link.downloadr.in Open in urlscan Pro
2606:4700:3031::6815:2660 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://link.downloadr.in/full?api=e193e4bd649af1f073c84d579f3a081f6931999a&url=aHR0cHM6Ly91ZGFjaXR5Y291cnNlcy5jb20vZG93bm...
Effective URL:
https://link.downloadr.in/bRM2sN
Submission: On August 03 via manual (August 3rd 2022, 2:11:43 pm UTC) from US — Scanned from DE

Summary HTTP 161 Redirects Links 1 Behaviour Indicators

Summary

This website contacted 32 IPs in 5 countries across 24 domains to perform 161 HTTP transactions. The main IP is 2606:4700:3031::6815:2660, located in United States and belongs to CLOUDFLARENET, US. The main domain is link.downloadr.in.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on May 11th 2022. Valid for: a year.

This is the only time link.downloadr.in was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 10	2606:4700:303... 2606:4700:3031::6815:2660	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	2a00:1450:400... 2a00:1450:400e:80d::200a	15169 (GOOGLE) (GOOGLE)
2	148.251.53.118 148.251.53.118	24940 (HETZNER-AS) (HETZNER-AS)
3	2a00:1450:400... 2a00:1450:4001:801::2003	15169 (GOOGLE) (GOOGLE)
11	2a00:1450:400... 2a00:1450:4001:813::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:812::2003	15169 (GOOGLE) (GOOGLE)
1	2606:4700:303... 2606:4700:3030::ac43:d31d	13335 (CLOUDFLAR...) (CLOUDFLARENET)
12	2a00:1450:400... 2a00:1450:4001:809::2002	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:809::2003	15169 (GOOGLE) (GOOGLE)
1	139.45.197.234 139.45.197.234	9002 (RETN-AS) (RETN-AS)
1	142.250.184.226 142.250.184.226	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:802::2002	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:831::2002	15169 (GOOGLE) (GOOGLE)
11	139.45.197.250 139.45.197.250	9002 (RETN-AS) (RETN-AS)
1	139.45.197.237 139.45.197.237	9002 (RETN-AS) (RETN-AS)
6	139.45.197.239 139.45.197.239	9002 (RETN-AS) (RETN-AS)
2	139.45.195.8 139.45.195.8	9002 (RETN-AS) (RETN-AS)
14	2a00:1450:400... 2a00:1450:4001:829::2001	15169 (GOOGLE) (GOOGLE)
1	139.45.197.243 139.45.197.243	9002 (RETN-AS) (RETN-AS)
1 2	2a00:1450:400... 2a00:1450:4001:827::2004	15169 (GOOGLE) (GOOGLE)
5	139.45.197.151 139.45.197.151	9002 (RETN-AS) (RETN-AS)
3	139.45.197.236 139.45.197.236	9002 (RETN-AS) (RETN-AS)
4	2606:4700:10:... 2606:4700:10::6816:1974	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	2a00:1450:400... 2a00:1450:4001:828::2002	15169 (GOOGLE) (GOOGLE)
3	2a02:2638::2 2a02:2638::2	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
3	2a02:2638::b 2a02:2638::b	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
21	2a02:2638:1::3 2a02:2638:1::3	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
3	178.250.0.160 178.250.0.160	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
3	2600:9000:21f... 2600:9000:21f3:a00:1e:a43d:b640:93a1	16509 (AMAZON-02) (AMAZON-02)
19	178.250.0.139 178.250.0.139	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
6	178.250.0.162 178.250.0.162	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
161	32

10 2606:4700:3031::6815:2660 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

link.downloadr.in	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:400e:80d::200a (Ireland)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 148.251.53.118 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.118.53.251.148.clients.your-server.de

ad.a-ads.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
static.a-ads.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:801::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 2a00:1450:4001:813::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:812::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.recaptcha.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:3030::ac43:d31d (United States)

ASN13335 (CLOUDFLARENET, US)

inklinkor.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 2a00:1450:4001:809::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:809::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 139.45.197.234 (United Kingdom)

ASN9002 (RETN-AS, GB)

bedrapiona.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.184.226 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s12-in-f2.1e100.net

partner.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:802::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:831::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 139.45.197.250 (United Kingdom)

ASN9002 (RETN-AS, GB)

pseepsie.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 139.45.197.237 (United Kingdom)

ASN9002 (RETN-AS, GB)

dozubatan.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 139.45.197.239 (United Kingdom)

ASN9002 (RETN-AS, GB)

tovanillitechan.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 139.45.195.8 (United Kingdom)

ASN9002 (RETN-AS, GB)

my.rtmark.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 2a00:1450:4001:829::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 139.45.197.243 (United Kingdom)

ASN9002 (RETN-AS, GB)

onmarshtompor.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:827::2004 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 139.45.197.151 (United Kingdom)

ASN9002 (RETN-AS, GB)

interstitial-08.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 139.45.197.236 (United Kingdom)

ASN9002 (RETN-AS, GB)

unphionetor.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2606:4700:10::6816:1974 (United States)

ASN13335 (CLOUDFLARENET, US)

littlecdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:828::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a02:2638::2 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

rtb.fr.eu.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a02:2638::b (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

ads.eu.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

21 2a02:2638:1::3 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

static.criteo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 178.250.0.160 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

cat.fr.eu.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2600:9000:21f3:a00:1e:a43d:b640:93a1 (United States)

ASN16509 (AMAZON-02, US)

secure-gl.imrworldwide.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

19 178.250.0.139 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)
PTR: pix.par.vip.prod.criteo.com

pix.eu.criteo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 178.250.0.162 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

csm.eu.criteo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
46	criteo.net static.criteo.net — Cisco Umbrella Rank: 627 pix.eu.criteo.net — Cisco Umbrella Rank: 7159 csm.eu.criteo.net — Cisco Umbrella Rank: 7456	84 KB
25	googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 124 tpc.googlesyndication.com — Cisco Umbrella Rank: 160	335 KB
11	pseepsie.com pseepsie.com — Cisco Umbrella Rank: 141290	62 KB
11	doubleclick.net googleads.g.doubleclick.net — Cisco Umbrella Rank: 55	83 KB
10	downloadr.in 1 redirects link.downloadr.in	342 KB
9	criteo.com rtb.fr.eu.criteo.com — Cisco Umbrella Rank: 13161 ads.eu.criteo.com — Cisco Umbrella Rank: 7034 cat.fr.eu.criteo.com — Cisco Umbrella Rank: 9265	171 KB
7	gstatic.com fonts.gstatic.com www.gstatic.com	234 KB
6	tovanillitechan.com tovanillitechan.com — Cisco Umbrella Rank: 36433	137 KB
5	interstitial-08.com interstitial-08.com — Cisco Umbrella Rank: 90062	158 KB
4	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 187	172 KB
4	littlecdn.com littlecdn.com — Cisco Umbrella Rank: 13822	35 KB
4	google.com 1 redirects adservice.google.com — Cisco Umbrella Rank: 98 www.google.com — Cisco Umbrella Rank: 10	2 KB
3	imrworldwide.com secure-gl.imrworldwide.com — Cisco Umbrella Rank: 1464	2 KB
3	unphionetor.com unphionetor.com — Cisco Umbrella Rank: 34816	4 KB
3	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 67	2 KB
2	rtmark.net my.rtmark.net — Cisco Umbrella Rank: 11875	1 KB
2	google.de adservice.google.de — Cisco Umbrella Rank: 8117	914 B
2	a-ads.com ad.a-ads.com — Cisco Umbrella Rank: 30519 static.a-ads.com — Cisco Umbrella Rank: 53655	680 KB
1	onmarshtompor.com onmarshtompor.com — Cisco Umbrella Rank: 71222	2 KB
1	dozubatan.com dozubatan.com — Cisco Umbrella Rank: 54723	356 B
1	googleadservices.com partner.googleadservices.com — Cisco Umbrella Rank: 862	645 B
1	bedrapiona.com bedrapiona.com — Cisco Umbrella Rank: 50815	2 KB
1	inklinkor.com inklinkor.com — Cisco Umbrella Rank: 101008	25 KB
1	recaptcha.net www.recaptcha.net — Cisco Umbrella Rank: 1886	999 B
161	24

