlHAeTx1pHnXQ4fvX-TYjdWWowTKJBeTHA6D49wqtY9I2SdyKddjQQ67HVO9yQoO6XPhkKqGoDAal4bD0nIC81bDpDNQcQNr7qPEc7bDbvUgeOqGJjn2dhTb0Y9I5YSoAUwGIhN982BxndyzkqoGXamP6WgwhdFSyhooTGaNenZlkWCJv8GR4d4t5FURHAUy2mSu_0JhqiCQnNVeVjHi8AIznN5npthD3-69B24dd0KDEUBd4iFEpX0_s9vGI5K3YKwj6bUQDBNMDBK02rYiXhUxixcseCsTrPIYPq6GBpgdbUA2khxXkaqpiOkt4w3KmZIXgqHFmwvBPB66KWEeQ63IAD8JfCBVTylWPt3_BHNou_FuCrTLr_rIsNWx8FOcYux3CG08BeYjtu4uL420xX894NIUs2qUZ_dIYfe62HFVKo1OSnVu-qd7Wjv4aIvsp9FcFiequNjKJamd2Gd_9I2mpdqrBOL8mCa1fFNaJPR9iF_BDMq6_WDzLWWS67PX00MAUV8XJ6s--A44WqRZdEQ7k-I5GVrPyvTGWR2vH4Cs8lStFJD7Wy8wReqTu_4_VHCgHQnHpZH6B-mIaDuUJrvFv6Z3CL77KqTTmOAUNQn4KBXwS-VloVHRTN7oSqe52HHRbBC31PcyXZQmLdUCysOBZNMQi5N_1WRvCEiQL8-MZ_EdFYGQ7pkDYzDamikF45wbx4qClVciO_m46lW5NueQ7Wg0Pqw9GV0tjm6ez4fPZ_pNxElNNIn1KDMsrI0rOHowtsKLL5mtthlShaUkbSFksnrW5327Jd6GwY6tf6ApOXzhWGDwYb72cjSpvAhxK1NFgdLFu6sTRyg6_oDuFLSHAMjJ6-EffsioVlWO0_zJH7k0vzJfwnQwgBMJj91yBJzIFooTvbWhPgIIs4SeflC1cGfdz-_hR2mJrSIHIqr3GZx_f51i8aN-lbwOVhxVoZzgFxAA9PXXRPw&cid=CAQSTwDICaaNxYoVwZ0MAhokayQsDWi_3xXlWWVNNCWhnPDnV8vjOTyq4IRVgKeK27hO6iR9x8L9ZyPeRAqQyxsk7NHRyhPc0uzfNGG1KaUBJccYAQ&dv3_ver=m202309260101&rfl=https%3A%2F%2Fwinzoro.net&ds=l&xdt=1&iif=1&cor=10760258440664095000&adk=521587874&idt=140&cac=0&dtd=2

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d8ffdf97e87e6f85edb8bfa48102f6e0157cb1bb55429d9893447d8787b784e1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_nohtml_fy2021.html?hello=world&fsb=1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 28 Nov 2023 15:09:46 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13896
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame B964 0
0 54ms
54ms Image
text/html 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20231109&jk=3572195228664700&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/ Frame 9336 3 KB
1 KB 23ms
21ms Script
text/javascript 2a00:1450:4001:800::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/window_focus_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4379353840599633&output=html&h=280&adk=281093907&adf=495251238&pi=t.aa~a.3502614405~i.2~rp.1&w=960&fwrn=4&fwrnh=100&lmt=1701184185&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=7633074340&ad_type=text_image&format=960x280&url=https%3A%2F%2Fwinzoro.net%2F&ea=0&fwr=0&pra=3&rh=200&rw=960&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1701184185611&bpp=3&bdt=1199&idt=3&shv=r20231109&mjsv=m202311140101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=2&correlator=575793446681&frm=20&pv=1&ga_vid=1577247992.1701184185&ga_sid=1701184185&ga_hid=624964592&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=440&ady=2294&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44809005%2C31078297%2C31079756%2C44807763%2C44808148%2C44808285%2C44809053%2C44809072%2C318512602&oid=2&pvsid=3572195228664700&tmod=761175717&uas=0&nvt=1&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&btvi=1&fsb=1&dtd=7

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 12:29:41 GMT
content-encoding: br
x-content-type-options: nosniff
age: 9605
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 12 Dec 2023 12:29:41 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/ Frame 9336 20 KB
8 KB 23ms
21ms Script
text/javascript 2a00:1450:4001:800::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/qs_click_protection_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3c30eaaa059a466037880c18c01c2fe94183d8e67eaab42061d4d2a180114658

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Mon, 27 Nov 2023 23:16:58 GMT
content-encoding: br
x-content-type-options: nosniff
age: 57168
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8541
x-xss-protection: 0
server: cafe
etag: 737174102934380276
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 11 Dec 2023 23:16:58 GMT

GET
H2 204 l
www.google.com/ads/measurement/ Frame 9336 0
0 33ms
30ms Image
text/html 2a00:1450:4001:813::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaRo_Eyg5uWj8KcFuzXpQVK8dJCpBvAUamMgQg7W2X6nQreAK3mb1w9rYRpGIwoCVxMAicixWtD4cMUVlZXoON-MVNGbiQ
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4379353840599633&output=html&h=280&adk=281093907&adf=495251238&pi=t.aa~a.3502614405~i.2~rp.1&w=960&fwrn=4&fwrnh=100&lmt=1701184185&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=7633074340&ad_type=text_image&format=960x280&url=https%3A%2F%2Fwinzoro.net%2F&ea=0&fwr=0&pra=3&rh=200&rw=960&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1701184185611&bpp=3&bdt=1199&idt=3&shv=r20231109&mjsv=m202311140101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=2&correlator=575793446681&frm=20&pv=1&ga_vid=1577247992.1701184185&ga_sid=1701184185&ga_hid=624964592&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=440&ady=2294&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44809005%2C31078297%2C31079756%2C44807763%2C44808148%2C44808285%2C44809053%2C44809072%2C318512602&oid=2&pvsid=3572195228664700&tmod=761175717&uas=0&nvt=1&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&btvi=1&fsb=1&dtd=7
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

GET
H3 200 ufs_web_display.js Show response
www.googletagservices.com/activeview/js/current/ Frame 9336 202 KB
64 KB 74ms
72ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d00881661ce5e766ce98430f69d6d217ab80bdfa98811e039afc92a327d57a68

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 15:09:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 65070
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1700193896630564"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 28 Nov 2023 15:09:46 GMT

GET
H2 200 afr.php Show response
ads.eu.criteo.com/delivery/r/ Frame 226E 167 KB
54 KB 215ms
123ms Document
text/html 2a02:2638:3::12
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://ads.eu.criteo.com/delivery/r/afr.php?z=ZWYCuQAKEaUDog43AAUgWprp-_IjW0YtOGVvgg&u=%7CaEyhkWsxNkyB7TcWkfS%2BwTFDkCLD5wQ5Km2T4QInU1M%3D%7C&c1=0n2XosTo5ckbeNFvq0zVIcsyhyT3WKD0PIixkNz--ZUG2JILUkurhSkBmqMNl2IWHL9APLQJ6z1MiR3q3hC861LGUQJ6oiMmdgvDfbq_QsY80a5vG587ggvq0MgrkNquaOmQj0A5QSwY4hoARDSqAESCwPhposuw2JMD9J5qoFsOjn8YjC9Eh0kNSZTQ-FFLQ09iDDS_mRfbIVrpe_9ALuALuPRBgKS5IpkSR_2W_pDnyVg15iLPj7mhj_mhMfsFzfQl6R4pCqZH7xcVIo--nd5tJBJc9ONE_lYxKvSkDjU05RyMOwgQjTrMZJjGn9M57HLhelGHqLDVIeWz_PEsntxHgNFU-qObtabLqHY0VkcUHZGbC2aSoC4AhLp-Spder7U3YWKIvvkNMgNvPpJacvOqa-QkAUNYVfW5yrAaHnJaaTqv9Ut5xAl22kVcflIBFIuUvMYrPxNcxaONRgOKJMiB4RsatHRGdH_SX-z5ij7LJ8Ja8I-YStpR_FTR59RFoJdROBy9Sd5r0bnmdpeklPsa8X1RoRc4UGpd2rHlFCiR-BtpdYIUEZSdrH0s1IqFdEl3EQQ3S6OZzlnU-uqOk5Ev7J6mc2VnGsiHP7dfq7F-Tnf85wjQs53Y-58oDOtVuYSMdcgZZ7ERR6kXvfqlwg&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCKePPuQJmZaWjKLeciM0P2sCU6AzJntKxXPXalvdwwI23ARABIABglfrwgYwHggEXY2EtcHViLTQzNzkzNTM4NDA1OTk2MzPIAQmpAtTCo7LyXrI-qAMByAMCqgS5AU_QBccK0ts-0oKdKDsYBvFeNiMInDCvE-yMG7Q8vQfVOjSm3iwPW1TGYkD5trfZEsjyRz-qJAFR7aWBlCZUq3diyGNw5uOxXI-vW5lzL-lq61RxLXSgmM-eiWk2XGiq3eY1MBr3lQqKWpI7h-rHR0eDbN-_l-74AMRYZ7A4ZyDcOCYyWAsmwmQRd6FRm2pb8DfGIg_D4vyoIjZ0S5c_MfO7Ooq4C_7u3xmPno9smx4fZ4aCufV4T1hxgAbcioG9gIPG97YBoAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIFAiA4YAQEAEyAqoCOgKAQEi9_cE6-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_1T8rvXO3XHPzaS3m3HjZiHWhECSQ%26client%3Dca-pub-4379353840599633%26adurl%3D

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::12 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

cc39632667e6ffe754bbfaba54176dcc5ee2eeb0cb92d16e7b64831e7e03c595

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
access-control-max-age: 1000
cache-control: private, max-age=0, no-cache
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
date: Tue, 28 Nov 2023 15:09:45 GMT
expires: Mon, 26 Jul 1997 05:00:00 GMT
link: <pix.eu.criteo.net>; rel=preconnect; crossorigin, <static.criteo.net>; rel=preconnect; crossorigin
p3p: CP='CUR ADM OUR NOR STA NID'
pragma: no-cache
report-to: {"endpoints":[{"url":"https://csm.eu.criteo.net/heavyad?cppv=3&cpp=fb4XMgayPWuGS2O7Mb1f1u408xViwo0zbI3tT4lk2-SEDMjw-dD77NF1ADFCBmFoppp0MyHZspvSW3khNwuRZbp5Kj__O2_LqdOzMAN8LESoE0hggo_PDLY85WZZHqG7Vz6iuHEMI3SFBzPYgfkl7WEI_668u-G0DhiqXBZIb1fzotrAz8S-cHHUK_PBn-OYz09bE4Xtxc7fUyvaHlGFrk5Ro_txERoDani7x3LBhHooC0C5Ct03IFcGkDzf-iS4r5UWTQ"}], "max_age": 86400}
server: Kestrel
server-processing-duration-in-ticks: 54075478
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame E334 1 KB
643 B 22ms
21ms Document
text/html 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 20671
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 28 Nov 2023 09:25:15 GMT
etag: 48472445140208031
expires: Wed, 29 Nov 2023 09:25:15 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 Q12zgMmT.js Show response
tpc.googlesyndication.com/sodar/ Frame 561E 41 KB
14 KB 29ms
26ms Script
text/javascript 2a00:1450:4001:800::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-D0vhmnJhCV0eckJvjm-bepF7QeZTKBNrI-JJ56PN1Un_C90Tnv3CJ1cE1Qvp5Kh47i5qJWeJlhiJKR06hnMLru7e06ZlZZbnKa2v9JBvdEpFyQmTpWlGRdEiHCLZcuqMIWT4tyZTbkdQBySVV-sblj4nO4SJj1OuvlU-69t1zPiFV9ZHY&cry=1&dbm_d=AKAmf-ADH1q6WEcfspFAvYYbUTD1rvXHp544ndUWPqCZ6zee_CHVfhqTlL9SHqkx-5tsBdn8uwr4LUV0uQ4IrgDAo8xhT9lOmaurBHj9-LXBNYv5-HHQ2p32YgmpVjtnEvceq3YQd7cBgkkx2I571oLili7QcRjFhmJs5FRIMHe5-gwHveI8V5RMw-LcrRaWp6Xllzf7csUr7zcNMiBaEMFnjTXqL-nzzQEiTTpcb_goGAS35OL2bmfxF7kp9PkCHzaB_GHRFZZhCQF3To0xHEUniaUkcJjfm9Rxk_AqHm9uMdurkEQCwRj3fohUYAtocv3CekFDSkOLxsFfqUk6QHORMlFy76Ufo9pFs0aLKJOTed0JBHV5Apzk8595sjaa9wDjMbmSi7IsVHzw6D2J8XAM20SDOXuR8-aQEDtDcp8_AhhDTEc4vlT60G0GIK9bjwNi54PUTHZSyM4C84GlVOowkc1lE4ORDSPJlXZ24A6E8d46bXBbCmFTg3vbuqVtFwFP5Tpen3KByPaUn-b5FjM9Ao9wtgvu3GnH_gI9s7hndooeGtiQtULKgjWS-ZOt5IkB5gfRETZ7lBQ9R8L6RjqnWXQpqSVj7T4RJk9dcOtPn2P2raNoJTrwWOGdkiDX7i83haiYbwM905j3TTVpAyu2ovTt6QMQ0S-7YH9bzFfkYclDrMjCOeXvWOELUkD5G7-R403TyBgspqATX2O4EyPsj3FQ29Pl-z1aqyS105gX82UkIhtTAhcLhTBMxc0btR15s1EP7u4iMmOLzHh27MHaGrUsIGxWeh015rHAwgYUibgWFK1lkNJ_ccGDf0X7giw-4HqZKipRCxGLa2XZqUoXXnJn_k7-ZPNZCzoKSBM6t58p_5pvU-unqDSZFL2oO3E6i8Bl5uuuBww_Ku7wGIv4DhEhNCs61WJTlVaKpElbYRbkhRcxDPdmb-Y63RpUV8D1huyAM0sjCZ3aJYohQiwxamX2LzVCHoZKuJGYcGAb7jVuAUCyYZWBcsrtgo5FboFfXQlnTsC2cyLJI6IOxjpR9dEpbWcx4Olb8qqqD2GLq_mv_VG-HXxK9yyQoPqpxSu4XpBMK6SMOmFNDX3sxHGfwqKiJRUsXZzKkbQ61rmqM2CREkRRrqlxEDFsgs16mUsIGrWQZ3tYB-ijk5y3LBgSdjGofay2FgV5ZnPWXSkPwbYHr2Rg5Y9Iu3WwBLL2qjaF2jcHOqqCUZZPEQ5FNrIViUTkAcHBUBoP-F0Sdv2pSEZ-wCnV9SJDExNDlXtSBXEbPgwOYvyKsO6te0kARWSeZHslsEqDwTInZa5nRpgTdPKPGOlCv4XgTyPr15uasEY7iLesIK8nPblfdczW-WgPyD-fmlES10EM_MROG_ETYhJzRcZG_Su7MUjNi2jpOaQCAVScjTtjg42Nh0tKbQLKyPtvZLrUdiaSnd0gHzFMdypOyRs-1WYgPKXeWsXjYrFY2xMqr7bdwkJ6NdWaFNMIYL-ahPe-9P9j_ER9gcKLnO3ho0e8ZDbGVAgXhN57w1V-dCtYkIK9bDN_DZWocdkzVLcI6KUvsRQZ-VAyRfPY8w-_vUNEq2KvCHeRdtn8biS9VcLxU7i6wWf26swZNJCDX4tBzd3GUT2miSHvLYkuvEwl9gAs3pMAQEXpEoWVkihftZo4vvuOxmaAaJGSGeqsOMnccxW-OsPaZ1FXRNMHxzh2U5xOumI6weg9SAof71m5Zx9dlgyqUZRgUS4vHLtq6nZ3vGUfqbs67iA8tLZ2rLyOnYCRiJJyqVxxTpiHJF6HwjpVeYme4xiychUxrdg44H9bj7Sbxiys9wzFUUo7JS_o2EqI63S5_EqyjYbO_VY1rZVJvAbxNciy7cvZVhEfQsapVRf0Od0yuX61uTsJA8XcTevezKNzBZBV7E-jumted9G8rmB1U5psbkh_EW2nTuth9iYwJWIrANFeE5jFqhoyxGVGegwzRER16z3SuqNhk8NrOmXXThiuHyRSuqLQA-91LQsRASfBQbrIs3Tk45JXCyGnun5hyr62KpFRH--CnbVYBWv52VHJETISiDrshdIxhpPFLjCS3j8U-EpJXPIpX82yisga4INtc0VxID1VrFeKiX6BzILvkZN897FnAoxmu9H__PcQ7_ZZt0vdkCr6Uk-7IBPZv_z_uoYvbRkYbT2C4ZXKUgpyDrg9-9-ql_Xp1pat51OYpPiTy5-GhAuaSPmok3BuuokQh5s4YRNHC-NbGgwg4xG0X7YhJsbbkcKV4rn4Umwa7WWXjzzphM3QYrJN6rJSXqQRFygRNMk470x59r-wEnUODhnCExuXSQJbeBhWGdWuACoORLbQZEIvZ_nvpNErm2uuJ2BFXwLfKgYC2blGmptOnIRgWnHCVlBTb7fJoESOh3pZgdkttm8F8pR5TqhethkfYz0aCWt7zy14tFmGRnM4R24XfOJsZIi7CD3fcBtM8IO_mBdf6K5FzNjBVSvNnIBu3cldsBaLwKAQA3eebgafxZDof-aK-4URgHWPOM0m7utzVrkE0sT87pxQta7gmO1AcoGjI2IFWtAPz3qAXA2P52a5bwJg8WwfMU5DlBuhdmUtJmCoyg7U65wyyL0X873BRXQgJVIN5-WuGM-oLEa2ucO_O9tkQMWDOD7NZYiL4EZ083BDLa1Oh74C58DozrIhTA_n8roCnuG7v_pl4IrqHh7dXYSOVMLS2bDrJb6rKIeDXC9bOQlEh-c_v_QG4q4x9PHFLeof4UuDvGgvocbKqa0Ww236jxtVGsPiEu3iz_aIuvlVtAGpRlU-rkvmPp5kkuPbWc5NBbc8v0RLrinda_UjFpoRNh6W0k-S6FHIVWlk2N798Akr8Z8y68-yUyuuFV8uSjZHiWfqmComn7eXbj7FMlAyA5cZoTkxYJZucZSlqO08vOizq48JRaf9K5gJL_fwG7WylS8EkJxz7rVCsJZYhzyAm9h84bnfht4HxxvVlyz6mBhQSawsFzh8MbU5dcyYoGUbV46ymRO-_u8kdEB0RziRVp_HRHyDZJEvsp5jIIp_a-WVg8wLtad1uw8OAmon3ettuPo1hKc6cIAeYT5mnAbUm-LHJuyImrV9rYbvIKtqO2Wz84CUbGMiO2CB6LlY6ipn9U5yoN4ZDjZDdf1UmpehdT7IguvgF23W6_yR_cOjABHX8tXZ8tXE_alq4tmnxQeVAkt0jLIJh2QEjyPkmSLOVc2rK7ZkNl6F85F1PGySSfx0E3EOhA7KcmY6UH8Y88Z-6mMKCL_KWMBzx6MHajCEJeLyFsF67mr8mulxUIvar2LdTOTMoqIvEUloqDv6X3qy_m9vq6h3QiinpqlvHV6i8-aMHCL0Glhg1BJkS4M56yXWwKchb1Da3OXPUh1-iCS8yXhTJTHWVUn4nwWEiJSngqLFu3mLQrwjoLrRrI4QUqrzwmAoTdS_Q5av5P8akbecaGSSgcYnvVu6t6hucsCPPryVbiURKuJkTNsz6h_zx598RUUSAO7hGhuIOvu4nUoEegVAV4AjcJFDDsvDh0kz1S2Hg-i3fBXYWpnaSRWnyYRqWA-6daw9tqMcj4VVMScZ9AIcoBGUTJZy35Vq5mmy8e0eHijJ-jL8CB1XapaZVzqy_w2tf1FkJTgb4OI1mm-EU6FVZZSeyPdgnCI_Rh0QmJwv14gFjIBshnXOmtPIlGfZ4MS1nry58Nr7OeUtLeIOmAy3Y4dbJ1BkLNueu5avY1j0-r4c0KyMqU7-HsFzyNeLYGAy5m3YP1SykbeqmHvZ6pIwcBt9yIOYkLKaZTQEZyZSMWrX-YZSiyBgt3hjS-IfCl48xuENppgglAt5kn38t-mZIa5NWOyMEJpf4yXTN2EmCBYgqmeQ__S7NKUTn7IDUgRCGNK1xrvDeW26itnWQgxArGlDffBlek-smlmuC1_7BSjJivooQHUKjjj1SC4S4uxb1k04UmJyD65Dj22SpQim4ppLyFqpbwArPcmBOZYho2EHMwd6Dcw7m6U1285hrvV9BfMIo7p78HXcH7bfE170501dgan_WMd8PVwtm51ilauSBg&cid=CAQSTwDICaaNxYoVwZ0MAhokayQsDWi_3xXlWWVNNCWhnPDnV8vjOTyq4IRVgKeK27hO6iR9x8L9ZyPeRAqQyxsk7NHRyhPc0uzfNGG1KaUBJccYAQ&dv3_ver=m202309260101&rfl=https%3A%2F%2Fwinzoro.net&ds=l&xdt=1&iif=1&cor=16107867791024476000&adk=1761367587&idt=80&cac=0&dtd=18

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

435db380c9936c0970dcd3d9941eab6aec2fcf2a38c3e2b4e02d957e8e76bd1f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Fri, 24 Nov 2023 18:05:08 GMT
content-encoding: br
x-content-type-options: nosniff
age: 335078
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13937
x-xss-protection: 0
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 23 Nov 2024 18:05:08 GMT

GET
H2 200 attribution_src_register;crd=cXVlcnlfZXZlbnRfaWQgewogIHRpbWVfdXNlYzogMTcwMTE4NDE4NTk4MjExOAogIHNlcnZlcl9pcDogMTM1Mzg4Njk3CiAgcHJvY2Vzc19pZDogMjM1ODI1NjI1Cn0KZmxvb2RsaWdodF9jb25maWdfaWQ6IDExODY4OTQz...
ad.doubleclick.net/ddm/activity/ Frame 561E 0
498 B 206ms
107ms Image
image/png 142.250.186.166
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ad.doubleclick.net/ddm/activity/attribution_src_register;crd=cXVlcnlfZXZlbnRfaWQgewogIHRpbWVfdXNlYzogMTcwMTE4NDE4NTk4MjExOAogIHNlcnZlcl9pcDogMTM1Mzg4Njk3CiAgcHJvY2Vzc19pZDogMjM1ODI1NjI1Cn0KZmxvb2RsaWdodF9jb25maWdfaWQ6IDExODY4OTQzCmFkdmVydGlzZXJfZG9tYWluOiAiaHR0cHM6Ly9yZWRpbnRlbGxpZ2VuY2UubmV0Igp4ZmFfYXR0cmlidXRpb25faW50ZXJhY3Rpb25fdHlwZTogVklFVwppbXByZXNzaW9uX3ByaW9yaXR5OiAwCmltcHJlc3Npb25fZXhwaXJ5X2luX2RheXM6IDMwCmV2ZW50X2ltcHJlc3Npb25faWQ6IDE2NTM0NjAxMTI2OTU5Nzg1MDk3CmRlYnVnX2tleTogMTkzMTc0MzEyNzI4MzM4OTI3NwppbXByZXNzaW9uX21lYXN1cmVtZW50X2RpbWVuc2lvbnNfZGF0YSB7CiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uOiBJTVBSRVNTSU9OX0RJTUVOU0lPTl9QUk9EVUNUX1RZUEUKICBtZWFzdXJlbWVudF9kaW1lbnNpb25fdmFsdWUgewogICAgaW50NjRfdmFsdWU6IDIKICB9Cn0KaW1wcmVzc2lvbl9tZWFzdXJlbWVudF9kaW1lbnNpb25zX2RhdGEgewogIG1lYXN1cmVtZW50X2RpbWVuc2lvbjogSU1QUkVTU0lPTl9ESU1FTlNJT05fSU5URVJBQ1RJT05fVFlQRQogIG1lYXN1cmVtZW50X2RpbWVuc2lvbl92YWx1ZSB7CiAgICBpbnQ2NF92YWx1ZTogMwogIH0KfQppbXByZXNzaW9uX21lYXN1cmVtZW50X2RpbWVuc2lvbnNfZGF0YSB7CiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uOiBJTVBSRVNTSU9OX0RJTUVOU0lPTl9JTlRFUkFDVElPTl9EQVRFCiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uX3ZhbHVlIHsKICAgIHN0cmluZ192YWx1ZTogIjIwMjMtMTEtMjgiCiAgfQp9CmltcHJlc3Npb25fbWVhc3VyZW1lbnRfZGltZW5zaW9uc19kYXRhIHsKICBtZWFzdXJlbWVudF9kaW1lbnNpb246IElNUFJFU1NJT05fRElNRU5TSU9OX0ZMT09ETElHSFRfQ09ORklHX0lECiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uX3ZhbHVlIHsKICAgIGludDY0X3ZhbHVlOiAxMTg2ODk0MwogIH0KfQppbXByZXNzaW9uX21lYXN1cmVtZW50X2RpbWVuc2lvbnNfZGF0YSB7CiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uOiBJTVBSRVNTSU9OX0RJTUVOU0lPTl9DT1JFX1BMQVRGT1JNX1NFUlZJQ0UKICBtZWFzdXJlbWVudF9kaW1lbnNpb25fdmFsdWUgewogICAgaW50NjRfdmFsdWU6IDAKICB9Cn0KaW1wcmVzc2lvbl9tZWFzdXJlbWVudF9kaW1lbnNpb25zX2RhdGEgewogIG1lYXN1cmVtZW50X2RpbWVuc2lvbjogSU1QUkVTU0lPTl9ESU1FTlNJT05fUExBVEZPUk1fVFlQRQogIG1lYXN1cmVtZW50X2RpbWVuc2lvbl92YWx1ZSB7CiAgICBpbnQ2NF92YWx1ZTogMAogIH0KfQppbXByZXNzaW9uX21lYXN1cmVtZW50X2RpbWVuc2lvbnNfZGF0YSB7CiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uOiBJTVBSRVNTSU9OX0RJTUVOU0lPTl9RVUVSWV9DT1VOVFJZCiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uX3ZhbHVlIHsKICAgIHN0cmluZ192YWx1ZTogIlVTIgogIH0KfQppbXByZXNzaW9uX21lYXN1cmVtZW50X2RpbWVuc2lvbnNfZGF0YSB7CiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uOiBJTVBSRVNTSU9OX0RJTUVOU0lPTl9QTEFDRU1FTlRfSUQKICBtZWFzdXJlbWVudF9kaW1lbnNpb25fdmFsdWUgewogICAgaW50NjRfdmFsdWU6IDMzMjE3NTQzNwogIH0KfQppbXByZXNzaW9uX21lYXN1cmVtZW50X2RpbWVuc2lvbnNfZGF0YSB7CiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uOiBJTVBSRVNTSU9OX0RJTUVOU0lPTl9EVjNfQURWRVJUSVNFUl9JRAogIG1lYXN1cmVtZW50X2RpbWVuc2lvbl92YWx1ZSB7CiAgICBpbnQ2NF92YWx1ZTogODc4MjQzNjk2CiAgfQp9CmltcHJlc3Npb25fbWVhc3VyZW1lbnRfZGltZW5zaW9uc19kYXRhIHsKICBtZWFzdXJlbWVudF9kaW1lbnNpb246IElNUFJFU1NJT05fRElNRU5TSU9OX0RWM19MSU5FX0lURU1fSUQKICBtZWFzdXJlbWVudF9kaW1lbnNpb25fdmFsdWUgewogICAgaW50NjRfdmFsdWU6IDE2NjYwMTQyMDYzCiAgfQp9CmltcHJlc3Npb25fbWVhc3VyZW1lbnRfZGltZW5zaW9uc19kYXRhIHsKICBtZWFzdXJlbWVudF9kaW1lbnNpb246IElNUFJFU1NJT05fRElNRU5TSU9OX0RWM19DUkVBVElWRV9JRAogIG1lYXN1cmVtZW50X2RpbWVuc2lvbl92YWx1ZSB7CiAgICBpbnQ2NF92YWx1ZTogNDE2MjE2Nzg3CiAgfQp9CmFyY2hldHlwZV9pZDogMTIKYXJjaGV0eXBlX2lkOiAxMwphcmNoZXR5cGVfaWQ6IDE0CmFyY2hldHlwZV9pZDogMTUKYWR2ZXJ0aXNlcl9jb252ZXJzaW9uX2RvbWFpbnM6ICJodHRwczovL3JlZGludGVsbGlnZW5jZS5uZXQiCmFkdmVydGlzZXJfY29udmVyc2lvbl9kb21haW5zOiAiaHR0cHM6Ly9hZC1zcnYubmV0IgphZHZlcnRpc2VyX2NvbnZlcnNpb25fZG9tYWluczogImh0dHBzOi8va2xpY2std2VsdC5kZSIKaW1wcmVzc2lvbl9ldmVudF9yZXBvcnRpbmdfd2luZG93X2RheXM6IDQKYnJvd3Nlcl9hdHRyaWJ1dGlvbl9hcGlfcmVxdWVzdF9wcm9jZXNzaW5nX2JpdHM6IDczODE5NzUwNAo

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_nohtml_fy2021.html?hello=world&fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.166 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f6.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 28 Nov 2023 15:09:46 GMT
x-content-type-options: nosniff
attribution-reporting-register-source: {"aggregation_keys":{"12":"0xc609a60aeef815520000000000000000","13":"0xdc96607a738f84370000000000000000","14":"0xcef74da04684df550000000000000000","15":"0xf19f3ec48b1251f00000000000000000"},"debug_key":"1931743127283389277","debug_reporting":true,"destination":"https://redintelligence.net","event_report_window":"345600","expiry":"2592000","filter_data":{"14":[],"8":["11868943"]},"priority":"0","source_event_id":"16534601126959785097"}
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type: image/png
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK 33lgkyejwpt3 Show response
hal9000.redintelligence.net/zone/ Frame 561E 11 KB
4 KB 124ms
44ms Script
text/html 138.201.84.244
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal9000.redintelligence.net/zone/33lgkyejwpt3?subid=&gdpr=&gdpr_consent=&rnd=1701184185011826&extVar[]=DV360_SSP:1&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCmpGhuQJmZbJctpuIzQ_HnK-QBqblvaBpnZycp8kP8C4QASDjkNURYJX68IGMB8gBCakCA7dZa_pfsj6oAwHIA5sEqgTaAU_QsWD68xTfwghn6e1fdh9N-hXdHKZvwcifkLIokQS5Oe534hQDZwhCk1tHJqurbh4zdmzeG6Ljk8SOjJVpCGv1v56rLEJmXZojlPobJlBcV-_wGhY5WVilBgzqtpTfugcRvlEqcbmefUxEio0phXDl_z5wP7Oh6jMYFOL6_43ZTPio4FaUt596E53cbIdpuNZUjzcZgpqo9xYABniZxWlqyaGgu3S2yUyUdL2pjPdtmnA0g9mq83LQtEb4w7q_CWwOnG0FoC_fZxG4dPvbI6B39bngIQWOuNc_wATrj_yO9wPgBAOIBe-vlog-kAYBoAZNgAesrfWfA6gH2baxAqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCB8IgOGAEBABGB8yAqoCOgKAQEi9_cE6WPjgrPj85oIDgAoBmAsByAsBgAwBogwYKhYKFOS0sQLutbECtbixAuS0sQLutbECqg0CREWwE4fvsRXQEwDYEwOIFAHYFAHQFQH4FgGAFwE%26ae%3D1%26num%3D1%26cid%3DCAQSTwDICaaNxYoVwZ0MAhokayQsDWi_3xXlWWVNNCWhnPDnV8vjOTyq4IRVgKeK27hO6iR9x8L9ZyPeRAqQyxsk7NHRyhPc0uzfNGG1KaUBJccYAQ%26sig%3DAOD64_3TFRKf0Gt_dMg5crG6bOOqwajkfQ%26client%3Dca-pub-4379353840599633%26dbm_c%3DAKAmf-B6vTSZai_eZjl35Yqt4Rg6cr_AENJOJBUcQxQddagVRZdSZRYVSICZXBksg4BTWPN-KwPLVupTXHpUuUU9OYN-dgC8jkBEzkVkm2rTawPH6Woc6R-0DdQ0e5Ch5KjlqpYMfNTBW6uWD9kYhr-Ap4Sq_krMti0theYhaI4N_zHyd4Ksiwo%26cry%3D1%26dbm_d%3DAKAmf-AFLQt33uIhJ4Dy6ywp761nqJjwOSuX4T2JnBOILKCzrSaBpvueUCLXoobTKApM9Zq5UD_r_3QkxW680lC_BWvhwUQu1P9WjKA8bB0ST5KTqtKK7cfNPQ6ONWcrVtemZHHpaX4PODdM0wd8QKJmefbHF4Ym06kOnHHyQidrzc82GoosxsjvGxoPx-TzlRD2fG5JuaBJEhu3JkSQnj1T_fHYJ7Ssy1wO0gGiP14ByHtiIokuH6jJwGlJABWACjZlGp1Ndh0md4GzU4Gs8-DlLBcQ7EUavhA6MQMsyLKnQr86uXwi237S9VZ60jJeOvtYVSYUB5MNhJ0P7TERkZjgGgKchjY0RgjiKj10mhMIKYDe8_T_ReuOMkFXYCy_bfG3DMSDg7Cp-CXjA8WpSp8SVGJSq72C7a4lRf6fRsKhAA4Vm4Rgxki3GzYK-k-6px06F8bzYJpQcxjsf1obzFOdp1XSxld-kPD1Atk9s0L5UA05XhuckpwKPNRIjYBn_2d_BaK0I5C7XgKehrSxn_F-jYfUJIRk1dNUw6VuYgB-vC0XKS5A284%26adurl%3D
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_nohtml_fy2021.html?hello=world&fsb=1
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.84.244 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.244.84.201.138.clients.your-server.de
Software: Apache /
Resource Hash: b38138d8fd387b452b7b12553bc41e30c4d07b73c4037113d3064a455592641c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date: Tue, 28 Nov 2023 15:09:46 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 4153
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8