	Domain	Requested by
21	static.criteo.net	ads.eu.criteo.com
19	pix.eu.criteo.net	ads.eu.criteo.com
14	tpc.googlesyndication.com	pagead2.googlesyndication.com tpc.googlesyndication.com googleads.g.doubleclick.net
11	pseepsie.com	inklinkor.com pseepsie.com link.downloadr.in
11	googleads.g.doubleclick.net	pagead2.googlesyndication.com googleads.g.doubleclick.net link.downloadr.in
11	pagead2.googlesyndication.com	link.downloadr.in pagead2.googlesyndication.com tpc.googlesyndication.com www.googletagservices.com
10	link.downloadr.in	1 redirects link.downloadr.in
6	csm.eu.criteo.net	ads.eu.criteo.com
6	tovanillitechan.com	inklinkor.com tovanillitechan.com
5	interstitial-08.com	tovanillitechan.com interstitial-08.com
4	www.googletagservices.com	googleads.g.doubleclick.net
4	littlecdn.com	interstitial-08.com
4	www.gstatic.com	www.recaptcha.net googleads.g.doubleclick.net
3	secure-gl.imrworldwide.com	ads.eu.criteo.com
3	cat.fr.eu.criteo.com	ads.eu.criteo.com
3	ads.eu.criteo.com	googleads.g.doubleclick.net
3	rtb.fr.eu.criteo.com	googleads.g.doubleclick.net link.downloadr.in
3	unphionetor.com	interstitial-08.com unphionetor.com
3	fonts.gstatic.com	fonts.googleapis.com
3	fonts.googleapis.com	link.downloadr.in googleads.g.doubleclick.net
2	www.google.com	1 redirects tpc.googlesyndication.com
2	my.rtmark.net	inklinkor.com link.downloadr.in
2	adservice.google.com	pagead2.googlesyndication.com
2	adservice.google.de	pagead2.googlesyndication.com
1	onmarshtompor.com	inklinkor.com
1	dozubatan.com	inklinkor.com
1	partner.googleadservices.com	pagead2.googlesyndication.com
1	bedrapiona.com	inklinkor.com
1	inklinkor.com	link.downloadr.in
1	www.recaptcha.net	link.downloadr.in
1	static.a-ads.com	ad.a-ads.com
1	ad.a-ads.com	link.downloadr.in
161	32

This site contains links to these domains. Also see Links.

Domain
www.example.com

Subject Issuer	Validity	Valid
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2022-05-11` - `2023-05-10`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2022-07-11` - `2022-10-03`	3 months	crt.sh
*.a-ads.com Sectigo ECC Domain Validation Secure Server CA	`2021-12-08` - `2023-01-08`	a year	crt.sh
*.gstatic.com GTS CA 1C3	`2022-07-11` - `2022-10-03`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2022-07-11` - `2022-10-03`	3 months	crt.sh
misc.google.com GTS CA 1C3	`2022-07-11` - `2022-10-03`	3 months	crt.sh
bedrapiona.com R3	`2022-07-27` - `2022-10-25`	3 months	crt.sh
*.googleadservices.com GTS CA 1C3	`2022-07-18` - `2022-10-10`	3 months	crt.sh
*.google.de GTS CA 1C3	`2022-07-11` - `2022-10-03`	3 months	crt.sh
*.google.com GTS CA 1C3	`2022-07-18` - `2022-10-10`	3 months	crt.sh
pseepsie.com R3	`2022-07-02` - `2022-09-30`	3 months	crt.sh
dozubatan.com R3	`2022-08-02` - `2022-10-31`	3 months	crt.sh
tovanillitechan.com R3	`2022-07-21` - `2022-10-19`	3 months	crt.sh
*.rtmark.net Sectigo RSA Domain Validation Secure Server CA	`2021-11-20` - `2022-11-26`	a year	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2022-07-11` - `2022-10-03`	3 months	crt.sh
onmarshtompor.com R3	`2022-07-29` - `2022-10-27`	3 months	crt.sh
www.google.com GTS CA 1C3	`2022-07-18` - `2022-10-10`	3 months	crt.sh
interstitial-08.com R3	`2022-06-20` - `2022-09-18`	3 months	crt.sh
unphionetor.com R3	`2022-08-02` - `2022-10-31`	3 months	crt.sh
*.fr.eu.criteo.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-07-22` - `2022-10-19`	3 months	crt.sh
*.eu.criteo.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-08-03` - `2022-11-05`	3 months	crt.sh
*.criteo.net DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-06-21` - `2022-09-23`	3 months	crt.sh
*.imrworldwide.com DigiCert TLS RSA SHA256 2020 CA1	`2022-01-04` - `2023-02-03`	a year	crt.sh
*.eu.criteo.net DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-06-12` - `2022-09-12`	3 months	crt.sh

This page contains 17 frames:

Primary Page: https://link.downloadr.in/bRM2sN
Frame ID: E83260BCBC5193C040F7B0EFAB222563
Requests: 44 HTTP requests in this frame

Frame: https://ad.a-ads.com/1924648?size=728x90
Frame ID: 015370024AF971215AD62188EC362CA9
Requests: 3 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20220728/r20190131/zrt_lookup.html
Frame ID: D0A22ADEAECC83A3F5103B332C8EBDFA
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2206060008528585&output=html&adk=1812271804&adf=3025194257&lmt=1659535896&plat=9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Flink.downloadr.in%2FbRM2sN&ea=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1659535896368&bpp=2&bdt=211&idt=94&shv=r20220728&mjsv=m202207280101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=7342178961261&frm=20&pv=2&ga_vid=1909549036.1659535896&ga_sid=1659535896&ga_hid=892286789&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C44763505%2C31067984%2C31068651%2C21066434%2C42531606%2C44764001%2C21065725&oid=2&pvsid=1414660626252312&tmod=1062838501&uas=0&nvt=1&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=109
Frame ID: 38689A61DD71118AD4B797AE2F635EE1
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2206060008528585&output=html&h=280&slotname=1565748402&adk=3406233744&adf=1715028348&pi=t.ma~as.1565748402&w=728&fwrn=4&fwrnh=100&lmt=1659535896&rafmt=1&psa=0&format=728x280&url=https%3A%2F%2Flink.downloadr.in%2FbRM2sN&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1659535896370&bpp=2&bdt=213&idt=110&shv=r20220728&mjsv=m202207280101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=7342178961261&frm=20&pv=1&ga_vid=1909549036.1659535896&ga_sid=1659535896&ga_hid=892286789&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=436&ady=165&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C44763505%2C31067984%2C31068651%2C21066434%2C42531606%2C44764001%2C21065725&oid=2&pvsid=1414660626252312&tmod=1062838501&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=C2Mlx8wrP1&p=https%3A//link.downloadr.in&dtd=117
Frame ID: 38E15433AE41A1A563F22C298F0E3379
Requests: 8 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2206060008528585&output=html&h=280&slotname=1565748402&adk=3406233744&adf=2905302740&pi=t.ma~as.1565748402&w=728&fwrn=4&fwrnh=100&lmt=1659535896&rafmt=1&psa=0&format=728x280&url=https%3A%2F%2Flink.downloadr.in%2FbRM2sN&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1659535896372&bpp=1&bdt=216&idt=118&shv=r20220728&mjsv=m202207280101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C728x280&nras=1&correlator=7342178961261&frm=20&pv=1&ga_vid=1909549036.1659535896&ga_sid=1659535896&ga_hid=892286789&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=436&ady=584&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C44763505%2C31067984%2C31068651%2C21066434%2C42531606%2C44764001%2C21065725&oid=2&pvsid=1414660626252312&tmod=1062838501&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&fsb=1&xpc=jYc2xK7knm&p=https%3A//link.downloadr.in&dtd=120
Frame ID: E41AAC49FA30487CC9035227DB4B51E0
Requests: 8 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: C2208B9598E0B134B5B5A05FC80CB507
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 88118D48EB8242939E61D8A2AF6FD2C7
Requests: 2 HTTP requests in this frame