GET
H3 200 Q12zgMmT.js Show response
tpc.googlesyndication.com/sodar/ Frame 6F95 41 KB
14 KB 29ms
27ms Script
text/javascript 2a00:1450:4001:800::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-CNss2NCHaytxngJrx5mfd6rb95_gNPUEqTmWXWXHuueUqzfSf6a0jKjrdLDQ9Iz3t3rBx-bdTabJv_qsstKwFcjQTDdT0_5OlupqOOIrkbZc-YMqnaH_L1XNpZ0RctlIJM90SJUgjykhgG9DU__2hj_CGWiIoEFucNVrdzjGXwVFpIKgI&cry=1&dbm_d=AKAmf-DKy9kOl8U-JNe_6wcN5wrmKAzVcYWWLqx-d9U4WP4yJSOTJO49DqgHTzgH1FRWgfpneVZJ-sOpvqccT6eSDuqO6jrjLtLOG2fLQs-_5HNAh-coVrehXs__FyUI64lzT63f6dr0tPvtQfFmJktjE6z4ElML2PqB8lzz9B_sTVHEikWOVWDY5ORyX31MBd4hULfIcgZW0zNcQY8d7JWvGga9tVMdDcRXLrC97T-askBxFhjHrqN4eBEAL0QEj-CXa47XXnb1m2wgf69GvWFxgoZdqF9vsf7gskhCmoFEsHcuzgkFKTibM_WxO1TumyW-tEdIfXiPTaDpeYafz57LcZthb6QIgxPn3N9MdvarOoxK4ARLyZK-EwmG9qB6gYBL1jNq4dyPHGl95IVTE5HyGo4l4w_ZTxxXlW2VJVOkAQ2ZbPeLzXN2WWRJcKVT0wo4cgmWhI6YoA4kyFtkEj1-JvmqN5gKsCJ7dVPAdF0_bDc-EtsbmvtkORbahQn-MDHUB1kncmRX9eiEIIieYoUQHsDcfnt0gayCCEEAM-SevotDaTFXrrESmosagFsLpLFpQ4_LKDj4uOTLjVc_2w_t1M9qEn91ftP7SBqc9g2O5vrHA_6sEvERbREUfPTGj1FlcRRIARRBcNGdISCO0gtoZ_ZIKQmqU44X5hG2RuL9xkW4oqie4g4IQmuKvfRapqyCX7hXmv87Lkmldi_d24NVX1fxrveNYGaz5hOrTb7HMGxUmtvuvzs0okoPvVoYSPq0isaQq8KpyWyYoS5Gk6S32EQ_TCxfReriudDHjx4gc4MInI8WcCzgIJuQtMgRQdfiOubfMCH5K7qRMxxNpio-sDa7bicFojPTmxHJO9LnDdrKaL7s_VvRrF3NQWohtnRO3eww3kcPXJJ2Eo7cb61q7twjDkBQJHBszmWh1Hc4XN2HFirpyjyQm4ZHiM2bthV-oYPMIwzkNHP-MNv_BPtbMVhtRt9CA0JX-YwcECKqEVLYRizpAcAm9k5tM-Z8V4hr8Ql4CdhaFnDlg8gSnnc8Od6vBWUQGxY5qhVuwtDntjyzlrTq1AXQvys5dqcRXnEIu-32BP_JPd7IpTgu9OVz7EbWfHI-SgdcnvNl2PpxCjfzcobZ1UVKW45h22kngkIINqpiUPs5cj2_BhbrduICGf8rsH82k8FUTde7f80iBdG4c2WgEUO915vWlK-En_YH2QffuECZaUQh_N24IcXAotY6_Vm2Qo7fT9g59bHQHUfg953J_6x3T91N2l8JPu-2zghZAJUQDjnz9ue_dXXoiVviDTL3LE_vvT-rm4q0yOPP9vCxSfI542hvqYBvP3fAtaUb64y9P9lCcNGkYIEMl8uZDf5i3Tkl_Xi9-QVEONu3fc9KcDYKJPMdRSXyjZ4jF9Yw1oFIDNW2DNxVEZtId6ybjVwVxxkBAvHyIWI7RAnMfqFxIr0SMENzZgAGLcjNJX_vq3zgS20nOafrYvWMcSaZJo0KNryx8vmoClZyTFT3aKmmuhK06mvZTjaOLXRpseu4sTDsaFeO0ysIIF-Axw4Qbd4pZwq_XK4QvZYYGucdgOV6nj4O2DMGSklpRyt5DoVtpDY2TeL8ZdPhHpsmcvhDDDkjKgBwnOdn7JbwcVbZsEYp_EJ7d77Chf_-dx54KomN6mt9iRyeB2YkQhyePJB8CujGIcD-nbtxO7eZSYEDNxRmncfg9y22K0R-po3SMxqAz02BHdNEh2R1c3p6D50FKnKW6IjjgnZIyZ567QOJFVjeG9B0PQelghhvyLokTXXjzkpKdokTTyuVCvaQ61VTUaaaM0AJBpqi6PI5iq6FPiHWWaleJKxXmRUN_fTBaezPx5WUXTCksGFoxf1ti3jCheBBO4FL-TmqtZQ6kbqsQ-DprO8JU01GDgOb8rVA1LJAHnstESf6BhVrhiawtBDsZuZ3vq-SXJ-KxiRBYzSk2Qkr29i3xgd8x6YBqV_6ps-Xzvnjc0zL_s0dRv0_2MqBKZJ5NcCR0YdgCJfBLU0mQvV7HGNSMsatQI24t_h2gg915e17MFIDVdWOqcLUQhRTe_Jrf9iWlqZugYxVtsu7PRT85vJfcTCi3sHg2YFe7ETdFusFztY67g6nAhxp2My_6NueBNE1lyCcfFyL5jxwEuGnAo93aM1-TheoS8xcIpzzHNMUMcPOyntJ54_9kHPCItYyokZkZ_39_x7dMzzX5BNnSVGzh2Ma5IQrf6fwn8I_7QAuQwo2f9ng7q3EtKFzhpy0jQSqwkeYD9IFhSxdHu3E1f14w23xXb7Pv0FWofqEAFI4bh05I3tEtwciF-FouCcwGT-qih7IORcv7otOS0Xo4lu5LljzbDQaFfMS5tU1ebMXh1HDaWTHGDzfYJBphfY0-9HUmauCgCkiojWTARl9PNz0KadiTnnyIUXqxLTFf2_qqhgbbazerYEtUFQL7UnDOdfDV5Y9yZVyQd8Qu9iop8_K-Isu7ZIeLeWhwTkwzdsofbSyKBBEdvo5TxVDvbcM2or23gRINw9NkmeIvj1F1ElsOdA1RBiRe8iLOjY7hn05YPL4H_uYaAy5qgcwR5j7eQzETXPxAqdyhdZwX0JplOGrz7gWogSjeO8LWDVugQrmxpefGvuFrQQCJ8lCFOW2Vx0yUuHHJlgXyFFEkvzZHRHBbdg9uWobZvF8Es0E-GFaBsHrtcn25ppd7FHxrK-0HeqV3FD6vTqERtt0mERL6qaQ6Q0LM6KpvtlrB-gWEJJZmbtE09hWMqSocGd4K-AkwyLCjQyeBNWo5lBkOYRpN2ifkHV6dcrcT4LGBQVSdNFA3gZW4uXVk_lN1RSlYw3N-FPApNDyG40uQhk_TcRehngfubTnTkbeuZcGaJWkMVh5KO0j3lNOHI68HazTYS-FycM_7m7duN0gDKcAsMgfrogOA4DKRfTdZnB6xWuvC_kiWSX1wTxycRVQneWbbSMS4p7MF9Z-TnhmGM4cFwW_0gLx74QmBKhw_jEai9P3V6deDPcyFdKKZC6UFW5M3ghtafb2vlpnSsmXiPwfbYer8aorpQs3JcsXdQXuORtD1bKSu7YHmaCPXCoXTGRM0YehabF0qVSIY2tibGy1GG--hEPKftVq9pQgvJ3fVuR1SXgZOgpW4ZL5uXiP2inEAu170bI03bodkl6bLDVmTG1VAX1iucNOhcWV7KrrG5CIW_UHR_4c_7_8r4cjBvo9zvf3tW8kIEn75rvOdpq7DAiWPQn5eku5lmgwZHfxcoNMT_ltROLr1jo765W4vsN6I8rNB6mA_4dP6-ngn-aFLRlXgpsN32vJJxef4n6HoNjl50w84UWFky19iNl_JZr2IPP108fgpfCxDfqhlRwxsU5jERSwKN-5mq-BUJscXAI8eSVTIViE-yFpbNCJygPif7bPKmYB2OhmBBFGCOsYvy4k8pcQIxBVRHmfltUPBb6vnU2S3P071eWLIKHt__JOPCeie_K6pUmXVK90TE6VVSgikDuY4ByBhp5CvEDTWvpwB85JXTTssVe3RSKD6JFhanzoLw9qCFDim0cIhPWYdeobfvTQd3gFfOSGle488KCx17QMU6sksYg2B09ZRqcZj5Gg_qDOJE1ON3igka3xnHzD2rpdbiraKsHD9oyFaZpI0qcBZXLrsTAW-gx4-5GyZv5Zn6b1Lb3NIhvUPBtHe9mf3yPUShcl2rEIDdq6n6-aqY1mKE38FgV3I9Chfl1XEZyL3ZQUf3bOwtHaHTlBfnpUcfdlDLRLvNc0Q7YEWSA9znioTaP9mY8SEYSwDFAgMV8EDBL25ALl62hw93CmBojCiST8A6vMROiBc1EFaoz1yB0njbnYanxUdt5586VQuuCzImVUSuChghN768ImqW-qjRohxCsu9fJmYDOpxnnKNmDEEg_lPwSjLAXDCaPaguIqGPSv9gew2aEMNLHcZXJgNp34PFkmcJEWj-hHkKx22bQ9TJR7cxDuPWUFztJo6jiBYshUR60X2hGkOPhRWZe57WKoIyWJm-s3V_W-Kf9FtpfMdHrPVWSPdIrCn-BIsylXBw&cid=CAQSTwDICaaNxYoVwZ0MAhokayQsDWi_3xXlWWVNNCWhnPDnV8vjOTyq4IRVgKeK27hO6iR9x8L9ZyPeRAqQyxsk7NHRyhPc0uzfNGG1KaUBJccYAQ&dv3_ver=m202309260101&rfl=https%3A%2F%2Fwinzoro.net&ds=l&xdt=1&iif=1&cor=1279753561619869400&adk=1726166460&idt=153&cac=0&dtd=2

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

435db380c9936c0970dcd3d9941eab6aec2fcf2a38c3e2b4e02d957e8e76bd1f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Fri, 24 Nov 2023 18:05:08 GMT
content-encoding: br
x-content-type-options: nosniff
age: 335078
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13937
x-xss-protection: 0
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 23 Nov 2024 18:05:08 GMT

GET
H2 200 attribution_src_register;crd=cXVlcnlfZXZlbnRfaWQgewogIHRpbWVfdXNlYzogMTcwMTE4NDE4NjAyMTI2NQogIHNlcnZlcl9pcDogMTI2MDY0MDc0CiAgcHJvY2Vzc19pZDogMTk0NzA5ODA4MQp9CmZsb29kbGlnaHRfY29uZmlnX2lkOiAxMTg2ODk0...
ad.doubleclick.net/ddm/activity/ Frame 6F95 0
858 B 171ms
73ms Image
image/png 142.250.186.166
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ad.doubleclick.net/ddm/activity/attribution_src_register;crd=cXVlcnlfZXZlbnRfaWQgewogIHRpbWVfdXNlYzogMTcwMTE4NDE4NjAyMTI2NQogIHNlcnZlcl9pcDogMTI2MDY0MDc0CiAgcHJvY2Vzc19pZDogMTk0NzA5ODA4MQp9CmZsb29kbGlnaHRfY29uZmlnX2lkOiAxMTg2ODk0MwphZHZlcnRpc2VyX2RvbWFpbjogImh0dHBzOi8vcmVkaW50ZWxsaWdlbmNlLm5ldCIKeGZhX2F0dHJpYnV0aW9uX2ludGVyYWN0aW9uX3R5cGU6IFZJRVcKaW1wcmVzc2lvbl9wcmlvcml0eTogMAppbXByZXNzaW9uX2V4cGlyeV9pbl9kYXlzOiAzMApldmVudF9pbXByZXNzaW9uX2lkOiA4NDc3NTEyMzgzOTcyMDAwMjIxCmRlYnVnX2tleTogMTA2MjQwODk5NjgzMTkyMzExMDgKaW1wcmVzc2lvbl9tZWFzdXJlbWVudF9kaW1lbnNpb25zX2RhdGEgewogIG1lYXN1cmVtZW50X2RpbWVuc2lvbjogSU1QUkVTU0lPTl9ESU1FTlNJT05fUFJPRFVDVF9UWVBFCiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uX3ZhbHVlIHsKICAgIGludDY0X3ZhbHVlOiAyCiAgfQp9CmltcHJlc3Npb25fbWVhc3VyZW1lbnRfZGltZW5zaW9uc19kYXRhIHsKICBtZWFzdXJlbWVudF9kaW1lbnNpb246IElNUFJFU1NJT05fRElNRU5TSU9OX0lOVEVSQUNUSU9OX1RZUEUKICBtZWFzdXJlbWVudF9kaW1lbnNpb25fdmFsdWUgewogICAgaW50NjRfdmFsdWU6IDMKICB9Cn0KaW1wcmVzc2lvbl9tZWFzdXJlbWVudF9kaW1lbnNpb25zX2RhdGEgewogIG1lYXN1cmVtZW50X2RpbWVuc2lvbjogSU1QUkVTU0lPTl9ESU1FTlNJT05fSU5URVJBQ1RJT05fREFURQogIG1lYXN1cmVtZW50X2RpbWVuc2lvbl92YWx1ZSB7CiAgICBzdHJpbmdfdmFsdWU6ICIyMDIzLTExLTI4IgogIH0KfQppbXByZXNzaW9uX21lYXN1cmVtZW50X2RpbWVuc2lvbnNfZGF0YSB7CiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uOiBJTVBSRVNTSU9OX0RJTUVOU0lPTl9GTE9PRExJR0hUX0NPTkZJR19JRAogIG1lYXN1cmVtZW50X2RpbWVuc2lvbl92YWx1ZSB7CiAgICBpbnQ2NF92YWx1ZTogMTE4Njg5NDMKICB9Cn0KaW1wcmVzc2lvbl9tZWFzdXJlbWVudF9kaW1lbnNpb25zX2RhdGEgewogIG1lYXN1cmVtZW50X2RpbWVuc2lvbjogSU1QUkVTU0lPTl9ESU1FTlNJT05fQ09SRV9QTEFURk9STV9TRVJWSUNFCiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uX3ZhbHVlIHsKICAgIGludDY0X3ZhbHVlOiAwCiAgfQp9CmltcHJlc3Npb25fbWVhc3VyZW1lbnRfZGltZW5zaW9uc19kYXRhIHsKICBtZWFzdXJlbWVudF9kaW1lbnNpb246IElNUFJFU1NJT05fRElNRU5TSU9OX1BMQVRGT1JNX1RZUEUKICBtZWFzdXJlbWVudF9kaW1lbnNpb25fdmFsdWUgewogICAgaW50NjRfdmFsdWU6IDAKICB9Cn0KaW1wcmVzc2lvbl9tZWFzdXJlbWVudF9kaW1lbnNpb25zX2RhdGEgewogIG1lYXN1cmVtZW50X2RpbWVuc2lvbjogSU1QUkVTU0lPTl9ESU1FTlNJT05fUVVFUllfQ09VTlRSWQogIG1lYXN1cmVtZW50X2RpbWVuc2lvbl92YWx1ZSB7CiAgICBzdHJpbmdfdmFsdWU6ICJVUyIKICB9Cn0KaW1wcmVzc2lvbl9tZWFzdXJlbWVudF9kaW1lbnNpb25zX2RhdGEgewogIG1lYXN1cmVtZW50X2RpbWVuc2lvbjogSU1QUkVTU0lPTl9ESU1FTlNJT05fUExBQ0VNRU5UX0lECiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uX3ZhbHVlIHsKICAgIGludDY0X3ZhbHVlOiAzMzIxNzU0MzcKICB9Cn0KaW1wcmVzc2lvbl9tZWFzdXJlbWVudF9kaW1lbnNpb25zX2RhdGEgewogIG1lYXN1cmVtZW50X2RpbWVuc2lvbjogSU1QUkVTU0lPTl9ESU1FTlNJT05fRFYzX0FEVkVSVElTRVJfSUQKICBtZWFzdXJlbWVudF9kaW1lbnNpb25fdmFsdWUgewogICAgaW50NjRfdmFsdWU6IDg3ODI0MzY5NgogIH0KfQppbXByZXNzaW9uX21lYXN1cmVtZW50X2RpbWVuc2lvbnNfZGF0YSB7CiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uOiBJTVBSRVNTSU9OX0RJTUVOU0lPTl9EVjNfTElORV9JVEVNX0lECiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uX3ZhbHVlIHsKICAgIGludDY0X3ZhbHVlOiAxNjY2MDE0MjA2MwogIH0KfQppbXByZXNzaW9uX21lYXN1cmVtZW50X2RpbWVuc2lvbnNfZGF0YSB7CiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uOiBJTVBSRVNTSU9OX0RJTUVOU0lPTl9EVjNfQ1JFQVRJVkVfSUQKICBtZWFzdXJlbWVudF9kaW1lbnNpb25fdmFsdWUgewogICAgaW50NjRfdmFsdWU6IDQxNjIxNjc4NwogIH0KfQphcmNoZXR5cGVfaWQ6IDEyCmFyY2hldHlwZV9pZDogMTMKYXJjaGV0eXBlX2lkOiAxNAphcmNoZXR5cGVfaWQ6IDE1CmFkdmVydGlzZXJfY29udmVyc2lvbl9kb21haW5zOiAiaHR0cHM6Ly9yZWRpbnRlbGxpZ2VuY2UubmV0IgphZHZlcnRpc2VyX2NvbnZlcnNpb25fZG9tYWluczogImh0dHBzOi8vYWQtc3J2Lm5ldCIKYWR2ZXJ0aXNlcl9jb252ZXJzaW9uX2RvbWFpbnM6ICJodHRwczovL2tsaWNrLXdlbHQuZGUiCmltcHJlc3Npb25fZXZlbnRfcmVwb3J0aW5nX3dpbmRvd19kYXlzOiA0CmJyb3dzZXJfYXR0cmlidXRpb25fYXBpX3JlcXVlc3RfcHJvY2Vzc2luZ19iaXRzOiA3MzgxOTc1MDQK

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_nohtml_fy2021.html?hello=world&fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.166 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f6.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 28 Nov 2023 15:09:46 GMT
x-content-type-options: nosniff
attribution-reporting-register-source: {"aggregation_keys":{"12":"0xc609a60aeef815520000000000000000","13":"0xdc96607a738f84370000000000000000","14":"0xcef74da04684df550000000000000000","15":"0xf19f3ec48b1251f00000000000000000"},"debug_key":"10624089968319231108","debug_reporting":true,"destination":"https://redintelligence.net","event_report_window":"345600","expiry":"2592000","filter_data":{"14":[],"8":["11868943"]},"priority":"0","source_event_id":"8477512383972000221"}
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type: image/png
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK 33lgkyejwpt3 Show response
hal9000.redintelligence.net/zone/ Frame 6F95 11 KB
4 KB 124ms
44ms Script
text/html 138.201.84.244
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal9000.redintelligence.net/zone/33lgkyejwpt3?subid=&gdpr=&gdpr_consent=&rnd=1701184185011827&extVar[]=DV360_SSP:1&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCztzpuQJmZbNctpuIzQ_HnK-QBqblvaBpnZycp8kP8C4QASDjkNURYJX68IGMB8gBCakCA7dZa_pfsj6oAwHIA5sEqgTaAU_Q1pwmMXbxYv2hDlAa_BuV9BUEYFuq8hYvevxkFmOlhgOMx4O4rDnmg60R-DQkWl70B06xlgeQPVe1ZXhw_eQ2W-W6QkF9vt2Ot7lZ0TUcyeJ8nw__xEmuWFlyu4VJZSR_DbBURa7Q4Fh-mnqjvodmi5DYqXlAw0zo17i7ef_b7enjsJvTlbods529wLlqwq4rJ99vtbwoZO4no9JFfdyP9FQDRGbtsMnt_wyw5Dnz5OTz04ayP0KtJ-6aTyVlxPtefyHF_C_kHQ-a-UKrcO3UoYeItI_bjQjXwATrj_yO9wPgBAOIBe-vlog-kAYBoAZNgAesrfWfA6gH2baxAqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCB8IgOGAEBABGB8yAqoCOgKAQEi9_cE6WPjgrPj85oIDgAoBmAsByAsBgAwBogwYKhYKFOS0sQLutbECtbixAuS0sQLutbECqg0CREWwE4fvsRXQEwDYEwOIFAHYFAHQFQH4FgGAFwE%26ae%3D1%26num%3D1%26cid%3DCAQSTwDICaaNxYoVwZ0MAhokayQsDWi_3xXlWWVNNCWhnPDnV8vjOTyq4IRVgKeK27hO6iR9x8L9ZyPeRAqQyxsk7NHRyhPc0uzfNGG1KaUBJccYAQ%26sig%3DAOD64_2TsC5OeUrOFmcita4gFBWFFL8GmA%26client%3Dca-pub-4379353840599633%26dbm_c%3DAKAmf-C1Ses8_F1AzT5iR2MCq09nytyRfOGkjrV0qZD24IvK9WeuYuHkrUznB464SQ-UUF_hqSPYouY4122npB52auil7Iwqf7v1ICf_Q1mKgU3LczVbvbNP1heznAfgeotRW4r0mPpkupD86osdFq5FDeWw5QpF9PHqp-wdqdDEZ9y3jdGEStQ%26cry%3D1%26dbm_d%3DAKAmf-CDnMHjLQwt3Gg2GyNWcDmh9LeDEVnCmAhWI82o95KQiwVy4Up-qVkxb09N2ZAwn-86cVON_oA0UU2N8mRLW5rlB-QyVNt2aDSe_8ygal-Xm5pwhdN1V7gL3Avsb0QVJ4BiBFphDy2K4t42QXqph9uAHRUIcepXm-bNRpOdz8O9BHzaNTsgyNWM4zj7yVszuw0JvQQkH0YT7sbOw5Lntvi-Z8qoiIGDYAUR9X2H9E6Jzrrkot7ToqvDCWQ1fRdJerV_deLZadMLEzVU5bPDjglThrvGmQ3KppN19cWlBbkMOTsNPANt9QR7-9WU4lw4CS7lZju2uoUSmYflnY8FTvJGeqXDKEa-oUvxEq2lW_Ye6lojAR4z84uGnc4z2XpU2xFBRFf_9t6gCcgmRDIwnttZ43ji-6k1QlUEJnMN6S19Pb8H2BQpo25UBCD53c8uN_Nz104OY_OgsqHJdrL0JuHe9FPGeb8ZMj7gxoO2RT8zK8ffqltRoFClry9fo5Spb7HbLxT7Smw51Lc8IywGr8zv-2fOJZufhyDAoOPB6NLCBOZuiko%26adurl%3D
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_nohtml_fy2021.html?hello=world&fsb=1
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.84.244 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.244.84.201.138.clients.your-server.de
Software: Apache /
Resource Hash: 2adeab00cf0e5471b264d4f84defe700ad709a2847dcbf5538ee3793c65a9cf8

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date: Tue, 28 Nov 2023 15:09:46 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 4151
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8

GET
DATA 200
OK truncated
/ Frame 9336 217 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 5485a4ffd8f4277a891711138076d3a227ec2f203b31dd83984f9effda23c505

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 dpixel
cms.quantserve.com/ Frame E334 35 B
464 B 87ms
31ms Image
image/gif 2620:116:800d:21:de2e:c7b3:55c0:d5a0
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESEH9Hk5WEgwpZB33HI-JOQPc&google_cver=1&google_push=AXcoOmR1r6UnJjQVAhlwWWqxoJXw_qhOK9KPAVWJR4-iJuPohMGPhdumuX_lIRyg4w0m5-OfQNPaB898zRwm5uaa1O0TNtzyXOaZHA

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:116:800d:21:de2e:c7b3:55c0:d5a0 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 28 Nov 2023 15:09:46 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
content-type: image/gif
cache-control: private, no-cache, no-store, proxy-revalidate
content-length: 35
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H2 200 google
match.adsrvr.org/track/cmf/ Frame E334 70 B
149 B 184ms
59ms Image
image/gif 35.71.131.137
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/google?google_gid=CAESEBfY3Kk1W2V8a-famdEDKjU&google_cver=1&google_push=AXcoOmRMrCrxmxbn6l6cPSRUEv3yvjOlXOoAp2qkG7ZuiO6SqUPGdCw7oOJ1AILBp01W76HugmXMuW0k56IXN5LOkYJwBf2Ls5L9iQ
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4379353840599633&output=html&h=280&adk=281093907&adf=495251238&pi=t.aa~a.3502614405~i.2~rp.1&w=960&fwrn=4&fwrnh=100&lmt=1701184185&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=7633074340&ad_type=text_image&format=960x280&url=https%3A%2F%2Fwinzoro.net%2F&ea=0&fwr=0&pra=3&rh=200&rw=960&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1701184185611&bpp=3&bdt=1199&idt=3&shv=r20231109&mjsv=m202311140101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=2&correlator=575793446681&frm=20&pv=1&ga_vid=1577247992.1701184185&ga_sid=1701184185&ga_hid=624964592&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=440&ady=2294&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44809005%2C31078297%2C31079756%2C44807763%2C44808148%2C44808285%2C44809053%2C44809072%2C318512602&oid=2&pvsid=3572195228664700&tmod=761175717&uas=0&nvt=1&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&btvi=1&fsb=1&dtd=7
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.71.131.137 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a6370ebea231e0c9a.awsglobalaccelerator.com
Software: Kestrel /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 15:09:46 GMT
server: Kestrel
content-length: 70
content-type: image/gif

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame E334
Redirect Chain

https://dsp.adfarm1.adition.com/cookie/?ssp=2&google_gid=CAESEIVrJEIUuU8FE_LWXm3HDBY&google_cver=1&google_push=AXcoOmSJuYoUAGX9jdnQSVjE-UQd8jbze6AB7KqJ81uWAO5PvUqUwhuZWTqTytgf5uf4wCYlC7xGfudlJUXKo-...
https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=NzMwNjUzMDQ0MzM1MTQyMzEyMw%3D%3D&google_push=AXcoOmSJuYoUAGX9jdnQSVjE-UQd8jbze6AB7KqJ81uWAO5PvUqUwhuZWTqTytgf5uf4wCYlC7xGfudlJUXKo-TdjR...

170 B
188 B

46ms
46ms

Image
image/png

142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=NzMwNjUzMDQ0MzM1MTQyMzEyMw%3D%3D&google_push=AXcoOmSJuYoUAGX9jdnQSVjE-UQd8jbze6AB7KqJ81uWAO5PvUqUwhuZWTqTytgf5uf4wCYlC7xGfudlJUXKo-TdjRw6fgQWhFbBaA

Requested by

Protocol

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 28 Nov 2023 15:09:46 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=NzMwNjUzMDQ0MzM1MTQyMzEyMw%3D%3D&google_push=AXcoOmSJuYoUAGX9jdnQSVjE-UQd8jbze6AB7KqJ81uWAO5PvUqUwhuZWTqTytgf5uf4wCYlC7xGfudlJUXKo-TdjRw6fgQWhFbBaA
Date: Tue, 28 Nov 2023 15:09:46 GMT
Server: nginx
Connection: keep-alive
Transfer-Encoding: chunked
p3p: policyref="http://imagesrv.adition.com/w3c/p3p.xml",CP="NON DSP ADM DEV PSD IVDo OTPi OUR IND STP PHY PRE NAV UNI"

GET
H2 200 sync
x.bidswitch.net/ Frame E334 43 B
146 B 200ms
28ms Image
image/gif 18.197.5.251
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://x.bidswitch.net/sync?ssp=google&google_gid=CAESELOZnCNweOoh5FSDn3xOG6s&google_cver=1&google_push=AXcoOmQYdKoPhLNXOAqViksXLJfu8dxd0cUpXs0ty33S6dgpQnXBXpPAvkT2fJQDBiZbaxFItqY3PXIFWEzE5nt6_Ud4GJMZxnBTrhI
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4379353840599633&output=html&h=280&adk=281093907&adf=495251238&pi=t.aa~a.3502614405~i.2~rp.1&w=960&fwrn=4&fwrnh=100&lmt=1701184185&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=7633074340&ad_type=text_image&format=960x280&url=https%3A%2F%2Fwinzoro.net%2F&ea=0&fwr=0&pra=3&rh=200&rw=960&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1701184185611&bpp=3&bdt=1199&idt=3&shv=r20231109&mjsv=m202311140101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=2&correlator=575793446681&frm=20&pv=1&ga_vid=1577247992.1701184185&ga_sid=1701184185&ga_hid=624964592&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=440&ady=2294&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44809005%2C31078297%2C31079756%2C44807763%2C44808148%2C44808285%2C44809053%2C44809072%2C318512602&oid=2&pvsid=3572195228664700&tmod=761175717&uas=0&nvt=1&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&btvi=1&fsb=1&dtd=7
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.197.5.251 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-197-5-251.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 15:09:46 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 43
content-type: image/gif

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame E334
Redirect Chain

https://pr-bh.ybp.yahoo.com/sync/adx?google_gid=CAESEKAxGehJH0CVfV4ABL9tfXY&google_cver=1&google_push=AXcoOmTekG1taTGKCe5usqIPMrZp9R_M-ghyaM-skI5cT2fCUWLefaIdVyO7SCY-rUkTpOoWW383QHsT8LYSeY0utH2HNSy...
https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AXcoOmTekG1taTGKCe5usqIPMrZp9R_M-ghyaM-skI5cT2fCUWLefaIdVyO7SCY-rUkTpOoWW383QHsT8LYSeY0utH2HNSy6KZtGNQ&google_hm=eS1VVnIuWFdaRTJwSGQw...

170 B
188 B

38ms
37ms

Image
image/png

142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AXcoOmTekG1taTGKCe5usqIPMrZp9R_M-ghyaM-skI5cT2fCUWLefaIdVyO7SCY-rUkTpOoWW383QHsT8LYSeY0utH2HNSy6KZtGNQ&google_hm=eS1VVnIuWFdaRTJwSGQwVUFURmFIZTFPSERMNWY0VDVTRX5B

Requested by

Protocol

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 28 Nov 2023 15:09:46 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Tue, 28 Nov 2023 15:09:46 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
server: ATS
content-security-policy: sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-frame-options: DENY
location: https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AXcoOmTekG1taTGKCe5usqIPMrZp9R_M-ghyaM-skI5cT2fCUWLefaIdVyO7SCY-rUkTpOoWW383QHsT8LYSeY0utH2HNSy6KZtGNQ&google_hm=eS1VVnIuWFdaRTJwSGQwVUFURmFIZTFPSERMNWY0VDVTRX5B
content-length: 0

GET
H2 200 usersync.aspx
dis.criteo.com/dis/ Frame E334 43 B
363 B 184ms
37ms Image
image/gif 178.250.1.9
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dis.criteo.com/dis/usersync.aspx?r=4&p=14&cp=google&cu=1&url=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcjp%26google_hm%3D%40%40CRITEO_USERID%40%40%26google_push%3DAXcoOmTiU6Uh0jPplG3DBDSeewRByeo1xqTwtyyq6z3O8sHpsAysAxK0dgAdwqlkgUki9K0rqCTW5F8HNFi-gEgavrWxIY1Y6KUDdw&google_gid=CAESEBTFuzTvMLDaUf0Kuk8RpaM&google_cver=1

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.1.9 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 28 Nov 2023 15:09:45 GMT
x-errorlevel: 0
strict-transport-security: max-age=31536000; preload;
server: Kestrel
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
content-type: image/gif
cache-control: no-cache
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 228300
expires: Tue, 28 Nov 2023 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame E334
Redirect Chain

https://c1.adform.net/serving/cookie/match/?party=1&google_gid=CAESEOMLUMQL_fGGZ4KEl9FpISk&google_cver=1&google_push=AXcoOmS5NEmgIC5a0W1eiHsjE8RU5RnrOossek99Z51gy9YSI6DTn7sw2IrZpFU1yfQEKoRgE8Aq5HwP...
https://c1.adform.net/serving/cookie/match/?CC=1&party=1&google_gid=CAESEOMLUMQL_fGGZ4KEl9FpISk&google_cver=1&google_push=AXcoOmS5NEmgIC5a0W1eiHsjE8RU5RnrOossek99Z51gy9YSI6DTn7sw2IrZpFU1yfQEKoRgE8A...
https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=ODMwNDg5MjcyMTczNTUzODc5OQ&google_push=AXcoOmS5NEmgIC5a0W1eiHsjE8RU5RnrOossek99Z51gy9YSI6DTn7sw2IrZpFU1yfQEKoRgE8Aq5H...

170 B
188 B

32ms
32ms

Image
image/png

142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=ODMwNDg5MjcyMTczNTUzODc5OQ&google_push=AXcoOmS5NEmgIC5a0W1eiHsjE8RU5RnrOossek99Z51gy9YSI6DTn7sw2IrZpFU1yfQEKoRgE8Aq5HwPTy-lWLJVTDwgjlUgDLi1bA

Protocol

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 28 Nov 2023 15:09:46 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 28 Nov 2023 15:09:46 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
access-control-max-age: 86400
access-control-allow-methods: GET
location: https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=ODMwNDg5MjcyMTczNTUzODc5OQ&google_push=AXcoOmS5NEmgIC5a0W1eiHsjE8RU5RnrOossek99Z51gy9YSI6DTn7sw2IrZpFU1yfQEKoRgE8Aq5HwPTy-lWLJVTDwgjlUgDLi1bA
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length: 0
expires: -1

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame E334 0
12 B 40ms
38ms Image
text/html 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13KS2vO4FpfDJw6e7ipfXW-zq4v1Xe9IKAhn_oEA2RqohG4pzWfoKLC585Xoy32cph2-6JdN

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 15:09:46 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3 200 Q12zgMmT.js Show response
tpc.googlesyndication.com/sodar/ Frame ED07 41 KB
14 KB 28ms
27ms Script
text/javascript 2a00:1450:4001:800::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-A_71jDWphtWbqwo5WgJoq3c4spSuvWuQoeqvbUEaFCP8MI7ayc1UrgvJWx5TCOzKdhFuSTddOGfpdnrSL0icxLnZ1IMQ6ixBJ9RPEG4-A-5F4j2O5jEdqygC3BpAZsQ5mgodTGkcmYev2l03S3-XY6TZb0YKCGhlKGtFaGXyOw8zETC-s&cry=1&dbm_d=AKAmf-CGVPeLpl9spMQ6omTNnVVIRMfjUdRaxoVDc0-ha-RbGCa24bv9uFoAa7fGUwrggH2bjlOFQIa473TuL1zlO3VuRvUKyCMsj-liHnAo9xmH0Zplg7hVyBUMom7i6D_haEo5e8yaVmsKtWy6mbymP8e-Jequ428sfdhSQLlfvVF3lGDeuOMwWmRPLk0nxUP5qvHPxx2vb1pajJ9P24VqepR6ouEoQXJwAxAY5_HLK1Dad2ywen4hsi9SskXc-YQvGU6EJYUlDLV4Z5DZWnQljb9QLkPWX8RZ4tFYXb6jGiB6xy3HQ5YboN0F2eJd0KXeXUL2HIgdUhCxx0XHNX2znYjEc6Ss6-1eD9KX34P9fjmNdKPCassjGDZC1-Wv5rTWbwVYyxL2Nw35rTU80_43pvMD8RKkslbd_TK2mTUBdcQb7jtwHEFnoFl4OanN2o9Kg8T5CxiiWQvA-XALryHwzuEqrRSjlggdgAyWLjCuMttfy2opTCYl7Si7hZPxV5gC5W0K-BXtV7IG1UAdHh3KHXjHw97lPj68VHzKm0t_nlGpz0Rru4wMYeTIhL3iruiX-xF_2YDM7Fa-xV8_NE3J05OMpAgxuvKrTN4-OGNxJvGiR7MiHKRJel_35pfGMzaYwdE5QFKeiufC0smfHkHq2o2w2niBcFhORCpB6p-IXbQdbBChXrTToLOiK0qqeVJaSeY9qnR0ioh0mDKiXsu1CK7oe3-82OcwDFnkoSDtjLaIAVyY4CMO4ry3ZdwnnxkoeUL5ETHxZPCroaEmzD5_rXX_2IwrKghtBEaozen1LmjluN-ryYIOv8brAGzFeVDo_7hU8gQ4futllLPe4rVdIu1EBT1b_X9Kc0N59gLi9VvfAsmyML6KyFiauIF8KUp0Zqo2QcMY0EUAbZdzlF6SHAiKHnxIhDcEug1a21-04bL3jhAnue3Udb36UmvlQMIGZf2D9LxcjBYMKXHcuV407YkxYLLu9ZGI9dZ2lE_r2EV3EDBQfOxYh2OZZabmwpYdQu58Nm5tARvEvIgb7rsMwPTwg6lkfcl3SV0bDGEDAxj58FFkYa8QD_uhH0q-o28SS9Aw1LbtW98Y6Ca7wan0kYd27ijqNEYvgx845mvh1TvIxodcDixohHtxx9BDu5cvrRtnQHKdsvJHsgZKkX2BSEnW8omy562rcc5EHI_QqHwLD20aF9A6c8_4mEeMod-4GuFB6KRvix8-6LXGzgMTOKcRkrq_nuOfHFqcqOHtqMaUbTlhWAS7tWwEsRpxGapYO9L-sx__HbKMB5NM3_aP_VCnhMiPOHUgVrD2H30uC_uFp-5Q4iva7zQIGI4AwuoCTYqX7FuIE9rbp6vk1uv4D1VbHfTc8bPzGg6azViqzs_jz1bfKyTAlP9HfYKDpWR-6AuZ3rksGbeZ7JHf1SF-RQEBJ50qujxGh5dUDv83dqKbmUgM4mg1gKWAIWckHRHC6IpXi64AzSEzrRRauc-f2Mz1lFHyZytUzM0GmHXeG3VMGwbB7KpkNPvHwYFIWpFdfHU4tNErltgShuRXyXcG2sYGMYYP0I3mIlxX-VW5g5Rg5g3lxbZ4rhtf6uw1WmhYp8guf7xNamzEu1tIro-f1pKt3MlCU_LAHqYFpAK38wWwPaXXcFZeENrahIfpO6pPJ8rhzzuL78IYD8bGKEfAxgBVKudKPyZAbBRQepq1ib_PHZqv8_Smek9OJIGRxICKN95jET4Z9C_BBFeQWE7xt2eu-MPGZoyAObz2gWU9znTVb9MJDAGgMrXNvlEYtuCr9WuecWEn_Vod9ug6ahGSNFNY277QfUwqTRKlgDXfMtmk-tUDgB_mO_49h28RZcqZevTpR07ana3YDkowAETNqhRx2uwSsp5blCh18HPrVzeAS9hRc1hvHlybMeqAaIqULBo54mxSKqRhNK2N2B15Xiz3tytSyzU0e9qQSf7sJAtTdGv8Gl0KVBWeif7Yt8H-5Roynzo8bd_Yhmp7yH2WFjdkeqePxkFm8qr9vaKPoko0XOskQeQPf2Qgi_fZan5v_xDnZcK2jt1pmY7mUzfFSty3AN09yX3ghD5qbzk7nqlgD0iFf33Vk0FcIYdoxYqXpbjltBvNG2TZVMhIzpO87ADp1ioV54359DJzYAeV3i7-vYaPzcOm0HGGcs6aASug-x_bPKb9lz6KZWgkh6mtKnTDtLVbwbG0o37WyQQ_RdGlO6Ntgq_GtWIk6UkFmJHss_-BCyp4znXSgNqU-NcUTY-zYecbSEuYztigsAw_zrfF1irk-EqidmSglPjggPzaV_nWga5jRs-wPbXiHcDxiZ-P1anJynjQEn0FnP2Wos4P8HsNI4o7eOuI1SX2HPJE8UtJXumGNMGk2JzsCL8DNUQuM7vbX6MqAU4WmKj5_slHEb6NW8pluNNirFrSfvUBCvZ0L7iwzF9wsKFD5SfSQgzWucoZhJs1W3KX68sRnM3dU6gySmJspccv95HsO-o_QipFBmnZv-P-bpcrRZad0ctC9ZEqYxVtT3_UIhKHYEI1i0S-KFQ8-zJ4ffWXYQSHzAXwqfmoUTqmQvGvs755Ue3wY1wEzqUjh1TQOoKgcD1q_InCS45wKsTnlFiVG6o-tovz8AZJkw9aQYzDi7KiLlt0hOZIngkv-SoZCl7hrUyIjXQ4rLcMHaIxw_trrTAeQtyhuPKPC3tsDt2HnCOhanFJyf7rg5_gU_wI3oJLwZRmHpHRoCg-ZebBcDNBzOqVI3BJv4UZ6h8dhy-QdYNDmciVu5-7mwBrtMm44DkybicwqyQrurxijnV9HLx_mjBgfsxlbrzuQ53eI1YqFdcx-mI_oKBzV5H6_egBwFA_oK-L4RyI3YnYlvq66zfLT1lfiMCjUQF96Apa5ysiiE35Sac4Ffboc4IetVNyLx59ed0Ib9YPcQckx5zn41ABtC0JNO2IvuUrCIv1Mt2YXnqGjiFegs6S_ej0BafjdBn0R-EPKh5OpkVFmZlPa93serSstqtXk0Ui0SrEQHSndGwRdLBvEnOnMkCFKQT1nQMWW-5vCwdXISGeGKYm2Uvlfd2FwdktHV1YcLrijWZRlHAeTx1pHnXQ4fvX-TYjdWWowTKJBeTHA6D49wqtY9I2SdyKddjQQ67HVO9yQoO6XPhkKqGoDAal4bD0nIC81bDpDNQcQNr7qPEc7bDbvUgeOqGJjn2dhTb0Y9I5YSoAUwGIhN982BxndyzkqoGXamP6WgwhdFSyhooTGaNenZlkWCJv8GR4d4t5FURHAUy2mSu_0JhqiCQnNVeVjHi8AIznN5npthD3-69B24dd0KDEUBd4iFEpX0_s9vGI5K3YKwj6bUQDBNMDBK02rYiXhUxixcseCsTrPIYPq6GBpgdbUA2khxXkaqpiOkt4w3KmZIXgqHFmwvBPB66KWEeQ63IAD8JfCBVTylWPt3_BHNou_FuCrTLr_rIsNWx8FOcYux3CG08BeYjtu4uL420xX894NIUs2qUZ_dIYfe62HFVKo1OSnVu-qd7Wjv4aIvsp9FcFiequNjKJamd2Gd_9I2mpdqrBOL8mCa1fFNaJPR9iF_BDMq6_WDzLWWS67PX00MAUV8XJ6s--A44WqRZdEQ7k-I5GVrPyvTGWR2vH4Cs8lStFJD7Wy8wReqTu_4_VHCgHQnHpZH6B-mIaDuUJrvFv6Z3CL77KqTTmOAUNQn4KBXwS-VloVHRTN7oSqe52HHRbBC31PcyXZQmLdUCysOBZNMQi5N_1WRvCEiQL8-MZ_EdFYGQ7pkDYzDamikF45wbx4qClVciO_m46lW5NueQ7Wg0Pqw9GV0tjm6ez4fPZ_pNxElNNIn1KDMsrI0rOHowtsKLL5mtthlShaUkbSFksnrW5327Jd6GwY6tf6ApOXzhWGDwYb72cjSpvAhxK1NFgdLFu6sTRyg6_oDuFLSHAMjJ6-EffsioVlWO0_zJH7k0vzJfwnQwgBMJj91yBJzIFooTvbWhPgIIs4SeflC1cGfdz-_hR2mJrSIHIqr3GZx_f51i8aN-lbwOVhxVoZzgFxAA9PXXRPw&cid=CAQSTwDICaaNxYoVwZ0MAhokayQsDWi_3xXlWWVNNCWhnPDnV8vjOTyq4IRVgKeK27hO6iR9x8L9ZyPeRAqQyxsk7NHRyhPc0uzfNGG1KaUBJccYAQ&dv3_ver=m202309260101&rfl=https%3A%2F%2Fwinzoro.net&ds=l&xdt=1&iif=1&cor=10760258440664095000&adk=521587874&idt=140&cac=0&dtd=2

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

435db380c9936c0970dcd3d9941eab6aec2fcf2a38c3e2b4e02d957e8e76bd1f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Fri, 24 Nov 2023 18:05:08 GMT
content-encoding: br
x-content-type-options: nosniff
age: 335078
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13937
x-xss-protection: 0
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 23 Nov 2024 18:05:08 GMT

GET
H2 200 attribution_src_register;crd=cXVlcnlfZXZlbnRfaWQgewogIHRpbWVfdXNlYzogMTcwMTE4NDE4NjAzMDM2MAogIHNlcnZlcl9pcDogMTI2MDYyMzY1CiAgcHJvY2Vzc19pZDogMzEzODI1NjMxNgp9CmZsb29kbGlnaHRfY29uZmlnX2lkOiAxMTg2ODk0...
ad.doubleclick.net/ddm/activity/ Frame ED07 0
498 B 162ms
74ms Image
image/png 142.250.186.166
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ad.doubleclick.net/ddm/activity/attribution_src_register;crd=cXVlcnlfZXZlbnRfaWQgewogIHRpbWVfdXNlYzogMTcwMTE4NDE4NjAzMDM2MAogIHNlcnZlcl9pcDogMTI2MDYyMzY1CiAgcHJvY2Vzc19pZDogMzEzODI1NjMxNgp9CmZsb29kbGlnaHRfY29uZmlnX2lkOiAxMTg2ODk0MwphZHZlcnRpc2VyX2RvbWFpbjogImh0dHBzOi8vcmVkaW50ZWxsaWdlbmNlLm5ldCIKeGZhX2F0dHJpYnV0aW9uX2ludGVyYWN0aW9uX3R5cGU6IFZJRVcKaW1wcmVzc2lvbl9wcmlvcml0eTogMAppbXByZXNzaW9uX2V4cGlyeV9pbl9kYXlzOiAzMApldmVudF9pbXByZXNzaW9uX2lkOiAxNzE2MTE3NTg2MzE2NTExNTMxOQpkZWJ1Z19rZXk6IDI5MjI5MTE3MTAzMzM1MzIyNzAKaW1wcmVzc2lvbl9tZWFzdXJlbWVudF9kaW1lbnNpb25zX2RhdGEgewogIG1lYXN1cmVtZW50X2RpbWVuc2lvbjogSU1QUkVTU0lPTl9ESU1FTlNJT05fUFJPRFVDVF9UWVBFCiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uX3ZhbHVlIHsKICAgIGludDY0X3ZhbHVlOiAyCiAgfQp9CmltcHJlc3Npb25fbWVhc3VyZW1lbnRfZGltZW5zaW9uc19kYXRhIHsKICBtZWFzdXJlbWVudF9kaW1lbnNpb246IElNUFJFU1NJT05fRElNRU5TSU9OX0lOVEVSQUNUSU9OX1RZUEUKICBtZWFzdXJlbWVudF9kaW1lbnNpb25fdmFsdWUgewogICAgaW50NjRfdmFsdWU6IDMKICB9Cn0KaW1wcmVzc2lvbl9tZWFzdXJlbWVudF9kaW1lbnNpb25zX2RhdGEgewogIG1lYXN1cmVtZW50X2RpbWVuc2lvbjogSU1QUkVTU0lPTl9ESU1FTlNJT05fSU5URVJBQ1RJT05fREFURQogIG1lYXN1cmVtZW50X2RpbWVuc2lvbl92YWx1ZSB7CiAgICBzdHJpbmdfdmFsdWU6ICIyMDIzLTExLTI4IgogIH0KfQppbXByZXNzaW9uX21lYXN1cmVtZW50X2RpbWVuc2lvbnNfZGF0YSB7CiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uOiBJTVBSRVNTSU9OX0RJTUVOU0lPTl9GTE9PRExJR0hUX0NPTkZJR19JRAogIG1lYXN1cmVtZW50X2RpbWVuc2lvbl92YWx1ZSB7CiAgICBpbnQ2NF92YWx1ZTogMTE4Njg5NDMKICB9Cn0KaW1wcmVzc2lvbl9tZWFzdXJlbWVudF9kaW1lbnNpb25zX2RhdGEgewogIG1lYXN1cmVtZW50X2RpbWVuc2lvbjogSU1QUkVTU0lPTl9ESU1FTlNJT05fQ09SRV9QTEFURk9STV9TRVJWSUNFCiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uX3ZhbHVlIHsKICAgIGludDY0X3ZhbHVlOiAwCiAgfQp9CmltcHJlc3Npb25fbWVhc3VyZW1lbnRfZGltZW5zaW9uc19kYXRhIHsKICBtZWFzdXJlbWVudF9kaW1lbnNpb246IElNUFJFU1NJT05fRElNRU5TSU9OX1BMQVRGT1JNX1RZUEUKICBtZWFzdXJlbWVudF9kaW1lbnNpb25fdmFsdWUgewogICAgaW50NjRfdmFsdWU6IDAKICB9Cn0KaW1wcmVzc2lvbl9tZWFzdXJlbWVudF9kaW1lbnNpb25zX2RhdGEgewogIG1lYXN1cmVtZW50X2RpbWVuc2lvbjogSU1QUkVTU0lPTl9ESU1FTlNJT05fUVVFUllfQ09VTlRSWQogIG1lYXN1cmVtZW50X2RpbWVuc2lvbl92YWx1ZSB7CiAgICBzdHJpbmdfdmFsdWU6ICJVUyIKICB9Cn0KaW1wcmVzc2lvbl9tZWFzdXJlbWVudF9kaW1lbnNpb25zX2RhdGEgewogIG1lYXN1cmVtZW50X2RpbWVuc2lvbjogSU1QUkVTU0lPTl9ESU1FTlNJT05fUExBQ0VNRU5UX0lECiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uX3ZhbHVlIHsKICAgIGludDY0X3ZhbHVlOiAzMzIxNzQ4NDAKICB9Cn0KaW1wcmVzc2lvbl9tZWFzdXJlbWVudF9kaW1lbnNpb25zX2RhdGEgewogIG1lYXN1cmVtZW50X2RpbWVuc2lvbjogSU1QUkVTU0lPTl9ESU1FTlNJT05fRFYzX0FEVkVSVElTRVJfSUQKICBtZWFzdXJlbWVudF9kaW1lbnNpb25fdmFsdWUgewogICAgaW50NjRfdmFsdWU6IDg3ODI0MzY5NgogIH0KfQppbXByZXNzaW9uX21lYXN1cmVtZW50X2RpbWVuc2lvbnNfZGF0YSB7CiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uOiBJTVBSRVNTSU9OX0RJTUVOU0lPTl9EVjNfTElORV9JVEVNX0lECiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uX3ZhbHVlIHsKICAgIGludDY0X3ZhbHVlOiAxNjY2MDE0MjA2MwogIH0KfQppbXByZXNzaW9uX21lYXN1cmVtZW50X2RpbWVuc2lvbnNfZGF0YSB7CiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uOiBJTVBSRVNTSU9OX0RJTUVOU0lPTl9EVjNfQ1JFQVRJVkVfSUQKICBtZWFzdXJlbWVudF9kaW1lbnNpb25fdmFsdWUgewogICAgaW50NjRfdmFsdWU6IDQxNjIwODYzOAogIH0KfQphcmNoZXR5cGVfaWQ6IDEyCmFyY2hldHlwZV9pZDogMTMKYXJjaGV0eXBlX2lkOiAxNAphcmNoZXR5cGVfaWQ6IDE1CmFkdmVydGlzZXJfY29udmVyc2lvbl9kb21haW5zOiAiaHR0cHM6Ly9yZWRpbnRlbGxpZ2VuY2UubmV0IgphZHZlcnRpc2VyX2NvbnZlcnNpb25fZG9tYWluczogImh0dHBzOi8vYWQtc3J2Lm5ldCIKYWR2ZXJ0aXNlcl9jb252ZXJzaW9uX2RvbWFpbnM6ICJodHRwczovL2tsaWNrLXdlbHQuZGUiCmltcHJlc3Npb25fZXZlbnRfcmVwb3J0aW5nX3dpbmRvd19kYXlzOiA0CmJyb3dzZXJfYXR0cmlidXRpb25fYXBpX3JlcXVlc3RfcHJvY2Vzc2luZ19iaXRzOiA3MzgxOTc1MDQK

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_nohtml_fy2021.html?hello=world&fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.166 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f6.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 28 Nov 2023 15:09:46 GMT
x-content-type-options: nosniff
attribution-reporting-register-source: {"aggregation_keys":{"12":"0xc609a60aeef815520000000000000000","13":"0xdc96607a738f84370000000000000000","14":"0xcef74da04684df550000000000000000","15":"0xcc97493d25356c560000000000000000"},"debug_key":"2922911710333532270","debug_reporting":true,"destination":"https://redintelligence.net","event_report_window":"345600","expiry":"2592000","filter_data":{"14":[],"8":["11868943"]},"priority":"0","source_event_id":"17161175863165115319"}
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type: image/png
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK g72h7lz2c4az Show response
hal9000.redintelligence.net/zone/ Frame ED07 11 KB
4 KB 113ms
43ms Script
text/html 138.201.84.244
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal9000.redintelligence.net/zone/g72h7lz2c4az?subid=&gdpr=&gdpr_consent=&rnd=1701184185011828&extVar[]=DV360_SSP:1&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCdfeSuQJmZbRctpuIzQ_HnK-QBqblvaBphZWcp8kP8C4QASDjkNURYJX68IGMB8gBCakCA7dZa_pfsj6oAwHIA5sEqgTbAU_QakQG_05Y1OpEMFtqpP4k0-34IAWP_USdkMN-7FWHb8L5gXopPagSOrYgF5n1qzR0f2UUrwk9UlWtF0vltLVHtVHj6YjPCzcz_irxCwHTfa4PpK40JawhvmoZ-Ziot_FhR-0K00IL4yC88VH1WlFnhQ5R1k_Y_1tc7-UhLgpsEpWd-zJPh9CGceYRJp4TNRUnJAaQBQWZ9jVtIHD0G5POgOW9JaoVA7FMaAuBLsW7Z5ivzeQDMfW6ZluVLZKvMzVIjhASrRQcRF101jC22PSh9KsBssMW83iogsAE64_8jvcD4AQDiAXvr5aIPpAGAaAGTYAHrK31nwOoB9m2sQKoB47OG6gHk9gbqAfulrECqAf-nrECqAfVyRuoB6a-G6gHmgaoB_PRG6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggfCIDhgBAQARgfMgKqAjoCgEBIvf3BOlj44Kz4_OaCA4AKAZgLAcgLAYAMAaIMGCoWChTktLEC7rWxArW4sQLktLEC7rWxAqoNAkRFsBOH77EV0BMA2BMDiBQB2BQB0BUB-BYBgBcB%26ae%3D1%26num%3D1%26cid%3DCAQSTwDICaaNxYoVwZ0MAhokayQsDWi_3xXlWWVNNCWhnPDnV8vjOTyq4IRVgKeK27hO6iR9x8L9ZyPeRAqQyxsk7NHRyhPc0uzfNGG1KaUBJccYAQ%26sig%3DAOD64_1KXZVMqe_g1TKXZteoNF5vFvCmRQ%26client%3Dca-pub-4379353840599633%26dbm_c%3DAKAmf-DNEbKhKsMdkQkH-GRIBSToWzFBV6yj57dQNQtesw994iqCJNzwLW8lF7PIM0X-YxAfFRHOHTnTQBv7Cn1ahJpMiBvcBDUgc_mG-1PepIzDlO6EXNbhvoIUDi5flbyx-L35BbBkvemxhdUivYj9-KsF9k89pWf13bAQiW1_LdeCGqD5B-4%26cry%3D1%26dbm_d%3DAKAmf-Drs6y5mpPSgTMMH5HdOkC-CJo83JPJ28kPjKOadGdv9CyrIvjzrrrP5z0m4RsG3Lg4ucAyK-WEZhJUkfUwbUxWhufacLGBaDvaTifPl65EPuIDGdWC7sqKwEkQj3bjTmYFHcGJKKVKCxXxErO2JLLirojjS6GJVvsVm-twk4IkEX8-PFaG_EAVI6zCz6HvGqEfFkyChdEU7tUMBwGWa10_qXCTLcyFD4QjHHjwD6s3jdkKQSvKtS6eai1y2STmmti-K8ThH68l3n2mxz7JK8JdKmN99kRqsREeBhsjn_J5td-eaq_iMk-Wcn3v6Q0_UE0nvsr6GVD-N1hL5IxqbdSD-CUok1hAFVvnnGCYX6SpC11xv8lPfk7yKOXx0NdqfIkh8sxa9K4DYC3wH_StjUfl9tDlVPtsN1AievylL4MBGTKcc1_1fVva9CQzCI5FvDIKdzSgS_jOM_BQkx3T6L1gy-HQ0-eoLg1mF3sdg7ep03q4Qa5YlSP1tvs46Zqvm_QB9ifOfXFqGcOQerIuE5tvjO75g4gwobZloDjhOSC-DjP4IWU%26adurl%3D
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_nohtml_fy2021.html?hello=world&fsb=1
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.84.244 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.244.84.201.138.clients.your-server.de
Software: Apache /
Resource Hash: c3bfb6fbde860bd601660664e6bc5bc8293af1e5d48b39bf3bede0facbffd751

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date: Tue, 28 Nov 2023 15:09:46 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 4156
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame 9336 0
19 B 69ms
69ms Image
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CZMUiuQJmZaWjKLeciM0P2sCU6AzJntKxXPXalvdwwI23ARABIABglfrwgYwHggEXY2EtcHViLTQzNzkzNTM4NDA1OTk2MzPIAQmpAtTCo7LyXrI-qAMByAMCqgS2AU_QBccK0ts-0oKdKDsYBvFeNiMInDCvE-yMG7Q8vQfVOjSm3iwPW1TGYkD5trfZEsjyRz-qJAFR7aWBlCZUq3diyGNw5uOxXI-vW5lzL-lq61RxLXSgmM-eiWk2XGiq3eY1MBr3lQqKWpI7h-rHR0eDbN-_l-74AMRYZ7A4ZyDcOCYyWAsmwmQRd6FRm2pb8HXEA51DcSyVhOZTkRsf2Fe1HYAOAdD2Xa1HoymeJAAzfx5ILdWRgAbcioG9gIPG97YBoAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIFAiA4YAQEAEyAqoCOgKAQEi9_cE6gAoB-gsCCAGADAHQFQGAFwGyFxoKGBIUcHViLTQzNzkzNTM4NDA1OTk2MzMYAA&sigh=Ymm-jw0yoU4&uach_m=%5BUACH%5D&cid=CAQSOwDICaaNauJAGmzruofQ7yCv1lUpk15QQQfKvFXLvTPZR9LPxfX_2OeVqOWpu28Xqke0YIJwxqdULb1dGAE&cbvp=2&vis=1

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4379353840599633&output=html&h=280&adk=281093907&adf=495251238&pi=t.aa~a.3502614405~i.2~rp.1&w=960&fwrn=4&fwrnh=100&lmt=1701184185&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=7633074340&ad_type=text_image&format=960x280&url=https%3A%2F%2Fwinzoro.net%2F&ea=0&fwr=0&pra=3&rh=200&rw=960&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1701184185611&bpp=3&bdt=1199&idt=3&shv=r20231109&mjsv=m202311140101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=2&correlator=575793446681&frm=20&pv=1&ga_vid=1577247992.1701184185&ga_sid=1701184185&ga_hid=624964592&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=440&ady=2294&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44809005%2C31078297%2C31079756%2C44807763%2C44808148%2C44808285%2C44809053%2C44809072%2C318512602&oid=2&pvsid=3572195228664700&tmod=761175717&uas=0&nvt=1&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&btvi=1&fsb=1&dtd=7
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Tue, 28 Nov 2023 15:09:46 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H2 200 notify
rtb.fr3.eu.criteo.com/google/auction/ Frame 9336 0
126 B 131ms
40ms Image
text/plain 2a02:2638:d::c
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://rtb.fr3.eu.criteo.com/google/auction/notify?profile=14&payload=kKW_EMz6RMAHmAKdg2ICAgAAAEDeR6KGN2a-ELkCZmWJXeZ35Tkm1mKPAAASAAAKCkFRVUJEd0VCRHc&wp=ZWYCuQAKEaUDog43AAUgWprp-_IjW0YtOGVvgg&cbvp=2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::c , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 15:09:45 GMT
strict-transport-security: max-age=31536000; preload;
server-processing-duration-in-ticks: 177835
server: Kestrel
content-length: 0

GET
H3 200 62bHydCX.html Show response
tpc.googlesyndication.com/sodar/ Frame 3052 38 KB
13 KB 33ms
32ms Document
text/html 2a00:1450:4001:800::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/62bHydCX.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

eb66c7c9d097d5ba414230f422484c17fa6f37157d30e1ded2cc5f65a9667987

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 215466
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: br
content-length: 13045
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Sun, 26 Nov 2023 03:18:40 GMT
expires: Mon, 25 Nov 2024 03:18:40 GMT
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 62bHydCX.html Show response
tpc.googlesyndication.com/sodar/ Frame 12A4 38 KB
13 KB 33ms
32ms Document
text/html 2a00:1450:4001:800::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/62bHydCX.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

eb66c7c9d097d5ba414230f422484c17fa6f37157d30e1ded2cc5f65a9667987

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 215466
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: br
content-length: 13045
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Sun, 26 Nov 2023 03:18:40 GMT
expires: Mon, 25 Nov 2024 03:18:40 GMT
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 62bHydCX.html Show response
tpc.googlesyndication.com/sodar/ Frame F5F3 38 KB
13 KB 36ms
34ms Document
text/html 2a00:1450:4001:800::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/62bHydCX.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

eb66c7c9d097d5ba414230f422484c17fa6f37157d30e1ded2cc5f65a9667987

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 215466
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: br
content-length: 13045
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Sun, 26 Nov 2023 03:18:40 GMT
expires: Mon, 25 Nov 2024 03:18:40 GMT
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame 792B 0
10 B 29ms
28ms Image
text/plain 2a00:1450:4001:800::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?YLh3Qg
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 15:09:46 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H2 200 privacy_small.svg
static.criteo.net/flash/icon/ Frame 226E 2 KB
1 KB 142ms
49ms Image
image/svg+xml 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/privacy_small.svg

Requested by

Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=ZWYCuQAKEaUDog43AAUgWprp-_IjW0YtOGVvgg&u=%7CaEyhkWsxNkyB7TcWkfS%2BwTFDkCLD5wQ5Km2T4QInU1M%3D%7C&c1=0n2XosTo5ckbeNFvq0zVIcsyhyT3WKD0PIixkNz--ZUG2JILUkurhSkBmqMNl2IWHL9APLQJ6z1MiR3q3hC861LGUQJ6oiMmdgvDfbq_QsY80a5vG587ggvq0MgrkNquaOmQj0A5QSwY4hoARDSqAESCwPhposuw2JMD9J5qoFsOjn8YjC9Eh0kNSZTQ-FFLQ09iDDS_mRfbIVrpe_9ALuALuPRBgKS5IpkSR_2W_pDnyVg15iLPj7mhj_mhMfsFzfQl6R4pCqZH7xcVIo--nd5tJBJc9ONE_lYxKvSkDjU05RyMOwgQjTrMZJjGn9M57HLhelGHqLDVIeWz_PEsntxHgNFU-qObtabLqHY0VkcUHZGbC2aSoC4AhLp-Spder7U3YWKIvvkNMgNvPpJacvOqa-QkAUNYVfW5yrAaHnJaaTqv9Ut5xAl22kVcflIBFIuUvMYrPxNcxaONRgOKJMiB4RsatHRGdH_SX-z5ij7LJ8Ja8I-YStpR_FTR59RFoJdROBy9Sd5r0bnmdpeklPsa8X1RoRc4UGpd2rHlFCiR-BtpdYIUEZSdrH0s1IqFdEl3EQQ3S6OZzlnU-uqOk5Ev7J6mc2VnGsiHP7dfq7F-Tnf85wjQs53Y-58oDOtVuYSMdcgZZ7ERR6kXvfqlwg&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCKePPuQJmZaWjKLeciM0P2sCU6AzJntKxXPXalvdwwI23ARABIABglfrwgYwHggEXY2EtcHViLTQzNzkzNTM4NDA1OTk2MzPIAQmpAtTCo7LyXrI-qAMByAMCqgS5AU_QBccK0ts-0oKdKDsYBvFeNiMInDCvE-yMG7Q8vQfVOjSm3iwPW1TGYkD5trfZEsjyRz-qJAFR7aWBlCZUq3diyGNw5uOxXI-vW5lzL-lq61RxLXSgmM-eiWk2XGiq3eY1MBr3lQqKWpI7h-rHR0eDbN-_l-74AMRYZ7A4ZyDcOCYyWAsmwmQRd6FRm2pb8DfGIg_D4vyoIjZ0S5c_MfO7Ooq4C_7u3xmPno9smx4fZ4aCufV4T1hxgAbcioG9gIPG97YBoAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIFAiA4YAQEAEyAqoCOgKAQEi9_cE6-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_1T8rvXO3XHPzaS3m3HjZiHWhECSQ%26client%3Dca-pub-4379353840599633%26adurl%3D

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a71fdb2af0679f36edbf63eb7944dc2403c85572d9de916cfcb12bf6277c5c37

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 15:09:46 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Tue, 11 Feb 2020 14:30:28 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e42ba84-6aa"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Fri, 22 Nov 2024 15:09:46 GMT

GET
H2 200 adchoices_de.svg
static.criteo.net/flash/icon/ Frame 226E 2 KB
1 KB 142ms
50ms Image
image/svg+xml 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/adchoices_de.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

f5ac04f16be2eb0fbb4477e9e100a88674bda296ce7acf2419ec2898858b37f1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 15:09:46 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Tue, 11 Feb 2020 14:27:58 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e42b9ee-763"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Fri, 22 Nov 2024 15:09:46 GMT

GET
H2 200 close_button.svg
static.criteo.net/flash/icon/ Frame 226E 308 B
637 B 133ms
49ms Image
image/svg+xml 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/close_button.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

8ec89605fe3d580e9539c7b858e8f69ba4e26fe06377ebe04585397de23a7395

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 15:09:46 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Fri, 14 Feb 2020 13:51:32 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "5e46a5e4-134"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 308
expires: Fri, 22 Nov 2024 15:09:46 GMT

GET
H2 200 back_button2.svg
static.criteo.net/flash/icon/ Frame 226E 293 B
621 B 134ms
50ms Image
image/svg+xml 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/back_button2.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

725e869434fef8013208ed4c233d29744f9b363f867dcfb8f23e862880fa699a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 15:09:46 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Thu, 28 Apr 2022 09:09:48 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "626a59dc-125"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 293
expires: Fri, 22 Nov 2024 15:09:46 GMT

GET
H2 200 lg.php
cat.nl3.eu.criteo.com/delivery/ Frame 226E 43 B
348 B 119ms
36ms Image
image/gif 178.250.1.6
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cat.nl3.eu.criteo.com/delivery/lg.php?cppv=3&cpp=Tt0UJlpK7UNOzZVT8RZfYtdX4rCohxWpGn8UgP1LrcZuuLO_3gWBJtP494CVfyMn-WJvcvxYYrqa_whII8k9VT_YF6IFod9t9Jh2QtOzROHma59U6mSqDx2wX-zqgS9bNNCyoV0AhLnDUmIXCooZPGFVwc5KeT7jTjA9l4ujgoNliV02DxPhZL9WdGeuxpFcEFcePoNzZ06tI5g-_Pmj9VvtTcymwERasUP6hvFBrK80ZFUHlB-osnK2tBbclycfbE7Tu3Lee6SNnwnJn00kpXoZneKDg4pHgvQ7OCiYu-kOeb0L_5Ua5ZGlwBvHvhWg_kjm2ZCebfu4znOY3pNNa9r_G6n0J2d40ik5_XBjJ5OkydL9oP7e61M6Y1dk-fVrNJdQYHXKidcM2DT68Dyu_6OQ2mDUydmKdFkxWrfYHAmkKTcr

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.1.6 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 28 Nov 2023 15:09:46 GMT
strict-transport-security: max-age=31536000; preload;
server: Kestrel
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
content-type: image/gif
cache-control: no-cache
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 1486675
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2 200 webfontloader.js Show response
cdnjs.cloudflare.com/ajax/libs/webfont/1.6.28/ Frame 226E 12 KB
5 KB 82ms
29ms Script
application/javascript 2606:4700::6811:190e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/webfont/1.6.28/webfontloader.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:190e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e0ee294b5487df566aad23b603fd902535634cfa957be8e7620396515afb1047

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 15:09:46 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 1593761
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 4420
last-modified: Mon, 04 May 2020 16:17:52 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb04030-30d9"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VHXz2vb3s39SON3Hpz3Q6bxPvfW3B9tr47yz1O9qmJyvOKRBeycERLI%2FtqyL4%2BIbvk4%2F8HGAZBz6Y9vAApZxGfYe7kKWdSQbuG%2Fye%2B7DWYuvZby2avdBygu1VZCr8RZbfkfACZGK5ZUlnzxkLT%2F%2BA0TQ"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 82d388ac9da59112-FRA
expires: Sun, 17 Nov 2024 15:09:46 GMT

GET
H/1.1

200
OK

request.php Show response
hal900014.redintelligence.net/ Frame ED07
Redirect Chain

https://hal900014.redintelligence.net/request.php?zone=g72h7lz2c4az&nw=20&renderingType=javascript&namespace=9f7375be84&subid=&uid=6bb70c5d9c2a7028&screenSize=1600x1200&screenSizeAvail=1600x1200&cl...
https://hal900014.redintelligence.net/request.php?zone=g72h7lz2c4az&nw=20&renderingType=javascript&namespace=9f7375be84&subid=&uid=6bb70c5d9c2a7028&screenSize=1600x1200&screenSizeAvail=1600x1200&cl...

4 KB
2 KB

182ms
115ms

Script
application/x-javascript

176.9.26.250
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900014.redintelligence.net/request.php?zone=g72h7lz2c4az&nw=20&renderingType=javascript&namespace=9f7375be84&subid=&uid=6bb70c5d9c2a7028&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCdfeSuQJmZbRctpuIzQ_HnK-QBqblvaBphZWcp8kP8C4QASDjkNURYJX68IGMB8gBCakCA7dZa_pfsj6oAwHIA5sEqgTbAU_QakQG_05Y1OpEMFtqpP4k0-34IAWP_USdkMN-7FWHb8L5gXopPagSOrYgF5n1qzR0f2UUrwk9UlWtF0vltLVHtVHj6YjPCzcz_irxCwHTfa4PpK40JawhvmoZ-Ziot_FhR-0K00IL4yC88VH1WlFnhQ5R1k_Y_1tc7-UhLgpsEpWd-zJPh9CGceYRJp4TNRUnJAaQBQWZ9jVtIHD0G5POgOW9JaoVA7FMaAuBLsW7Z5ivzeQDMfW6ZluVLZKvMzVIjhASrRQcRF101jC22PSh9KsBssMW83iogsAE64_8jvcD4AQDiAXvr5aIPpAGAaAGTYAHrK31nwOoB9m2sQKoB47OG6gHk9gbqAfulrECqAf-nrECqAfVyRuoB6a-G6gHmgaoB_PRG6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggfCIDhgBAQARgfMgKqAjoCgEBIvf3BOlj44Kz4_OaCA4AKAZgLAcgLAYAMAaIMGCoWChTktLEC7rWxArW4sQLktLEC7rWxAqoNAkRFsBOH77EV0BMA2BMDiBQB2BQB0BUB-BYBgBcB%26ae%3D1%26num%3D1%26cid%3DCAQSTwDICaaNxYoVwZ0MAhokayQsDWi_3xXlWWVNNCWhnPDnV8vjOTyq4IRVgKeK27hO6iR9x8L9ZyPeRAqQyxsk7NHRyhPc0uzfNGG1KaUBJccYAQ%26sig%3DAOD64_1KXZVMqe_g1TKXZteoNF5vFvCmRQ%26client%3Dca-pub-4379353840599633%26dbm_c%3DAKAmf-DNEbKhKsMdkQkH-GRIBSToWzFBV6yj57dQNQtesw994iqCJNzwLW8lF7PIM0X-YxAfFRHOHTnTQBv7Cn1ahJpMiBvcBDUgc_mG-1PepIzDlO6EXNbhvoIUDi5flbyx-L35BbBkvemxhdUivYj9-KsF9k89pWf13bAQiW1_LdeCGqD5B-4%26cry%3D1%26dbm_d%3DAKAmf-Drs6y5mpPSgTMMH5HdOkC-CJo83JPJ28kPjKOadGdv9CyrIvjzrrrP5z0m4RsG3Lg4ucAyK-WEZhJUkfUwbUxWhufacLGBaDvaTifPl65EPuIDGdWC7sqKwEkQj3bjTmYFHcGJKKVKCxXxErO2JLLirojjS6GJVvsVm-twk4IkEX8-PFaG_EAVI6zCz6HvGqEfFkyChdEU7tUMBwGWa10_qXCTLcyFD4QjHHjwD6s3jdkKQSvKtS6eai1y2STmmti-K8ThH68l3n2mxz7JK8JdKmN99kRqsREeBhsjn_J5td-eaq_iMk-Wcn3v6Q0_UE0nvsr6GVD-N1hL5IxqbdSD-CUok1hAFVvnnGCYX6SpC11xv8lPfk7yKOXx0NdqfIkh8sxa9K4DYC3wH_StjUfl9tDlVPtsN1AievylL4MBGTKcc1_1fVva9CQzCI5FvDIKdzSgS_jOM_BQkx3T6L1gy-HQ0-eoLg1mF3sdg7ep03q4Qa5YlSP1tvs46Zqvm_QB9ifOfXFqGcOQerIuE5tvjO75g4gwobZloDjhOSC-DjP4IWU%26adurl%3D&documentReferer=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fhtml%2Fr20231109%2Fr20110914%2Fzrt_lookup_nohtml_fy2021.html%3Fhello%3Dworld%26fsb%3D1%23RS-3-%26adk%3D1812271801%26client%3Dca-pub-4379353840599633%26fa%3D1%26ifi%3D6%26uci%3Da!6%26btvi%3D4&ancestorOrigins=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Chttps%3A%2F%2Fwinzoro.net&random=9249579024511&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_nohtml_fy2021.html?hello=world&fsb=1
Protocol: HTTP/1.1
Server: 176.9.26.250 Berlin, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.250.26.9.176.clients.your-server.de
Software: Apache /
Resource Hash: 51eee906ac8d0627ec319a1c332ad07aa0f84c20a62f2efce5fe5365f64646b0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 28 Nov 2023 15:09:46 GMT
Content-Encoding: gzip
Server: Apache
Vary: Accept-Encoding
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: application/x-javascript; charset=utf-8
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
X-NEORY-SubId: 68041300110481104444550012522014
Connection: close
Content-Length: 1351
Expires: Tue, 28 Nov 2023 15:09:46 +0100

Redirect headers

Pragma: no-cache
Date: Tue, 28 Nov 2023 15:09:46 GMT
Server: Apache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Location: request.php?zone=g72h7lz2c4az&nw=20&renderingType=javascript&namespace=9f7375be84&subid=&uid=6bb70c5d9c2a7028&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCdfeSuQJmZbRctpuIzQ_HnK-QBqblvaBphZWcp8kP8C4QASDjkNURYJX68IGMB8gBCakCA7dZa_pfsj6oAwHIA5sEqgTbAU_QakQG_05Y1OpEMFtqpP4k0-34IAWP_USdkMN-7FWHb8L5gXopPagSOrYgF5n1qzR0f2UUrwk9UlWtF0vltLVHtVHj6YjPCzcz_irxCwHTfa4PpK40JawhvmoZ-Ziot_FhR-0K00IL4yC88VH1WlFnhQ5R1k_Y_1tc7-UhLgpsEpWd-zJPh9CGceYRJp4TNRUnJAaQBQWZ9jVtIHD0G5POgOW9JaoVA7FMaAuBLsW7Z5ivzeQDMfW6ZluVLZKvMzVIjhASrRQcRF101jC22PSh9KsBssMW83iogsAE64_8jvcD4AQDiAXvr5aIPpAGAaAGTYAHrK31nwOoB9m2sQKoB47OG6gHk9gbqAfulrECqAf-nrECqAfVyRuoB6a-G6gHmgaoB_PRG6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggfCIDhgBAQARgfMgKqAjoCgEBIvf3BOlj44Kz4_OaCA4AKAZgLAcgLAYAMAaIMGCoWChTktLEC7rWxArW4sQLktLEC7rWxAqoNAkRFsBOH77EV0BMA2BMDiBQB2BQB0BUB-BYBgBcB%26ae%3D1%26num%3D1%26cid%3DCAQSTwDICaaNxYoVwZ0MAhokayQsDWi_3xXlWWVNNCWhnPDnV8vjOTyq4IRVgKeK27hO6iR9x8L9ZyPeRAqQyxsk7NHRyhPc0uzfNGG1KaUBJccYAQ%26sig%3DAOD64_1KXZVMqe_g1TKXZteoNF5vFvCmRQ%26client%3Dca-pub-4379353840599633%26dbm_c%3DAKAmf-DNEbKhKsMdkQkH-GRIBSToWzFBV6yj57dQNQtesw994iqCJNzwLW8lF7PIM0X-YxAfFRHOHTnTQBv7Cn1ahJpMiBvcBDUgc_mG-1PepIzDlO6EXNbhvoIUDi5flbyx-L35BbBkvemxhdUivYj9-KsF9k89pWf13bAQiW1_LdeCGqD5B-4%26cry%3D1%26dbm_d%3DAKAmf-Drs6y5mpPSgTMMH5HdOkC-CJo83JPJ28kPjKOadGdv9CyrIvjzrrrP5z0m4RsG3Lg4ucAyK-WEZhJUkfUwbUxWhufacLGBaDvaTifPl65EPuIDGdWC7sqKwEkQj3bjTmYFHcGJKKVKCxXxErO2JLLirojjS6GJVvsVm-twk4IkEX8-PFaG_EAVI6zCz6HvGqEfFkyChdEU7tUMBwGWa10_qXCTLcyFD4QjHHjwD6s3jdkKQSvKtS6eai1y2STmmti-K8ThH68l3n2mxz7JK8JdKmN99kRqsREeBhsjn_J5td-eaq_iMk-Wcn3v6Q0_UE0nvsr6GVD-N1hL5IxqbdSD-CUok1hAFVvnnGCYX6SpC11xv8lPfk7yKOXx0NdqfIkh8sxa9K4DYC3wH_StjUfl9tDlVPtsN1AievylL4MBGTKcc1_1fVva9CQzCI5FvDIKdzSgS_jOM_BQkx3T6L1gy-HQ0-eoLg1mF3sdg7ep03q4Qa5YlSP1tvs46Zqvm_QB9ifOfXFqGcOQerIuE5tvjO75g4gwobZloDjhOSC-DjP4IWU%26adurl%3D&documentReferer=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fhtml%2Fr20231109%2Fr20110914%2Fzrt_lookup_nohtml_fy2021.html%3Fhello%3Dworld%26fsb%3D1%23RS-3-%26adk%3D1812271801%26client%3Dca-pub-4379353840599633%26fa%3D1%26ifi%3D6%26uci%3Da!6%26btvi%3D4&ancestorOrigins=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Chttps%3A%2F%2Fwinzoro.net&random=9249579024511&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1
Content-Type: text/html; charset=UTF-8
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Connection: close
Content-Length: 0
Expires: Tue, 28 Nov 2023 15:09:46 +0100

GET
H/1.1

200
OK

request.php Show response
hal900021.redintelligence.net/ Frame 561E
Redirect Chain

https://hal900021.redintelligence.net/request.php?zone=33lgkyejwpt3&nw=20&renderingType=javascript&namespace=638bfa079b&subid=&uid=252e23df6f0af527&screenSize=1600x1200&screenSizeAvail=1600x1200&cl...
https://hal900021.redintelligence.net/request.php?zone=33lgkyejwpt3&nw=20&renderingType=javascript&namespace=638bfa079b&subid=&uid=252e23df6f0af527&screenSize=1600x1200&screenSizeAvail=1600x1200&cl...