Frame: https://interstitial-08.com/?l=9PjAqTQETOzNIxm&cd_meta_crid=21588&trkintimp&target_url=https%3A%2F%2Ftovanillitechan.com%2F12%3Frnd%3D440032048%26z%3D5220161%26b%3D5362695%26c%3D2755022%26var%3D%26d%3Dhttps%253A%252F%252Fnaigristoa.com%252F%253Fb%253D%257Bbannerid%257D%2526ba%253D1%2526campid%253D%257Bcampaignid%257D%2526did%253D%257Bdeviceid%257D%2526dm%253D0%2526ep%253D1%2526fp%253D0%2526g%253D%257Bgeo%257D%2526i18db%253D1%2526l%253DEf3r9LOIFX3llkF%2526oaid%253D%257Boaid%257D%2526pshr%253D0%2526s%253D%2524%257BSUBID%257D%2526ssk%253D%257Btimestamp_key%257D%2526svar%253D%257Btimestamp%257D%2526vi%253D1%2526vo%253D1%2526z%253D%257Bzoneid%257D%2526tr%253Ddefault%26cln%3D1%26btp%3D7%26rb%3DL2zuqzDg9P3iMYlL4ItKwsQTu5TxNHU9Ruv4MsjbBW8yzAUZfiSr8u9p5GBPcIvPJdbXWUP5VOXnONufy4AB6i_Izf_9gsZ29Clml0n_FQtw0j24A6mNqzLJTdfYpUKy4tlIyUckh5_kDkU3Q-doSDE5acfhDTv2HcLLa0yrfo3tRQsvvDYWgsR1jnWmtRMOc7S4uqjP-h4Ku4GOUUSkH9X__ToRk-hUvlV_LVtl37noLR5GQY1Ht-kUVrZe9EYegPIo2Zr2IsJ1WTW65t_GMklYtxs%3D%26bag%3DydU9kaAfa6I%3D%26ruid%3Ddd1deee6-ffc4-4406-af2c-37af663231fb%26ng%3D1%26ix%3D0%26pt%3D0%26np%3D0%26gp%3D3%26bp%3D4%26nw%3D1%26nb%3D1%26sw%3D1600%26sh%3D1200%26pl%3Dhttps%253A%252F%252Flink.downloadr.in%252FbRM2sN%26wy%3D0%26wx%3D0%26ww%3D1600%26wh%3D1200%26cw%3D1600%26wiw%3D1600%26wih%3D1200%26wfc%3D7%26sah%3D1200%26drf%3D%26hil%3D1%26ist%3D0%26tbc%3D0
Frame ID: ACA6BBDD253288A09548B0974A37417D
Requests: 12 HTTP requests in this frame

Frame: https://ads.eu.criteo.com/delivery/r/afr.php?z=YuqCGAAIxTkKwQHGAAHFzOPOCOAPHl2NSxVPrw&u=%7CbKGK0upUC9ztXLcxiXL%2Ba2YDhkuMEl7Wp7VfvFnxWpY%3D%7C&c1=0n2XosTo5ckbeNFvq0zVIcsyhyT3WKD0PIixkNz--ZUG2JILUkurhSkBmqMNl2IWHL9APLQJ6z2MBXjcXbJi68TGX3bfL3WTSq1UDcvhEKOD6kU-WiEl4XvQvX3V_L0VyW-7TZlfNA-P_WXkl1RfzDnGlPp_vX0IwNkCYdLl3AyNcnvBFUb_nVC0RYdsXgXW5BqVc1PZ91bqCdEnnHScLHio67N3YxN3ZuOWPW_T26LVLgPty1YBd7pp---SyLVSOnCF0G9UmKjsv6Yf1Fl5zIu9tJ9Y78jE2MZTLCJZ8RBeYBeJVb7j_SntuPzcP_5oMCDot86f9o8zJ-9_lkOXun0FwLWDf3euRHQZSkNzgAUEmsLMrGmIFArPo0lbglkzmOT1Eweh2_fP0tos8UncGrsVt7TPZLA_NlP1J3Oh4-UXxJmesLRildUdMy2yiR6BdjRIMWDL8dyJO00Q_orFdYfoHsFmhKgD&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC4yfaGILqYrmKI8aDhAbMi4eAB8me0rFcjfDi1pMBwI23ARABIABglbqAgpgHggEXY2EtcHViLTIyMDYwNjAwMDg1Mjg1ODWgAdW20uoDyAEJqQIhbGD-6xexPqgDAaoEzAFP0F9jXql9kSj1nXCpKnmkn27GKk1mMfaYvEYTurkYv9ylHzZWTo4i2CaNCrxx495qmnr6oHGdvtKF6FsvFYn61DTKOHL5EfP7ao-BsymNF6v3CWXVj0VbulKUfO2k6VbH5ShYt4AfMBsxO1a8CrQdvv4IeZlThg6A6hLzrb53K6u6FT3nubd3GOZ6Mds-_Z7Y5eQR7p6VUfuw7wjBQxc9c1fCeword0d7_BfQa8svdxahM5-YY0c6bz2Axdc0EN_4LHAQrD_eC5_3u5yABtSgisukm6ijbKAGIagHipixAqgHpr4bqAeW2BuoB6qbsQKoB_-esQKoB9-fsQLYBwDSCA8IgOGAEBABMgKqAjoCgED6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_1j9rcuFfDpoEZB8x7zHzot-znrYw%26client%3Dca-pub-2206060008528585%26adurl%3D
Frame ID: 9BBC30A58A2C03DBE22778F93C99090A
Requests: 19 HTTP requests in this frame

Frame: https://ads.eu.criteo.com/delivery/r/afr.php?z=YuqCGAAIx6QKoRMNAA-_NFDHqhbBSF0xWCLLtg&u=%7CbKGK0upUC9wBAadSPOf9il9Dbr3Cw4PJtYnA3Rd5%2BZg%3D%7C&c1=0n2XosTo5ckbeNFvq0zVIcsyhyT3WKD0PIixkNz--ZUG2JILUkurhSkBmqMNl2IWHL9APLQJ6z2MBXjcXbJi68TGX3bfL3WTSq1UDcvhEKOD6kU-WiEl4WdrAIBvDDC-x-mvFsJtaszGYb3Dkcxn2mcDpiyvzE2PiBMArFsZ8ZxVSse8Qnq4qmDSgGz06GcUc2WpOA555S2Sl1BEo7ybxWLGzsdGt0ZDu5923OEoDBKKN6Q_blXl-r_N7XeRcG9Ty1wdwNsZBHglVW_s8g5yeXtZrQ_iqAl8S4Qzz89nBupfTWz6fsyWB7Tb312q0FL6jF7LlwATnsVfeLqOsEqYUf-XIdD-E6e_F1gyDRFn-ERKnhxap3dbwd_ko_Wy-BDie_94esxJrcbSyxLPXhJgap7nkVw_dFjArLvD_wjMOJl12ebUPTA3RgkqDAx6JGOg-jkSvSbyhWMZTC7pKEcFpzf1y9bJI2IOyOOa-XpnA0M&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCvEuSGILqYqSPI42mhAW0_r7AAcme0rFclaKX93DAjbcBEAEgAGCVuoCCmAeCARdjYS1wdWItMjIwNjA2MDAwODUyODU4NaAB1bbS6gPIAQmpAnjfaRAlGLE-qAMBqgTMAU_QInO6RDxpE-8HOsA7sH-FFE-tnh4Pvb1sLi9d6EuPLfMPsw5BEM1FlTOftUund8G-ZScf0ft4AkxijsMcaQeRqIac44aUA2oeAK2Vzi07eG2oFc1qT9zCAb8vvgjBcFpPWmfJarJxj9OEUTN6N7kGPmjxBeVxN8gqjwOHD972oKFc0OLhk91DqI3posM8MQ2ROpS_8_q5_ymEGMnIMKi5XGmmFEX9DwmsmhtrsUD9ibXyRpRIXF_SfNaX96BikVQ-1XSGqQwRRXJsgYAG1KCKy6SbqKNsoAYhqAeKmLECqAemvhuoB5bYG6gHqpuxAqgH_56xAqgH35-xAtgHANIIDwiA4YAQEAEyAqoCOgKAQPoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_0_M-hPcvEyjJSwQzkI2VJmbWvHsA%26client%3Dca-pub-2206060008528585%26adurl%3D
Frame ID: 773E0EBA6925EC414E9C4023E107F6B9
Requests: 18 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20220728/r20110914/zrt_lookup.html?fsb=1
Frame ID: 64C1501255AC5BC22940A0A9F3C4A570
Requests: 5 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20220728/r20110914/zrt_lookup.html?fsb=1
Frame ID: 63CA8E9FE2B002DA0166C6A6E4430285
Requests: 8 HTTP requests in this frame