4 KB
2 KB

185ms
121ms

Script
application/x-javascript

144.76.238.55
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900021.redintelligence.net/request.php?zone=33lgkyejwpt3&nw=20&renderingType=javascript&namespace=638bfa079b&subid=&uid=252e23df6f0af527&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=0x0&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCmpGhuQJmZbJctpuIzQ_HnK-QBqblvaBpnZycp8kP8C4QASDjkNURYJX68IGMB8gBCakCA7dZa_pfsj6oAwHIA5sEqgTaAU_QsWD68xTfwghn6e1fdh9N-hXdHKZvwcifkLIokQS5Oe534hQDZwhCk1tHJqurbh4zdmzeG6Ljk8SOjJVpCGv1v56rLEJmXZojlPobJlBcV-_wGhY5WVilBgzqtpTfugcRvlEqcbmefUxEio0phXDl_z5wP7Oh6jMYFOL6_43ZTPio4FaUt596E53cbIdpuNZUjzcZgpqo9xYABniZxWlqyaGgu3S2yUyUdL2pjPdtmnA0g9mq83LQtEb4w7q_CWwOnG0FoC_fZxG4dPvbI6B39bngIQWOuNc_wATrj_yO9wPgBAOIBe-vlog-kAYBoAZNgAesrfWfA6gH2baxAqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCB8IgOGAEBABGB8yAqoCOgKAQEi9_cE6WPjgrPj85oIDgAoBmAsByAsBgAwBogwYKhYKFOS0sQLutbECtbixAuS0sQLutbECqg0CREWwE4fvsRXQEwDYEwOIFAHYFAHQFQH4FgGAFwE%26ae%3D1%26num%3D1%26cid%3DCAQSTwDICaaNxYoVwZ0MAhokayQsDWi_3xXlWWVNNCWhnPDnV8vjOTyq4IRVgKeK27hO6iR9x8L9ZyPeRAqQyxsk7NHRyhPc0uzfNGG1KaUBJccYAQ%26sig%3DAOD64_3TFRKf0Gt_dMg5crG6bOOqwajkfQ%26client%3Dca-pub-4379353840599633%26dbm_c%3DAKAmf-B6vTSZai_eZjl35Yqt4Rg6cr_AENJOJBUcQxQddagVRZdSZRYVSICZXBksg4BTWPN-KwPLVupTXHpUuUU9OYN-dgC8jkBEzkVkm2rTawPH6Woc6R-0DdQ0e5Ch5KjlqpYMfNTBW6uWD9kYhr-Ap4Sq_krMti0theYhaI4N_zHyd4Ksiwo%26cry%3D1%26dbm_d%3DAKAmf-AFLQt33uIhJ4Dy6ywp761nqJjwOSuX4T2JnBOILKCzrSaBpvueUCLXoobTKApM9Zq5UD_r_3QkxW680lC_BWvhwUQu1P9WjKA8bB0ST5KTqtKK7cfNPQ6ONWcrVtemZHHpaX4PODdM0wd8QKJmefbHF4Ym06kOnHHyQidrzc82GoosxsjvGxoPx-TzlRD2fG5JuaBJEhu3JkSQnj1T_fHYJ7Ssy1wO0gGiP14ByHtiIokuH6jJwGlJABWACjZlGp1Ndh0md4GzU4Gs8-DlLBcQ7EUavhA6MQMsyLKnQr86uXwi237S9VZ60jJeOvtYVSYUB5MNhJ0P7TERkZjgGgKchjY0RgjiKj10mhMIKYDe8_T_ReuOMkFXYCy_bfG3DMSDg7Cp-CXjA8WpSp8SVGJSq72C7a4lRf6fRsKhAA4Vm4Rgxki3GzYK-k-6px06F8bzYJpQcxjsf1obzFOdp1XSxld-kPD1Atk9s0L5UA05XhuckpwKPNRIjYBn_2d_BaK0I5C7XgKehrSxn_F-jYfUJIRk1dNUw6VuYgB-vC0XKS5A284%26adurl%3D&documentReferer=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fhtml%2Fr20231109%2Fr20110914%2Fzrt_lookup_nohtml_fy2021.html%3Fhello%3Dworld%26fsb%3D1%23RS-1-%26adk%3D1812271803%26client%3Dca-pub-4379353840599633%26fa%3D3%26ifi%3D4%26uci%3Da!4%26btvi%3D2&ancestorOrigins=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Chttps%3A%2F%2Fwinzoro.net&random=648595421891&isIframe=1&container=&adPos=0x0&adPosCheck=0x0&adtagId=0&uidRedirect=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_nohtml_fy2021.html?hello=world&fsb=1
Protocol: HTTP/1.1
Server: 144.76.238.55 Nuremberg, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.55.238.76.144.clients.your-server.de
Software: Apache /
Resource Hash: 4d40dfe54c4755ef187d748bc551146b133f55adc7ec4b4edf663171566f1500

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 28 Nov 2023 15:09:46 GMT
Content-Encoding: gzip
Server: Apache
Vary: Accept-Encoding
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: application/x-javascript; charset=utf-8
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
X-NEORY-SubId: 43386400105630004444556012522021
Connection: close
Content-Length: 1331
Expires: Tue, 28 Nov 2023 15:09:46 +0100

Redirect headers

Pragma: no-cache
Date: Tue, 28 Nov 2023 15:09:46 GMT
Server: Apache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Location: request.php?zone=33lgkyejwpt3&nw=20&renderingType=javascript&namespace=638bfa079b&subid=&uid=252e23df6f0af527&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=0x0&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCmpGhuQJmZbJctpuIzQ_HnK-QBqblvaBpnZycp8kP8C4QASDjkNURYJX68IGMB8gBCakCA7dZa_pfsj6oAwHIA5sEqgTaAU_QsWD68xTfwghn6e1fdh9N-hXdHKZvwcifkLIokQS5Oe534hQDZwhCk1tHJqurbh4zdmzeG6Ljk8SOjJVpCGv1v56rLEJmXZojlPobJlBcV-_wGhY5WVilBgzqtpTfugcRvlEqcbmefUxEio0phXDl_z5wP7Oh6jMYFOL6_43ZTPio4FaUt596E53cbIdpuNZUjzcZgpqo9xYABniZxWlqyaGgu3S2yUyUdL2pjPdtmnA0g9mq83LQtEb4w7q_CWwOnG0FoC_fZxG4dPvbI6B39bngIQWOuNc_wATrj_yO9wPgBAOIBe-vlog-kAYBoAZNgAesrfWfA6gH2baxAqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCB8IgOGAEBABGB8yAqoCOgKAQEi9_cE6WPjgrPj85oIDgAoBmAsByAsBgAwBogwYKhYKFOS0sQLutbECtbixAuS0sQLutbECqg0CREWwE4fvsRXQEwDYEwOIFAHYFAHQFQH4FgGAFwE%26ae%3D1%26num%3D1%26cid%3DCAQSTwDICaaNxYoVwZ0MAhokayQsDWi_3xXlWWVNNCWhnPDnV8vjOTyq4IRVgKeK27hO6iR9x8L9ZyPeRAqQyxsk7NHRyhPc0uzfNGG1KaUBJccYAQ%26sig%3DAOD64_3TFRKf0Gt_dMg5crG6bOOqwajkfQ%26client%3Dca-pub-4379353840599633%26dbm_c%3DAKAmf-B6vTSZai_eZjl35Yqt4Rg6cr_AENJOJBUcQxQddagVRZdSZRYVSICZXBksg4BTWPN-KwPLVupTXHpUuUU9OYN-dgC8jkBEzkVkm2rTawPH6Woc6R-0DdQ0e5Ch5KjlqpYMfNTBW6uWD9kYhr-Ap4Sq_krMti0theYhaI4N_zHyd4Ksiwo%26cry%3D1%26dbm_d%3DAKAmf-AFLQt33uIhJ4Dy6ywp761nqJjwOSuX4T2JnBOILKCzrSaBpvueUCLXoobTKApM9Zq5UD_r_3QkxW680lC_BWvhwUQu1P9WjKA8bB0ST5KTqtKK7cfNPQ6ONWcrVtemZHHpaX4PODdM0wd8QKJmefbHF4Ym06kOnHHyQidrzc82GoosxsjvGxoPx-TzlRD2fG5JuaBJEhu3JkSQnj1T_fHYJ7Ssy1wO0gGiP14ByHtiIokuH6jJwGlJABWACjZlGp1Ndh0md4GzU4Gs8-DlLBcQ7EUavhA6MQMsyLKnQr86uXwi237S9VZ60jJeOvtYVSYUB5MNhJ0P7TERkZjgGgKchjY0RgjiKj10mhMIKYDe8_T_ReuOMkFXYCy_bfG3DMSDg7Cp-CXjA8WpSp8SVGJSq72C7a4lRf6fRsKhAA4Vm4Rgxki3GzYK-k-6px06F8bzYJpQcxjsf1obzFOdp1XSxld-kPD1Atk9s0L5UA05XhuckpwKPNRIjYBn_2d_BaK0I5C7XgKehrSxn_F-jYfUJIRk1dNUw6VuYgB-vC0XKS5A284%26adurl%3D&documentReferer=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fhtml%2Fr20231109%2Fr20110914%2Fzrt_lookup_nohtml_fy2021.html%3Fhello%3Dworld%26fsb%3D1%23RS-1-%26adk%3D1812271803%26client%3Dca-pub-4379353840599633%26fa%3D3%26ifi%3D4%26uci%3Da!4%26btvi%3D2&ancestorOrigins=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Chttps%3A%2F%2Fwinzoro.net&random=648595421891&isIframe=1&container=&adPos=0x0&adPosCheck=0x0&adtagId=0&uidRedirect=1
Content-Type: text/html; charset=UTF-8
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Connection: close
Content-Length: 0
Expires: Tue, 28 Nov 2023 15:09:46 +0100

GET
H/1.1

200
OK

request.php Show response
hal90008.redintelligence.net/ Frame 6F95
Redirect Chain

https://hal90008.redintelligence.net/request.php?zone=33lgkyejwpt3&nw=20&renderingType=javascript&namespace=0f97c8a90e&subid=&uid=d3de573af03af6de&screenSize=1600x1200&screenSizeAvail=1600x1200&cli...
https://hal90008.redintelligence.net/request.php?zone=33lgkyejwpt3&nw=20&renderingType=javascript&namespace=0f97c8a90e&subid=&uid=d3de573af03af6de&screenSize=1600x1200&screenSizeAvail=1600x1200&cli...

4 KB
2 KB

194ms
122ms

Script
application/x-javascript

138.201.63.150
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal90008.redintelligence.net/request.php?zone=33lgkyejwpt3&nw=20&renderingType=javascript&namespace=0f97c8a90e&subid=&uid=d3de573af03af6de&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=0x0&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCztzpuQJmZbNctpuIzQ_HnK-QBqblvaBpnZycp8kP8C4QASDjkNURYJX68IGMB8gBCakCA7dZa_pfsj6oAwHIA5sEqgTaAU_Q1pwmMXbxYv2hDlAa_BuV9BUEYFuq8hYvevxkFmOlhgOMx4O4rDnmg60R-DQkWl70B06xlgeQPVe1ZXhw_eQ2W-W6QkF9vt2Ot7lZ0TUcyeJ8nw__xEmuWFlyu4VJZSR_DbBURa7Q4Fh-mnqjvodmi5DYqXlAw0zo17i7ef_b7enjsJvTlbods529wLlqwq4rJ99vtbwoZO4no9JFfdyP9FQDRGbtsMnt_wyw5Dnz5OTz04ayP0KtJ-6aTyVlxPtefyHF_C_kHQ-a-UKrcO3UoYeItI_bjQjXwATrj_yO9wPgBAOIBe-vlog-kAYBoAZNgAesrfWfA6gH2baxAqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCB8IgOGAEBABGB8yAqoCOgKAQEi9_cE6WPjgrPj85oIDgAoBmAsByAsBgAwBogwYKhYKFOS0sQLutbECtbixAuS0sQLutbECqg0CREWwE4fvsRXQEwDYEwOIFAHYFAHQFQH4FgGAFwE%26ae%3D1%26num%3D1%26cid%3DCAQSTwDICaaNxYoVwZ0MAhokayQsDWi_3xXlWWVNNCWhnPDnV8vjOTyq4IRVgKeK27hO6iR9x8L9ZyPeRAqQyxsk7NHRyhPc0uzfNGG1KaUBJccYAQ%26sig%3DAOD64_2TsC5OeUrOFmcita4gFBWFFL8GmA%26client%3Dca-pub-4379353840599633%26dbm_c%3DAKAmf-C1Ses8_F1AzT5iR2MCq09nytyRfOGkjrV0qZD24IvK9WeuYuHkrUznB464SQ-UUF_hqSPYouY4122npB52auil7Iwqf7v1ICf_Q1mKgU3LczVbvbNP1heznAfgeotRW4r0mPpkupD86osdFq5FDeWw5QpF9PHqp-wdqdDEZ9y3jdGEStQ%26cry%3D1%26dbm_d%3DAKAmf-CDnMHjLQwt3Gg2GyNWcDmh9LeDEVnCmAhWI82o95KQiwVy4Up-qVkxb09N2ZAwn-86cVON_oA0UU2N8mRLW5rlB-QyVNt2aDSe_8ygal-Xm5pwhdN1V7gL3Avsb0QVJ4BiBFphDy2K4t42QXqph9uAHRUIcepXm-bNRpOdz8O9BHzaNTsgyNWM4zj7yVszuw0JvQQkH0YT7sbOw5Lntvi-Z8qoiIGDYAUR9X2H9E6Jzrrkot7ToqvDCWQ1fRdJerV_deLZadMLEzVU5bPDjglThrvGmQ3KppN19cWlBbkMOTsNPANt9QR7-9WU4lw4CS7lZju2uoUSmYflnY8FTvJGeqXDKEa-oUvxEq2lW_Ye6lojAR4z84uGnc4z2XpU2xFBRFf_9t6gCcgmRDIwnttZ43ji-6k1QlUEJnMN6S19Pb8H2BQpo25UBCD53c8uN_Nz104OY_OgsqHJdrL0JuHe9FPGeb8ZMj7gxoO2RT8zK8ffqltRoFClry9fo5Spb7HbLxT7Smw51Lc8IywGr8zv-2fOJZufhyDAoOPB6NLCBOZuiko%26adurl%3D&documentReferer=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fhtml%2Fr20231109%2Fr20110914%2Fzrt_lookup_nohtml_fy2021.html%3Fhello%3Dworld%26fsb%3D1%23RS-2-%26adk%3D1812271804%26client%3Dca-pub-4379353840599633%26fa%3D4%26ifi%3D5%26uci%3Da!5%26btvi%3D3&ancestorOrigins=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Chttps%3A%2F%2Fwinzoro.net&random=4134827085749&isIframe=1&container=&adPos=0x0&adPosCheck=0x0&adtagId=0&uidRedirect=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_nohtml_fy2021.html?hello=world&fsb=1
Protocol: HTTP/1.1
Server: 138.201.63.150 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.150.63.201.138.clients.your-server.de
Software: Apache /
Resource Hash: 533ef55260a6a0438bd989be45e27c9f94d49b36043ea727a8a3a15048a850ec

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 28 Nov 2023 15:09:46 GMT
Content-Encoding: gzip
Server: Apache
Vary: Accept-Encoding
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: application/x-javascript; charset=utf-8
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
X-NEORY-SubId: 36625300121049404444556012522008
Connection: close
Content-Length: 1351
Expires: Tue, 28 Nov 2023 15:09:46 +0100

Redirect headers

Pragma: no-cache
Date: Tue, 28 Nov 2023 15:09:46 GMT
Server: Apache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Location: request.php?zone=33lgkyejwpt3&nw=20&renderingType=javascript&namespace=0f97c8a90e&subid=&uid=d3de573af03af6de&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=0x0&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCztzpuQJmZbNctpuIzQ_HnK-QBqblvaBpnZycp8kP8C4QASDjkNURYJX68IGMB8gBCakCA7dZa_pfsj6oAwHIA5sEqgTaAU_Q1pwmMXbxYv2hDlAa_BuV9BUEYFuq8hYvevxkFmOlhgOMx4O4rDnmg60R-DQkWl70B06xlgeQPVe1ZXhw_eQ2W-W6QkF9vt2Ot7lZ0TUcyeJ8nw__xEmuWFlyu4VJZSR_DbBURa7Q4Fh-mnqjvodmi5DYqXlAw0zo17i7ef_b7enjsJvTlbods529wLlqwq4rJ99vtbwoZO4no9JFfdyP9FQDRGbtsMnt_wyw5Dnz5OTz04ayP0KtJ-6aTyVlxPtefyHF_C_kHQ-a-UKrcO3UoYeItI_bjQjXwATrj_yO9wPgBAOIBe-vlog-kAYBoAZNgAesrfWfA6gH2baxAqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCB8IgOGAEBABGB8yAqoCOgKAQEi9_cE6WPjgrPj85oIDgAoBmAsByAsBgAwBogwYKhYKFOS0sQLutbECtbixAuS0sQLutbECqg0CREWwE4fvsRXQEwDYEwOIFAHYFAHQFQH4FgGAFwE%26ae%3D1%26num%3D1%26cid%3DCAQSTwDICaaNxYoVwZ0MAhokayQsDWi_3xXlWWVNNCWhnPDnV8vjOTyq4IRVgKeK27hO6iR9x8L9ZyPeRAqQyxsk7NHRyhPc0uzfNGG1KaUBJccYAQ%26sig%3DAOD64_2TsC5OeUrOFmcita4gFBWFFL8GmA%26client%3Dca-pub-4379353840599633%26dbm_c%3DAKAmf-C1Ses8_F1AzT5iR2MCq09nytyRfOGkjrV0qZD24IvK9WeuYuHkrUznB464SQ-UUF_hqSPYouY4122npB52auil7Iwqf7v1ICf_Q1mKgU3LczVbvbNP1heznAfgeotRW4r0mPpkupD86osdFq5FDeWw5QpF9PHqp-wdqdDEZ9y3jdGEStQ%26cry%3D1%26dbm_d%3DAKAmf-CDnMHjLQwt3Gg2GyNWcDmh9LeDEVnCmAhWI82o95KQiwVy4Up-qVkxb09N2ZAwn-86cVON_oA0UU2N8mRLW5rlB-QyVNt2aDSe_8ygal-Xm5pwhdN1V7gL3Avsb0QVJ4BiBFphDy2K4t42QXqph9uAHRUIcepXm-bNRpOdz8O9BHzaNTsgyNWM4zj7yVszuw0JvQQkH0YT7sbOw5Lntvi-Z8qoiIGDYAUR9X2H9E6Jzrrkot7ToqvDCWQ1fRdJerV_deLZadMLEzVU5bPDjglThrvGmQ3KppN19cWlBbkMOTsNPANt9QR7-9WU4lw4CS7lZju2uoUSmYflnY8FTvJGeqXDKEa-oUvxEq2lW_Ye6lojAR4z84uGnc4z2XpU2xFBRFf_9t6gCcgmRDIwnttZ43ji-6k1QlUEJnMN6S19Pb8H2BQpo25UBCD53c8uN_Nz104OY_OgsqHJdrL0JuHe9FPGeb8ZMj7gxoO2RT8zK8ffqltRoFClry9fo5Spb7HbLxT7Smw51Lc8IywGr8zv-2fOJZufhyDAoOPB6NLCBOZuiko%26adurl%3D&documentReferer=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fhtml%2Fr20231109%2Fr20110914%2Fzrt_lookup_nohtml_fy2021.html%3Fhello%3Dworld%26fsb%3D1%23RS-2-%26adk%3D1812271804%26client%3Dca-pub-4379353840599633%26fa%3D4%26ifi%3D5%26uci%3Da!5%26btvi%3D3&ancestorOrigins=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Chttps%3A%2F%2Fwinzoro.net&random=4134827085749&isIframe=1&container=&adPos=0x0&adPosCheck=0x0&adtagId=0&uidRedirect=1
Content-Type: text/html; charset=UTF-8
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Connection: close
Content-Length: 0
Expires: Tue, 28 Nov 2023 15:09:46 +0100

GET
H3 200 GOa2ZK97xVqw-WOSDw2lqG4V8l_qTiI5JNj0tnI6N88.js Show response
pagead2.googlesyndication.com/bg/ Frame 3052 39 KB
15 KB 26ms
26ms Script
text/javascript 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/GOa2ZK97xVqw-WOSDw2lqG4V8l_qTiI5JNj0tnI6N88.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/62bHydCX.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

18e6b664af7bc55ab0f963920f0da5a86e15f25fea4e223924d8f4b6723a37cf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 13:51:42 GMT
content-encoding: br
x-content-type-options: nosniff
age: 4684
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15296
x-xss-protection: 0
last-modified: Mon, 06 Nov 2023 16:38:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 27 Nov 2024 13:51:42 GMT

GET
H3 200 GOa2ZK97xVqw-WOSDw2lqG4V8l_qTiI5JNj0tnI6N88.js Show response
pagead2.googlesyndication.com/bg/ Frame 12A4 39 KB
15 KB 26ms
26ms Script
text/javascript 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/GOa2ZK97xVqw-WOSDw2lqG4V8l_qTiI5JNj0tnI6N88.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/62bHydCX.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

18e6b664af7bc55ab0f963920f0da5a86e15f25fea4e223924d8f4b6723a37cf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 13:51:42 GMT
content-encoding: br
x-content-type-options: nosniff
age: 4684
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15296
x-xss-protection: 0
last-modified: Mon, 06 Nov 2023 16:38:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 27 Nov 2024 13:51:42 GMT

GET
H2 200 ec51d215a5904df99ebfe8eacf21246e_ubuntu-light.woff
static.criteo.net/design/dt/ Frame 226E 46 KB
46 KB 161ms
80ms Font
application/octet-stream 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/design/dt/ec51d215a5904df99ebfe8eacf21246e_ubuntu-light.woff

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

8d6af87f2e8ab6ba751d5bda81faf18aed637f3c43f3f5c25acfcdb8dc674a92

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://ads.eu.criteo.com/
Origin: https://ads.eu.criteo.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 15:09:46 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Tue, 02 Oct 2018 14:57:25 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5bb38755-b778"
content-type: text/plain; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Fri, 22 Nov 2024 15:09:46 GMT

GET
H2 200 0d5410bc9c3e437daf6999836d04f18f_ubuntu-medium.woff
static.criteo.net/design/dt/ Frame 226E 38 KB
38 KB 215ms
133ms Font
application/octet-stream 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/design/dt/0d5410bc9c3e437daf6999836d04f18f_ubuntu-medium.woff

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

ce8b0ce00b853304b4500a3e0273c2ee8123ec998d9ea4bc1a2b3e97c573b61f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://ads.eu.criteo.com/
Origin: https://ads.eu.criteo.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 15:09:46 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Tue, 02 Oct 2018 14:57:25 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5bb38755-97a8"
content-type: text/plain; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Fri, 22 Nov 2024 15:09:46 GMT

GET
H3 200 GOa2ZK97xVqw-WOSDw2lqG4V8l_qTiI5JNj0tnI6N88.js Show response
pagead2.googlesyndication.com/bg/ Frame F5F3 39 KB
15 KB 25ms
24ms Script
text/javascript 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/GOa2ZK97xVqw-WOSDw2lqG4V8l_qTiI5JNj0tnI6N88.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/62bHydCX.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

18e6b664af7bc55ab0f963920f0da5a86e15f25fea4e223924d8f4b6723a37cf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 13:51:42 GMT
content-encoding: br
x-content-type-options: nosniff
age: 4684
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15296
x-xss-protection: 0
last-modified: Mon, 06 Nov 2023 16:38:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 27 Nov 2024 13:51:42 GMT

GET
H2 200 animejs.js Show response
static.criteo.net/animejs/ Frame 226E 12 KB
6 KB 49ms
49ms Script
text/javascript 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/animejs/animejs.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a2e14a498cfcc1b6920f069a9d657ad3c6fbbe217dd26dbfe54815db5107fed6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 15:09:46 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Tue, 26 Mar 2019 17:44:11 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5c9a64eb-3181"
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Fri, 22 Nov 2024 15:09:46 GMT

GET
H2 200 img
imageproxy.eu.criteo.net/img/ Frame 226E 4 KB
4 KB 304ms
209ms Image
image/png 2a02:2638:3::10
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://imageproxy.eu.criteo.net/img/img?h=556&m=0&partner=3018&q=80&r=0&u=https%3A%2F%2Fstatic.nl3.eu.criteo.net%2Fdesign%2Fdt%2F1344%2F230413%2Fc53e5f9a71444a36ae4d74a664fc7269_logo_n_horizontal_4.png&v=3&w=196&rid=4&s=-DxG3wk5ENUM8GvYIdYD6nq2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::10 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

59d8b805b12d336d283666c0148287dfd4238f893d5ed7364ac9b542eb160853

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 15:09:45 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Kestrel
content-type: image/png
cache-control: public, max-age=31104000
timing-allow-origin: *
content-length: 3824
expires: Wed, 13 Nov 2024 04:47:34 GMT

GET
H2 200 img
imageproxy.eu.criteo.net/img/ Frame 226E 171 KB
171 KB 282ms
187ms Image
image/webp 2a02:2638:3::10
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://imageproxy.eu.criteo.net/img/img?h=1200&m=0&partner=3018&q=80&r=0&u=https%3A%2F%2Fstatic.nl3.eu.criteo.net%2Fdesign%2Fdt%2F3018%2F5095312%2F2da2f50f2d834bca8da4046e3ec04db2_img_square_1.jpg&v=3&w=1200&rid=4&s=rirmEvcut9VMI8laICxWSIbm

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::10 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

7a2ba893d4dbd1537adc44d70e99301a2026e09b15764b3881d441ce78283eae

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 15:09:46 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Kestrel
content-type: image/webp
cache-control: public, max-age=31104000
timing-allow-origin: *
content-length: 175042
expires: Sat, 09 Nov 2024 10:32:53 GMT

GET
H2 200 img
imageproxy.eu.criteo.net/img/ Frame 226E 11 KB
11 KB 188ms
93ms Image
image/webp 2a02:2638:3::10
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://imageproxy.eu.criteo.net/img/img?c=3&cq=256&h=400&m=0&partner=3018&q=80&r=2&u=https%3A%2F%2Fimage01.bonprix.de%2Fassets%2F1400x1960%2F1660642740%2F21150216-XHh8Te5b.jpg&v=3&w=400&rid=4&s=jCmEmFXfo0i2EX5RwenZVDBT&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::10 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

cf36dcf145eab9e8687d1058ec8574477321f8fc1627dff24acc9dd3d55ef3cd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 15:09:45 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Kestrel
content-type: image/webp
cache-control: public, max-age=604800
timing-allow-origin: *
content-length: 10994
expires: Tue, 05 Dec 2023 07:32:17 GMT

GET
H2 200 img
imageproxy.eu.criteo.net/img/ Frame 226E 24 KB
24 KB 191ms
96ms Image
image/webp 2a02:2638:3::10
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://imageproxy.eu.criteo.net/img/img?c=3&cq=256&h=400&m=0&partner=3018&q=80&r=2&u=https%3A%2F%2Fimage01.bonprix.de%2Fassets%2F1400x1960%2F1579515777%2F17099699-3PBWaQ65.jpg&v=3&w=400&rid=4&s=TzpKFarb93MCxtM3VkGotpJ7&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::10 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

1dd6476f1325d934e8471c73d9b14b4eadf387cc9f7efcdb0439899699ebfbbd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 15:09:46 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Kestrel
content-type: image/webp
cache-control: public, max-age=604800
timing-allow-origin: *
content-length: 24814
expires: Fri, 01 Dec 2023 14:01:08 GMT

GET
H2 200 img
imageproxy.eu.criteo.net/img/ Frame 226E 46 KB
46 KB 258ms
164ms Image
image/webp 2a02:2638:3::10
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://imageproxy.eu.criteo.net/img/img?c=3&cq=256&h=400&m=0&partner=3018&q=80&r=2&u=https%3A%2F%2Fimage01.bonprix.de%2Fassets%2F1400x1960%2F1634288936%2F21132438-wIX5xSgq.jpg&v=3&w=400&rid=4&s=0-8EGhOxlM8DzxxhWql7dgo3&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::10 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

bbdb857b03d1035842a61047e74e3071af90e79efbfcc925a5b65dd20a52b1a9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 15:09:45 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Kestrel
content-type: image/webp
cache-control: public, max-age=604800
timing-allow-origin: *
content-length: 46616
expires: Tue, 28 Nov 2023 18:45:33 GMT

GET
H2 200 img
imageproxy.eu.criteo.net/img/ Frame 226E 13 KB
14 KB 233ms
139ms Image
image/webp 2a02:2638:3::10
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://imageproxy.eu.criteo.net/img/img?c=3&cq=256&h=400&m=0&partner=3018&q=80&r=2&u=https%3A%2F%2Fimage01.bonprix.de%2Fassets%2F1400x1960%2F1695026767%2F23081350-pPHR7j14.jpg&v=3&w=400&rid=4&s=fHXO0cbyhB98O-tPJjvRHFUw&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::10 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

4f74bf7263050236f11883a5b9223f655ad9bd1b3e7510749d1359ee11850d8a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 15:09:45 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Kestrel
content-type: image/webp
cache-control: public, max-age=604800
timing-allow-origin: *
content-length: 13796
expires: Fri, 01 Dec 2023 06:56:33 GMT

GET
H2 200 img
imageproxy.eu.criteo.net/img/ Frame 226E 8 KB
8 KB 201ms
200ms Image
image/webp 2a02:2638:3::10
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://imageproxy.eu.criteo.net/img/img?c=3&cq=256&h=400&m=0&partner=3018&q=80&r=2&u=https%3A%2F%2Fimage01.bonprix.de%2Fassets%2F1400x1960%2F1660281552%2F22181219-am1NSNak.jpg&v=3&w=400&rid=4&s=TpkhDcqu2uTSslBMYBGDfVj_&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::10 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

be9fb756eadea158b4bc0b338c66fc19336a96e233d2092e7fd1f1e122c6d84a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 15:09:46 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Kestrel
content-type: image/webp
cache-control: public, max-age=604800
timing-allow-origin: *
content-length: 7710
expires: Tue, 05 Dec 2023 09:48:39 GMT

GET
H2 200 img
imageproxy.eu.criteo.net/img/ Frame 226E 21 KB
21 KB 201ms
201ms Image
image/webp 2a02:2638:3::10
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://imageproxy.eu.criteo.net/img/img?c=3&cq=256&h=400&m=0&partner=3018&q=80&r=2&u=https%3A%2F%2Fimage01.bonprix.de%2Fassets%2F1400x1960%2F1457033254%2F13126741-RrYhyXCn.jpg&v=3&w=400&rid=4&s=TueReD6kfIukYOrMu58gqIPP&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::10 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

9e83a64c1620448cf97e7955a622098b159c4ddc34a7d9a1688f577b860df932

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 15:09:46 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Kestrel
content-type: image/webp
cache-control: public, max-age=604800
timing-allow-origin: *
content-length: 21038
expires: Fri, 01 Dec 2023 13:09:09 GMT

POST
H2 200 all
csm.eu.criteo.net/ Frame 226E 0
128 B 123ms
42ms Ping
text/plain 2a02:2638:3::1a
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://csm.eu.criteo.net/all?cppv=3&cpp=fb4XMgayPWuGS2O7Mb1f1u408xViwo0zbI3tT4lk2-SEDMjw-dD77NF1ADFCBmFoppp0MyHZspvSW3khNwuRZbp5Kj__O2_LqdOzMAN8LESoE0hggo_PDLY85WZZHqG7Vz6iuHEMI3SFBzPYgfkl7WEI_668u-G0DhiqXBZIb1fzotrAz8S-cHHUK_PBn-OYz09bE4Xtxc7fUyvaHlGFrk5Ro_txERoDani7x3LBhHooC0C5Ct03IFcGkDzf-iS4r5UWTQ&sds=2&rev=89278&sendBeacon=true

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::1a , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Finatra /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://ads.eu.criteo.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Tue, 28 Nov 2023 15:09:46 GMT
strict-transport-security: max-age=31536000; preload;
cross-origin-resource-policy: cross-origin
server: Finatra
content-length: 0

GET
H2 200 criteo_logo_2021.svg
static.criteo.net/flash/icon/ Frame 226E 2 KB
1 KB 39ms
38ms Image
image/svg+xml 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/criteo_logo_2021.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a0e62ca4a82bef79bbe9dc2aba6c0782a7d8eca046bb1baa30ee91ec37931553

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 15:09:46 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Thu, 27 May 2021 13:21:59 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"60af9cf7-891"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Fri, 22 Nov 2024 15:09:46 GMT

GET
H2 200 privacy.svg
static.criteo.net/flash/icon/ Frame 226E 2 KB
1 KB 63ms
62ms Image
image/svg+xml 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/privacy.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

095c997695f6a290fdba58b778eb0a0fdcdd9c108669e41265527a262223f1e6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 15:09:46 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 19 Feb 2020 10:57:21 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e4d1491-646"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Fri, 22 Nov 2024 15:09:46 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 3052 0
20 B 59ms
58ms Image
image/gif 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=44&t=2&bgai=Bxby1uQJmZeb4O5m8x_AP2dO5cAAAAAA4AeAEAg&bg=!z8ylzIPNAAZxrfrxUa07ADQBe5WfOFG3d7RAiSQFQzlQ5A9-HYt-yKYrzl4nv3sBY2GPixLnibNxUu90GT7DswGp1Qq4AgAAAOFSAAAAA2gBB5kC9d3wwBnMewdAWalBZXPcCybfWq-vScKQE4TCXWjmcIYtDW7-2GkkO57nUKNZvoETVm527MMkY0ENgmm_qcjbRTAIzeem4RPHLJ33gkB6v2q9uzaIIk2P3FDmCkZIbEHUt5nE_c5Jwyl6Edxd_r739XWP1xfhGBs-ar4w0p9DA7a9suaaJHKKB_clv_QYGc3jFxSb4AGL4tVeu0_IeVIp0FpQyukfyGXy9tLgjYt19iEMR827TQS4rVjU9KqHCai0CNphk0JSWKS3EulwhQyxqAd3HZudTicmp8i6kU5epdiWy8TpCObLdgkUBL4ayh12XDYKVs5OpsSso3fscsZenFRORrhZHBpoewnAHz7qNKN09OwycF9UYDyFZ2JXrqg1IRifvIMTNRlYgkNniETfTq6XLqtpiGr8ozKWDc3AQ7ZbfwSEbX-gZqB4MA1RBVRoIVmJt-eyE55T1mIbDSHirtd1NRWVAk_R90gdI48OUvlS70wnB1Cpi_x4KW1ZYgcBQfrk0yVvrVwrPi3DV3xJqD0Tb9fqo1Y1G1Sm7NHGo6TeTnUjp35FUc9-NjEk2hSYNAbnVmMNxoJg1C3P52-gj972Re1tLNF7V062fe3cZXgXQ_BX7NeRs3MhlOBfrYYwInLzPsHC-llmZegntKakZMb-onuRd_bijxNfqlMKwlWs6_pL1MlQGMkF2AumNfdUjOzxNk0QbQ-tYbDlJZ-H8z6zG6bcuJaMnq5ZswAJfxeXZP-gU4lbWwKfmrUVomB8J-m-CNowOEKeaElkdkSHb7WiQrPZaOZ83u3ckVNngLbYGRo-BRMZYNFPjjxOOfwR3aOidEyG4AkehfIYvZyNwRwEy5RacmL7hb4wkBIW7-bcsFXh8mkMh-c6g3pdybp0EeaD874qD5jZoBzbiQzDO3A-4agaQgBQurru8tFNwdAFIQoBjf1qvx9ivTqe2Q6u8VTn6FTX515xTRrJ605NZBKSnqRABboN7FR2udR_mfZ5KuwyDwg

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_nohtml_fy2021.html?hello=world&fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 28 Nov 2023 15:09:46 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 12A4 0
20 B 58ms
58ms Image
image/gif 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=44&t=2&bgai=Bl7sRugJmZZGmAcqrjuwP4be5oAcAAAAAOAHgBAI&bg=!WFulWxTNAAZxrfrxUa07ADQBe5WfOO4pZUvLV-8GZ7o4ZiiynQNtQatUjvoJrYOGgRLPkPnzHbCq5FhStiA22kpB4MnfAgAAAOpSAAAAAmgBB5kC_CWsjG4vyzgf-FtfwAJjxJFUyAiSakZC5CYeyomPcxp60VWQplI7qvfzQEi0patujq2eMGid4v0MsK2lI81I8Qu6Z72FmY2bP_Vqa5FbCjMbGMfKc3ewDSZhGuZs9EklLgdaKLb95n8Ulb-LMKfnPxi-Jr8SCf1Pae2wthJyk1w3JLAxJRhRVubahU3Nms7iXtKCaberQ0LAW68EykHYL9epG0CQdsDDPXewz97E7MXw9bVGIVN9cpvNyYdgheh8S73Hi-C6vD0EtK7xjBnEcMuwRP3po2uXU5xBZjqc1SEtN7SrZSxbR3HKEMSNgHtQ88g3_RniKun_mtNdkJepwdH7BmecCePXP1maAnr544xFm-25kpZgt6gu81TGb7-JjIIlOFFpsRK5HxLToIp_LgWxQdccjNmvNpTJHpswMVBKiksBCEaTpTqx94PFNh-bEoeRfenWPWhWQBCPadz5XfLFTay80Ozm-z0d-P56_Pbfm0sl8U-04PtAfidYN5P1q9yJCU2jnmnBaAlTy4DY6-9Uf-wO4nrDEH4ym6f7Gk2STCsw0NalKwQsk0X4huYSZOiZr3_DLuNNu2JMh70Wts-X6KXtCgjP2ue3Fy8XvPRzRJFfMMULC0P8_gSV4H1-_gjKb2vU7KMSIQTrkGUaxCuz3sRs_ffpwrW0Y_5AR50lNmBpylVmNb6n1uu7EziEKucBfrru0PSnhHXIJZBQXBgyVat4LqbygT4r4RL3w75ooKrQZbw8DEAqrr-viHkeX4MzwCpsDPmgOuEegmNDR1j2H9BrndH3_jq0me7hXEkww--MjGn-yIih75trntg89ma0NkQ7Rp2YcOE0RZ7OEnRFm9pBiFV-Olv6-znwzcSVC9BSbtIe5diPZ7yABeg9FMvLAhrgFkrJbjm9rSVpwUvzNmApyoZcBP4O41I4iOzP9_lcQsC_kf9LpxYSwnDLLEJc2ourufTbNCiAHM6Kb1ZrB13HtPtYX-rrz74hNxSiCJz7bYBO3RdhmEgH

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_nohtml_fy2021.html?hello=world&fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 28 Nov 2023 15:09:46 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame F5F3 0
20 B 59ms
59ms Image
image/gif 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=44&t=2&bgai=BoC3JugJmZZjtAZ2ejuwPvPu32AsAAAAAOAHgBAI&bg=!DwylDEPNAAZxrfrxUa07ADQBe5WfOMbPNWrJRe-QUtY55RkYNqE6l0eqr2gHnRjmhPvRD8bvGhlhgOAmA-tlzQvEjEWzAgAAALhSAAAAA2gBB5kDCysA5r20T3JEMsdE2V-zzZyff5iObVIueHUp5taL0to-GMn4eASfuF_eEEtif_6awwnesv6gqdGw9Ap3GTJMta7AQmRRWNleSzAzGiHB0D8ZeSnBwZGymQWl9CzPH7CHe-vowBqM0w8TNZMiOtbNngp1CYVTI3ILPTP_5dXEadNS5xJV8tkyjyV4k2PbAKcptnUT1qDiuY3tfxrC-Y31DSQTqIThzPNg5a1fPSpQl6I7Hy8O2M_g-9H4tHTwdc5ioShKPUw6X19KREAQZ5oKbZO9zDPPws3EJrpPyJOKhMP8Cv24ejFggCoo8JvbZIzWCir0UnrlRa9-VDUp8DZCY3Ty9JxZCgY9B6B2Ex6Ye2q40DR-YhkNQxxysK977gLLUJN9-HClCe4Rtg43uqHCoP2M-STiwLzLf6l-URGad6cioiVhz15fSV2hXLjOMlvaeTXQ7UWfynPa0x-22P3Ahj4Qqp-fDlHTm_05pU7qRk3P-5imjUflvb4vWD38VR-6F-ogmYpn3prDz5a6meLXaddWxiWAKp0YCSNk9br_RDsQP5cskUIDVhxh7FBoo1q_vBCbmbHDMUULJnuvBbxcYJ8LlPYSKA8JXw76WW6wy3rgh6jCbN9bkUHgOfBcUN479joeaDXeJX4DTUsHycrpA3uBmt8OWXlHSXXuezB0kKW_6WS06qI5q3LLQs912ximAdakaStLaeyRtA098G_1x5kfXvisFW3ThMJVVFWEJe3aKsZeQX7arG9hDy7NY2KKT06hEcraZ-0V_SKIDDzEkmQ8pFOkONef5ydqPvPYnfSZl07X5erOw-PHAU2Gg7jfzQmmpnyWbv-S9FHMjhMhVagSs1qfSO82a7dGW51IjwbOqqcHw5btQUEaxUhrxfv6e1NsQfdyAkFjt1sbQhnFmq1wW-svX8nuIL_vAOPbmX0u9-wN1JmySEn8e4fcGpGXc4_aM-ybGxDotPXeDXm0DKY41eSLzxPdVmYs7R1hS4KjXy6GhRI8mN0CSMSPFZyg12luWdMVwrEWP-Jz

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_nohtml_fy2021.html?hello=world&fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 28 Nov 2023 15:09:46 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

view.aspx Show response
pb.media01.eu/ Frame 91C9
Redirect Chain

https://pv.medialead.de/trck/epv/e99aace94e6e58733936cdd965d03e75?subid=68041300110481104444550012522014&t=htlp&gdpr=1&consent=1&gdpr_consent=
https://pb.media01.eu/view.aspx?trackid=529D4F146E3238B0FD87AE72E1190AD4&dt_subid1=52180&dt_subid2=68041300110481104444550012522014&actionid=879111&produktid=ratenkredit&dt_url=

0
201 B

125ms
56ms

Document
text/html

88.198.250.30
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://pb.media01.eu/view.aspx?trackid=529D4F146E3238B0FD87AE72E1190AD4&dt_subid1=52180&dt_subid2=68041300110481104444550012522014&actionid=879111&produktid=ratenkredit&dt_url=

Requested by

Host: hal900014.redintelligence.net
URL: https://hal900014.redintelligence.net/request.php?zone=g72h7lz2c4az&nw=20&renderingType=javascript&namespace=9f7375be84&subid=&uid=6bb70c5d9c2a7028&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCdfeSuQJmZbRctpuIzQ_HnK-QBqblvaBphZWcp8kP8C4QASDjkNURYJX68IGMB8gBCakCA7dZa_pfsj6oAwHIA5sEqgTbAU_QakQG_05Y1OpEMFtqpP4k0-34IAWP_USdkMN-7FWHb8L5gXopPagSOrYgF5n1qzR0f2UUrwk9UlWtF0vltLVHtVHj6YjPCzcz_irxCwHTfa4PpK40JawhvmoZ-Ziot_FhR-0K00IL4yC88VH1WlFnhQ5R1k_Y_1tc7-UhLgpsEpWd-zJPh9CGceYRJp4TNRUnJAaQBQWZ9jVtIHD0G5POgOW9JaoVA7FMaAuBLsW7Z5ivzeQDMfW6ZluVLZKvMzVIjhASrRQcRF101jC22PSh9KsBssMW83iogsAE64_8jvcD4AQDiAXvr5aIPpAGAaAGTYAHrK31nwOoB9m2sQKoB47OG6gHk9gbqAfulrECqAf-nrECqAfVyRuoB6a-G6gHmgaoB_PRG6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggfCIDhgBAQARgfMgKqAjoCgEBIvf3BOlj44Kz4_OaCA4AKAZgLAcgLAYAMAaIMGCoWChTktLEC7rWxArW4sQLktLEC7rWxAqoNAkRFsBOH77EV0BMA2BMDiBQB2BQB0BUB-BYBgBcB%26ae%3D1%26num%3D1%26cid%3DCAQSTwDICaaNxYoVwZ0MAhokayQsDWi_3xXlWWVNNCWhnPDnV8vjOTyq4IRVgKeK27hO6iR9x8L9ZyPeRAqQyxsk7NHRyhPc0uzfNGG1KaUBJccYAQ%26sig%3DAOD64_1KXZVMqe_g1TKXZteoNF5vFvCmRQ%26client%3Dca-pub-4379353840599633%26dbm_c%3DAKAmf-DNEbKhKsMdkQkH-GRIBSToWzFBV6yj57dQNQtesw994iqCJNzwLW8lF7PIM0X-YxAfFRHOHTnTQBv7Cn1ahJpMiBvcBDUgc_mG-1PepIzDlO6EXNbhvoIUDi5flbyx-L35BbBkvemxhdUivYj9-KsF9k89pWf13bAQiW1_LdeCGqD5B-4%26cry%3D1%26dbm_d%3DAKAmf-Drs6y5mpPSgTMMH5HdOkC-CJo83JPJ28kPjKOadGdv9CyrIvjzrrrP5z0m4RsG3Lg4ucAyK-WEZhJUkfUwbUxWhufacLGBaDvaTifPl65EPuIDGdWC7sqKwEkQj3bjTmYFHcGJKKVKCxXxErO2JLLirojjS6GJVvsVm-twk4IkEX8-PFaG_EAVI6zCz6HvGqEfFkyChdEU7tUMBwGWa10_qXCTLcyFD4QjHHjwD6s3jdkKQSvKtS6eai1y2STmmti-K8ThH68l3n2mxz7JK8JdKmN99kRqsREeBhsjn_J5td-eaq_iMk-Wcn3v6Q0_UE0nvsr6GVD-N1hL5IxqbdSD-CUok1hAFVvnnGCYX6SpC11xv8lPfk7yKOXx0NdqfIkh8sxa9K4DYC3wH_StjUfl9tDlVPtsN1AievylL4MBGTKcc1_1fVva9CQzCI5FvDIKdzSgS_jOM_BQkx3T6L1gy-HQ0-eoLg1mF3sdg7ep03q4Qa5YlSP1tvs46Zqvm_QB9ifOfXFqGcOQerIuE5tvjO75g4gwobZloDjhOSC-DjP4IWU%26adurl%3D&documentReferer=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fhtml%2Fr20231109%2Fr20110914%2Fzrt_lookup_nohtml_fy2021.html%3Fhello%3Dworld%26fsb%3D1%23RS-3-%26adk%3D1812271801%26client%3Dca-pub-4379353840599633%26fa%3D1%26ifi%3D6%26uci%3Da!6%26btvi%3D4&ancestorOrigins=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Chttps%3A%2F%2Fwinzoro.net&random=9249579024511&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

88.198.250.30 , Germany, ASN24940 (HETZNER-AS, DE),

Reverse DNS

static.88-198-250-30.clients.your-server.de

Software

Microsoft-IIS/10.0 / ASP.NET

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	1; mode=block

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Content-Range, Content-Disposition, Content-Description, X-XSRF-TOKEN, X-Location
access-control-allow-methods: GET,POST
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
content-length: 0
content-type: text/html; charset=UTF-8
date: Tue, 28 Nov 2023 15:09:46 GMT
expires: Mon, 26 Jul 1997 05:00:00 GMT
last-modified: Tue, 28 Nov 2023 04:09:46 GMT
p3p: policyref="https://pb.media01.eu/pb.media01.eu/p3p.xml", CP="NOI NID PSA OUR BUS NAV STA"
pragma: no-cache
server: Microsoft-IIS/10.0
x-aspnet-version: 4.0.30319
x-powered-by: ASP.NET
x-xss-protection: 1; mode=block

Redirect headers

access-control-allow-credentials: true
access-control-allow-origin: *
access-control-expose-headers: X-Request-ID
attribution-reporting-register-source: {"source_event_id":"17200521800103984","destination":"https://trck.easy-m.de","expiry":5184000,"filter_data":{}}
content-length: 0
content-type: application/javascript
date: Tue, 28 Nov 2023 15:09:46 GMT
host: pv.medialead.de
keep-alive: timeout=20
location: https://pb.media01.eu/view.aspx?trackid=529D4F146E3238B0FD87AE72E1190AD4&dt_subid1=52180&dt_subid2=68041300110481104444550012522014&actionid=879111&produktid=ratenkredit&dt_url=
proxy-host: pv.medialead.de
server: nginx/1.17.5
strict-transport-security: max-age=15768000
vary: Origin
x-iplb-instance: 40028
x-iplb-request-id: D972DA1A:B8D2_91EFC182:01BB_656602BA_89C1D37:1A42B

GET
H2 200 / Show response
adv.office-partner.de/ Frame E6C5 930 B
923 B 188ms
19ms Document
text/html 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to

Full URL: https://adv.office-partner.de/?utm_source=webgains&utm_campaign=webgains
Requested by: Host: hal900014.redintelligence.net
URL: https://hal900014.redintelligence.net/request.php?zone=g72h7lz2c4az&nw=20&renderingType=javascript&namespace=9f7375be84&subid=&uid=6bb70c5d9c2a7028&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCdfeSuQJmZbRctpuIzQ_HnK-QBqblvaBphZWcp8kP8C4QASDjkNURYJX68IGMB8gBCakCA7dZa_pfsj6oAwHIA5sEqgTbAU_QakQG_05Y1OpEMFtqpP4k0-34IAWP_USdkMN-7FWHb8L5gXopPagSOrYgF5n1qzR0f2UUrwk9UlWtF0vltLVHtVHj6YjPCzcz_irxCwHTfa4PpK40JawhvmoZ-Ziot_FhR-0K00IL4yC88VH1WlFnhQ5R1k_Y_1tc7-UhLgpsEpWd-zJPh9CGceYRJp4TNRUnJAaQBQWZ9jVtIHD0G5POgOW9JaoVA7FMaAuBLsW7Z5ivzeQDMfW6ZluVLZKvMzVIjhASrRQcRF101jC22PSh9KsBssMW83iogsAE64_8jvcD4AQDiAXvr5aIPpAGAaAGTYAHrK31nwOoB9m2sQKoB47OG6gHk9gbqAfulrECqAf-nrECqAfVyRuoB6a-G6gHmgaoB_PRG6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggfCIDhgBAQARgfMgKqAjoCgEBIvf3BOlj44Kz4_OaCA4AKAZgLAcgLAYAMAaIMGCoWChTktLEC7rWxArW4sQLktLEC7rWxAqoNAkRFsBOH77EV0BMA2BMDiBQB2BQB0BUB-BYBgBcB%26ae%3D1%26num%3D1%26cid%3DCAQSTwDICaaNxYoVwZ0MAhokayQsDWi_3xXlWWVNNCWhnPDnV8vjOTyq4IRVgKeK27hO6iR9x8L9ZyPeRAqQyxsk7NHRyhPc0uzfNGG1KaUBJccYAQ%26sig%3DAOD64_1KXZVMqe_g1TKXZteoNF5vFvCmRQ%26client%3Dca-pub-4379353840599633%26dbm_c%3DAKAmf-DNEbKhKsMdkQkH-GRIBSToWzFBV6yj57dQNQtesw994iqCJNzwLW8lF7PIM0X-YxAfFRHOHTnTQBv7Cn1ahJpMiBvcBDUgc_mG-1PepIzDlO6EXNbhvoIUDi5flbyx-L35BbBkvemxhdUivYj9-KsF9k89pWf13bAQiW1_LdeCGqD5B-4%26cry%3D1%26dbm_d%3DAKAmf-Drs6y5mpPSgTMMH5HdOkC-CJo83JPJ28kPjKOadGdv9CyrIvjzrrrP5z0m4RsG3Lg4ucAyK-WEZhJUkfUwbUxWhufacLGBaDvaTifPl65EPuIDGdWC7sqKwEkQj3bjTmYFHcGJKKVKCxXxErO2JLLirojjS6GJVvsVm-twk4IkEX8-PFaG_EAVI6zCz6HvGqEfFkyChdEU7tUMBwGWa10_qXCTLcyFD4QjHHjwD6s3jdkKQSvKtS6eai1y2STmmti-K8ThH68l3n2mxz7JK8JdKmN99kRqsREeBhsjn_J5td-eaq_iMk-Wcn3v6Q0_UE0nvsr6GVD-N1hL5IxqbdSD-CUok1hAFVvnnGCYX6SpC11xv8lPfk7yKOXx0NdqfIkh8sxa9K4DYC3wH_StjUfl9tDlVPtsN1AievylL4MBGTKcc1_1fVva9CQzCI5FvDIKdzSgS_jOM_BQkx3T6L1gy-HQ0-eoLg1mF3sdg7ep03q4Qa5YlSP1tvs46Zqvm_QB9ifOfXFqGcOQerIuE5tvjO75g4gwobZloDjhOSC-DjP4IWU%26adurl%3D&documentReferer=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fhtml%2Fr20231109%2Fr20110914%2Fzrt_lookup_nohtml_fy2021.html%3Fhello%3Dworld%26fsb%3D1%23RS-3-%26adk%3D1812271801%26client%3Dca-pub-4379353840599633%26fa%3D1%26ifi%3D6%26uci%3Da!6%26btvi%3D4&ancestorOrigins=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Chttps%3A%2F%2Fwinzoro.net&random=9249579024511&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),
Reverse DNS
Software: keycdn /
Resource Hash: 384179ee8fb1fd393558e28ea811532ea776e8cd69f9e94f379ddefb78948bd7

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
cache-control: max-age=604800
content-encoding: gzip
content-length: 552
content-type: text/html
date: Tue, 28 Nov 2023 15:09:46 GMT
etag: "3a2-5c1ab16b3be00-gzip"
expires: Tue, 05 Dec 2023 15:09:46 GMT
last-modified: Thu, 06 May 2021 15:37:28 GMT
link: <https://adv-srv.office-partner.de/?utm_source=webgains&utm_campaign=webgains>; rel="canonical"
server: keycdn
vary: Accept-Encoding
x-accel-version: 0.01
x-cache: HIT
x-edge-location: defr

GET
H2

200

view.aspx Show response
pb.media01.eu/ Frame ED07
Redirect Chain

https://pv.medialead.de/trck/epv/e99aace94e6e58733936cdd965d03e75?subid=68041300110481104444550012522014&t=htlp&gdpr=1&consent=1&gdpr_consent=
https://pb.media01.eu/view.aspx?trackid=529D4F146E3238B0FD87AE72E1190AD4&dt_subid1=52180&dt_subid2=68041300110481104444550012522014&actionid=879111&produktid=ratenkredit&dt_url=

0
201 B

45ms
45ms

Script
text/html

88.198.250.30
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://pb.media01.eu/view.aspx?trackid=529D4F146E3238B0FD87AE72E1190AD4&dt_subid1=52180&dt_subid2=68041300110481104444550012522014&actionid=879111&produktid=ratenkredit&dt_url=

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_nohtml_fy2021.html?hello=world&fsb=1

Protocol

Server

88.198.250.30 , Germany, ASN24940 (HETZNER-AS, DE),

Reverse DNS

static.88-198-250-30.clients.your-server.de

Software

Microsoft-IIS/10.0 / ASP.NET

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 15:09:46 GMT
x-aspnet-version: 4.0.30319
x-powered-by: ASP.NET
p3p: policyref="https://pb.media01.eu/pb.media01.eu/p3p.xml", CP="NOI NID PSA OUR BUS NAV STA"
content-length: 0
x-xss-protection: 1; mode=block
pragma: no-cache
last-modified: Tue, 28 Nov 2023 04:09:46 GMT
server: Microsoft-IIS/10.0
access-control-allow-methods: GET,POST
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Content-Range, Content-Disposition, Content-Description, X-XSRF-TOKEN, X-Location
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

date: Tue, 28 Nov 2023 15:09:46 GMT
strict-transport-security: max-age=15768000
x-iplb-instance: 40027
content-length: 0
proxy-host: pv.medialead.de
attribution-reporting-register-source: {"source_event_id":"17200521800103984","destination":"https://trck.easy-m.de","expiry":5184000,"filter_data":{}}
server: nginx/1.17.5
host: pv.medialead.de
x-iplb-request-id: D972DA1A:B8CC_91EFC182:01BB_656602BA_89165C2:1E879
vary: Origin
content-type: application/javascript
access-control-allow-origin: *
location: https://pb.media01.eu/view.aspx?trackid=529D4F146E3238B0FD87AE72E1190AD4&dt_subid1=52180&dt_subid2=68041300110481104444550012522014&actionid=879111&produktid=ratenkredit&dt_url=
access-control-expose-headers: X-Request-ID
access-control-allow-credentials: true
keep-alive: timeout=20

GET
H/1.1 200
OK e99aace94e6e58733936cdd965d03e75
pv.medialead.de/trck/eview/ Frame ED07 43 B
666 B 339ms
170ms Image
image/gif 145.239.193.130
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pv.medialead.de/trck/eview/e99aace94e6e58733936cdd965d03e75?subid=68041300110481104444550012522014&t=htlp&gdpr=1&consent=1&gdpr_consent=

Requested by

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

145.239.193.130 , France, ASN16276 (OVH, FR),

Reverse DNS

Software

nginx/1.17.5 /

Resource Hash

548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 15:09:46 GMT
strict-transport-security: max-age=15768000
attribution-reporting-register-source: {"source_event_id":"17200521800103984","destination":"https://trck.easy-m.de","expiry":5184000,"filter_data":{}}
server: nginx/1.17.5
host: pv.medialead.de
x-iplb-request-id: D972DA1A:B8DC_91EFC182:01BB_656602BA_89165C3:1E879
x-iplb-instance: 40027
vary: Origin
content-type: image/gif
access-control-allow-origin: *
access-control-expose-headers: X-Request-ID
access-control-allow-credentials: true
keep-alive: timeout=20
content-length: 43
proxy-host: pv.medialead.de

GET
H/1.1 200
OK cshow.php
www.awin1.com/ Frame ED07 43 B
703 B 249ms
80ms Image
image/gif 23.192.250.178
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.awin1.com/cshow.php?s=3266505&v=11601&q=357526&r=113440&pref1=68041300110481104444550012522014&pv=1

Requested by

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

23.192.250.178 Düsseldorf, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-192-250-178.deploy.static.akamaitechnologies.com

Software

Resource Hash

2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 28 Nov 2023 15:09:46 GMT
Strict-Transport-Security: max-age=86400
Node: Helix
Content-Type: image/gif
P3P: policyref="http://www.awin1.com/w3c/p3p.xml", CP="NOI NID CURa ADMa PSAa HISa OUR IND UNI PUR COM NAV"
Cache-Control: no-store, no-cache, max-age=0, must-revalidate
Awin-Akamai-Rule-Set: default
Connection: keep-alive
Content-Length: 43
Expires: 0

GET
H2

200

view.aspx Show response
pb.media01.eu/ Frame CBBA
Redirect Chain

https://pv.medialead.de/trck/epv/e99aace94e6e5873881d3400993e1e7e?subid=43386400105630004444556012522021&t=htlp&gdpr=1&consent=1&gdpr_consent=
https://pb.media01.eu/view.aspx?trackid=529D4F146E3238B0FD87AE72E1190AD4&dt_subid1=52180&dt_subid2=43386400105630004444556012522021&actionid=879111&produktid=ratenkredit&dt_url=

0
201 B

104ms
57ms

Document
text/html

88.198.250.30
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://pb.media01.eu/view.aspx?trackid=529D4F146E3238B0FD87AE72E1190AD4&dt_subid1=52180&dt_subid2=43386400105630004444556012522021&actionid=879111&produktid=ratenkredit&dt_url=

Requested by

Host: hal900021.redintelligence.net
URL: https://hal900021.redintelligence.net/request.php?zone=33lgkyejwpt3&nw=20&renderingType=javascript&namespace=638bfa079b&subid=&uid=252e23df6f0af527&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=0x0&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCmpGhuQJmZbJctpuIzQ_HnK-QBqblvaBpnZycp8kP8C4QASDjkNURYJX68IGMB8gBCakCA7dZa_pfsj6oAwHIA5sEqgTaAU_QsWD68xTfwghn6e1fdh9N-hXdHKZvwcifkLIokQS5Oe534hQDZwhCk1tHJqurbh4zdmzeG6Ljk8SOjJVpCGv1v56rLEJmXZojlPobJlBcV-_wGhY5WVilBgzqtpTfugcRvlEqcbmefUxEio0phXDl_z5wP7Oh6jMYFOL6_43ZTPio4FaUt596E53cbIdpuNZUjzcZgpqo9xYABniZxWlqyaGgu3S2yUyUdL2pjPdtmnA0g9mq83LQtEb4w7q_CWwOnG0FoC_fZxG4dPvbI6B39bngIQWOuNc_wATrj_yO9wPgBAOIBe-vlog-kAYBoAZNgAesrfWfA6gH2baxAqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCB8IgOGAEBABGB8yAqoCOgKAQEi9_cE6WPjgrPj85oIDgAoBmAsByAsBgAwBogwYKhYKFOS0sQLutbECtbixAuS0sQLutbECqg0CREWwE4fvsRXQEwDYEwOIFAHYFAHQFQH4FgGAFwE%26ae%3D1%26num%3D1%26cid%3DCAQSTwDICaaNxYoVwZ0MAhokayQsDWi_3xXlWWVNNCWhnPDnV8vjOTyq4IRVgKeK27hO6iR9x8L9ZyPeRAqQyxsk7NHRyhPc0uzfNGG1KaUBJccYAQ%26sig%3DAOD64_3TFRKf0Gt_dMg5crG6bOOqwajkfQ%26client%3Dca-pub-4379353840599633%26dbm_c%3DAKAmf-B6vTSZai_eZjl35Yqt4Rg6cr_AENJOJBUcQxQddagVRZdSZRYVSICZXBksg4BTWPN-KwPLVupTXHpUuUU9OYN-dgC8jkBEzkVkm2rTawPH6Woc6R-0DdQ0e5Ch5KjlqpYMfNTBW6uWD9kYhr-Ap4Sq_krMti0theYhaI4N_zHyd4Ksiwo%26cry%3D1%26dbm_d%3DAKAmf-AFLQt33uIhJ4Dy6ywp761nqJjwOSuX4T2JnBOILKCzrSaBpvueUCLXoobTKApM9Zq5UD_r_3QkxW680lC_BWvhwUQu1P9WjKA8bB0ST5KTqtKK7cfNPQ6ONWcrVtemZHHpaX4PODdM0wd8QKJmefbHF4Ym06kOnHHyQidrzc82GoosxsjvGxoPx-TzlRD2fG5JuaBJEhu3JkSQnj1T_fHYJ7Ssy1wO0gGiP14ByHtiIokuH6jJwGlJABWACjZlGp1Ndh0md4GzU4Gs8-DlLBcQ7EUavhA6MQMsyLKnQr86uXwi237S9VZ60jJeOvtYVSYUB5MNhJ0P7TERkZjgGgKchjY0RgjiKj10mhMIKYDe8_T_ReuOMkFXYCy_bfG3DMSDg7Cp-CXjA8WpSp8SVGJSq72C7a4lRf6fRsKhAA4Vm4Rgxki3GzYK-k-6px06F8bzYJpQcxjsf1obzFOdp1XSxld-kPD1Atk9s0L5UA05XhuckpwKPNRIjYBn_2d_BaK0I5C7XgKehrSxn_F-jYfUJIRk1dNUw6VuYgB-vC0XKS5A284%26adurl%3D&documentReferer=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fhtml%2Fr20231109%2Fr20110914%2Fzrt_lookup_nohtml_fy2021.html%3Fhello%3Dworld%26fsb%3D1%23RS-1-%26adk%3D1812271803%26client%3Dca-pub-4379353840599633%26fa%3D3%26ifi%3D4%26uci%3Da!4%26btvi%3D2&ancestorOrigins=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Chttps%3A%2F%2Fwinzoro.net&random=648595421891&isIframe=1&container=&adPos=0x0&adPosCheck=0x0&adtagId=0

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

88.198.250.30 , Germany, ASN24940 (HETZNER-AS, DE),

Reverse DNS

static.88-198-250-30.clients.your-server.de

Software

Microsoft-IIS/10.0 / ASP.NET

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	1; mode=block

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Content-Range, Content-Disposition, Content-Description, X-XSRF-TOKEN, X-Location
access-control-allow-methods: GET,POST
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
content-length: 0
content-type: text/html; charset=UTF-8
date: Tue, 28 Nov 2023 15:09:46 GMT
expires: Mon, 26 Jul 1997 05:00:00 GMT
last-modified: Tue, 28 Nov 2023 04:09:46 GMT
p3p: policyref="https://pb.media01.eu/pb.media01.eu/p3p.xml", CP="NOI NID PSA OUR BUS NAV STA"
pragma: no-cache
server: Microsoft-IIS/10.0
x-aspnet-version: 4.0.30319
x-powered-by: ASP.NET
x-xss-protection: 1; mode=block

Redirect headers

access-control-allow-credentials: true
access-control-allow-origin: *
access-control-expose-headers: X-Request-ID
attribution-reporting-register-source: {"source_event_id":"17200521800104416","destination":"https://trck.easy-m.de","expiry":5184000,"filter_data":{}}
content-length: 0
content-type: application/javascript
date: Tue, 28 Nov 2023 15:09:46 GMT
host: pv.medialead.de
keep-alive: timeout=20
location: https://pb.media01.eu/view.aspx?trackid=529D4F146E3238B0FD87AE72E1190AD4&dt_subid1=52180&dt_subid2=43386400105630004444556012522021&actionid=879111&produktid=ratenkredit&dt_url=
proxy-host: pv.medialead.de
server: nginx/1.17.5
strict-transport-security: max-age=15768000
vary: Origin
x-iplb-instance: 40028
x-iplb-request-id: D972DA1A:B8D0_91EFC182:01BB_656602BA_89BCD9A:1A42A

GET
H2 200 / Show response
adv.office-partner.de/ Frame A57A 930 B
922 B 186ms
20ms Document
text/html 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to

Full URL: https://adv.office-partner.de/?utm_source=webgains&utm_campaign=webgains
Requested by: Host: hal900021.redintelligence.net
URL: https://hal900021.redintelligence.net/request.php?zone=33lgkyejwpt3&nw=20&renderingType=javascript&namespace=638bfa079b&subid=&uid=252e23df6f0af527&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=0x0&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCmpGhuQJmZbJctpuIzQ_HnK-QBqblvaBpnZycp8kP8C4QASDjkNURYJX68IGMB8gBCakCA7dZa_pfsj6oAwHIA5sEqgTaAU_QsWD68xTfwghn6e1fdh9N-hXdHKZvwcifkLIokQS5Oe534hQDZwhCk1tHJqurbh4zdmzeG6Ljk8SOjJVpCGv1v56rLEJmXZojlPobJlBcV-_wGhY5WVilBgzqtpTfugcRvlEqcbmefUxEio0phXDl_z5wP7Oh6jMYFOL6_43ZTPio4FaUt596E53cbIdpuNZUjzcZgpqo9xYABniZxWlqyaGgu3S2yUyUdL2pjPdtmnA0g9mq83LQtEb4w7q_CWwOnG0FoC_fZxG4dPvbI6B39bngIQWOuNc_wATrj_yO9wPgBAOIBe-vlog-kAYBoAZNgAesrfWfA6gH2baxAqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCB8IgOGAEBABGB8yAqoCOgKAQEi9_cE6WPjgrPj85oIDgAoBmAsByAsBgAwBogwYKhYKFOS0sQLutbECtbixAuS0sQLutbECqg0CREWwE4fvsRXQEwDYEwOIFAHYFAHQFQH4FgGAFwE%26ae%3D1%26num%3D1%26cid%3DCAQSTwDICaaNxYoVwZ0MAhokayQsDWi_3xXlWWVNNCWhnPDnV8vjOTyq4IRVgKeK27hO6iR9x8L9ZyPeRAqQyxsk7NHRyhPc0uzfNGG1KaUBJccYAQ%26sig%3DAOD64_3TFRKf0Gt_dMg5crG6bOOqwajkfQ%26client%3Dca-pub-4379353840599633%26dbm_c%3DAKAmf-B6vTSZai_eZjl35Yqt4Rg6cr_AENJOJBUcQxQddagVRZdSZRYVSICZXBksg4BTWPN-KwPLVupTXHpUuUU9OYN-dgC8jkBEzkVkm2rTawPH6Woc6R-0DdQ0e5Ch5KjlqpYMfNTBW6uWD9kYhr-Ap4Sq_krMti0theYhaI4N_zHyd4Ksiwo%26cry%3D1%26dbm_d%3DAKAmf-AFLQt33uIhJ4Dy6ywp761nqJjwOSuX4T2JnBOILKCzrSaBpvueUCLXoobTKApM9Zq5UD_r_3QkxW680lC_BWvhwUQu1P9WjKA8bB0ST5KTqtKK7cfNPQ6ONWcrVtemZHHpaX4PODdM0wd8QKJmefbHF4Ym06kOnHHyQidrzc82GoosxsjvGxoPx-TzlRD2fG5JuaBJEhu3JkSQnj1T_fHYJ7Ssy1wO0gGiP14ByHtiIokuH6jJwGlJABWACjZlGp1Ndh0md4GzU4Gs8-DlLBcQ7EUavhA6MQMsyLKnQr86uXwi237S9VZ60jJeOvtYVSYUB5MNhJ0P7TERkZjgGgKchjY0RgjiKj10mhMIKYDe8_T_ReuOMkFXYCy_bfG3DMSDg7Cp-CXjA8WpSp8SVGJSq72C7a4lRf6fRsKhAA4Vm4Rgxki3GzYK-k-6px06F8bzYJpQcxjsf1obzFOdp1XSxld-kPD1Atk9s0L5UA05XhuckpwKPNRIjYBn_2d_BaK0I5C7XgKehrSxn_F-jYfUJIRk1dNUw6VuYgB-vC0XKS5A284%26adurl%3D&documentReferer=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fhtml%2Fr20231109%2Fr20110914%2Fzrt_lookup_nohtml_fy2021.html%3Fhello%3Dworld%26fsb%3D1%23RS-1-%26adk%3D1812271803%26client%3Dca-pub-4379353840599633%26fa%3D3%26ifi%3D4%26uci%3Da!4%26btvi%3D2&ancestorOrigins=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Chttps%3A%2F%2Fwinzoro.net&random=648595421891&isIframe=1&container=&adPos=0x0&adPosCheck=0x0&adtagId=0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),
Reverse DNS
Software: keycdn /
Resource Hash: 384179ee8fb1fd393558e28ea811532ea776e8cd69f9e94f379ddefb78948bd7

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
cache-control: max-age=604800
content-encoding: gzip
content-length: 552
content-type: text/html
date: Tue, 28 Nov 2023 15:09:46 GMT
etag: "3a2-5c1ab16b3be00-gzip"
expires: Tue, 05 Dec 2023 15:09:46 GMT
last-modified: Thu, 06 May 2021 15:37:28 GMT
link: <https://adv-srv.office-partner.de/?utm_source=webgains&utm_campaign=webgains>; rel="canonical"
server: keycdn
vary: Accept-Encoding
x-accel-version: 0.01
x-cache: HIT
x-edge-location: defr

GET
H2 200 link.html Show response
track.webgains.com/ Frame 561E 2 KB
2 KB 250ms
82ms Script
text/html 18.130.109.49
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://track.webgains.com/link.html?wglinkid=2513145&wgcampaignid=99582&js=1&viewref=43386400105630004444556012522021&nw=1
Requested by: Host: winzoro.net
URL: https://winzoro.net/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.130.109.49 London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-130-109-49.eu-west-2.compute.amazonaws.com
Software: nginx / PHP/7.4.26
Resource Hash: 0ec4645f8705b4f67c953b9af5e81faf1750314f556f6849d7dfdc5f1c654ceb

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 15:09:46 GMT
last-modified: Tue, 28 Nov 2023 15:09:46 GMT
server: nginx
x-powered-by: PHP/7.4.26
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=60
access-control-allow-headers: Authorization
expires: Tue, 28 Nov 2023 15:10:46 GMT

GET
H2

200

activityi;dc_pre=CImwk_n85oIDFXzVOwIdTr0CEw;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=1810338386504.3154 Show response
5994599.fls.doubleclick.net/ Frame B141
Redirect Chain

https://5994599.fls.doubleclick.net/activityi;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=1810338386504.3154?
https://5994599.fls.doubleclick.net/activityi;dc_pre=CImwk_n85oIDFXzVOwIdTr0CEw;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=1810338386504.3154?

392 B
324 B

67ms
66ms

Document
text/html

142.250.186.166
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://5994599.fls.doubleclick.net/activityi;dc_pre=CImwk_n85oIDFXzVOwIdTr0CEw;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=1810338386504.3154?

Requested by

Host: winzoro.net
URL: https://winzoro.net/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.166 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f6.1e100.net

Software

cafe /

Resource Hash

01da1a0bfe86a9547ede24c96cd97f5e3975a2c7d6b47558c775380717d9e6b8

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=0
content-encoding: br
content-length: 215
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 28 Nov 2023 15:09:46 GMT
expires: Tue, 28 Nov 2023 15:09:46 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
strict-transport-security: max-age=21600
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, must-revalidate
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 28 Nov 2023 15:09:46 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
follow-only-when-prerender-shown: 1
location: https://5994599.fls.doubleclick.net/activityi;dc_pre=CImwk_n85oIDFXzVOwIdTr0CEw;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=1810338386504.3154?
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma: no-cache
server: cafe
strict-transport-security: max-age=21600
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H/1.1 200
OK request_content.php Show response
hal900021.redintelligence.net/ Frame 0982 7 KB
2 KB 85ms
28ms Document
text/html 144.76.238.55
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900021.redintelligence.net/request_content.php?s=43386400105630004444556012522021&a=e746b33f
Requested by: Host: hal900021.redintelligence.net
URL: https://hal900021.redintelligence.net/request.php?zone=33lgkyejwpt3&nw=20&renderingType=javascript&namespace=638bfa079b&subid=&uid=252e23df6f0af527&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=0x0&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCmpGhuQJmZbJctpuIzQ_HnK-QBqblvaBpnZycp8kP8C4QASDjkNURYJX68IGMB8gBCakCA7dZa_pfsj6oAwHIA5sEqgTaAU_QsWD68xTfwghn6e1fdh9N-hXdHKZvwcifkLIokQS5Oe534hQDZwhCk1tHJqurbh4zdmzeG6Ljk8SOjJVpCGv1v56rLEJmXZojlPobJlBcV-_wGhY5WVilBgzqtpTfugcRvlEqcbmefUxEio0phXDl_z5wP7Oh6jMYFOL6_43ZTPio4FaUt596E53cbIdpuNZUjzcZgpqo9xYABniZxWlqyaGgu3S2yUyUdL2pjPdtmnA0g9mq83LQtEb4w7q_CWwOnG0FoC_fZxG4dPvbI6B39bngIQWOuNc_wATrj_yO9wPgBAOIBe-vlog-kAYBoAZNgAesrfWfA6gH2baxAqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCB8IgOGAEBABGB8yAqoCOgKAQEi9_cE6WPjgrPj85oIDgAoBmAsByAsBgAwBogwYKhYKFOS0sQLutbECtbixAuS0sQLutbECqg0CREWwE4fvsRXQEwDYEwOIFAHYFAHQFQH4FgGAFwE%26ae%3D1%26num%3D1%26cid%3DCAQSTwDICaaNxYoVwZ0MAhokayQsDWi_3xXlWWVNNCWhnPDnV8vjOTyq4IRVgKeK27hO6iR9x8L9ZyPeRAqQyxsk7NHRyhPc0uzfNGG1KaUBJccYAQ%26sig%3DAOD64_3TFRKf0Gt_dMg5crG6bOOqwajkfQ%26client%3Dca-pub-4379353840599633%26dbm_c%3DAKAmf-B6vTSZai_eZjl35Yqt4Rg6cr_AENJOJBUcQxQddagVRZdSZRYVSICZXBksg4BTWPN-KwPLVupTXHpUuUU9OYN-dgC8jkBEzkVkm2rTawPH6Woc6R-0DdQ0e5Ch5KjlqpYMfNTBW6uWD9kYhr-Ap4Sq_krMti0theYhaI4N_zHyd4Ksiwo%26cry%3D1%26dbm_d%3DAKAmf-AFLQt33uIhJ4Dy6ywp761nqJjwOSuX4T2JnBOILKCzrSaBpvueUCLXoobTKApM9Zq5UD_r_3QkxW680lC_BWvhwUQu1P9WjKA8bB0ST5KTqtKK7cfNPQ6ONWcrVtemZHHpaX4PODdM0wd8QKJmefbHF4Ym06kOnHHyQidrzc82GoosxsjvGxoPx-TzlRD2fG5JuaBJEhu3JkSQnj1T_fHYJ7Ssy1wO0gGiP14ByHtiIokuH6jJwGlJABWACjZlGp1Ndh0md4GzU4Gs8-DlLBcQ7EUavhA6MQMsyLKnQr86uXwi237S9VZ60jJeOvtYVSYUB5MNhJ0P7TERkZjgGgKchjY0RgjiKj10mhMIKYDe8_T_ReuOMkFXYCy_bfG3DMSDg7Cp-CXjA8WpSp8SVGJSq72C7a4lRf6fRsKhAA4Vm4Rgxki3GzYK-k-6px06F8bzYJpQcxjsf1obzFOdp1XSxld-kPD1Atk9s0L5UA05XhuckpwKPNRIjYBn_2d_BaK0I5C7XgKehrSxn_F-jYfUJIRk1dNUw6VuYgB-vC0XKS5A284%26adurl%3D&documentReferer=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fhtml%2Fr20231109%2Fr20110914%2Fzrt_lookup_nohtml_fy2021.html%3Fhello%3Dworld%26fsb%3D1%23RS-1-%26adk%3D1812271803%26client%3Dca-pub-4379353840599633%26fa%3D3%26ifi%3D4%26uci%3Da!4%26btvi%3D2&ancestorOrigins=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Chttps%3A%2F%2Fwinzoro.net&random=648595421891&isIframe=1&container=&adPos=0x0&adPosCheck=0x0&adtagId=0
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 144.76.238.55 Nuremberg, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.55.238.76.144.clients.your-server.de
Software: Apache /
Resource Hash: cddc41ae148015d5b0670b5e871ff09ea1ff93bbf335b07964ba4bb2044c5118

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Connection: close
Content-Encoding: gzip
Content-Length: 2042
Content-Type: text/html; charset=utf-8
Date: Tue, 28 Nov 2023 15:09:46 GMT
Expires: Tue, 28 Nov 2023 15:09:46 +0100
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Pragma: no-cache
Server: Apache
Vary: Accept-Encoding

GET
H/1.1

200
OK

e99aace94e6e5873881d3400993e1e7e
pv.medialead.de/trck/eview/ Frame 561E
Redirect Chain

https://medialead.de/trck/eview/e99aace94e6e5873881d3400993e1e7e?subid=43386400105630004444556012522021&t=htlp&gdpr=1&consent=1&gdpr_consent=
https://pv.medialead.de/trck/eview/e99aace94e6e5873881d3400993e1e7e?subid=43386400105630004444556012522021&t=htlp&gdpr=1&consent=1&gdpr_consent=

43 B
666 B

203ms
66ms

Image
image/gif

145.239.193.130
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pv.medialead.de/trck/eview/e99aace94e6e5873881d3400993e1e7e?subid=43386400105630004444556012522021&t=htlp&gdpr=1&consent=1&gdpr_consent=

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_nohtml_fy2021.html?hello=world&fsb=1

Protocol

HTTP/1.1

Server

145.239.193.130 , France, ASN16276 (OVH, FR),

Reverse DNS

Software

nginx/1.17.5 /

Resource Hash

548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 15:09:46 GMT
strict-transport-security: max-age=15768000
attribution-reporting-register-source: {"source_event_id":"17200521800104416","destination":"https://trck.easy-m.de","expiry":5184000,"filter_data":{}}
server: nginx/1.17.5
host: pv.medialead.de
x-iplb-request-id: D972DA1A:B8D2_91EFC182:01BB_656602BA_89C1D4C:1A42B
x-iplb-instance: 40028
vary: Origin
content-type: image/gif
access-control-allow-origin: *
access-control-expose-headers: X-Request-ID
access-control-allow-credentials: true
keep-alive: timeout=20
content-length: 43
proxy-host: pv.medialead.de

Redirect headers

location: https://pv.medialead.de/trck/eview/e99aace94e6e5873881d3400993e1e7e?subid=43386400105630004444556012522021&t=htlp&gdpr=1&consent=1&gdpr_consent=
date: Tue, 28 Nov 2023 15:09:46 GMT
server: nginx
content-length: 138
content-type: text/html

GET
H/1.1 200
OK cshow.php
www.awin1.com/ Frame 561E 43 B
703 B 265ms
101ms Image
image/gif 23.192.250.178
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.awin1.com/cshow.php?s=3266505&v=11601&q=357526&r=113440&pref1=43386400105630004444556012522021&pv=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_nohtml_fy2021.html?hello=world&fsb=1