Frame: https://ads.eu.criteo.com/delivery/r/afr.php?z=YuqCGAAIBA8IFWM1AA9ntWmlq75-x7qARH8J8A&u=%7CbKGK0upUC9ySDGLT0j%2FB%2BNn%2BtRsE7TH3CFH8WfRvsg4%3D%7C&c1=0n2XosTo5ckbeNFvq0zVIcsyhyT3WKD0PIixkNz--ZUG2JILUkurhSkBmqMNl2IWHL9APLQJ6z2MBXjcXbJi68TGX3bfL3WT03MXv48W6vZSBt_EcmkJPI6rhm8WDPmD7NYd8iBN8t0oS_8-cZam5SxoL7RvVpTTGPEfr5LaxrmYq9jVRQSLtGXBdBRSid4NUCcSI42MkS2ftBOvtW_rh2Oyxxvs2DOPzhhdez1P7xqScA_M7eYgX1-F0N1sgBz3fV2jECDIhhitCyOd5rdWpIE1RsuiKgdv_Zv7hz1pUkKt3yNSDXU2lq0_j8F5xS6h1J6-t79BDXYEbqM_aIubVr5jZAdRl7TUqNWfskGOMMQEhzm3wA-aiu6Ompz_yT677h2K_6un0DL8LOb6CLdQa_R_IcpDvpwpLKka1ZBMtsCzzEJ8-o_Xc8RzdPWGtvqM-e80inN8i0Juhnb1xiJTICO1ES7HO1PrZ2ekxDpP4VU&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCN1jRGILqYo-IILXG1fAPtc-9qATJntKxXLWY49aTAcCNtwEQASAAYJW6gIKYB4IBF2NhLXB1Yi0yMjA2MDYwMDA4NTI4NTg1oAHVttLqA8gBCakCeN9pECUYsT6oAwGqBM4BT9CrtLzJgipXzGmEBDxTCCXftaaUEAwFixwPFX7Tx3bwEq-Hcv6-4yWS5fkRhyb9GGEI-R4FrGsj6oi8WRqV5uNYr_vof7EMEZsHz-DfvOGVXJxSLtw2HXXDgGD8kUydv2_c-6ESOMHSiosc8blxnuZ4Kbi1lQAbqh9isaz96sut6Fb2R_If7bBGzN8iboJLq5ByseN5ScP20cTEK51V1_eSGqxHd5EMRZ-AFZlvxIHtKzrNjeAT7mhyeTViSLwopqPAPe5NSwhP-5aVUMmABtSgisukm6ijbKAGIagHipixAqgHpr4bqAeW2BuoB6qbsQKoB_-esQKoB9-fsQLYBwDSCA8IgOGAEBABMgKqAjoCgED6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_0q8OOxGP1QVi1G_4yO9rMbcPFvDg%26client%3Dca-pub-2206060008528585%26adurl%3D
Frame ID: C339CBD2E3009CAE1FC33EB4746413D5
Requests: 18 HTTP requests in this frame

Frame: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500
Frame ID: E5EC1A77FAEAA7D467222B1FA20E9A1E
Requests: 7 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: EF42632B050535C619E040321B602812
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/4JAIKwid8f35vx5JMDPHWQJTURDOey7UpTPwaznZUPM.js
Frame ID: BE985EEAF95ACCA37BA76F9032A06C55
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Downloadr Short Link

Page URL History Show full URLs

https://link.downloadr.in/full?api=e193e4bd649af1f073c84d579f3a081f6931999a&url=aHR0cHM6Ly91ZGFjaXR5Y2... HTTP 301
https://link.downloadr.in/bRM2sN Page URL

Detected technologies

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

reCAPTCHA (Captchas) Expand

Overall confidence: 100%
Detected patterns

/recaptcha/api\.js

Page Statistics

161
Requests

100 %
HTTPS

58 %
IPv6

24
Domains

32
Subdomains

32
IPs

5
Countries

2535 kB
Transfer

5162 kB
Size

19
Cookies

1 Outgoing links

These are links going to different origins than the main page.

URL: https://www.example.com/

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://link.downloadr.in/full?api=e193e4bd649af1f073c84d579f3a081f6931999a&url=aHR0cHM6Ly91ZGFjaXR5Y291cnNlcy5jb20vZG93bmxvYWQvYy1wbHVzLXBsdXMtbmFub2RlZ3JlZS1uZDIxMy8=&type=2 HTTP 301
https://link.downloadr.in/bRM2sN Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 151

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

161 HTTP transactions
4 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request bRM2sN Show response
link.downloadr.in/
Redirect Chain

https://link.downloadr.in/full?api=e193e4bd649af1f073c84d579f3a081f6931999a&url=aHR0cHM6Ly91ZGFjaXR5Y291cnNlcy5jb20vZG93bmxvYWQvYy1wbHVzLXBsdXMtbmFub2RlZ3JlZS1uZDIxMy8=&type=2
https://link.downloadr.in/bRM2sN

8 KB
3 KB

258ms
257ms

Document
text/html

2606:4700:3031::6815:2660
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://link.downloadr.in/bRM2sN

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3031::6815:2660 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / PHP/7.4.30 PleskLin

Resource Hash

3cf32ef78548077dcdf9de752356cd75705c5c788dbd4a36dae4a3a956a32fce

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN, SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control: no-store, no-cache, must-revalidate
cf-cache-status: DYNAMIC
cf-ray: 734fa4b56c009237-FRA
content-encoding: br
content-type: text/html; charset=UTF-8
date: Wed, 03 Aug 2022 14:11:36 GMT
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
expires: Thu, 19 Nov 1981 08:52:00 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
pragma: no-cache
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=We9H7ARHCbtr62ZKnLRsAltuXO0R88WxnK7ocKFC80CEnxP4N1H5gYKJu4KzTbjAbNVkHrnrf21%2FCLojYvuMqnCewXwTmoOcsFf0HARUy7TveNztv4WpcuWnQ2NnZWzik5YyN5qPLUJ8GkX%2FIa8xSg%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding,User-Agent
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN, SAMEORIGIN
x-powered-by: PHP/7.4.30 PleskLin
x-robots-tag: noindex, nofollow
x-xss-protection: 1; mode=block

Redirect headers

alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control: no-store, no-cache, must-revalidate
cf-cache-status: DYNAMIC
cf-ray: 734fa4b1c8439237-FRA
content-type: text/html; charset=UTF-8
date: Wed, 03 Aug 2022 14:11:35 GMT
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
expires: Thu, 19 Nov 1981 08:52:00 GMT
location: https://link.downloadr.in/bRM2sN
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
pragma: no-cache
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ObFhRWKLrqDCSM3B84roeDP7BaDtzvkZ5%2BZpgCpuC2S%2Bf%2BZXpgbPyDKFfjvoZDO26pad9uTZXTjGfwll6h4ZzPZ4xlIYTvFcH6gP%2BEOz3lSNqwXrLjRThcxt3U10Upu5oRonuQ%2FVoKQWDW%2B5DHdJ8A%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: User-Agent
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-powered-by: PHP/7.4.30 PleskLin
x-robots-tag: noindex, nofollow
x-xss-protection: 1; mode=block

GET
H2 200 css
fonts.googleapis.com/ 3 KB
933 B 65ms
26ms Stylesheet
text/css 2a00:1450:400e:80d::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Lato:300,400,700,900

Requested by

Host: link.downloadr.in
URL: https://link.downloadr.in/bRM2sN

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400e:80d::200a , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

5ef043454b128260dda530a42312fbb985505034036cd3f3ea23cfe324a7905b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://link.downloadr.in/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Wed, 03 Aug 2022 14:10:16 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Wed, 03 Aug 2022 14:11:36 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 03 Aug 2022 14:11:36 GMT