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

23.192.250.178 Düsseldorf, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-192-250-178.deploy.static.akamaitechnologies.com

Software

Resource Hash

2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 28 Nov 2023 15:09:46 GMT
Strict-Transport-Security: max-age=86400
Node: Helix
Content-Type: image/gif
P3P: policyref="http://www.awin1.com/w3c/p3p.xml", CP="NOI NID CURa ADMa PSAa HISa OUR IND UNI PUR COM NAV"
Cache-Control: no-store, no-cache, max-age=0, must-revalidate
Awin-Akamai-Rule-Set: default
Connection: keep-alive
Content-Length: 43
Expires: 0

GET
H2

200

view.aspx Show response
pb.media01.eu/ Frame 211E
Redirect Chain

https://pv.medialead.de/trck/epv/e99aace94e6e58733936cdd965d03e75?subid=36625300121049404444556012522008&t=htlp&gdpr=1&consent=1&gdpr_consent=
https://pb.media01.eu/view.aspx?trackid=529D4F146E3238B0FD87AE72E1190AD4&dt_subid1=52180&dt_subid2=36625300121049404444556012522008&actionid=879111&produktid=ratenkredit&dt_url=

0
629 B

123ms
52ms

Document
text/html

88.198.250.30
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://pb.media01.eu/view.aspx?trackid=529D4F146E3238B0FD87AE72E1190AD4&dt_subid1=52180&dt_subid2=36625300121049404444556012522008&actionid=879111&produktid=ratenkredit&dt_url=

Requested by

Host: hal90008.redintelligence.net
URL: https://hal90008.redintelligence.net/request.php?zone=33lgkyejwpt3&nw=20&renderingType=javascript&namespace=0f97c8a90e&subid=&uid=d3de573af03af6de&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=0x0&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCztzpuQJmZbNctpuIzQ_HnK-QBqblvaBpnZycp8kP8C4QASDjkNURYJX68IGMB8gBCakCA7dZa_pfsj6oAwHIA5sEqgTaAU_Q1pwmMXbxYv2hDlAa_BuV9BUEYFuq8hYvevxkFmOlhgOMx4O4rDnmg60R-DQkWl70B06xlgeQPVe1ZXhw_eQ2W-W6QkF9vt2Ot7lZ0TUcyeJ8nw__xEmuWFlyu4VJZSR_DbBURa7Q4Fh-mnqjvodmi5DYqXlAw0zo17i7ef_b7enjsJvTlbods529wLlqwq4rJ99vtbwoZO4no9JFfdyP9FQDRGbtsMnt_wyw5Dnz5OTz04ayP0KtJ-6aTyVlxPtefyHF_C_kHQ-a-UKrcO3UoYeItI_bjQjXwATrj_yO9wPgBAOIBe-vlog-kAYBoAZNgAesrfWfA6gH2baxAqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCB8IgOGAEBABGB8yAqoCOgKAQEi9_cE6WPjgrPj85oIDgAoBmAsByAsBgAwBogwYKhYKFOS0sQLutbECtbixAuS0sQLutbECqg0CREWwE4fvsRXQEwDYEwOIFAHYFAHQFQH4FgGAFwE%26ae%3D1%26num%3D1%26cid%3DCAQSTwDICaaNxYoVwZ0MAhokayQsDWi_3xXlWWVNNCWhnPDnV8vjOTyq4IRVgKeK27hO6iR9x8L9ZyPeRAqQyxsk7NHRyhPc0uzfNGG1KaUBJccYAQ%26sig%3DAOD64_2TsC5OeUrOFmcita4gFBWFFL8GmA%26client%3Dca-pub-4379353840599633%26dbm_c%3DAKAmf-C1Ses8_F1AzT5iR2MCq09nytyRfOGkjrV0qZD24IvK9WeuYuHkrUznB464SQ-UUF_hqSPYouY4122npB52auil7Iwqf7v1ICf_Q1mKgU3LczVbvbNP1heznAfgeotRW4r0mPpkupD86osdFq5FDeWw5QpF9PHqp-wdqdDEZ9y3jdGEStQ%26cry%3D1%26dbm_d%3DAKAmf-CDnMHjLQwt3Gg2GyNWcDmh9LeDEVnCmAhWI82o95KQiwVy4Up-qVkxb09N2ZAwn-86cVON_oA0UU2N8mRLW5rlB-QyVNt2aDSe_8ygal-Xm5pwhdN1V7gL3Avsb0QVJ4BiBFphDy2K4t42QXqph9uAHRUIcepXm-bNRpOdz8O9BHzaNTsgyNWM4zj7yVszuw0JvQQkH0YT7sbOw5Lntvi-Z8qoiIGDYAUR9X2H9E6Jzrrkot7ToqvDCWQ1fRdJerV_deLZadMLEzVU5bPDjglThrvGmQ3KppN19cWlBbkMOTsNPANt9QR7-9WU4lw4CS7lZju2uoUSmYflnY8FTvJGeqXDKEa-oUvxEq2lW_Ye6lojAR4z84uGnc4z2XpU2xFBRFf_9t6gCcgmRDIwnttZ43ji-6k1QlUEJnMN6S19Pb8H2BQpo25UBCD53c8uN_Nz104OY_OgsqHJdrL0JuHe9FPGeb8ZMj7gxoO2RT8zK8ffqltRoFClry9fo5Spb7HbLxT7Smw51Lc8IywGr8zv-2fOJZufhyDAoOPB6NLCBOZuiko%26adurl%3D&documentReferer=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fhtml%2Fr20231109%2Fr20110914%2Fzrt_lookup_nohtml_fy2021.html%3Fhello%3Dworld%26fsb%3D1%23RS-2-%26adk%3D1812271804%26client%3Dca-pub-4379353840599633%26fa%3D4%26ifi%3D5%26uci%3Da!5%26btvi%3D3&ancestorOrigins=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Chttps%3A%2F%2Fwinzoro.net&random=4134827085749&isIframe=1&container=&adPos=0x0&adPosCheck=0x0&adtagId=0

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

88.198.250.30 , Germany, ASN24940 (HETZNER-AS, DE),

Reverse DNS

static.88-198-250-30.clients.your-server.de

Software

Microsoft-IIS/10.0 / ASP.NET

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	1; mode=block

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Content-Range, Content-Disposition, Content-Description, X-XSRF-TOKEN, X-Location
access-control-allow-methods: GET,POST
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
content-length: 0
content-type: text/html; charset=UTF-8
date: Tue, 28 Nov 2023 15:09:46 GMT
expires: Mon, 26 Jul 1997 05:00:00 GMT
last-modified: Tue, 28 Nov 2023 04:09:46 GMT
p3p: policyref="https://pb.media01.eu/pb.media01.eu/p3p.xml", CP="NOI NID PSA OUR BUS NAV STA"
pragma: no-cache
server: Microsoft-IIS/10.0
x-aspnet-version: 4.0.30319
x-powered-by: ASP.NET
x-xss-protection: 1; mode=block

Redirect headers

access-control-allow-credentials: true
access-control-allow-origin: *
access-control-expose-headers: X-Request-ID
attribution-reporting-register-source: {"source_event_id":"17200521800103984","destination":"https://trck.easy-m.de","expiry":5184000,"filter_data":{}}
content-length: 0
content-type: application/javascript
date: Tue, 28 Nov 2023 15:09:46 GMT
host: pv.medialead.de
keep-alive: timeout=20
location: https://pb.media01.eu/view.aspx?trackid=529D4F146E3238B0FD87AE72E1190AD4&dt_subid1=52180&dt_subid2=36625300121049404444556012522008&actionid=879111&produktid=ratenkredit&dt_url=
proxy-host: pv.medialead.de
server: nginx/1.17.5
strict-transport-security: max-age=15768000
vary: Origin
x-iplb-instance: 40028
x-iplb-request-id: D972DA1A:B8CE_91EFC182:01BB_656602BA_89C747B:1A428

GET
H2 200 / Show response
adv.office-partner.de/ Frame 903D 930 B
922 B 28ms
20ms Document
text/html 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to

Full URL: https://adv.office-partner.de/?utm_source=webgains&utm_campaign=webgains
Requested by: Host: hal90008.redintelligence.net
URL: https://hal90008.redintelligence.net/request.php?zone=33lgkyejwpt3&nw=20&renderingType=javascript&namespace=0f97c8a90e&subid=&uid=d3de573af03af6de&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=0x0&scrollPos=0x0&extData[]=&extVar[]=DV360_SSP%3A1&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCztzpuQJmZbNctpuIzQ_HnK-QBqblvaBpnZycp8kP8C4QASDjkNURYJX68IGMB8gBCakCA7dZa_pfsj6oAwHIA5sEqgTaAU_Q1pwmMXbxYv2hDlAa_BuV9BUEYFuq8hYvevxkFmOlhgOMx4O4rDnmg60R-DQkWl70B06xlgeQPVe1ZXhw_eQ2W-W6QkF9vt2Ot7lZ0TUcyeJ8nw__xEmuWFlyu4VJZSR_DbBURa7Q4Fh-mnqjvodmi5DYqXlAw0zo17i7ef_b7enjsJvTlbods529wLlqwq4rJ99vtbwoZO4no9JFfdyP9FQDRGbtsMnt_wyw5Dnz5OTz04ayP0KtJ-6aTyVlxPtefyHF_C_kHQ-a-UKrcO3UoYeItI_bjQjXwATrj_yO9wPgBAOIBe-vlog-kAYBoAZNgAesrfWfA6gH2baxAqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCB8IgOGAEBABGB8yAqoCOgKAQEi9_cE6WPjgrPj85oIDgAoBmAsByAsBgAwBogwYKhYKFOS0sQLutbECtbixAuS0sQLutbECqg0CREWwE4fvsRXQEwDYEwOIFAHYFAHQFQH4FgGAFwE%26ae%3D1%26num%3D1%26cid%3DCAQSTwDICaaNxYoVwZ0MAhokayQsDWi_3xXlWWVNNCWhnPDnV8vjOTyq4IRVgKeK27hO6iR9x8L9ZyPeRAqQyxsk7NHRyhPc0uzfNGG1KaUBJccYAQ%26sig%3DAOD64_2TsC5OeUrOFmcita4gFBWFFL8GmA%26client%3Dca-pub-4379353840599633%26dbm_c%3DAKAmf-C1Ses8_F1AzT5iR2MCq09nytyRfOGkjrV0qZD24IvK9WeuYuHkrUznB464SQ-UUF_hqSPYouY4122npB52auil7Iwqf7v1ICf_Q1mKgU3LczVbvbNP1heznAfgeotRW4r0mPpkupD86osdFq5FDeWw5QpF9PHqp-wdqdDEZ9y3jdGEStQ%26cry%3D1%26dbm_d%3DAKAmf-CDnMHjLQwt3Gg2GyNWcDmh9LeDEVnCmAhWI82o95KQiwVy4Up-qVkxb09N2ZAwn-86cVON_oA0UU2N8mRLW5rlB-QyVNt2aDSe_8ygal-Xm5pwhdN1V7gL3Avsb0QVJ4BiBFphDy2K4t42QXqph9uAHRUIcepXm-bNRpOdz8O9BHzaNTsgyNWM4zj7yVszuw0JvQQkH0YT7sbOw5Lntvi-Z8qoiIGDYAUR9X2H9E6Jzrrkot7ToqvDCWQ1fRdJerV_deLZadMLEzVU5bPDjglThrvGmQ3KppN19cWlBbkMOTsNPANt9QR7-9WU4lw4CS7lZju2uoUSmYflnY8FTvJGeqXDKEa-oUvxEq2lW_Ye6lojAR4z84uGnc4z2XpU2xFBRFf_9t6gCcgmRDIwnttZ43ji-6k1QlUEJnMN6S19Pb8H2BQpo25UBCD53c8uN_Nz104OY_OgsqHJdrL0JuHe9FPGeb8ZMj7gxoO2RT8zK8ffqltRoFClry9fo5Spb7HbLxT7Smw51Lc8IywGr8zv-2fOJZufhyDAoOPB6NLCBOZuiko%26adurl%3D&documentReferer=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fhtml%2Fr20231109%2Fr20110914%2Fzrt_lookup_nohtml_fy2021.html%3Fhello%3Dworld%26fsb%3D1%23RS-2-%26adk%3D1812271804%26client%3Dca-pub-4379353840599633%26fa%3D4%26ifi%3D5%26uci%3Da!5%26btvi%3D3&ancestorOrigins=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Chttps%3A%2F%2Fwinzoro.net&random=4134827085749&isIframe=1&container=&adPos=0x0&adPosCheck=0x0&adtagId=0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),
Reverse DNS
Software: keycdn /
Resource Hash: 384179ee8fb1fd393558e28ea811532ea776e8cd69f9e94f379ddefb78948bd7

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
cache-control: max-age=604800
content-encoding: gzip
content-length: 552
content-type: text/html
date: Tue, 28 Nov 2023 15:09:46 GMT
etag: "3a2-5c1ab16b3be00-gzip"
expires: Tue, 05 Dec 2023 15:09:46 GMT
last-modified: Thu, 06 May 2021 15:37:28 GMT
link: <https://adv-srv.office-partner.de/?utm_source=webgains&utm_campaign=webgains>; rel="canonical"
server: keycdn
vary: Accept-Encoding
x-accel-version: 0.01
x-cache: HIT
x-edge-location: defr

GET
H2

200

view.aspx Show response
pb.media01.eu/ Frame 6F95
Redirect Chain

https://pv.medialead.de/trck/epv/e99aace94e6e58733936cdd965d03e75?subid=36625300121049404444556012522008&t=htlp&gdpr=1&consent=1&gdpr_consent=
https://pb.media01.eu/view.aspx?trackid=529D4F146E3238B0FD87AE72E1190AD4&dt_subid1=52180&dt_subid2=36625300121049404444556012522008&actionid=879111&produktid=ratenkredit&dt_url=

0
202 B

115ms
55ms

Script
text/html

88.198.250.30
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://pb.media01.eu/view.aspx?trackid=529D4F146E3238B0FD87AE72E1190AD4&dt_subid1=52180&dt_subid2=36625300121049404444556012522008&actionid=879111&produktid=ratenkredit&dt_url=

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_nohtml_fy2021.html?hello=world&fsb=1

Protocol

Server

88.198.250.30 , Germany, ASN24940 (HETZNER-AS, DE),

Reverse DNS

static.88-198-250-30.clients.your-server.de

Software

Microsoft-IIS/10.0 / ASP.NET

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 15:09:46 GMT
x-aspnet-version: 4.0.30319
x-powered-by: ASP.NET
p3p: policyref="https://pb.media01.eu/pb.media01.eu/p3p.xml", CP="NOI NID PSA OUR BUS NAV STA"
content-length: 0
x-xss-protection: 1; mode=block
pragma: no-cache
last-modified: Tue, 28 Nov 2023 04:09:46 GMT
server: Microsoft-IIS/10.0
access-control-allow-methods: GET,POST
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Content-Range, Content-Disposition, Content-Description, X-XSRF-TOKEN, X-Location
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

date: Tue, 28 Nov 2023 15:09:46 GMT
strict-transport-security: max-age=15768000
x-iplb-instance: 40027
content-length: 0
proxy-host: pv.medialead.de
attribution-reporting-register-source: {"source_event_id":"17200521800103984","destination":"https://trck.easy-m.de","expiry":5184000,"filter_data":{}}
server: nginx/1.17.5
host: pv.medialead.de
x-iplb-request-id: D972DA1A:B8DE_91EFC182:01BB_656602BA_8913D31:1E878
vary: Origin
content-type: application/javascript
access-control-allow-origin: *
location: https://pb.media01.eu/view.aspx?trackid=529D4F146E3238B0FD87AE72E1190AD4&dt_subid1=52180&dt_subid2=36625300121049404444556012522008&actionid=879111&produktid=ratenkredit&dt_url=
access-control-expose-headers: X-Request-ID
access-control-allow-credentials: true
keep-alive: timeout=20

GET
H/1.1 200
OK e99aace94e6e58733936cdd965d03e75
pv.medialead.de/trck/eview/ Frame 6F95 43 B
666 B 416ms
116ms Image
image/gif 145.239.193.130
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pv.medialead.de/trck/eview/e99aace94e6e58733936cdd965d03e75?subid=36625300121049404444556012522008&t=htlp&gdpr=1&consent=1&gdpr_consent=

Requested by

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

145.239.193.130 , France, ASN16276 (OVH, FR),

Reverse DNS

Software

nginx/1.17.5 /

Resource Hash

548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 15:09:47 GMT
strict-transport-security: max-age=15768000
attribution-reporting-register-source: {"source_event_id":"17200521800103984","destination":"https://trck.easy-m.de","expiry":5184000,"filter_data":{}}
server: nginx/1.17.5
host: pv.medialead.de
x-iplb-request-id: D972DA1A:B8CE_91EFC182:01BB_656602BA_89C748B:1A428
x-iplb-instance: 40028
vary: Origin
content-type: image/gif
access-control-allow-origin: *
access-control-expose-headers: X-Request-ID
access-control-allow-credentials: true
keep-alive: timeout=20
content-length: 43
proxy-host: pv.medialead.de

GET
H/1.1 200
OK cshow.php
www.awin1.com/ Frame 6F95 43 B
703 B 233ms
101ms Image
image/gif 23.192.250.178
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.awin1.com/cshow.php?s=3266505&v=11601&q=357526&r=113440&pref1=36625300121049404444556012522008&pv=1

Requested by

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

23.192.250.178 Düsseldorf, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-192-250-178.deploy.static.akamaitechnologies.com

Software

Resource Hash

2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 28 Nov 2023 15:09:46 GMT
Strict-Transport-Security: max-age=86400
Node: Helix
Content-Type: image/gif
P3P: policyref="http://www.awin1.com/w3c/p3p.xml", CP="NOI NID CURa ADMa PSAa HISa OUR IND UNI PUR COM NAV"
Cache-Control: no-store, no-cache, max-age=0, must-revalidate
Awin-Akamai-Rule-Set: default
Connection: keep-alive
Content-Length: 43
Expires: 0

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ 0
0 58ms
58ms Image
text/html 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gda_r20231109&jk=3572195228664700&bg=!paalpunNAAZxrfrxUa07ADQBe5WfONOgFrLrxvqYgXkb5DFimK-OE0jqG6lL49SBAYNdWuXnv_-lGcg6F6gh1gxek1dJAgAAAJ1SAAAAAmgBB5kCtO7ImG1B7VIncY4f-Jv4Z9a0vH7blcAYKx3be_8ZCetuHKBOo3wWkTI5nXpHt28CX35rdweHVE0cb41Fv_s_2hbgLEUFWNpNIHu-fUAf7KQoBcZAeHhIc8II3aJbInzpIHPZxuPgawOqGWOxRMrpKdjtR0xVvMcsdHhCUQ5_dkAp7KSOJHpsGqEW7SM4oizhtzw9BhrOhcbJZoJBsQj3vJy_RmKs5Qvi4TNemgEv9kZb2ReREnvOFnu4iXoH9xWGwjYDoihQMgPlcNicuNe6xUqEBOnXTMEqcCWNO0RA1bKiiCKsdTaaerGG_zIfadQXu7K1911V6IkXlwEeYTOYAE2bYAdD8l_jPSMmpCBmFC9St4Ay6EE4-f4f6YOIzkjf6gMDWzs8cPMOxgGshS211VBswtIekqIF4SXMQKpY6m1GnQSnwGy8xz5V2qB2-crGWz_MoRWBkv_6Tqf0O1-RGoUNWw1CwZ6gSE0_Vom7XFWD1Dom6nfUAWg4F8qOvhprzo8ilwmkdydkCTyP7pifnKYgVrxBOLGsfPDl_g9Vbu2bbK4bIXtZ5iJ5yTbwvnL_mfduwDrFxBitjYx4jaCz64wN2vmudOPEnvAjM5o3pPZOCvudK7jlB0XZvPT30CAdTKIDTHSfhncBxN7XXDCVTaxpOR8gJvxsUCHbX6KfbTDgkzS5791T2Zpad2xhN842gj9XfK0lh36BhhGnvA9fYFNwsG_q0gN2yCt2JPFNe44jYAZbNKIUVe0gnZdW05lh_B0AK1RrjqB6apmpylOofDC7CmyG4cw9Uq-cnjrsyQX3H82UQdaMZYTLBjJE8edHftZIdHTm_W41IX2sZTTNWclGXMi5o4S430s7iBhknEtgCdnogQdiqXaFc7p6hrDCQX_V_Kd6IY-5LJ6TlxV2OK8w45Yl
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

GET
H3 200 css
fonts.googleapis.com/ Frame 0982 5 KB
682 B 30ms
29ms Stylesheet
text/css 2a00:1450:4001:827::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Source+Sans+Pro:400,600

Requested by

Host: hal900021.redintelligence.net
URL: https://hal900021.redintelligence.net/request_content.php?s=43386400105630004444556012522021&a=e746b33f

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e334ca19f092778f57815a534078daf8e3fce269e56f7ea374ab3a117eee92ad

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900021.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Tue, 28 Nov 2023 15:09:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Tue, 28 Nov 2023 14:24:46 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Tue, 28 Nov 2023 15:09:46 GMT

GET
H/1.1 200
OK /
hal9000.redintelligence.net/scale/ Frame 0982 27 KB
27 KB 74ms
26ms Image
image/png 138.201.84.244
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hal9000.redintelligence.net/scale/?nw=20&mode=bb&width=150&height=90&url=https://cdn.contentspread.net/24i/advertiser/6383/creativesup/produkte-kredite-privatkredit-mann-auf-pferd-teaser-logout-1200x627.jpg
Requested by: Host: hal900021.redintelligence.net
URL: https://hal900021.redintelligence.net/request_content.php?s=43386400105630004444556012522021&a=e746b33f
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.84.244 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.244.84.201.138.clients.your-server.de
Software: Apache /
Resource Hash: 586b8dbfb947b7093c89ca5438ee8be9924e35d8f7e940f4722ec90bb12bc392

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900021.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date: Tue, 28 Nov 2023 15:09:46 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 27705
Vary: Accept-Encoding
Content-Type: image/png

GET
H/1.1 200
OK /
hal9000.redintelligence.net/scale/ Frame 0982 25 KB
25 KB 73ms
26ms Image
image/png 138.201.84.244
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hal9000.redintelligence.net/scale/?nw=20&mode=bb&width=150&height=90&url=https://cdn.contentspread.net/24i/advertiser/30229/creativesup/1200x627_Office-Partner.jpg
Requested by: Host: hal900021.redintelligence.net
URL: https://hal900021.redintelligence.net/request_content.php?s=43386400105630004444556012522021&a=e746b33f
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.84.244 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.244.84.201.138.clients.your-server.de
Software: Apache /
Resource Hash: b2adf726d77e1eed5248f5a41e017a4f658c0c9036fa596c539d1cb08e12593b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900021.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date: Tue, 28 Nov 2023 15:09:46 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 25830
Vary: Accept-Encoding
Content-Type: image/png

GET
H/1.1 200
OK /
hal9000.redintelligence.net/scale/ Frame 0982 16 KB
17 KB 77ms
26ms Image
image/png 138.201.84.244
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hal9000.redintelligence.net/scale/?nw=20&mode=bb&width=150&height=90&url=https://cdn.contentspread.net/24i/advertiser/36340/creativesup/native2.png
Requested by: Host: hal900021.redintelligence.net
URL: https://hal900021.redintelligence.net/request_content.php?s=43386400105630004444556012522021&a=e746b33f
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.84.244 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.244.84.201.138.clients.your-server.de
Software: Apache /
Resource Hash: e100e670262abaa429a894f6a179341a4bd26aacc4b56bba2cf1122eafa22c49

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900021.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date: Tue, 28 Nov 2023 15:09:46 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 16833
Vary: Accept-Encoding
Content-Type: image/png

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ Frame E6C5 180 KB
65 KB 80ms
30ms Script
application/javascript 2a00:1450:4001:82b::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-TBMT2SF

Requested by

Host: adv.office-partner.de
URL: https://adv.office-partner.de/?utm_source=webgains&utm_campaign=webgains

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

b2e0b30675f605757be832661007b53f9c42ac516e94f7663200bbf94ba0bc2d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://adv.office-partner.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 15:09:46 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 66191
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Tue, 28 Nov 2023 15:09:46 GMT

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ Frame A57A 174 KB
63 KB 110ms
64ms Script
application/javascript 2a00:1450:4001:82b::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-TBMT2SF

Requested by

Host: adv.office-partner.de
URL: https://adv.office-partner.de/?utm_source=webgains&utm_campaign=webgains

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

2f310007517289c6ee9182ade1b536ab749f6cfd771ec99d5778e3798224edbd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://adv.office-partner.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 15:09:46 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 63925
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Tue, 28 Nov 2023 15:09:46 GMT

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ Frame 903D 174 KB
63 KB 118ms
81ms Script
application/javascript 2a00:1450:4001:82b::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-TBMT2SF

Requested by

Host: adv.office-partner.de
URL: https://adv.office-partner.de/?utm_source=webgains&utm_campaign=webgains

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

6affcf70bb4531c7c8fc428b0d3d77d0629a78f24a51d2ac8e08f9e88592ce7f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://adv.office-partner.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 15:09:46 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 63922
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Tue, 28 Nov 2023 15:09:46 GMT

GET
H/1.1 200
OK viewability Show response
hal900021.redintelligence.net/ Frame 0982 0
150 B 72ms
25ms Script
text/html 144.76.238.55
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900021.redintelligence.net/viewability?s=43386400105630004444556012522021&a=5d45345d&vb=m
Requested by: Host: hal900021.redintelligence.net
URL: https://hal900021.redintelligence.net/request_content.php?s=43386400105630004444556012522021&a=e746b33f
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 144.76.238.55 Nuremberg, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.55.238.76.144.clients.your-server.de
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900021.redintelligence.net/request_content.php?s=43386400105630004444556012522021&a=e746b33f
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date: Tue, 28 Nov 2023 15:09:46 GMT
Server: Apache
Connection: close
Content-Length: 0
Content-Type: text/html; charset=UTF-8

GET
H2 200 dc_pre=CImwk_n85oIDFXzVOwIdTr0CEw;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=1810338386504.3154
adservice.google.com/ddm/fls/z/ Frame B141 42 B
401 B 107ms
58ms Image
image/gif 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://adservice.google.com/ddm/fls/z/dc_pre=CImwk_n85oIDFXzVOwIdTr0CEw;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=1810338386504.3154

Requested by

Host: 5994599.fls.doubleclick.net
URL: https://5994599.fls.doubleclick.net/activityi;dc_pre=CImwk_n85oIDFXzVOwIdTr0CEw;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=1810338386504.3154?

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://5994599.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 28 Nov 2023 15:09:46 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 294956 Show response
yandex.ru/ads/meta/ 437 B
451 B 152ms
151ms XHR
application/json 2a02:6b8:a::a
GLOBAL_DC

General

Check archive.org

Show headers Download Go to

Full URL

https://yandex.ru/ads/meta/294956?target-ref=https%3A%2F%2Fwinzoro.net%2F&charset=utf-8&pcode-test-ids=918196%2C0%2C78%3B913081%2C0%2C66%3B901446%2C0%2C98%3B909919%2C0%2C18%3B897722%2C0%2C83%3B911253%2C0%2C24%3B907876%2C0%2C37%3B918087%2C0%2C84%3B907474%2C0%2C13%3B901183%2C0%2C47%3B908763%2C0%2C33%3B917804%2C0%2C57%3B910731%2C0%2C62%3B908467%2C0%2C47%3B882595%2C0%2C84%3B907884%2C0%2C37%3B892905%2C0%2C73%3B906703%2C0%2C40%3B911315%2C0%2C82%3B910216%2C0%2C22%3B910552%2C0%2C89%3B914205%2C0%2C51%3B916924%2C0%2C93%3B914600%2C0%2C32%3B681841%2C0%2C87&pcode-flags-map=eJy1Wdly2zgW%2FRc9OxmCO%2FMGkqCEMbcBQdtKKoXSOJq0p7xMOU53T1L597lYKBGyDLXTPXlwRFr3ALjLuefC3xcXeBDDqrsUuBQ1zkktqo4J2oocty1hi3cfvi9%2B3dx%2B3S7eLTgbyeJs8bT98kQ%2FwXMcB0GYLH58PNvD9Kwrx4IPomtFj8eBOBESlIWBRijpgPOaiKIbWy4YKSkjBYed4L53Y%2FheGPq7XcCSohlrTllX14DWcvmBMHGJebEipeC0IaKrqoFwN27ge8n%2BdIxwtpanagm%2F7Ni5IIx1bv8kURwm2Q4BVi%2FOwcnrbuRiqDv4Qd8TkcOBS8woGdxgSYpCpMDkCSRGz4g65P64F7QknTC%2Ft%2BCQB%2F8svCzIEu8EXj5WFbiOND1fi5o29BD01YgXPablX7%2FDaoTPP4vaylz9i3f6Auafis9xzP%2BfB342%2BjLZlwznoibtkq8sIyjWdG6WeqmXhDsz0ioS4AxDqVzQYcS15hXJSuSKE9bCm3JwU0KK%2FNj7CVD1YsAVERXDjZu61BqaHhiTPDPAN4CwYEEuybTHEgKwB4WKx5J2omAEc3pxotTT0PNRtNv%2BFCTeAQkNHDMuaaiiDBYqVmN7LipMawsxsiOehn7i7wEx5zKmw2sQAxcgnBVYt6gpAequyRK8SduqE5crqhi9vSCwhE5%2B6Z8Tp4%2B8NJ3xbltCEuJcugCXEokO8GJktdz0Jcm7U95MvHDPwksCZxwH3jXiosH9zrsXuB7tiMcHdZPGURDvGw0pAKLgWCdNg%2BvavY0kDcPwubWyFJeUrwSHXHwNxhS7ZuTQ18AZz1tSZJlnPvJiZT6AV4VpuaVMV77uiWz7fXdJGKkqWkAwi7UFtv39PzacVbq4LKdK6%2FESWmzPKVSFLgSZasrdNW3P3WfMssz0uamdt0TJk6l4ZOhd%2B8qQB5pAIfRFV5I%2FiaGkDVfnguQb4EyWIXwzyCLb1g%2BNmydRY8RMMTDXolGGIMDKUJGwlmBibGlFIUq0BTapcEHcGKlvVIs8MoQSsmQl6m5JC5ddjNIg1mtDvQIVNCJfT8UnMxzaQ05LJwRkl4%2Bsc4PnGeRCy434kU1qgBiQVgwHHP5sPxkyqV7IAunaiQgq8IKgiqDhWLgk7k0laRbr6pdpUIHOast6rQleJvyhvHTb5%2BdKtGlO14QGGFDLeedGyULTLCRKTSAVAaFx2sRpGGt3zty2ZCBKSjKc88697zQOUTD3nyIHoGQAmeG1IENVwJcjaG5o%2BVJ7FwRKxOnWBHlhEk3dT2caH1lrwgOtAKLNV6wblytnuScITexc4%2FdrFVGhynZu9n3xr%2B3T9S%2FN5vHzzf3iHYq8s8Xdwz9vbrfD9eb25v7z4p3%2Fw0KNoAw00zWSIv8xkpFAr%2B9FXksVUFO7C31Y3G1ubt8%2BfoW9%2FXdz%2F2n7O3z%2B283d5vP2i%2FXq8%2BZOvfn0bXuvv7759ebpQX%2B8ezt7%2BHR%2FY95K5B0CvHjcfLt9%2BPaL%2BfW3R%2F3%2F18fN2%2Fvtb1%2BefeHfm4e7G2X68fgRW01pDWFL%2BbOkWHC8HJzxC3zfJJcqCwKxB2osFGW7DaPA800P4ZCJFQaq0ozfjk1OnAyXRCgwIlENh2q8k70C5k1S6IoEgUaBO07AJJ7OPqAR4PVGEtxSUQ4tK%2Fw8vJbn0ijKDLdbFTyvC96NxUpXR90Naoe62TLyd6DyE9UBxRemx1bQshMKMpdZ2MMPeKPUF20pP9LAnyGHYYRs5NmuFUXRpcADBGdQVOVEyxCE84QnJKYUKrgt95cEZq52p8oR9BluTZcrELUr0vzRPQLTGIEho66EttGWbgBgUp2xazCBWil0vud1BzEAOgWZyskRSmBv6Bs%2FhHbuhW8QQM6f%2FYPn4OA5VM%2F4jR%2FB%2FJX4YD9PwdTLYqQlQkWvwK24VyWsLwTGpVN2oSiMwhm3SUVLG1mA0i2aDJwAEQozDVANUDgdzD30ym0RBKaZGK4BppBTlOxhWKWvTAiQr0A%2F7eiGCjMjrEwsVA9XV04nJEEa%2B1Gqd7HCrFTSTm9gAB7iuFg5rYHy4ngnjJY9F5CItHfmjjQyrlLqS56%2Bk8Piq%2FcOUjkOjgD1Yw69EpiAu3e%2Ft99flDWS%2BvT4Ya%2F%2BIctke0j8swwiF3pBfBYHGXTsILKyMAUqzyxQM7wVchz8U7iB9tqsXuXEUUDc3Oo%2FjRJTGIw0ncw0IPfcyTMpJIYRV9UwaaNpuBFQ26LBcrKBCnGPM8hLsxNkqMbPQt4WdKo5yKGHKSKT9FiTiuv7AwzN9MRisdHKLRmZ9LmsYPc5wcbkP6ZMi6TZZGJPJR5wXmhbB2GS7qyhl0nekIGhpbXsB%2BRFnvfxZdNX5%2F7RldU97%2BGtJ6ztZclZlkVnyINwnMnnAJ5D9Sl6YVd73gN9rLq3pCLVBJ1DnudF0VEhABEuJo5bEXXOU7008yA6aJ70071H18OOGM9hXsBC9rCrE0X10YL140zDSgjlNTkTDooAGsW86pW1t83trb23AGYJPQyoOUw6jBEQxdBCYczTWeA%2BXYKMTFdfVu1GDoiSx8xl%2F5I8S6UgBjsvsw8EE6o3XUJgciGQtfD1w%2F3T44O9fZSiLJ6ZWAZGiiDbIvBMMHZSQbpsDVVKoN%2B2JyIZGm9Zxq3sNfKOlUNwZbkD1agOcnglcH3%2FZONlGdpfQDGg7Z3w06lyghOzJPGP3DsN5xTGGSCa876DpmJhgMQciO0R5E9ibALpeiMcBol3wt5L0iR%2B2R7DqDeQ%2Bg%2BD4HIoz5%2BxFkrCKD4IvZcmx0pURmSaPnRIaAU6pq7Vn3imEOVd6bzDgh2F0x2WUwHvbknVeEJryteiywfCDrTW9dNB5SGUzjVwN%2FKBQ8wahWquZ9xDUwYeiI9j7Ox315h6%2FtbfkwqhJtzaoC%2F%2FGvBa8AZfTXQxaL6ZQ6LjcPJ8PV438vZHtV%2FG7fb2uP1khzpJvaOhMHw6Jb7T38hLAl34K1AP8krDzEIr6NJq5LDMv2xvt9dPBxvxgCyTOZOX7%2BVNiW4wem9SHK06Rt8D%2BWDzd50TIsWPsug06E5gvAry0GF2dboTNEnNneOkmC5pyVcCnMZp675FSDM%2FM3P4C5djFYwXDFSSO7%2FjxAvmmi%2FvmGq5B7riWaxRgParT9ufKkFuouyKUSUgpDTmZLmrWXYiiXwjQieGscsW10bCq9Dt%2BGC3CLkq6hHEWcPwQVt9vlIU%2BS%2B1Vbdl6M%2BuQCgM%2BxD1tjwus5%2FdbseZb0ZIeeli2mLZSaF8YtXYk837x%2F8AK5Ni6w%3D%3D&pcode-active-testids=914600%2C0%2C32&pcode-icookie=xeLv2zTIXJ9vrYrAICQ7SBX7cVU89tPuU320DbHPgEVkt%2BL%2FBHycFePrOOwDnrPD8LXOutZxrR8WvXWxSiR4ppzxZ9s%3D&duid=MTcwMTE4NDE4NTU3NTEzMzEzOQ%3D%3D&imp-id=16&enable-flat-highlight=1&comboblock-unencoded-vast=1&test-tag=531064116215810&ad-session-id=1219681701184184845&target-id=37315727&tga-with-creatives=1&top-ancestor=https%3A%2F%2Fwinzoro.net&top-ancestor-undetermined=0&pcode-version=916422&pcodever=916422&flash-ver=0&layout-config=%7B%22win_width%22%3A1600%2C%22win_height%22%3A1200%2C%22pixel_ratio%22%3A1%2C%22bandwidth%22%3A10%2C%22isInIframe%22%3Afalse%2C%22w%22%3A1598%2C%22h%22%3A90%2C%22width%22%3A1598%2C%22height%22%3A90%2C%22visible%22%3A0%2C%22fullscreenHeaderHeight%22%3A80%2C%22left%22%3A1%2C%22top%22%3A1231%2C%22ad_no%22%3A0%2C%22safeArea%22%3A%7B%22top%22%3A0%2C%22bottom%22%3A0%2C%22left%22%3A19%2C%22right%22%3A19%7D%2C%22req_no%22%3A1%7D&grab-orig-len=3940&grab=eyJncmFiX3ZlcnNpb24iOjJ9CiKkpIzsNuoB1FgDU19UbmrNUR1t-v2T17spZENKWk7Lp2WuGU2hEuxJPD1pQvR-VTLpqp78Npyt2nN6etM2gJ4Z4BpjLMytFJlba5pv4NMwGosIRoGCRVgwjS7WaKlpdGU3UNPERawtqUOoAaBCcQAvlIa4oSKUhPJQ8QcsCUhCRQDvoClC8AFpqPxbVoaQbgnOwYUYij8gvWXxyVQ-WZEbMrLkHQ6Xw-midVlcoCCicTXuaTRl3D_vmhItvaFMjGmhjossp39jlsdlHqOlZ2N4Xo7df7OufGkoP_HFIcEgSAKiEHw1jnyR_IH-dk-MEH83AlL3L8-hNCByt235jS537_yyW5cckPxvBzeA9SHOCYdzsGQHAcKtExy_N5R4ed5Nyc12-wtFFhDfEKTb54py1VSe0BCuXZKA6HdHehvirdqKjn-bxD7ySZWFyptEeUuEf2IoDi7OVuUGPLn0LsFKkZcqsiw1JHWxvGa9Mfwyuq-KB-h0P637LW7upXF7A4h5cu3mWC2veNsCf42qyvGUetra4Ymqerm9uoxkcJUc-9hX8NXB3ebDv5HEokQK8xAQbpVczb0pM4OquXSZvlHbkwQtvY9Iqc2M5Aez7Ck9NY2hANmDQJZ2tbrkh9fkIikp4i9ybZGXrz0U_mUkmT6roLyuMBjK_FY7NU2i7jk1VZEDJkszGtcg0rgOhuuE94B4-UNY6HXYcme6EYy6xqe_SpnahRxRZKnmxPAB8nIOuOTqntac71RVx0UuhD7ThDCuJOC3LByb94HaAFzr9Oq00PRU1boWXE_iwkiugg_oqBwoeT8okdaDNOk8ONpCWK8Q-sbuxft5UgBLcNjdFNwCyEQTcSjlvikaP6JEXObR18kMIQs4HlVzPNbEBob3lVkTHxDX30bH9iRjRQrQQu9hTRq0yiNYkwS9ciTWJAHofnlfVcKKNCje37LU1nzGvKn3SawJD9ScKMQZRLrBjE28QbtN2V-BWqIkc4TyfTdwSlzGZM9CFoBwXbGULZiXNbgbcLwSXdHZ6K5xxMrTCkNJ2VM0KE3vOR-PO9QLy3r2-_KUw43Wljv_7egcomUEa4ILQGGaTaxzcG26x12b6UV9VIdps1U3JAAt0WVp7A_RHmdvhn8Z-Xxby3IFo-qDzOF0iv5iz_NyQXrhNQwITo3upbxzbz0BPctiEVsoYuGrdVQ9rrmbYbl_6d9tQ2y3L-JYeC-JKe5xIiByFUY1kCc77XGR62OVulRro4SeGp1VFGsCACu3H7i2s33pRFAEoToF4bRYwTaewH7aUKRd9Qg7yCck8p6rrviYm0CYvmGqYGr67HRspc_-douVkdJH1S_dFF2rxdw8LhvdbBz8UMnUHNrY8UDHW5w2RsohwjJOM7LzwDdFeVLGj7rsZ7eAjhwl5qYMYMfE4g1rwEy_s1rY8Dub2cJISUOk7fmlL6P4Q--vWYtYW1yWyM7H1P1o4xjWvewOtlJlRsdAH4W0zOPsQbuEaYoHQgQ_ipPokfYiOREw0beYwahZ0LHhXbROBwNlLKMs8-KRF_qe6ApV13QMmzqznQ1jipZxfonf8VD0XP9WpBg6dbRW1p3OykAvtfXQF6n2ePv-6dErVK-OUvWtJGP0Ym6-oA_FAcw2maxv4ehndtaydUAxaCVZwk9Q3gifRERU2hx1nLc8t8WKICkEamkGY975xBmKAHgvDDiTGSURJVcCbSghbkC8xBAh-EZiAaYHH-IsTy5yjRfVoBZJ1LUFiMw2LUWkfkcrKXJNGS_XTA5Kh40daqz5bXScD9wGBhw4Mn1eGKNr5lFFaZKljyjN4JdGpj-5ICEMLwEEc6myrLMZZqeTcVj-1FDkXfsm8mP3EZYG5iewBhX_yIxZjqgbybueic7nZJ0-ZGEgk6VHcaTJ_9h93-cptYUheQvz0-eBBG0co772DMx0QwfrBHlWdIyUQjRRmqX9UWdpeQxh4h3mo8kLTY9Lw1NhDkk6zBDSguQe8NmyBeHQLHuwkxuH8-mstIyUmhDqMaQLflVyQIrFTS8-JhT2IU9NFoH5GRIAt6PEVLIctpJF904bZ9PEgcWmCdYbKOzZKSs6TkC81vYVCAy2Ukw9ztLoUWTwsycrYt2Sj-hXbplgXDqFw2xmKxYtbzfbsDgWwX7GANvLR1yQZ49kQe49yoxsbUptB2kRUZR5ojsTEplG3Y0xRk4SHTtJstG91WZnJLYdQQlSP5qrirJM1VFO_qiKWPWmOC3L-NGk5PliM00wcKbYoaY66N5idjCSM6EsNVn-Jm1XXZZRFKoII2fPyo6bORxvdjiwmLgSrGcvi7v9rI34jA19-VRARPZJpNFgnrHBjKxZWHc5s41xwAp04zJqyPJHoCuH4O9Qirjo2sfIoF8dTjbA2znfaqdlFqkIltoevBxij5XPjh1WPiiDo2Ox9SwmmsFhsPRNDvr5Hva-sw8kgwFCudg0xjKQ0rh0doFJj-GIK-4qqh_W46jziPdvemCPBkcUwF0Km2JIuXYUwJvco0g_vQ--l8UEQPKjGI_radcvR3gbe0Pbuql3c_GxKI6mJfG58nEpKH-wPSl21MGdJR5q05TzOJshfbwuFyF4S44_uIp2foKZf3vd_cUusDMqfnBEz3AjR1Sx0dWXDKaBGyYAbjqZoUeqN89QXpQhBE_ukvgohlZ01E9f6Ea-IyD6qowv_acVbPqFW2d_GiDZ1W15CWWuPJv0pr6N46vc79qoak8_N5dP1EJSK9QPpIYDSOyred8sskm-fBPl0QO-gWy-Ssh3aOmovjfuV-gTcrtWCqvhq5mPfnzTPSdYIvqfTMtHYT3E-030QbnYntj109N6gN1GrDqWBcR1gRXHnXSr7gs5CVCeeBK_itvGiO2Tz0NqOunedF4EkQRE6D8EeAslELM0Q7-YjE8U8WZxm-DVAefV8B58L1deYD1FYWJe5WdeJWMvRgEwrWA8ASwKtY4whCqRnnbwJBJnCKlhNeLMlrc95-Y949c4W8ThsK1PCJJOIuA1fCGrJC2eNGw5JE1PtyVc1laEHiThe3ap8Nv9uJSeJMJLQItYJe_TB6TVjYtwRjwoiNwWN617VXWXb5LBZ7Fd1LhaRnN4Q-9CYa-yVdD39cnYDQDbc9ktBP4-GM5MQyA8wJsETW5Is8KAPoRxrBwwF9JQm3zpxNJV-jiFs23O-Q9PG6bwNleSNp_YXxc5V40VAVuV3Vqd1z_FSmG0-TSceZYAuBlmDrjt8yqs8jnobQLffMZ_yA0ezr64Zw_CiIznHVQLXe4_1GK4_qH2nXtoiAtjmiXZmatUIidvAQxh_-39uJ4K4bTYaN6pbEEOu93KsXRTb-XG2LfxJ4okNTOoaLIboc65QnNr6dSAeG_85vVPcdzm1mDVV9FO0u94uRyW5z4Eb6667cp3pvmBe8cAkPXJ-4-n8D57TlU2_988un32MLk4q6s-8kSTy-tz9X5Z7jPRI5HAa2B9qIFHvYTIp0kv5XK2GLpRgBT7zO78Z5N6z-SxRaS1v1fMBD_TsjMTcDfmv7Uyrrx7-OeU7e0PLt4y4K05yBMvE4gE8xqVTrYocIT-2BxPVJ_JrYd7f1144_tKN1lowbKRMby2dM5Ihwp3yGIknsabx_7A8vTuNvy29HPgMNZBJb5aHsQxv30VYMJNd4t2fwrcAVfgM0cHk3CekrtO3JYcHKrfbo5lm7CFOBa61908Tgs53FFra_zjNQvtgfwDKuW-EtqHAD1TDPKh3UXeMQJ9KADmqNM4QBSNRu4baxQVHZyDah1XRWuKeBXrUI80Af1jPmo4RWzKjEvvFdi85qE203ec1bcYx61Wy7b7tHxB3katTpCzUdSjp_4zDIYxn1g4NgVIW1tQTUfn1JQJ-izVr3DvWliWuMFLIp6ytnofelMWc43eCwD_&uniformat=true&callback=Ya%5B3722794360775%5D

Requested by

Host: yandex.ru
URL: https://yandex.ru/ads/system/context.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:6b8:a::a Moscow, Russian Federation, ASN208722 (GLOBAL_DC, FI),

Reverse DNS

Software

Resource Hash

6c2ddbff914c19316d0fdd8b75f8dffb9b4337a66bebb348fd3e5b2414d5af0e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Tue, 28 Nov 2023 15:09:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
nel: {"report_to": "network-errors", "max_age": 100, "success_fraction": 0.001, "failure_fraction": 0.1}
x-yandex-req-id: 1701184186880366-858551565462097927-balancer-l7leveler-kubr-yp-sas-164-BAL-8903
p3p: CP="NOI DEVa TAIa OUR BUS UNI STA"
uniformat-product-type: None
x-xss-protection: 1; mode=block
pragma: no-cache
last-modified: Tue, 28 Nov 2023 15:09:46 GMT
accept-ch: Sec-CH-UA-Platform-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA, Sec-CH-UA-Full-Version-List, Sec-CH-UA-WoW64, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Platform, Sec-CH-UA-Full-Version, Viewport-Width, DPR, Device-Memory, RTT, Downlink, ECT
uniformat: true
report-to: { "group": "network-errors", "max_age": 100, "endpoints": [{"url": "https://dr.yandex.net/nel", "priority": 1}, {"url": "https://dr2.yandex.net/nel", "priority": 2}]}
content-type: application/json; charset=utf-8
access-control-allow-origin: https://winzoro.net
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials: true
timing-allow-origin: *
expires: Tue, 28 Nov 2023 15:09:46 GMT

GET
H2 200 pvClk.min.js Show response
analytics.webgains.io/ Frame 561E 53 KB
19 KB 90ms
24ms Script
application/javascript 18.66.147.98
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.webgains.io/pvClk.min.js
Requested by: Host: track.webgains.com
URL: https://track.webgains.com/link.html?wglinkid=2513145&wgcampaignid=99582&js=1&viewref=43386400105630004444556012522021&nw=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.147.98 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-147-98.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: fbc6bed540723f219a878e5735ae8cb1c05aa9f7012bf21870cd79e41af25bcd

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Mon, 27 Nov 2023 16:26:49 GMT
content-encoding: gzip
via: 1.1 77517a7f5d9094d359ba5186c3bda1e6.cloudfront.net (CloudFront)
last-modified: Thu, 23 Nov 2023 16:26:10 GMT
server: AmazonS3
x-amz-cf-pop: FRA60-P4
age: 81778
x-amz-server-side-encryption: AES256
etag: W/"1180a1bfee0aad979766ecd6180b923e"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
x-amz-cf-id: kNBd9zG5Lku-gGociVrkdNJhBpbhUhmbBmajMFcVPvobJbVT3JeOHA==

GET
H2 200 1x1_0.png
cdn.track.production.webgains.team/7121/ Frame 561E 3 KB
3 KB 82ms
20ms Image
image/png 99.86.4.52
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.track.production.webgains.team/7121/1x1_0.png?Expires=1701184486&Signature=ly~32hOq-Eoko6sAeiUJgoiNeTYGDEb~71R7qyXqPRsv8Aqy7HxlE1AwEMx~5M7xV-0Z7PDKZep5bm6YjiWdVJecP01W8B0UcM5jcbs0EJKrK8l9I93o7NZ~Dbi2iSg-2uVPrhZhBbn2Yl7QVkLzi18gSy0l4l1n96t3XI-YEienXrqd73pd6UrZSA7ikJ7TOjTSl4fhwp2OPt4a-QCYYJPNoKu1XMKdA4Fxe~n2ZFJ7d3mylNN9-UwutwB6MwtikQBqV9QXruqG7wo6YRJ64LeTlwnG~~MF-zKGklp2NHNDimHz0IO27AeeCj~hL9JQ820-CpXozidSSny~2svBhg__&Key-Pair-Id=K28VXAGA7VWE0O
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_nohtml_fy2021.html?hello=world&fsb=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.86.4.52 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-4-52.fra6.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 232d3fbf590a584138bb563319747dbef0c9e41db91f19ff45d41e785a5f4f98

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

x-amz-version-id: null
date: Tue, 28 Nov 2023 04:06:27 GMT
via: 1.1 e7e7960d7731a7583cedd8f1ff1aca38.cloudfront.net (CloudFront)
last-modified: Fri, 06 May 2022 11:40:06 GMT
server: AmazonS3
x-amz-cf-pop: FRA6-C1
age: 39801
etag: "4e57de0506fbdb487ffcd53b450caee1"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: image/png
accept-ranges: bytes
content-length: 2808
x-amz-cf-id: gZJV8JMkx-2Yx6zRak5N6-kqpP8pPTVo4qYLYVg0DxrfEIe504VDMw==

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ Frame E6C5 273 KB
91 KB 30ms
29ms Script
application/javascript 2a00:1450:4001:82b::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-Q7C756EV6G&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TBMT2SF

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

c691572e19ed2e972be60459bb3c16e00eba1bd85ae4856804555f53973c0d45

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://adv.office-partner.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 15:09:46 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 92920
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Tue, 28 Nov 2023 15:09:46 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ Frame A57A 273 KB
91 KB 29ms
29ms Script
application/javascript 2a00:1450:4001:82b::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-Q7C756EV6G&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TBMT2SF

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

c691572e19ed2e972be60459bb3c16e00eba1bd85ae4856804555f53973c0d45

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://adv.office-partner.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 15:09:46 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 92920
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Tue, 28 Nov 2023 15:09:46 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ Frame 903D 273 KB
91 KB 29ms
29ms Script
application/javascript 2a00:1450:4001:82b::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-Q7C756EV6G&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TBMT2SF

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

c691572e19ed2e972be60459bb3c16e00eba1bd85ae4856804555f53973c0d45

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://adv.office-partner.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 15:09:46 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 92920
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Tue, 28 Nov 2023 15:09:46 GMT

GET
H3 200 a
www.googletagmanager.com/ Frame E6C5 0
11 B 29ms
29ms Image
text/html 2a00:1450:4001:82b::2008
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.googletagmanager.com/a?v=3&t=l&pid=1354106329&rv=3b81&u=AAAAAAAI&h=Ag&gtm=45He3b81v78857208&ccid=8857208&cid=GTM-TBMT2SF&l=GTM-TBMT2SF.L196.S3.Y2.B9.E125.I202.EC6.TC2.HTC1~gtm.init.S0.V0.E8.TS5googtag.TI15.TE3~gtm.js.S0.V0.E3.TS5html.TI1.TE0~gtm.dom.S0.V0.E0~gtm.scrollDepth.S0.V0.E25~gtm.load.S0.V0.E11~gtm.init_consent.S1.V0.E9

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_nohtml_fy2021.html?hello=world&fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://adv.office-partner.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 15:09:47 GMT
server: Google Tag Manager
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H2 200 link.html Show response
track.webgains.com/ Frame 6F95 2 KB
2 KB 98ms
97ms Script
text/html 18.130.109.49
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://track.webgains.com/link.html?wglinkid=2513145&wgcampaignid=99582&js=1&viewref=36625300121049404444556012522008&nw=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_nohtml_fy2021.html?hello=world&fsb=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.130.109.49 London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-130-109-49.eu-west-2.compute.amazonaws.com
Software: nginx / PHP/7.4.26
Resource Hash: 31ec123353713cbf09027b008f72cdf8f981a022477817f71d87084d7cd3113c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 15:09:47 GMT
last-modified: Tue, 28 Nov 2023 15:09:47 GMT
server: nginx
x-powered-by: PHP/7.4.26
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=60
access-control-allow-headers: Authorization
expires: Tue, 28 Nov 2023 15:10:47 GMT

GET
H3

200

activityi;dc_pre=CPekrvn85oIDFQLaOwId_T0NhQ;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=4140058036090.002 Show response
5994599.fls.doubleclick.net/ Frame EBA1
Redirect Chain

https://5994599.fls.doubleclick.net/activityi;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=4140058036090.002?
https://5994599.fls.doubleclick.net/activityi;dc_pre=CPekrvn85oIDFQLaOwId_T0NhQ;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=4140058036090.002?

391 B
240 B

63ms
62ms

Document
text/html

142.250.186.166
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://5994599.fls.doubleclick.net/activityi;dc_pre=CPekrvn85oIDFQLaOwId_T0NhQ;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=4140058036090.002?

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_nohtml_fy2021.html?hello=world&fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.166 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f6.1e100.net

Software

cafe /

Resource Hash

ddf7d39c11d7a22154610b3895c9187ec058aa5c1255ee9d80ea6ad0a7d80e4b

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=0
content-encoding: br
content-length: 217
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 28 Nov 2023 15:09:47 GMT
expires: Tue, 28 Nov 2023 15:09:47 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
strict-transport-security: max-age=21600
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, must-revalidate
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 28 Nov 2023 15:09:47 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
follow-only-when-prerender-shown: 1
location: https://5994599.fls.doubleclick.net/activityi;dc_pre=CPekrvn85oIDFQLaOwId_T0NhQ;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=4140058036090.002?
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma: no-cache
server: cafe
strict-transport-security: max-age=21600
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H/1.1 200
OK request_content.php Show response
hal90008.redintelligence.net/ Frame 722B 7 KB
2 KB 82ms
29ms Document
text/html 138.201.63.150
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal90008.redintelligence.net/request_content.php?s=36625300121049404444556012522008&a=212165bc
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_nohtml_fy2021.html?hello=world&fsb=1
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.63.150 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.150.63.201.138.clients.your-server.de
Software: Apache /
Resource Hash: 59e6b3f63bf2e4bda6a90167a5d37c3d5776b522cb09a1ebed006e807f83b7dd

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Connection: close
Content-Encoding: gzip
Content-Length: 2043
Content-Type: text/html; charset=utf-8
Date: Tue, 28 Nov 2023 15:09:47 GMT
Expires: Tue, 28 Nov 2023 15:09:47 +0100
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Pragma: no-cache
Server: Apache
Vary: Accept-Encoding

GET
DATA 200
OK truncated
/ Frame 561E 210 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 5469afbdf48250ad8c767ea8a1e2d1c43b4460e10e5dca5e88f3ab0108873893

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 6xKydSBYKcSV-LCoeQqfX1RYOo3i54rwlxdu.woff2
fonts.gstatic.com/s/sourcesanspro/v22/ Frame 0982 14 KB
15 KB 23ms
22ms Font
font/woff2 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3i54rwlxdu.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Source+Sans+Pro:400,600

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ca57b79a870bbf54700730858603a70d79743779c1b059922ec401bfddc5adc9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://hal900021.redintelligence.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Fri, 24 Nov 2023 20:50:19 GMT
x-content-type-options: nosniff
age: 325168
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14824
x-xss-protection: 0
last-modified: Thu, 01 Jun 2023 22:52:55 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 23 Nov 2024 20:50:19 GMT

GET
H2 200 6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2
fonts.gstatic.com/s/sourcesanspro/v22/ Frame 0982 15 KB
15 KB 26ms
26ms Font
font/woff2 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/sourcesanspro/v22/6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Source+Sans+Pro:400,600

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7b348b30ea1fe43857e68fc462c29e5c6e63c97666af75135c4396a272e54762

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://hal900021.redintelligence.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Fri, 24 Nov 2023 09:02:57 GMT
x-content-type-options: nosniff
age: 367610
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14892
x-xss-protection: 0
last-modified: Thu, 01 Jun 2023 22:52:56 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 23 Nov 2024 09:02:57 GMT

GET
H2 200 link.html Show response
track.webgains.com/ Frame ED07 2 KB
2 KB 122ms
121ms Script
text/html 18.130.109.49
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://track.webgains.com/link.html?wglinkid=2513135&wgcampaignid=99582&js=1&viewref=68041300110481104444550012522014&nw=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_nohtml_fy2021.html?hello=world&fsb=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.130.109.49 London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-130-109-49.eu-west-2.compute.amazonaws.com
Software: nginx / PHP/7.4.26
Resource Hash: 1d37a411807a01fdee9520e46e6c4d627f7d4ea1a8bb69e977fe119827dad736

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Tue, 28 Nov 2023 15:09:47 GMT
last-modified: Tue, 28 Nov 2023 15:09:47 GMT
server: nginx
x-powered-by: PHP/7.4.26
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=60
access-control-allow-headers: Authorization
expires: Tue, 28 Nov 2023 15:10:47 GMT

GET
H3

200

activityi;dc_pre=CL7HsPn85oIDFYGpmgodizcGlA;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=7471630469792.987 Show response
5994599.fls.doubleclick.net/ Frame 6C51
Redirect Chain

https://5994599.fls.doubleclick.net/activityi;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=7471630469792.987?
https://5994599.fls.doubleclick.net/activityi;dc_pre=CL7HsPn85oIDFYGpmgodizcGlA;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=7471630469792.987?

391 B
237 B

64ms
63ms

Document
text/html

142.250.186.166
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://5994599.fls.doubleclick.net/activityi;dc_pre=CL7HsPn85oIDFYGpmgodizcGlA;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=7471630469792.987?

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_nohtml_fy2021.html?hello=world&fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.166 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f6.1e100.net

Software

cafe /

Resource Hash

02dfd02df682fc583a21a64f7c9cb2ba8dbd54520b8aa5c83f7066015c8efc91

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=0
content-encoding: br
content-length: 214
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 28 Nov 2023 15:09:47 GMT
expires: Tue, 28 Nov 2023 15:09:47 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
strict-transport-security: max-age=21600
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, must-revalidate
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 28 Nov 2023 15:09:47 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
follow-only-when-prerender-shown: 1
location: https://5994599.fls.doubleclick.net/activityi;dc_pre=CL7HsPn85oIDFYGpmgodizcGlA;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=7471630469792.987?
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma: no-cache
server: cafe
strict-transport-security: max-age=21600
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H/1.1 200
OK request_content.php Show response
hal900014.redintelligence.net/ Frame C462 7 KB
2 KB 77ms
26ms Document
text/html 176.9.26.250
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900014.redintelligence.net/request_content.php?s=68041300110481104444550012522014&a=20187ac1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_nohtml_fy2021.html?hello=world&fsb=1
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 176.9.26.250 Berlin, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.250.26.9.176.clients.your-server.de
Software: Apache /
Resource Hash: 268aaada3d62c9b6db58e477370b087b3d38461a668a74da3b49048dc8fca926

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Connection: close
Content-Encoding: gzip
Content-Length: 2063
Content-Type: text/html; charset=utf-8
Date: Tue, 28 Nov 2023 15:09:47 GMT
Expires: Tue, 28 Nov 2023 15:09:47 +0100
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Pragma: no-cache
Server: Apache
Vary: Accept-Encoding

GET
DATA 200
OK truncated
/ Frame ED07 215 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 2d0ad53a2d938f73bffe6afb74e5b31ff1b509a9e08f7810556d27f38d842b4b

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 css
fonts.googleapis.com/ Frame 722B 5 KB
682 B 30ms
29ms Stylesheet
text/css 2a00:1450:4001:827::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Source+Sans+Pro:400,600

Requested by

Host: hal90008.redintelligence.net
URL: https://hal90008.redintelligence.net/request_content.php?s=36625300121049404444556012522008&a=212165bc

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e334ca19f092778f57815a534078daf8e3fce269e56f7ea374ab3a117eee92ad

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal90008.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Tue, 28 Nov 2023 15:09:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Tue, 28 Nov 2023 14:15:58 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Tue, 28 Nov 2023 15:09:47 GMT

GET
H/1.1 200
OK /
hal9000.redintelligence.net/scale/ Frame 722B 27 KB
27 KB 74ms
25ms Image
image/png 138.201.84.244
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hal9000.redintelligence.net/scale/?nw=20&mode=bb&width=150&height=90&url=https://cdn.contentspread.net/24i/advertiser/6383/creativesup/produkte-kredite-privatkredit-mann-auf-pferd-teaser-logout-1200x627.jpg
Requested by: Host: hal90008.redintelligence.net
URL: https://hal90008.redintelligence.net/request_content.php?s=36625300121049404444556012522008&a=212165bc
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.84.244 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.244.84.201.138.clients.your-server.de
Software: Apache /
Resource Hash: 586b8dbfb947b7093c89ca5438ee8be9924e35d8f7e940f4722ec90bb12bc392

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal90008.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date: Tue, 28 Nov 2023 15:09:47 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 27705
Vary: Accept-Encoding
Content-Type: image/png

GET
H/1.1 200
OK /
hal9000.redintelligence.net/scale/ Frame 722B 25 KB
25 KB 77ms
26ms Image
image/png 138.201.84.244
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hal9000.redintelligence.net/scale/?nw=20&mode=bb&width=150&height=90&url=https://cdn.contentspread.net/24i/advertiser/30229/creativesup/1200x627_Office-Partner.jpg
Requested by: Host: hal90008.redintelligence.net
URL: https://hal90008.redintelligence.net/request_content.php?s=36625300121049404444556012522008&a=212165bc
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.84.244 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.244.84.201.138.clients.your-server.de
Software: Apache /
Resource Hash: b2adf726d77e1eed5248f5a41e017a4f658c0c9036fa596c539d1cb08e12593b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal90008.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date: Tue, 28 Nov 2023 15:09:47 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 25830
Vary: Accept-Encoding
Content-Type: image/png

GET
H/1.1 200
OK /
hal9000.redintelligence.net/scale/ Frame 722B 16 KB
17 KB 77ms
27ms Image
image/png 138.201.84.244
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hal9000.redintelligence.net/scale/?nw=20&mode=bb&width=150&height=90&url=https://cdn.contentspread.net/24i/advertiser/36340/creativesup/native2.png
Requested by: Host: hal90008.redintelligence.net
URL: https://hal90008.redintelligence.net/request_content.php?s=36625300121049404444556012522008&a=212165bc
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.84.244 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.244.84.201.138.clients.your-server.de
Software: Apache /
Resource Hash: e100e670262abaa429a894f6a179341a4bd26aacc4b56bba2cf1122eafa22c49

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal90008.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date: Tue, 28 Nov 2023 15:09:47 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 16833
Vary: Accept-Encoding
Content-Type: image/png

GET
H2 200 pvClk.min.js Show response
analytics.webgains.io/ Frame 6F95 53 KB
19 KB 24ms
24ms Script
application/javascript 18.66.147.98
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.webgains.io/pvClk.min.js
Requested by: Host: track.webgains.com
URL: https://track.webgains.com/link.html?wglinkid=2513145&wgcampaignid=99582&js=1&viewref=36625300121049404444556012522008&nw=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.147.98 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-147-98.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: fbc6bed540723f219a878e5735ae8cb1c05aa9f7012bf21870cd79e41af25bcd

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Mon, 27 Nov 2023 16:26:49 GMT
content-encoding: gzip
via: 1.1 77517a7f5d9094d359ba5186c3bda1e6.cloudfront.net (CloudFront)
last-modified: Thu, 23 Nov 2023 16:26:10 GMT
server: AmazonS3
x-amz-cf-pop: FRA60-P4
age: 81779
x-amz-server-side-encryption: AES256
etag: W/"1180a1bfee0aad979766ecd6180b923e"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
x-amz-cf-id: gHFJF2G6lEH7qOEqzHO2sYytsarxObWQUiRBW9H036r0dabzw6qAow==

GET
H2 200 1x1_0.png
cdn.track.production.webgains.team/7121/ Frame 6F95 3 KB
3 KB 21ms
21ms Image
image/png 99.86.4.52
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.track.production.webgains.team/7121/1x1_0.png?Expires=1701184487&Signature=gDYGW5WWW70MOxsjdKLl4Vt-EEjSlsrYFhe2Gf63S1vvcWMdtrRoLL9gvjNJm60WtwUHOZvyPd~5q1kK9mb-IGVYuSk6znY8-ZkSa0XoYwGPp7DkVaygi-MloZHTJYY9HtOqXCUZAKku2svIwwFIEkzZ1Tk0CQQrPis5emwwVG~VyTshDponwocAOW3JWWV1e2lK97kU2QxARwgLXuMRWeguVRNWIb~cum-D4r0d4rlHRGo~Mgx1hCxy3cazKl-XDqeRBiza8cq9ZpW-8M7qbkHeLpjTzxy4iYc5~EsTg7xqny1r0mf90y6qigmPRNoetrOgyW4Tlnxs4pYoxbbs1g__&Key-Pair-Id=K28VXAGA7VWE0O
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_nohtml_fy2021.html?hello=world&fsb=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.86.4.52 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-4-52.fra6.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 232d3fbf590a584138bb563319747dbef0c9e41db91f19ff45d41e785a5f4f98

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

x-amz-version-id: null
date: Tue, 28 Nov 2023 04:06:27 GMT
via: 1.1 e7e7960d7731a7583cedd8f1ff1aca38.cloudfront.net (CloudFront)
last-modified: Fri, 06 May 2022 11:40:06 GMT
server: AmazonS3
x-amz-cf-pop: FRA6-C1
age: 39802
etag: "4e57de0506fbdb487ffcd53b450caee1"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: image/png
accept-ranges: bytes
content-length: 2808
x-amz-cf-id: WCRMQltcrAUFKgYja7-skarn6snFcEzl-3fGXKoJYgBktX7wNt1H6w==

GET
H3 200 css
fonts.googleapis.com/ Frame C462 2 KB
434 B 29ms
28ms Stylesheet
text/css 2a00:1450:4001:827::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Titillium+Web:400,700

Requested by

Host: hal900014.redintelligence.net
URL: https://hal900014.redintelligence.net/request_content.php?s=68041300110481104444550012522014&a=20187ac1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

bf5b911ce6645add415b3dbf40d50dc8cda426f38f5300525bf4793c4131b2c2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900014.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Tue, 28 Nov 2023 15:09:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Tue, 28 Nov 2023 14:18:54 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Tue, 28 Nov 2023 15:09:47 GMT

GET
H/1.1 200
OK /
hal9000.redintelligence.net/scale/ Frame C462 17 KB
17 KB 77ms
26ms Image
image/png 138.201.84.244
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hal9000.redintelligence.net/scale/?nw=20&mode=bb&width=120&height=60&url=https://cdn.contentspread.net/24i/advertiser/6383/creativesup/produkte-kredite-privatkredit-mann-auf-pferd-teaser-logout-1200x627.jpg
Requested by: Host: hal900014.redintelligence.net
URL: https://hal900014.redintelligence.net/request_content.php?s=68041300110481104444550012522014&a=20187ac1
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.84.244 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.244.84.201.138.clients.your-server.de
Software: Apache /
Resource Hash: fca438368eeddd899b3ec34b773672a57469924ed89ce28543ee80e1b43bad23

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900014.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date: Tue, 28 Nov 2023 15:09:47 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 16982
Vary: Accept-Encoding
Content-Type: image/png

GET
H/1.1 200
OK /
hal9000.redintelligence.net/scale/ Frame C462 16 KB
16 KB 77ms
26ms Image
image/png 138.201.84.244
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hal9000.redintelligence.net/scale/?nw=20&mode=bb&width=120&height=60&url=https://cdn.contentspread.net/24i/advertiser/30229/creativesup/1200x627_Office-Partner.jpg
Requested by: Host: hal900014.redintelligence.net
URL: https://hal900014.redintelligence.net/request_content.php?s=68041300110481104444550012522014&a=20187ac1
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.84.244 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.244.84.201.138.clients.your-server.de
Software: Apache /
Resource Hash: 2fcfd6e9e101895a7ab488a9bb42829a22410e57ec7a1ac01513f3e62d69a9c8

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900014.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date: Tue, 28 Nov 2023 15:09:47 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 16512
Vary: Accept-Encoding
Content-Type: image/png

GET
H/1.1 200
OK /
hal9000.redintelligence.net/scale/ Frame C462 11 KB
11 KB 77ms
26ms Image
image/png 138.201.84.244
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hal9000.redintelligence.net/scale/?nw=20&mode=bb&width=120&height=60&url=https://cdn.contentspread.net/24i/advertiser/36340/creativesup/native2.png
Requested by: Host: hal900014.redintelligence.net
URL: https://hal900014.redintelligence.net/request_content.php?s=68041300110481104444550012522014&a=20187ac1
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.84.244 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.244.84.201.138.clients.your-server.de
Software: Apache /
Resource Hash: 86e13092ae22edbaba636da5a48f78ab6b60b309ebf5f981c1fa0bd7d4d355a2

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900014.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date: Tue, 28 Nov 2023 15:09:47 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 10942
Vary: Accept-Encoding
Content-Type: image/png

GET
H/1.1 200
OK viewability Show response
hal90008.redintelligence.net/ Frame 722B 0
150 B 81ms
28ms Script
text/html 138.201.63.150
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal90008.redintelligence.net/viewability?s=36625300121049404444556012522008&a=6e0bd066&vb=m
Requested by: Host: hal90008.redintelligence.net
URL: https://hal90008.redintelligence.net/request_content.php?s=36625300121049404444556012522008&a=212165bc
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.63.150 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.150.63.201.138.clients.your-server.de
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal90008.redintelligence.net/request_content.php?s=36625300121049404444556012522008&a=212165bc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date: Tue, 28 Nov 2023 15:09:47 GMT
Server: Apache
Connection: close
Content-Length: 0
Content-Type: text/html; charset=UTF-8

GET
H2 200 dc_pre=CPekrvn85oIDFQLaOwId_T0NhQ;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=4140058036090.002
adservice.google.com/ddm/fls/z/ Frame EBA1 42 B
107 B 59ms
58ms Image
image/gif 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://adservice.google.com/ddm/fls/z/dc_pre=CPekrvn85oIDFQLaOwId_T0NhQ;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=4140058036090.002

Requested by

Host: 5994599.fls.doubleclick.net
URL: https://5994599.fls.doubleclick.net/activityi;dc_pre=CPekrvn85oIDFQLaOwId_T0NhQ;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=4140058036090.002?

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://5994599.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 28 Nov 2023 15:09:47 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK viewability Show response
hal900014.redintelligence.net/ Frame C462 0
150 B 81ms
28ms Script
text/html 176.9.26.250
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900014.redintelligence.net/viewability?s=68041300110481104444550012522014&a=36e97fb4&vb=m
Requested by: Host: hal900014.redintelligence.net
URL: https://hal900014.redintelligence.net/request_content.php?s=68041300110481104444550012522014&a=20187ac1
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 176.9.26.250 Berlin, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.250.26.9.176.clients.your-server.de
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900014.redintelligence.net/request_content.php?s=68041300110481104444550012522014&a=20187ac1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date: Tue, 28 Nov 2023 15:09:47 GMT
Server: Apache
Connection: close
Content-Length: 0
Content-Type: text/html; charset=UTF-8

GET
H2 200 pvClk.min.js Show response
analytics.webgains.io/ Frame ED07 53 KB
19 KB 26ms
25ms Script
application/javascript 18.66.147.98
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.webgains.io/pvClk.min.js
Requested by: Host: track.webgains.com
URL: https://track.webgains.com/link.html?wglinkid=2513135&wgcampaignid=99582&js=1&viewref=68041300110481104444550012522014&nw=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.147.98 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-147-98.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: fbc6bed540723f219a878e5735ae8cb1c05aa9f7012bf21870cd79e41af25bcd

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Mon, 27 Nov 2023 16:26:49 GMT
content-encoding: gzip
via: 1.1 77517a7f5d9094d359ba5186c3bda1e6.cloudfront.net (CloudFront)
last-modified: Thu, 23 Nov 2023 16:26:10 GMT
server: AmazonS3
x-amz-cf-pop: FRA60-P4
age: 81779
x-amz-server-side-encryption: AES256
etag: W/"1180a1bfee0aad979766ecd6180b923e"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
x-amz-cf-id: N3jo6ZFzVg-53DoTVDcPASlVTs4rR1PNelYNCIeZ2KDE1hpKyLaJig==

GET
H2 200 1x1.png
cdn.track.production.webgains.team/7121/ Frame ED07 3 KB
3 KB 22ms
22ms Image
image/png 99.86.4.52
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.track.production.webgains.team/7121/1x1.png?Expires=1701184487&Signature=H31frCR4hH51jqPqNBB-cnZYJODBz30gjkFgLep40sIMCoNVH6bAoCuGiTrXKHT7~Q4SSrGcPxutxf20~0wi-ZLQl8rf2OyT1HOrb1eE8quxQbJvchD9AA6Rx8EbsLqwMM7kgoOs5B4hD7cyODXzW9eaz3XzLtO4Mj38JpjTkSj-scZszjnyjSfZppmgcxjybqKyXWQju1ttaPmFiDWAdBXTRZkIZCfv~w-cL7HrPSZsCgqumP5n2ftZN09Pqb3Y5ZqW5Yont6K-XW0h8FwW~iehpx948stb698Pnsz3vht90yVxkaJkWzOzoaBB~ETypTVbMmYrJOD16eISW3vdhw__&Key-Pair-Id=K28VXAGA7VWE0O
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_nohtml_fy2021.html?hello=world&fsb=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.86.4.52 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-4-52.fra6.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 232d3fbf590a584138bb563319747dbef0c9e41db91f19ff45d41e785a5f4f98

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

x-amz-version-id: null
date: Tue, 28 Nov 2023 07:14:32 GMT
via: 1.1 e7e7960d7731a7583cedd8f1ff1aca38.cloudfront.net (CloudFront)
last-modified: Fri, 06 May 2022 11:40:06 GMT
server: AmazonS3
x-amz-cf-pop: FRA6-C1
age: 28516
etag: "4e57de0506fbdb487ffcd53b450caee1"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: image/png
accept-ranges: bytes
content-length: 2808
x-amz-cf-id: eyAP8-6wxJBjfOdHKzC0E0KDFWxaJsVDU1yG52B2OxuueQvoEq7S9A==

GET
H2 200 dc_pre=CL7HsPn85oIDFYGpmgodizcGlA;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=7471630469792.987
adservice.google.com/ddm/fls/z/ Frame 6C51 42 B
107 B 57ms
57ms Image
image/gif 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://adservice.google.com/ddm/fls/z/dc_pre=CL7HsPn85oIDFYGpmgodizcGlA;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=7471630469792.987

Requested by

Host: 5994599.fls.doubleclick.net
URL: https://5994599.fls.doubleclick.net/activityi;dc_pre=CL7HsPn85oIDFYGpmgodizcGlA;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=7471630469792.987?