GET
H3 200 styles.min.css
link.downloadr.in/cloud_theme/build/css/ 197 KB
36 KB 27ms
24ms Stylesheet
text/css 2606:4700:3031::6815:2660
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://link.downloadr.in/cloud_theme/build/css/styles.min.css?ver=6.5.3

Requested by

Host: link.downloadr.in
URL: https://link.downloadr.in/bRM2sN

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3031::6815:2660 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / PleskLin

Resource Hash

a0319a0b75558303ee14a9d90af0769cd778b155206a96f14aad796c9454a454

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://link.downloadr.in/bRM2sN
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Wed, 03 Aug 2022 14:11:36 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 3220
x-powered-by: PleskLin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Mon, 29 Nov 2021 20:45:16 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding,User-Agent
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pbtn6tmVRyaOP%2B67r%2F0Br%2FKXPz61J8rs3YdzOdBeUy3JK35qhzZfUrIiOsOCeheFYYPH2kRZsN5w9dOqtW9goOuczEO94dASHOHXUTvo8x2WNSHu5YYHDNxa8%2BjubeUjtUCSU6thNcwuo4zL3F6I0w%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=31536000
cf-ray: 734fa4b70a9590a3-FRA

GET
H3 200 ads.js Show response
link.downloadr.in/js/ 190 B
755 B 23ms
21ms Script
application/javascript 2606:4700:3031::6815:2660
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://link.downloadr.in/js/ads.js?ver=6.5.3

Requested by

Host: link.downloadr.in
URL: https://link.downloadr.in/bRM2sN

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3031::6815:2660 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / PleskLin

Resource Hash

9d807c16e2160c2660ffd43bf8b8bc54eb39ecd044e823209c0ade70db965d5a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://link.downloadr.in/bRM2sN
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Wed, 03 Aug 2022 14:11:36 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 3220
x-powered-by: PleskLin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Mon, 29 Nov 2021 20:45:16 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding,User-Agent
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WJgsvzhTW8HpRMkDx%2Bav8gpRZ1lrY2k7g5Xp9%2FRPmuSI6m5jrDDA23hbfKd6g9mTBGvfc3UujzyNUWqRBDyaTAmSqCRvKLj86uCFl82QKAG2Tmp9SwYWWYeb0cu8VC9x9wYXYMH70ZRAxwHYVtr5pQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=31536000
cf-polished: origSize=191
cf-ray: 734fa4b70a9690a3-FRA
cf-bgj: minify

GET
H3 200 rocket-loader.min.js Show response
link.downloadr.in/cdn-cgi/scripts/7d0fa10a/cloudflare-static/ 12 KB
4 KB 23ms
19ms Script
application/javascript 2606:4700:3031::6815:2660
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://link.downloadr.in/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Requested by

Host: link.downloadr.in
URL: https://link.downloadr.in/bRM2sN

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3031::6815:2660 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ccf00d1923b0131a10e0c6d26f95e5dee6ebf8621a27e83c5a2f68a2e0093142

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://link.downloadr.in/bRM2sN
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Wed, 03 Aug 2022 14:11:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Fri, 29 Jul 2022 16:49:44 GMT
server: cloudflare
etag: W/"62e40fa8-302c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-frame-options: DENY
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BN9JI38mgf%2BBt32Uh99VFDq09Iceb74vZF%2Bn%2Bu0SnleW5pEuyVUSWjZ6XScKcHYHhso68dOQ%2Bx1fAZnn18Pjl0mzRZyTesXR3cK7x1oTZQoiG4X96IMpO3QrcHnMnJ13Gn1bgalAFbs5KLzn5kJ7Fg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=172800, public
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 734fa4b73aae90a3-FRA
vary: Accept-Encoding
expires: Fri, 05 Aug 2022 14:11:36 GMT

GET
H2 200 1924648 Show response
ad.a-ads.com/ Frame 0153 12 KB
5 KB 59ms
20ms Document
text/html 148.251.53.118
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://ad.a-ads.com/1924648?size=728x90

Requested by

Host: link.downloadr.in
URL: https://link.downloadr.in/bRM2sN

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

148.251.53.118 , Germany, ASN24940 (HETZNER-AS, DE),

Reverse DNS

static.118.53.251.148.clients.your-server.de

Software

nginx / Phusion Passenger(R)

Resource Hash

211bfdb2e1d99893654a9d4b78c39095fcb2e0d8dd0ed06f6e454c9183ae25bc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://link.downloadr.in/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

content-encoding: gzip
content-type: text/html;charset=utf-8
date: Wed, 03 Aug 2022 14:11:36 GMT
server: nginx
status: 200 OK
vary: Accept-Encoding Accept-Encoding
x-content-type-options: nosniff
x-original-referer: https://link.downloadr.in/
x-powered-by: Phusion Passenger(R)
x-robots-tag: noindex, nofollow, nosnippet, noarchive
x-xss-protection: 1; mode=block

GET
H3 200 header.jpg
link.downloadr.in/cloud_theme/build/img/ 144 KB
145 KB 15ms
15ms Image
image/jpeg 2606:4700:3031::6815:2660
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://link.downloadr.in/cloud_theme/build/img/header.jpg

Requested by

Host: link.downloadr.in
URL: https://link.downloadr.in/cloud_theme/build/css/styles.min.css?ver=6.5.3

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3031::6815:2660 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / PleskLin

Resource Hash

574ed0467392f0d91d140cdbb5c7e38c8b2aa22731de61c50b9b5bfe01e13daf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://link.downloadr.in/cloud_theme/build/css/styles.min.css?ver=6.5.3
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Wed, 03 Aug 2022 14:11:36 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 3219
x-powered-by: PleskLin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 147797
x-xss-protection: 1; mode=block
last-modified: Mon, 29 Nov 2021 20:45:16 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: User-Agent, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bcq%2BmVghAkNZxjvRmNIInIMO0waObI29JyThk613XNI62Rw5%2BAbNfhb8Jda684kuI3vDqPiIx7E6RkqZAO3e2hW1yxufyMANuDW6lYUt1AzozpUwn7B4YrjSMm8WJpoEL2ipijr%2FWy3YOHnP%2BFffnA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=31536000
accept-ranges: bytes
cf-ray: 734fa4b77ae690a3-FRA

GET
H3 200 footer.jpg
link.downloadr.in/cloud_theme/build/img/ 10 KB
11 KB 30ms
30ms Image
image/jpeg 2606:4700:3031::6815:2660
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://link.downloadr.in/cloud_theme/build/img/footer.jpg

Requested by

Host: link.downloadr.in
URL: https://link.downloadr.in/cloud_theme/build/css/styles.min.css?ver=6.5.3

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3031::6815:2660 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / PleskLin

Resource Hash

3ef0ac3809f5aacada358d6070cab7f6e7c0d21afcb59400331d6a52f4db8686

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://link.downloadr.in/cloud_theme/build/css/styles.min.css?ver=6.5.3
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Wed, 03 Aug 2022 14:11:36 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 3219
x-powered-by: PleskLin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 10593
x-xss-protection: 1; mode=block
last-modified: Mon, 29 Nov 2021 20:45:16 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: User-Agent, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=iksQ5Aas2ngZtULq6pGOM%2B%2BAwwHQhaIYp9D%2Fn2CM5ORZ1VOOHPzEtrdMZsrtLg%2BLsBy%2BWeKS9XxLVv6nEbN%2Bgur3C0BnKvtDTZW5v9YUuP%2F4Ibwerg9i8Ydnclz7%2FX3ApLHbi5uXq0z7Q8I0iEmLqw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=31536000
accept-ranges: bytes
cf-ray: 734fa4b77ae890a3-FRA

GET
H2 200 S6u9w4BMUTPHh6UVSwiPGQ.woff2
fonts.gstatic.com/s/lato/v23/ 23 KB
23 KB 52ms
26ms Font
font/woff2 2a00:1450:4001:801::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/lato/v23/S6u9w4BMUTPHh6UVSwiPGQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Lato:300,400,700,900

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c447dd7677b419db7b21dbdfc6277c7816a913ffda76fd2e52702df538de0e49