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://5994599.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 28 Nov 2023 15:09:47 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
DATA 200
OK truncated
/ Frame 6F95 211 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: bc4552cdd28b709c334c97551e64c17864ccaf687c00db0f92b079b83bf76b1d

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 6xKydSBYKcSV-LCoeQqfX1RYOo3i54rwlxdu.woff2
fonts.gstatic.com/s/sourcesanspro/v22/ Frame 722B 14 KB
15 KB 22ms
22ms Font
font/woff2 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3i54rwlxdu.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Source+Sans+Pro:400,600

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ca57b79a870bbf54700730858603a70d79743779c1b059922ec401bfddc5adc9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://hal90008.redintelligence.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Fri, 24 Nov 2023 20:50:19 GMT
x-content-type-options: nosniff
age: 325168
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14824
x-xss-protection: 0
last-modified: Thu, 01 Jun 2023 22:52:55 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 23 Nov 2024 20:50:19 GMT

GET
H3 200 6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2
fonts.gstatic.com/s/sourcesanspro/v22/ Frame 722B 15 KB
15 KB 25ms
25ms Font
font/woff2 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/sourcesanspro/v22/6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Source+Sans+Pro:400,600

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7b348b30ea1fe43857e68fc462c29e5c6e63c97666af75135c4396a272e54762

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://hal90008.redintelligence.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Fri, 24 Nov 2023 09:02:57 GMT
x-content-type-options: nosniff
age: 367610
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14892
x-xss-protection: 0
last-modified: Thu, 01 Jun 2023 22:52:56 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 23 Nov 2024 09:02:57 GMT

POST
H2 200 tracking-event Show response
api.webgains.io/ Frame 561E 16 B
209 B 79ms
78ms Fetch
application/json 18.134.20.61
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://api.webgains.io/tracking-event

Requested by

Host: analytics.webgains.io
URL: https://analytics.webgains.io/pvClk.min.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

18.134.20.61 London, United Kingdom, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-18-134-20-61.eu-west-2.compute.amazonaws.com

Software

nginx / PHP/8.1.14

Resource Hash

c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://googleads.g.doubleclick.net/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
Content-Type: application/json

Response headers

date: Tue, 28 Nov 2023 15:09:47 GMT
x-content-type-options: nosniff
server: nginx
x-powered-by: PHP/8.1.14
content-type: application/json
access-control-allow-origin: *
cache-control: no-cache, private
x-xss-protection: 1; mode=block

OPTIONS
H2 204 tracking-event
api.webgains.io/ Frame 0
0 175ms
34ms Preflight 18.134.20.61
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api.webgains.io/tracking-event
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.134.20.61 London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-134-20-61.eu-west-2.compute.amazonaws.com
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://googleads.g.doubleclick.net
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

access-control-allow-headers: Authorization, Content-Type
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
access-control-allow-origin: *
date: Tue, 28 Nov 2023 15:09:47 GMT
server: nginx

POST
H2 200 tracking-event Show response
api.webgains.io/ Frame 6F95 16 B
209 B 116ms
96ms Fetch
application/json 18.134.20.61
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://api.webgains.io/tracking-event

Requested by

Host: analytics.webgains.io
URL: https://analytics.webgains.io/pvClk.min.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

18.134.20.61 London, United Kingdom, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-18-134-20-61.eu-west-2.compute.amazonaws.com

Software

nginx / PHP/8.1.14

Resource Hash

c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://googleads.g.doubleclick.net/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
Content-Type: application/json

Response headers

date: Tue, 28 Nov 2023 15:09:48 GMT
x-content-type-options: nosniff
server: nginx
x-powered-by: PHP/8.1.14
content-type: application/json
access-control-allow-origin: *
cache-control: no-cache, private
x-xss-protection: 1; mode=block

OPTIONS
H2 204 tracking-event
api.webgains.io/ Frame 0
0 53ms
45ms Preflight 18.134.20.61
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api.webgains.io/tracking-event
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.134.20.61 London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-134-20-61.eu-west-2.compute.amazonaws.com
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://googleads.g.doubleclick.net
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

access-control-allow-headers: Authorization, Content-Type
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
access-control-allow-origin: *
date: Tue, 28 Nov 2023 15:09:48 GMT
server: nginx

POST
H2 200 tracking-event Show response
api.webgains.io/ Frame ED07 16 B
209 B 92ms
82ms Fetch
application/json 18.134.20.61
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://api.webgains.io/tracking-event

Requested by

Host: analytics.webgains.io
URL: https://analytics.webgains.io/pvClk.min.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

18.134.20.61 London, United Kingdom, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-18-134-20-61.eu-west-2.compute.amazonaws.com

Software

nginx / PHP/8.1.14

Resource Hash

c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://googleads.g.doubleclick.net/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
Content-Type: application/json

Response headers

date: Tue, 28 Nov 2023 15:09:48 GMT
x-content-type-options: nosniff
server: nginx
x-powered-by: PHP/8.1.14
content-type: application/json
access-control-allow-origin: *
cache-control: no-cache, private
x-xss-protection: 1; mode=block

OPTIONS
H2 204 tracking-event
api.webgains.io/ Frame 0
0 36ms
36ms Preflight 18.134.20.61
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api.webgains.io/tracking-event
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.134.20.61 London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-134-20-61.eu-west-2.compute.amazonaws.com
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://googleads.g.doubleclick.net
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

access-control-allow-headers: Authorization, Content-Type
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
access-control-allow-origin: *
date: Tue, 28 Nov 2023 15:09:48 GMT
server: nginx

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 561E 0
20 B 57ms
57ms Ping
image/gif 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=715989759997&version=m202309260101&ct=77&x=1&cor=16107867791024476000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 28 Nov 2023 15:09:48 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK viewability Show response
hal900021.redintelligence.net/ Frame 0982 0
150 B 92ms
38ms Script
text/html 144.76.238.55
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900021.redintelligence.net/viewability?s=43386400105630004444556012522021&a=5d45345d&vb=v
Requested by: Host: hal900021.redintelligence.net
URL: https://hal900021.redintelligence.net/request_content.php?s=43386400105630004444556012522021&a=e746b33f
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 144.76.238.55 Nuremberg, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.55.238.76.144.clients.your-server.de
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900021.redintelligence.net/request_content.php?s=43386400105630004444556012522021&a=e746b33f
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date: Tue, 28 Nov 2023 15:09:48 GMT
Server: Apache
Connection: close
Content-Length: 0
Content-Type: text/html; charset=UTF-8

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame ED07 42 B
64 B 101ms
100ms Fetch
image/gif 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsux96mCji2AS4PxnlcENVTZo-KGIrdZ7f-mqBUw24-NTFYctH5BEeIdBLKwirvJRYWMnfQlaw2v-6zab0u24RQwo7K3opED7emE07L-sgsu5VBYyjPmM-StkfiaTREhXOo&sai=AMfl-YTHnJjYof_OrKryx9n55AR3atzTQAh9r2s2iz7DEerYkLHbqDXi9l8N_gl8cgx6BgOQvXBgobV9skBObFAJN54Vpo6tDg-QG574e-4L_0lEWlvuYNwnNTInE-cQy7G6LYcm-lCuyFz_Fj_AdKCTyYAVD8kvu_kdpbn1&sig=Cg0ArKJSzGjSuJg7jVKjEAE&cid=CAQSTwDICaaNxYoVwZ0MAhokayQsDWi_3xXlWWVNNCWhnPDnV8vjOTyq4IRVgKeK27hO6iR9x8L9ZyPeRAqQyxsk7NHRyhPc0uzfNGG1KaUBJccYAQ&id=lidar2&mcvt=1000&p=0,0,90,728&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20231116&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=20&adk=1812271801&rs=2&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&vs=4&r=v&rst=1701184185841&rpt=1303&met=ie&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 28 Nov 2023 15:09:48 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 561E 42 B
64 B 99ms
98ms Fetch
image/gif 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsu6qMSpFyd3u0YrwSOukZ9o-WN6s9JS8lb2a_B9N2y0XUaI0qTwKKQ0pu025YiFRQiaHme4_x54w8QAgxN4UwpCi_EUQ9MxKVSWiwPzL2R-mwpoF3wwuunHMjSrVCtmVZc&sai=AMfl-YQfcH3Zu9oEpUp9ElFb8siPgFifiaQ48RTY1-Xakb1DrKa5uLcK7WGt_WWXkkruLMAhmO8p-8u09wtGeoe2DuKEQvuVbM0qtw180xRYxt99ypFi544fcy6vuLcMeSnyATZWlvEjmRsaq2nSJhpxGK-MdWr9pCXVWO1c&sig=Cg0ArKJSzDz7IZxRBAx4EAE&cid=CAQSTwDICaaNxYoVwZ0MAhokayQsDWi_3xXlWWVNNCWhnPDnV8vjOTyq4IRVgKeK27hO6iR9x8L9ZyPeRAqQyxsk7NHRyhPc0uzfNGG1KaUBJccYAQ&id=lidar2&mcvt=1004&p=0,0,600,160&mtos=1004,1004,1004,1004,1004&tos=1004,0,0,0,0&v=20231116&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=20&adk=1812271803&rs=2&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&vs=4&r=v&rst=1701184185806&rpt=830&met=ie&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 28 Nov 2023 15:09:48 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 6F95 0
20 B 54ms
53ms Ping
image/gif 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=7363901102716&version=m202309260101&ct=77&x=1&cor=1279753561619869400

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 28 Nov 2023 15:09:48 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame ED07 0
20 B 56ms
55ms Ping
image/gif 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=4856194032011&version=m202309260101&ct=77&x=1&cor=10760258440664095000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 28 Nov 2023 15:09:48 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK viewability Show response
hal900014.redintelligence.net/ Frame C462 0
150 B 80ms
27ms Script
text/html 176.9.26.250
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900014.redintelligence.net/viewability?s=68041300110481104444550012522014&a=36e97fb4&vb=v
Requested by: Host: hal900014.redintelligence.net
URL: https://hal900014.redintelligence.net/request_content.php?s=68041300110481104444550012522014&a=20187ac1
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 176.9.26.250 Berlin, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.250.26.9.176.clients.your-server.de
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900014.redintelligence.net/request_content.php?s=68041300110481104444550012522014&a=20187ac1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date: Tue, 28 Nov 2023 15:09:48 GMT
Server: Apache
Connection: close
Content-Length: 0
Content-Type: text/html; charset=UTF-8

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 6F95 42 B
64 B 61ms
60ms Fetch
image/gif 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjssUzyxUZG9UydrnhhIoUAdcYA-MrkthZ-LuDviQG1mjsBBqpGm_xiEum7BojXRR1RHf9CU7GrxQtY_EYCrooUfcR-ccXvIaeb1XONlt_HwZ53axEkDUKnRSQHsmd2dYzLA&sai=AMfl-YQtQP2gYt6_KBjq1K2PfSeW6h2_WIAJY-lLKBR8W4ZhMJHVrzyu_Z8PhxLEbqtHQFy5DzHV8Eq6qBBPk7E3LPLyFpzKon55d84mDRYqMR0vEk32WvJTjzQlHQpS0vIn7s5YjPwj5B8rOVi14ApLmWPMJdeAHAAtIMSz&sig=Cg0ArKJSzHvcs8T4DCQAEAE&cid=CAQSTwDICaaNxYoVwZ0MAhokayQsDWi_3xXlWWVNNCWhnPDnV8vjOTyq4IRVgKeK27hO6iR9x8L9ZyPeRAqQyxsk7NHRyhPc0uzfNGG1KaUBJccYAQ&id=lidar2&mcvt=1005&p=0,0,600,160&mtos=1005,1005,1005,1005,1005&tos=1005,0,0,0,0&v=20231116&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=20&adk=1812271804&rs=2&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&vs=4&r=v&rst=1701184185824&rpt=1280&met=ie&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 28 Nov 2023 15:09:48 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 all
csm.eu.criteo.net/ Frame 226E 0
127 B 38ms
38ms Ping
text/plain 2a02:2638:3::1a
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::1a , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Finatra /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://ads.eu.criteo.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Tue, 28 Nov 2023 15:09:48 GMT
strict-transport-security: max-age=31536000; preload;
cross-origin-resource-policy: cross-origin
server: Finatra
content-length: 0

POST
H2 200 9377854
mc.yandex.com/webvisor/ 43 B
0 277ms
146ms Fetch
image/gif 2a02:6b8::1:119
GLOBAL_DC

General

Check archive.org

Show headers Download Go to

Full URL

https://mc.yandex.com/webvisor/9377854?wv-part=1&wv-type=7&wmode=0&wv-hit=534226000&page-url=https%3A%2F%2Fwinzoro.net%2F&rn=120732413&browser-info=bt%3A1%3Awe%3A1%3Aet%3A1701184188%3Aw%3A1600x1200%3Av%3A1170%3Az%3A60%3Ai%3A20231128160948%3Au%3A1701184185575133139%3Avf%3A3akmpckrufnt9afj6lckkvrv%3Ast%3A1701184188&t=gdpr(14%2C14)ti(1)

Requested by

Host: mc.yandex.ru
URL: https://mc.yandex.ru/metrika/tag.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:6b8::1:119 Moscow, Russian Federation, ASN208722 (GLOBAL_DC, FI),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Xss-Protection	1; mode=block

Request headers

Referer
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 28 Nov 2023 15:09:48 GMT
strict-transport-security: max-age=31536000
last-modified: Tue, 28-Nov-2023 15:09:48 GMT
content-type: image/gif
access-control-allow-origin: https://winzoro.net
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials: true
content-length: 43
x-xss-protection: 1; mode=block
expires: Tue, 28-Nov-2023 15:09:48 GMT

GET
H/1.1 200
OK viewability Show response
hal90008.redintelligence.net/ Frame 722B 0
150 B 80ms
28ms Script
text/html 138.201.63.150
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal90008.redintelligence.net/viewability?s=36625300121049404444556012522008&a=6e0bd066&vb=v
Requested by: Host: hal90008.redintelligence.net
URL: https://hal90008.redintelligence.net/request_content.php?s=36625300121049404444556012522008&a=212165bc
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.63.150 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.150.63.201.138.clients.your-server.de
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal90008.redintelligence.net/request_content.php?s=36625300121049404444556012522008&a=212165bc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date: Tue, 28 Nov 2023 15:09:48 GMT
Server: Apache
Connection: close
Content-Length: 0
Content-Type: text/html; charset=UTF-8

POST
H2 200 9377854
mc.yandex.com/webvisor/ 43 B
0 77ms
77ms Fetch
image/gif 2a02:6b8::1:119
GLOBAL_DC

General

Check archive.org

Show headers Download Go to

Full URL

https://mc.yandex.com/webvisor/9377854?wv-part=1&wv-type=7&wmode=0&wv-hit=534226000&page-url=https%3A%2F%2Fwinzoro.net%2F&rn=971245957&browser-info=we%3A1%3Aet%3A1701184189%3Aw%3A1600x1200%3Av%3A1170%3Az%3A60%3Ai%3A20231128160948%3Au%3A1701184185575133139%3Avf%3A3akmpckrufnt9afj6lckkvrv%3Ast%3A1701184189&t=gdpr(14%2C14)ti(1)

Requested by

Host: mc.yandex.ru
URL: https://mc.yandex.ru/metrika/tag.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:6b8::1:119 Moscow, Russian Federation, ASN208722 (GLOBAL_DC, FI),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Xss-Protection	1; mode=block

Request headers

Referer
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 28 Nov 2023 15:09:48 GMT
strict-transport-security: max-age=31536000
last-modified: Tue, 28-Nov-2023 15:09:48 GMT
content-type: image/gif
access-control-allow-origin: https://winzoro.net
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials: true
content-length: 43
x-xss-protection: 1; mode=block
expires: Tue, 28-Nov-2023 15:09:48 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4379353840599633&output=html&h=280&adk=281093907&adf=495251238&pi=t.aa~a.3502614405~i.2~rp.1&w=960&fwrn=4&fwrnh=100&lmt=1701184185&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=7633074340&ad_type=text_image&format=960x280&url=https%3A%2F%2Fwinzoro.net%2F&ea=0&fwr=0&pra=3&rh=200&rw=960&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1701184185611&bpp=3&bdt=1199&idt=3&shv=r20231109&mjsv=m202311140101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=2&correlator=575793446681&frm=20&pv=1&ga_vid=1577247992.1701184185&ga_sid=1701184185&ga_hid=624964592&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=440&ady=2294&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44809005%2C31078297%2C31079756%2C44807763%2C44808148%2C44808285%2C44809053%2C44809072%2C318512602&oid=2&pvsid=3572195228664700&tmod=761175717&uas=0&nvt=1&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&btvi=1&fsb=1&dtd=7

Verdicts & Comments Add Verdict or Comment

184 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

43 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
winzoro.net/	1969-12-31 23:59:59	Name: PHPSESSID Value: nlgdqmehdk6dljlkkd5q774osf
.broluckycode.site/	1970-01-20 17:16:16	Name: uuid Value: 08276ca8-3d2f-4597-af03-f9aa7f43fa62
.yandex.ru/	1970-01-21 01:18:40	Name: yashr Value: 9597626361701184184
.yadro.ru/	1970-01-21 01:17:34	Name: FTID Value: 1bPWAu1ek2eh1bPWAu001Qr0
.yadro.ru/	1970-01-21 01:17:34	Name: VID Value: 3yrOLx3d4ceh1bPWAu001DJA
.yandex.ru/	1970-01-21 02:09:04	Name: i Value: CeVWDFQLGvhyilWfuUo95PE+o1pKm2yJ3f2qRhVfZAHqThDHwMyeV9JtRP6Vu0tumdTH+w21FTGKgyVxXMTTFhco24s=
.yandex.ru/	1970-01-21 02:09:04	Name: yandexuid Value: 1187097721701184184
.winzoro.net/	1970-01-21 01:18:40	Name: _ym_uid Value: 1701184185575133139
.winzoro.net/	1970-01-21 01:18:40	Name: _ym_d Value: 1701184185
.mc.yandex.com/	1970-01-20 16:33:04	Name: sync_cookie_csrf Value: 1608355421fake
.winzoro.net/	1970-01-20 16:34:16	Name: _ym_isad Value: 2
.mc.yandex.ru/	1970-01-20 16:33:04	Name: sync_cookie_csrf Value: 1302009290fake
.yandex.com/	1970-01-21 01:18:40	Name: yandexuid Value: 1187097721701184184
.yandex.com/	1970-01-21 01:18:40	Name: yuidss Value: 1187097721701184184
.yandex.com/	1970-01-21 02:09:04	Name: i Value: CeVWDFQLGvhyilWfuUo95PE+o1pKm2yJ3f2qRhVfZAHqThDHwMyeV9JtRP6Vu0tumdTH+w21FTGKgyVxXMTTFhco24s=
.yandex.com/	1970-01-21 02:09:04	Name: yp Value: 1701270585.yu.640258681701184185
.mc.yandex.com/	1970-01-20 16:34:30	Name: sync_cookie_ok Value: synced
.yandex.com/	1970-01-21 01:18:40	Name: ymex Value: 1703776185.oyu.640258681701184185#1732720185.yrts.1701184185
.yandex.com/	1970-01-21 01:18:40	Name: bh Value: KgI/MA==
mc.yandex.com/	1969-12-31 23:59:59	Name: yabs-sid Value: 1285006941701184185
.winzoro.net/	1970-01-20 16:33:05	Name: _ym_visorc Value: w
.winzoro.net/	1970-01-21 01:54:40	Name: __gads Value: ID=87f8262c4670fd0e:T=1701184184:RT=1701184184:S=ALNI_Maaru7eDvY4JjwuEzaeOeDiAz-T8w
.winzoro.net/	1970-01-21 01:54:40	Name: __gpi Value: UID=00000ce84bb514c5:T=1701184184:RT=1701184184:S=ALNI_MaouwjwVRIPKvSKK97ZJmgKwQE6Uw
.casalemedia.com/	1970-01-20 18:42:40	Name: CMPS Value: 2182
.doubleclick.net/	1970-01-21 01:54:40	Name: IDE Value: AHWqTUlSxmYX6_OtDGS6eEUCmorwgkcY_ECwB0vTxVevuOuaGNWmMGVuse1rz2MfbI8
.casalemedia.com/	1970-01-21 01:18:40	Name: CMID Value: ZWYCuVn71Hl5WK8fBnTHKgAA
.casalemedia.com/	1970-01-20 18:42:40	Name: CMPRO Value: 2182
.adnxs.com/	1970-01-20 18:42:40	Name: uuid2 Value: 4517124959714179736
.adnxs.com/	1970-01-20 18:42:40	Name: anj Value: dTM7k!M41.D>6NRF']wIg2ImLGZw#R!@wnfH8K6pQK`!5=E<L5>xi_1.u`/iHMnd/1_D^`8)S$/l7Go>liEoR:Hd[%nugO%v4VB%nnfD*lRL
.doubleclick.net/	1970-01-20 20:52:16	Name: APC Value: AfxxVi5EEZTybn_-Z6bO2RlQvMFJONuOqA0Dojv5DxxJm38Paf69fA
.quantserve.com/	1970-01-20 18:42:40	Name: d Value: EHYBCQHEKoEA
.quantserve.com/	1970-01-21 02:03:18	Name: mc Value: 656602ba-2f953-028ff-b51b4
.adfarm1.adition.com/	1970-01-20 18:42:40	Name: UserID1 Value: 7306530443351423123
.doubleclick.net/	1970-01-20 17:16:16	Name: ar_debug Value: 1
.yahoo.com/	1970-01-21 01:19:01	Name: A3 Value: d=AQABBLoCZmUCENGuXoBFRWMl31iHUIVItiMFEgEBAQFUZ2VvZQAAAAAA_eMAAA&S=AQAAAqhy5ppDwDF6dOcIqo21kWQ
.redintelligence.net/	1970-01-20 18:42:40	Name: 8lcfmzhxc8d6_uid Value: 29a208e05e41df05
.adform.net/	1970-01-20 17:16:16	Name: C Value: 1
.adform.net/	1970-01-20 17:59:28	Name: uid Value: 8304892721735538799
.awin1.com/	1969-12-31 23:59:59	Name: AWSESS Value: 357526:3266505
.awin1.com/	1970-01-20 16:43:08	Name: awpv11601 Value: 113440\|1701184186\|2b0dc152-8e00-11ee-825d-22629e669530
.office-partner.de/	1970-01-21 02:09:04	Name: source Value: {"webgains_webgains":{"timestamp":1701184186972,"clickCookie":false}}
pb.media01.eu/	1969-12-31 23:59:59	Name: ASP.NET_SessionId Value: 5r5eveg3sydeaxg5enjafvib
pb.media01.eu/	1970-01-21 02:09:04	Name: DTU Value: D6BA7D33FA93A758BF0B9768B3A0E384

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
other	warning	URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4379353840599633&output=html&h=280&adk=281093907&adf=495251238&pi=t.aa~a.3502614405~i.2~rp.1&w=960&fwrn=4&fwrnh=100&lmt=1701184185&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=7633074340&ad_type=text_image&format=960x280&url=https%3A%2F%2Fwinzoro.net%2F&ea=0&fwr=0&pra=3&rh=200&rw=960&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1701184185611&bpp=3&bdt=1199&idt=3&shv=r20231109&mjsv=m202311140101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=2&correlator=575793446681&frm=20&pv=1&ga_vid=1577247992.1701184185&ga_sid=1701184185&ga_hid=624964592&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=440&ady=2294&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44809005%2C31078297%2C31079756%2C44807763%2C44808148%2C44808285%2C44809053%2C44809072%2C318512602&oid=2&pvsid=3572195228664700&tmod=761175717&uas=0&nvt=1&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&btvi=1&fsb=1&dtd=7 Message: Origin trial controlled feature not enabled: 'attribution-reporting'.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
X-Content-Type-Options	nosniff nosniff
X-Frame-Options	SAMEORIGIN SAMEORIGIN
X-Xss-Protection	1; mode=block 1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

5994599.fls.doubleclick.net
ad.doubleclick.net
ads.eu.criteo.com
adservice.google.com
adv.office-partner.de
analytics.webgains.io
api.webgains.io
broluckycode.site
c1.adform.net
cat.nl3.eu.criteo.com
cdn.track.production.webgains.team
cdnjs.cloudflare.com
cm.g.doubleclick.net
cms.quantserve.com
counter.yadro.ru
csm.eu.criteo.net
dis.criteo.com
dsp.adfarm1.adition.com
dsum-sec.casalemedia.com
fonts.googleapis.com
fonts.gstatic.com
googleads.g.doubleclick.net
hal9000.redintelligence.net
hal900014.redintelligence.net
hal900021.redintelligence.net
hal90008.redintelligence.net
ib.adnxs.com
imageproxy.eu.criteo.net
match.adsrvr.org
mc.yandex.com
mc.yandex.ru
medialead.de
pagead2.googlesyndication.com
pb.media01.eu
pr-bh.ybp.yahoo.com
pv.medialead.de
rtb.fr3.eu.criteo.com
static.criteo.net
tpc.googlesyndication.com
track.webgains.com
use.fontawesome.com
winzoro.net
www.awin1.com
www.google.com
www.googletagmanager.com
www.googletagservices.com
www.gstatic.com
x.bidswitch.net
yandex.ru
yastatic.net
googleads.g.doubleclick.net
104.18.36.155
138.201.63.150
138.201.84.244
142.250.184.226
142.250.186.166
144.76.238.55
145.239.193.130
176.9.26.250
178.250.1.6
178.250.1.9
18.130.109.49
18.134.20.61
18.197.5.251
18.66.147.98
185.177.94.152
194.67.68.223
23.192.250.178
2606:4700::6811:190e
2606:4700:e2::ac40:8d0d
2620:116:800d:21:de2e:c7b3:55c0:d5a0
2a00:1450:4001:800::2001
2a00:1450:4001:806::2002
2a00:1450:4001:813::2004
2a00:1450:4001:827::2002
2a00:1450:4001:827::2003
2a00:1450:4001:827::200a
2a00:1450:4001:82b::2008
2a00:1450:4001:82f::2002
2a00:1450:4001:830::2003
2a02:2638:3::10
2a02:2638:3::12
2a02:2638:3::1a
2a02:2638:3::3
2a02:2638:d::c
2a02:6b8:20::215
2a02:6b8::1:119
2a02:6b8:a::a
2a05:d018:d29:3601:4b10:b0d1:bea:379d
2a0b:4d07:101::1
35.71.131.137
37.157.6.237
37.252.173.215
85.114.159.93
88.198.250.30
88.212.201.198
94.23.99.218
99.86.4.52
014c970a6e4fbbdc28b8b1a08630101d8a8d3b5ced10682e10d48cf868812828
01da1a0bfe86a9547ede24c96cd97f5e3975a2c7d6b47558c775380717d9e6b8
02dfd02df682fc583a21a64f7c9cb2ba8dbd54520b8aa5c83f7066015c8efc91
033696b7f1ac04d1dcc102be84550e146236ceffc25a6cabc12aa51a6ee410b9
05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e
093c1fcee545ef703fcb79c1c4c835a32e67081bf651d44253cfdc68a31bf869
095c997695f6a290fdba58b778eb0a0fdcdd9c108669e41265527a262223f1e6
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0c21f21f7b1658ed6ab5c0461020a21d62f9e0a7cd7cf3d9e6ef61a2c481f31e
0ec4645f8705b4f67c953b9af5e81faf1750314f556f6849d7dfdc5f1c654ceb
0ecd9f5bb492be71e3aacc8ca4f170c8f9890242a25e2c6ec9a42f13561b028f
0fc9bc566d462bf9fc08a942fd9d9929a9686911e4298abe8dec926e11b783f7
13367eb1ac7429c8411e33818e71f6594587db912a287099ca8d881310e85758
138313ba91a77c618c029500c84ae2867deb4eb88560b177941c913fa5e9917b
13d62575f2afbe06a27270e0ad31a53dc50a0bbea757e043cf8e2eb4d1c9fc9c
18e6b664af7bc55ab0f963920f0da5a86e15f25fea4e223924d8f4b6723a37cf
1d37a411807a01fdee9520e46e6c4d627f7d4ea1a8bb69e977fe119827dad736
1dcbf404e84d061249df6c089462866088e2f3a0c016fc6e465311df8d6f860c
1dd6476f1325d934e8471c73d9b14b4eadf387cc9f7efcdb0439899699ebfbbd
1f753192dcf35c9feebe309f936821c36a397a993388b992158458c505fe386a
20ac558ae4e736f5a22d58c1bcdab41693e106fb485d0c582be711621ef6456d
2236f8f79b3e2936da97c0a0f8da93b3e821e353f9ab1036ebb505c8c8714aff
227ebeadeabf720faa659ed7547a50ca7e2a9a19648ca781a13dbba37d04f958
232d3fbf590a584138bb563319747dbef0c9e41db91f19ff45d41e785a5f4f98
250748f80f74f0169390658ebbc6c133615c91172246a7befcbe3f9210f8e562
25b1b4e9934aa4cb8e8bdf5fd7911f6ec67acde6b6b39f1561aec2244f7826af
268aaada3d62c9b6db58e477370b087b3d38461a668a74da3b49048dc8fca926
2881d8eadc298102d2462e8d32e40792adce37b6cd89d99045f574eb3ecbb748
2adeab00cf0e5471b264d4f84defe700ad709a2847dcbf5538ee3793c65a9cf8
2c62322e627a43c88c5c4c00a0d4fed80f2b82a7570e38de76fb28490a9b4b67
2d0922bd18f06df3c7413fcd6a3f1c5ec9545b4b07b131e362f30df7275fc058
2d0ad53a2d938f73bffe6afb74e5b31ff1b509a9e08f7810556d27f38d842b4b
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
2f310007517289c6ee9182ade1b536ab749f6cfd771ec99d5778e3798224edbd
2fcfd6e9e101895a7ab488a9bb42829a22410e57ec7a1ac01513f3e62d69a9c8
300f5b02f9f5a3977cefc61c55e73223b22aac671597c11012f4c8112a2af5f5
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
31ec123353713cbf09027b008f72cdf8f981a022477817f71d87084d7cd3113c
327f27e8dadc7186a5425643fa096960251b33ad2cc3570a9aa564802c327217
34806ef573086241dd1a596a860b0295b51c24f1c37eab36eb9d0665683abb55
35ef3d202ba98e9336c842fa83a4fce325d34fd54773907d3391bbeaf476bc5d
384179ee8fb1fd393558e28ea811532ea776e8cd69f9e94f379ddefb78948bd7
38eb0379c855f10a0e69073af6b54582216fa37b7e2b1563a1246bbf1ef49642
39fe29cf7b41b3c265736d9c0a69cc6986ca78ccc31fdec26b8e25fba2cf2d99
3c30eaaa059a466037880c18c01c2fe94183d8e67eaab42061d4d2a180114658
3df65d7d6add27dd11c6f6a174f7940f193a6283948ad989f1462923cde8f229
3fed9e40fb165dcb840e9b2965ce16e1842a6e83aaddaf06214605437a414314
402b1a076f92e1dbef0f0889cd311b456d17ef23ad82daa68fbbafca8603b675
41d2526e9c4595fc1fc747555bda18a041033a863a9b2ed180e7b5836918facd
435db380c9936c0970dcd3d9941eab6aec2fcf2a38c3e2b4e02d957e8e76bd1f
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4d0130d314f1669c9ea5a911d401d6250f96386a52b0c38f7b3fb43cdcd10589
4d40dfe54c4755ef187d748bc551146b133f55adc7ec4b4edf663171566f1500
4d45982f2dc34f36c9045ee46a75a1943666bb7fd64e103cac8c7429e7012840
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
4f74bf7263050236f11883a5b9223f655ad9bd1b3e7510749d1359ee11850d8a
51eee906ac8d0627ec319a1c332ad07aa0f84c20a62f2efce5fe5365f64646b0
533ef55260a6a0438bd989be45e27c9f94d49b36043ea727a8a3a15048a850ec
5460f776f1ca266be63f7b0ac3a19682db0a3ec42be65a8e4d68751e101ce874
5469afbdf48250ad8c767ea8a1e2d1c43b4460e10e5dca5e88f3ab0108873893
5485a4ffd8f4277a891711138076d3a227ec2f203b31dd83984f9effda23c505
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
574b35072c523a94f489167282a8ce8eff008f8817d84aed7a8740190f04bdf2
586b8dbfb947b7093c89ca5438ee8be9924e35d8f7e940f4722ec90bb12bc392
59d8b805b12d336d283666c0148287dfd4238f893d5ed7364ac9b542eb160853
59e6b3f63bf2e4bda6a90167a5d37c3d5776b522cb09a1ebed006e807f83b7dd
5a92789530d5fd1cf161d3da8128ce0466ca2087dbeaf3f7fae2f3c86d5cacbb
5c4a713ee4250851232be9f9f68d41586be39b299528cfc7266e0b0e7e582e1b
5c7df99df232586111917083a85aa31b82ee29e48ca2990e13fae0c0663a923f
5e96accf2e0a2a0978c6e5669ff9b79f65fb177ddf743a9c1e49a4462f035bb0
6048fb97cce71aada540634afd784f93811f0c26788ba0f2abd832d1c27dc4b3
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
61fe41cde1b6df00f34e5a9795741e926e8861b8e80d396ff799d48bacda5300
6affcf70bb4531c7c8fc428b0d3d77d0629a78f24a51d2ac8e08f9e88592ce7f
6b9d2722f54eab704e54d8f412c8958a14729d81c74422a483e2d5daea80deca
6c2ddbff914c19316d0fdd8b75f8dffb9b4337a66bebb348fd3e5b2414d5af0e
7130e32e6ada0df807e9016a918a0a812efa084fd33d52dd5a0d5b891240d33f
725e869434fef8013208ed4c233d29744f9b363f867dcfb8f23e862880fa699a
749a7c498aaf5b833bade4cdaa38bf40057a38c5f69a43e128c97c794d88398a
75c4ab09fbbd5eae0283becbdad0a345687a1f416e75b73f5bee4b859f5f7be9
7a2ba893d4dbd1537adc44d70e99301a2026e09b15764b3881d441ce78283eae
7b348b30ea1fe43857e68fc462c29e5c6e63c97666af75135c4396a272e54762
86e13092ae22edbaba636da5a48f78ab6b60b309ebf5f981c1fa0bd7d4d355a2
8891a160f8a2afb81de5259f9f68e5af3782348ea2927ad9e969bc88c7d39984
8d6af87f2e8ab6ba751d5bda81faf18aed637f3c43f3f5c25acfcdb8dc674a92
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0
8ec89605fe3d580e9539c7b858e8f69ba4e26fe06377ebe04585397de23a7395
8f665ba5c27890ebed553836dee5572ad583c0a65374373741ec0a5309df2b5a
92a198bd1a2c8dec4aebbef1fe41a1219a0dd5061bf57ec3ca53773bc3169c6a
9a4eb2c9445287c34cb0a9ed5cc673460362483f0855bc91f8230dfa46a955e1
9a5283f1a9e148ac5f8e2ebb5c8d08c63c9ba7d4c47bd19ecb882fdcdb883648
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
9b67e1e53d9fe07a1569190b3c25ae4ab4d57a49b2515d30c20d32a6689683bf
9e83a64c1620448cf97e7955a622098b159c4ddc34a7d9a1688f577b860df932
9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120
9ffef098b884c7af804c3cdc2ef744a2d3837a7fa303d317a2002cc7629463ab
a0935a5cceb67e31427704dbca2ab5b032e012c9e6a15ef7e2b601eeb885a4d7
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
a0e62ca4a82bef79bbe9dc2aba6c0782a7d8eca046bb1baa30ee91ec37931553
a2e14a498cfcc1b6920f069a9d657ad3c6fbbe217dd26dbfe54815db5107fed6
a71fdb2af0679f36edbf63eb7944dc2403c85572d9de916cfcb12bf6277c5c37
a7a160a806d58f8fd3dc51b97f6febc788e9b675a07f45d7c24d6f9ffc80d90a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b2adf726d77e1eed5248f5a41e017a4f658c0c9036fa596c539d1cb08e12593b
b2c615821feb3d5f6b8f8ccdfde002b4ba2001cf0aa87af786c0a4420fdbf149
b2e0b30675f605757be832661007b53f9c42ac516e94f7663200bbf94ba0bc2d
b2fec35aca5888e44e2a651e9414626158e83e6f88413aa9d02367e8ea57093e
b306ba1af362db6ca00b654c6ddf9c3c84a448bacaf741277e525c782db9f336
b38138d8fd387b452b7b12553bc41e30c4d07b73c4037113d3064a455592641c
b3feee2c145f698c99c7558c6ccacb5c6438df8877989807e1534886357ee022
bb51b9caddb8a0e55d70c819b8a8903fbf2f94b7ad453653ec6aa0e823524276
bbdb857b03d1035842a61047e74e3071af90e79efbfcc925a5b65dd20a52b1a9
bc32bb0e9f860432ddbbc0ae8e7deba4520701d86fe5f46e05f86cf70aaac180
bc4552cdd28b709c334c97551e64c17864ccaf687c00db0f92b079b83bf76b1d
bc8cbd85bd12b9715d6195b68e3e2c338630a13d763321cffc0a34d040c79ac7
bd30ecd5ff9d522e69153382b6304c2b571e1a205f5b2c5728cb5e0c2e4b0181
be9fb756eadea158b4bc0b338c66fc19336a96e233d2092e7fd1f1e122c6d84a
bf5b911ce6645add415b3dbf40d50dc8cda426f38f5300525bf4793c4131b2c2
c045c55ea725d7522824719c00c918ec02f0d4f7f77d9b71e1654c67ed04bb36
c3bfb6fbde860bd601660664e6bc5bc8293af1e5d48b39bf3bede0facbffd751
c3d606568f389989dd02561ca2b0d20d29eeb477ed633a690a518879748f487a
c691572e19ed2e972be60459bb3c16e00eba1bd85ae4856804555f53973c0d45
c7d6d7bc7e1a3bf037dbfa0411eefd9fd5374b0e49e92bf4ddd22fa110c6dc10
c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97
c9c1caceee24c82513919d61734ad3ccb66800fa0a92f71da617c49b8a872fb1
ca57b79a870bbf54700730858603a70d79743779c1b059922ec401bfddc5adc9
cc39632667e6ffe754bbfaba54176dcc5ee2eeb0cb92d16e7b64831e7e03c595
cddc41ae148015d5b0670b5e871ff09ea1ff93bbf335b07964ba4bb2044c5118
ce8b0ce00b853304b4500a3e0273c2ee8123ec998d9ea4bc1a2b3e97c573b61f
cf36dcf145eab9e8687d1058ec8574477321f8fc1627dff24acc9dd3d55ef3cd
d00881661ce5e766ce98430f69d6d217ab80bdfa98811e039afc92a327d57a68
d18f91781d6892fc24796d9253c6b82869799d2995b7ebdf90b835877df718ea
d709abf2cdc89b8f3cc482791df808b15c9e71dcbdb65718a3f4bb5c24eddb89
d8ffdf97e87e6f85edb8bfa48102f6e0157cb1bb55429d9893447d8787b784e1
db191b86ceb259d81e84aea4841313360880f32a21236bdfd20a9ced1bc0e8ed
ddf7d39c11d7a22154610b3895c9187ec058aa5c1255ee9d80ea6ad0a7d80e4b
df301479921863d00f49551cae9e1cf786a17544c23839747864617049f9b51f
e0ee294b5487df566aad23b603fd902535634cfa957be8e7620396515afb1047
e100e670262abaa429a894f6a179341a4bd26aacc4b56bba2cf1122eafa22c49
e334ca19f092778f57815a534078daf8e3fce269e56f7ea374ab3a117eee92ad
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e6f64fd1d9f408249bad441e006c941278314946c96f6d844d521f11425710bf
eb66c7c9d097d5ba414230f422484c17fa6f37157d30e1ded2cc5f65a9667987
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f32a046c87aa4c622f8be287992a528bca419797b13844839eb00abce53e025c
f3901fe1a0442e50f28c14d6eae3dec8c35e6271d6b8bff15df81b6d5f7495f1
f55a11baf33fb17425e40acd9266d2277424db4e0ae3bf3c703418de8b13101d
f5ac04f16be2eb0fbb4477e9e100a88674bda296ce7acf2419ec2898858b37f1
f99a2c60ac365f5cebd3b520372c07dac909708e0fb5f8848a0a967c7fc0b98e
fbc6bed540723f219a878e5735ae8cb1c05aa9f7012bf21870cd79e41af25bcd
fca438368eeddd899b3ec34b773672a57469924ed89ce28543ee80e1b43bad23
fe20ff2859b2752e04b026435eb9651c339d0a6a5805f825151bb11521bd644c

winzoro.net Open in urlscan Pro 194.67.68.223 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

268 Requests

90 %HTTPS

47 %IPv6

33 Domains

50 Subdomains

44 IPs

10 Countries

4560 kBTransfer

9197 kBSize

43 Cookies

6 Outgoing links

Page URL History

Redirected requests

268 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 4 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

winzoro.net Open in urlscan Pro
194.67.68.223 Public Scan

Screenshot
Live screenshot

Full Image

268
Requests

90 %
HTTPS

47 %
IPv6

33
Domains

50
Subdomains

44
IPs

10
Countries

4560 kB
Transfer

9197 kB
Size

43
Cookies

268 HTTP transactions
4 data transactions