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://link.downloadr.in
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 02 Aug 2022 17:08:09 GMT
x-content-type-options: nosniff
age: 75807
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 23040
x-xss-protection: 0
last-modified: Tue, 26 Apr 2022 15:56:42 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 02 Aug 2023 17:08:09 GMT

GET
H2 200 S6uyw4BMUTPHjx4wXg.woff2
fonts.gstatic.com/s/lato/v23/ 23 KB
23 KB 51ms
25ms Font
font/woff2 2a00:1450:4001:801::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/lato/v23/S6uyw4BMUTPHjx4wXg.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Lato:300,400,700,900

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

918b7dc3e2e2d015c16ce08b57bcb64d2253bafc1707658f361e72865498e537

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://link.downloadr.in
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 02 Aug 2022 17:08:09 GMT
x-content-type-options: nosniff
age: 75807
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 23580
x-xss-protection: 0
last-modified: Tue, 26 Apr 2022 15:48:56 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 02 Aug 2023 17:08:09 GMT

GET
H2 200 S6u9w4BMUTPHh50XSwiPGQ.woff2
fonts.gstatic.com/s/lato/v23/ 22 KB
23 KB 38ms
12ms Font
font/woff2 2a00:1450:4001:801::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/lato/v23/S6u9w4BMUTPHh50XSwiPGQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Lato:300,400,700,900

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

08664859baab5ed98f0bf818ed77e38464ff1826dc6406d5ecbd651409afbd92

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://link.downloadr.in
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 02 Aug 2022 17:12:19 GMT
x-content-type-options: nosniff
age: 75557
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 22504
x-xss-protection: 0
last-modified: Tue, 26 Apr 2022 16:04:16 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 02 Aug 2023 17:12:19 GMT

GET
H3 200 fontawesome-webfont.woff2
link.downloadr.in/cloud_theme/build/fonts/ 75 KB
76 KB 39ms
38ms Font
font/woff2 2606:4700:3031::6815:2660
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://link.downloadr.in/cloud_theme/build/fonts/fontawesome-webfont.woff2

Requested by

Host: link.downloadr.in
URL: https://link.downloadr.in/cloud_theme/build/css/styles.min.css?ver=6.5.3

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3031::6815:2660 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / PleskLin

Resource Hash

2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://link.downloadr.in/cloud_theme/build/css/styles.min.css?ver=6.5.3
Origin: https://link.downloadr.in
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Wed, 03 Aug 2022 14:11:36 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 3219
x-powered-by: PleskLin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 77160
x-xss-protection: 1; mode=block
last-modified: Mon, 29 Nov 2021 20:45:16 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: User-Agent, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=eAXLczrsIHkhYf0jIVHmuR80JtBaxAm56S61R7%2B3ilSxyJsUQGpKGcUmAyiMkxmlNkk05u4OqQcuc8IoCdvHn894vB%2F4lyLcRGXBodK7XnCPeBRJCl6I1OxAm36r3BlJJkGmJ76EmFalsaZcyWtNMg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: font/woff2
cache-control: max-age=31536000
accept-ranges: bytes
cf-ray: 734fa4b77aec90a3-FRA

GET
H3 200 script.min.js Show response
link.downloadr.in/cloud_theme/build/js/ 221 KB
65 KB 26ms
26ms Script
application/javascript 2606:4700:3031::6815:2660
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://link.downloadr.in/cloud_theme/build/js/script.min.js?ver=6.5.3

Requested by

Host: link.downloadr.in
URL: https://link.downloadr.in/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3031::6815:2660 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / PleskLin

Resource Hash

63f77a19278bb4839222a13521b55fde34d5633a73cc82260d33b65aab5ec822

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://link.downloadr.in/bRM2sN
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Wed, 03 Aug 2022 14:11:36 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 3219
x-powered-by: PleskLin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Mon, 29 Nov 2021 20:45:16 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding,User-Agent
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=O%2B2yJRGR9tUFR5B2Mtj8PsMbIq0pe1d3P33PbVnUbqTFo%2F43vygiRqVBbbpQO4gngIdlJWpmM%2Ben3YW%2FhTHUh2hPW8PiTcaqTW0dBflfAm8I91Y%2FzhriS4wmaCaFDioBaTiijYNF1bqZ%2FHPVMoTrjw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=31536000
cf-ray: 734fa4b7ab2290a3-FRA

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 169 KB
56 KB 66ms
31ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-2206060008528585

Requested by

Host: link.downloadr.in
URL: https://link.downloadr.in/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

bcca11a8b3798c01fdfe7187d74a3fe05c4bff9bf9f0b6920d02773678362b6d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://link.downloadr.in/
Origin: https://link.downloadr.in
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Wed, 03 Aug 2022 14:11:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 57203
x-xss-protection: 0
server: cafe
etag: 7302399941734861810
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Wed, 03 Aug 2022 14:11:36 GMT

GET
H2 200 728x90
static.a-ads.com/a-ads-banners/393754/ Frame 0153 674 KB
676 KB 25ms
24ms Image
image/gif 148.251.53.118
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.a-ads.com/a-ads-banners/393754/728x90?region=eu-central-1
Requested by: Host: ad.a-ads.com
URL: https://ad.a-ads.com/1924648?size=728x90
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 148.251.53.118 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.118.53.251.148.clients.your-server.de
Software: nginx /
Resource Hash: 7a83dde0ee9f06593519e9556f86281d967a2b64a7c7903b56575b53935ce2a6

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ad.a-ads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Wed, 03 Aug 2022 14:11:36 GMT
last-modified: Tue, 31 May 2022 13:28:31 GMT
server: nginx
x-amz-request-id: NBNPSZ5AVDZC2YXQ
etag: "17ab32789bf26b9a63481f7a9a076d53"
content-type: image/gif
cache-control: max-age=315360000
x-amz-replication-status: COMPLETED
content-length: 690666
accept-ranges: bytes
x-amz-version-id: Cv2H_W5cOvreEnPXeLYKrZR901XKye4u
x-amz-id-2: vd4ulPU51nOwC3MlCp581ro4Pqj9GCha5F7D9R5S1QswY31Kvsx9P9bPWzqol0gQbJxWs8mm7p0=
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
DATA 200
OK truncated
/ Frame 0153 7 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: d4a8d14f34fb8740b9acb5123e475eaae20d83907e0e14dd267d63e93e7f82da

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 api.js Show response
www.recaptcha.net/recaptcha/ 921 B
999 B 43ms
16ms Script
text/javascript 2a00:1450:4001:812::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.recaptcha.net/recaptcha/api.js?onload=onloadRecaptchaCallback&render=explicit

Requested by

Host: link.downloadr.in
URL: https://link.downloadr.in/cloud_theme/build/js/script.min.js?ver=6.5.3

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

b338f2e5619ec54ea8ea9fc24c3e814f74e7109c5f5e986088e00af67aaad9ec

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://link.downloadr.in/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Wed, 03 Aug 2022 14:11:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: GSE
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=300
cross-origin-resource-policy: cross-origin
content-security-policy: frame-ancestors 'self'
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 586
x-xss-protection: 1; mode=block
expires: Wed, 03 Aug 2022 14:11:36 GMT

GET
H2 200 tag.min.js Show response
inklinkor.com/ 70 KB
25 KB 51ms
27ms Script
text/javascript 2606:4700:3030::ac43:d31d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://inklinkor.com/tag.min.js
Requested by: Host: link.downloadr.in
URL: https://link.downloadr.in/bRM2sN
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3030::ac43:d31d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ec11f019a476068be4b56f9ae0baf42380f503deef6c828bea6c86762b35e2fb

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://link.downloadr.in/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Wed, 03 Aug 2022 14:11:36 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
timing-allow-origin: *
age: 1678
access-control-max-age: 86400
access-control-allow-methods: GET, POST, OPTIONS
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-trace-id: c88cc91a1a63be6b33e2ab407e598733
pragma: no-cache
last-modified: Mon, 01 Aug 2022 13:44:14 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=t8XWb8muD6kpM3EVE2z5bPRMsgETEDWxkTuflkOCSxdYHUWMf3El%2FBDM85%2B%2BQvqfk%2BqkMP7qvgJGSznzXyEmOA2S4irZ8ES8oeaA1Lu9f08dYxTEE2WMiPCc1ZKc9qacoa%2BVtOBQ3lexga8L"}],"group":"cf-nel","max_age":604800}
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=86400
access-control-allow-credentials: true
cf-ray: 734fa4b85d7b9249-FRA
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
expires: Thu, 04 Aug 2022 13:43:38 GMT

GET
H3 200 show_ads_impl_with_ama_fy2019.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202207280101/ 342 KB
121 KB 51ms
35ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202207280101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-2206060008528585&plah=link.downloadr.in

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-2206060008528585

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

dd2905300b0da856aa3dc439fb2a8a8103c3ff88a8e4619b7ce8504904665915

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://link.downloadr.in/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Wed, 03 Aug 2022 14:11:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 123540
x-xss-protection: 0
server: cafe
etag: 17896771109416167480
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Wed, 03 Aug 2022 14:11:36 GMT

GET
H2 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20220728/r20190131/ Frame D0A2 10 KB
5 KB 45ms
9ms Document
text/html 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20220728/r20190131/zrt_lookup.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-2206060008528585

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

de317176fa6b64a8e89bbd45d20b6be2560bbfa96e7e53e63eb754e18bfe6c1f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://link.downloadr.in/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 18751
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=1209600
content-encoding: gzip
content-length: 4412
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 03 Aug 2022 08:59:05 GMT
etag: 8616628553774171045
expires: Wed, 17 Aug 2022 08:59:05 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 recaptcha__de.js Show response
www.gstatic.com/recaptcha/releases/5JGZgxkKwe0uOXDdUvSaNtk_/ 381 KB
152 KB 45ms
15ms Script
text/javascript 2a00:1450:4001:809::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/5JGZgxkKwe0uOXDdUvSaNtk_/recaptcha__de.js

Requested by

Host: www.recaptcha.net
URL: https://www.recaptcha.net/recaptcha/api.js?onload=onloadRecaptchaCallback&render=explicit

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ee16f3ddf9a9263254797764cbefb769d06e772345ccf658d13951a64318af34

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://link.downloadr.in/
Origin: https://link.downloadr.in
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Wed, 03 Aug 2022 14:03:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 507
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 154709
x-xss-protection: 0
last-modified: Mon, 25 Jul 2022 04:02:22 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 03 Aug 2023 14:03:09 GMT

GET
H2 200 / Show response
bedrapiona.com/5/5220163/ 3 KB
2 KB 63ms
14ms XHR
application/json 139.45.197.234
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://bedrapiona.com/5/5220163/?oo=1&js_build=iclick-v1.410.1
Requested by: Host: inklinkor.com
URL: https://inklinkor.com/tag.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 139.45.197.234 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software: nginx /
Resource Hash: bbbc36c2d70624097d16f07161759d08c5265ad65babff57651f28f7327efb97

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://link.downloadr.in/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

x-trace-id: 7a6026fc4d2e0938196f49206ca1acd1
pragma: no-cache, no-cache
date: Wed, 03 Aug 2022 14:11:36 GMT
content-encoding: gzip
server: nginx
link: <https://my.rtmark.net>; rel="preconnect dns-prefetch",<https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://diromalxx.com>; rel="preconnect dns-prefetch"
access-control-max-age: 86400
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/json
access-control-allow-origin: https://link.downloadr.in
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0, no-store, no-cache, must-revalidate, max-age=0
access-control-allow-credentials: true
timing-allow-origin: *
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
expires: Tue, 11 Jan 1994 10:00:00 GMT, Mon, 26 Jul 1997 05:00:00 GMT

GET
H2 200 cookie.js Show response
partner.googleadservices.com/gampad/ 216 B
645 B 67ms
15ms Script
text/javascript 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://partner.googleadservices.com/gampad/cookie.js?domain=link.downloadr.in&callback=_gfp_s_&client=ca-pub-2206060008528585

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202207280101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-2206060008528585&plah=link.downloadr.in

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

b9025ab669f2def2515321685f698025933424ea4db342ffcb5b709aa740cde7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://link.downloadr.in/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Wed, 03 Aug 2022 14:11:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: text/javascript; charset=UTF-8
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 201
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
792 B 44ms
17ms Script
application/javascript 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=link.downloadr.in

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://link.downloadr.in/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 03 Aug 2022 14:11:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
549 B 45ms
18ms Script
application/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=link.downloadr.in

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://link.downloadr.in/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 03 Aug 2022 14:11:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 3868 188 KB
49 KB 625ms
607ms Document
text/html 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2206060008528585&output=html&adk=1812271804&adf=3025194257&lmt=1659535896&plat=9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Flink.downloadr.in%2FbRM2sN&ea=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1659535896368&bpp=2&bdt=211&idt=94&shv=r20220728&mjsv=m202207280101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=7342178961261&frm=20&pv=2&ga_vid=1909549036.1659535896&ga_sid=1659535896&ga_hid=892286789&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C44763505%2C31067984%2C31068651%2C21066434%2C42531606%2C44764001%2C21065725&oid=2&pvsid=1414660626252312&tmod=1062838501&uas=0&nvt=1&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=109

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

99f230fe4900287e9414edcb341eeb4b6c6ab9339c1c4ed163be8ecd55d39f94

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://link.downloadr.in/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-encoding: br
content-length: 49955
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 03 Aug 2022 14:11:37 GMT
expires: Wed, 03 Aug 2022 14:11:37 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 14 KB
10 KB 48ms
30ms XHR
application/json 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20220728&st=env

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

29e8794f0c549c0aabbc0a4ec71e48bc19360ceb25f164ad40ea69d9850e58e5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://link.downloadr.in/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 03 Aug 2022 14:11:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10530
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 38E1 25 KB
10 KB 561ms
551ms Document
text/html 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2206060008528585&output=html&h=280&slotname=1565748402&adk=3406233744&adf=1715028348&pi=t.ma~as.1565748402&w=728&fwrn=4&fwrnh=100&lmt=1659535896&rafmt=1&psa=0&format=728x280&url=https%3A%2F%2Flink.downloadr.in%2FbRM2sN&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1659535896370&bpp=2&bdt=213&idt=110&shv=r20220728&mjsv=m202207280101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=7342178961261&frm=20&pv=1&ga_vid=1909549036.1659535896&ga_sid=1659535896&ga_hid=892286789&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=436&ady=165&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C44763505%2C31067984%2C31068651%2C21066434%2C42531606%2C44764001%2C21065725&oid=2&pvsid=1414660626252312&tmod=1062838501&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=C2Mlx8wrP1&p=https%3A//link.downloadr.in&dtd=117

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

43a91fb2b4eb442eb26e7947d572209da15de6fc4f1ab6f61ed018c6555055ce

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://link.downloadr.in/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-encoding: br
content-length: 10655
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 03 Aug 2022 14:11:37 GMT
expires: Wed, 03 Aug 2022 14:11:37 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame E41A 25 KB
10 KB 636ms
632ms Document
text/html 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2206060008528585&output=html&h=280&slotname=1565748402&adk=3406233744&adf=2905302740&pi=t.ma~as.1565748402&w=728&fwrn=4&fwrnh=100&lmt=1659535896&rafmt=1&psa=0&format=728x280&url=https%3A%2F%2Flink.downloadr.in%2FbRM2sN&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1659535896372&bpp=1&bdt=216&idt=118&shv=r20220728&mjsv=m202207280101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C728x280&nras=1&correlator=7342178961261&frm=20&pv=1&ga_vid=1909549036.1659535896&ga_sid=1659535896&ga_hid=892286789&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=436&ady=584&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C44763505%2C31067984%2C31068651%2C21066434%2C42531606%2C44764001%2C21065725&oid=2&pvsid=1414660626252312&tmod=1062838501&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&fsb=1&xpc=jYc2xK7knm&p=https%3A//link.downloadr.in&dtd=120

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

558debd1d34e4487b6ba37565784bbb7f3d7849504f0d355b14f344ef2077fa4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://link.downloadr.in/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-encoding: br
content-length: 10651
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 03 Aug 2022 14:11:37 GMT
expires: Wed, 03 Aug 2022 14:11:37 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 tag.min.js Show response
pseepsie.com/pfe/current/ 27 KB
10 KB 49ms
12ms Script
application/javascript 139.45.197.250
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://pseepsie.com/pfe/current/tag.min.js?z=5220162
Requested by: Host: inklinkor.com
URL: https://inklinkor.com/tag.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 139.45.197.250 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software: nginx /
Resource Hash: 3702f9c1ff6fb34633428ad1896c6494413221d09d787647d65b7bb8aa9883a2

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://link.downloadr.in/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 03 Aug 2022 14:11:36 GMT
content-encoding: gzip
last-modified: Thu, 21 Jul 2022 11:03:46 GMT
server: nginx
etag: W/"62d93292-6a1d"
content-type: application/javascript
cache-control: no-cache
access-control-allow-credentials: true

GET
H2 204 5220160 Show response
dozubatan.com/400/ 0
356 B 57ms
13ms Script
text/plain 139.45.197.237
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://dozubatan.com/400/5220160

Requested by

Host: inklinkor.com
URL: https://inklinkor.com/tag.min.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

139.45.197.237 , United Kingdom, ASN9002 (RETN-AS, GB),

Reverse DNS

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://link.downloadr.in/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

x-trace-id: 4aa1d973a1c0a0b28bc8ab05d7faf4ae
pragma: no-cache
date: Wed, 03 Aug 2022 14:11:36 GMT
x-content-type-options: nosniff
server: nginx
vary: Origin
access-control-allow-origin: *
access-control-expose-headers: Link
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
access-control-allow-credentials: true
strict-transport-security: max-age=1
timing-allow-origin: *, *
expires: Tue, 11 Jan 1994 10:00:00 GMT

GET
H2 200 1 Show response
tovanillitechan.com/ 8 KB
4 KB 50ms
14ms Script
text/javascript 139.45.197.239
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://tovanillitechan.com/1?z=5220161
Requested by: Host: inklinkor.com
URL: https://inklinkor.com/tag.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 139.45.197.239 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software: nginx /
Resource Hash: 26d1c4a2c55379aa0e45cdb36eb9f338d33281156167a61dafd6a82932622995

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://link.downloadr.in/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

x-trace-id: 1ece6fd4f3185153ac4b82b1b5f86dc2
pragma: no-cache
date: Wed, 03 Aug 2022 14:11:36 GMT
content-encoding: gzip
x-sc: TjoXtch1tdogPI0zvd-YZDJ7prpCgH-YADimMVVCZr7ag7szcGTsaBkS_-OWO_AmBVym_TsNszbjqsBAB59m9DKaZkI=
server: nginx
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
content-type: text/javascript
access-control-allow-origin
access-control-expose-headers: X-Sc
cache-control: no-store, no-cache, must-revalidate, max-age=0
access-control-allow-credentials: true
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2 200 gid.js Show response
my.rtmark.net/ 65 B
546 B 47ms
13ms XHR
application/json 139.45.195.8
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://my.rtmark.net/gid.js?userId=3bcdb8a81111453197948c100c1db52f

Requested by

Host: inklinkor.com
URL: https://inklinkor.com/tag.min.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

139.45.195.8 , United Kingdom, ASN9002 (RETN-AS, GB),

Reverse DNS

Software

nginx /

Resource Hash

1140ec4babe578100549a15eaac1e070fd7e7fc2670017040d4a8d7e7d8c4f9c

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://link.downloadr.in/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Wed, 03 Aug 2022 14:11:36 GMT
x-content-type-options: nosniff
server: nginx
strict-transport-security: max-age=1
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
content-type: application/json; charset=utf-8
access-control-allow-origin: https://link.downloadr.in
access-control-expose-headers: Authorization
access-control-allow-credentials: true
timing-allow-origin: *, *
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
content-length: 65

GET
H2 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
7 KB 43ms
19ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://link.downloadr.in/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Wed, 03 Aug 2022 14:11:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Wed, 03 Aug 2022 14:11:36 GMT

GET
H2 200 a7e038ccb70ca5898f8cc1a9cca3827a Show response
tovanillitechan.com/27/ 398 KB
129 KB 15ms
15ms Script
application/javascript 139.45.197.239
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://tovanillitechan.com/27/a7e038ccb70ca5898f8cc1a9cca3827a

Requested by

Host: tovanillitechan.com
URL: https://tovanillitechan.com/1?z=5220161

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

139.45.197.239 , United Kingdom, ASN9002 (RETN-AS, GB),

Reverse DNS

Software

nginx /

Resource Hash

6d2847d8eeb8e7f8d608718b3714e86101ce51b1967f7e8587a00a26da62c70c

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://link.downloadr.in/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Wed, 03 Aug 2022 14:11:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 12 Jul 2022 07:54:33 GMT
server: nginx
strict-transport-security: max-age=1
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
content-type: application/javascript
access-control-allow-origin
cache-control: max-age:290304000, public
access-control-allow-credentials: true
timing-allow-origin: *
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION
expires: Tue, 11 Aug 2082 07:54:33 GMT

GET
H2 200 38 Show response
tovanillitechan.com/42/ 0
528 B 40ms
40ms Script
text/plain 139.45.197.239
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://tovanillitechan.com/42/38?z=5220161
Requested by: Host: tovanillitechan.com
URL: https://tovanillitechan.com/1?z=5220161
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 139.45.197.239 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://link.downloadr.in/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

x-trace-id: c901c8bea618d15bc0a58da4baa670ed
pragma: no-cache
date: Wed, 03 Aug 2022 14:11:36 GMT
server: nginx
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-origin
access-control-expose-headers: X-Sc
cache-control: no-store, no-cache, must-revalidate, max-age=0
access-control-allow-credentials: true
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION
content-length: 0
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2 200 / Show response
onmarshtompor.com/ 2 KB
2 KB 50ms
15ms Fetch
application/json 139.45.197.243
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://onmarshtompor.com/?rb=9RBg8KhvgCdfyDvboDlbROCCfXGVVdXHzMggs1TV5JHLuzM6ostrDwqHVuT6E1RvuVJD66EqkOfY2C-baur8TrYD8pd3-BMOENVXRzE59OyeJF-z_L_Gd49bBmaCzzdOPciy44PzBEdkAnvzNbavBW1m8VdDTiVWZhn_gcD_B6MPBWHvwNTYe1S8BXpyKOaks14Zkdi4LHYAgLxV4N5FIiQKDnf8aTixgX1_cVTvW_xmLntkBORrahzxXoqCroxd2yvo2GUBHsRhROlwBjolDtoG2Ws%3D&request_ab2=0&zoneid=5220163&js_build=iclick-v1.410.1&fs=0&cf=0&sw=1600&sh=1200&sah=1200&wx=0&wy=0&ww=1600&wh=1200&cw=1600&wiw=1600&wih=1200&wfc=5&pl=https%3A%2F%2Flink.downloadr.in%2FbRM2sN&drf=&np=1&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&js_build=iclick-v1.410.1&os=other&os_version=other&bs=026ee0a1-46ff-47d2-9adc-d7f2e04ec5ef&userId=3bcdb8a81111453197948c100c1db52f&m=link

Requested by

Host: inklinkor.com
URL: https://inklinkor.com/tag.min.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

139.45.197.243 , United Kingdom, ASN9002 (RETN-AS, GB),

Reverse DNS

Software

nginx /

Resource Hash

450dbea06b85c093a36f6a27ff8b1ed8c049f877207c9e2cf60eb603c2fa8651

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://link.downloadr.in/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Wed, 03 Aug 2022 14:11:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
access-control-max-age: 86400
x-trace-id: 704ba8f3f37ff471f5219136b3e36f68
pragma: no-cache
server: nginx
strict-transport-security: max-age=1
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/json
access-control-allow-origin: https://link.downloadr.in
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
access-control-allow-credentials: true
timing-allow-origin: *, *
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
expires: Tue, 11 Jan 1994 10:00:00 GMT

GET
H2 200 zone Show response
pseepsie.com/ 662 B
951 B 23ms
22ms Fetch
application/json 139.45.197.250
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://pseepsie.com/zone?pub=0&zone_id=5220162&is_mobile=false&domain=link.downloadr.in&var=&ymid=&var_3=

Requested by

Host: pseepsie.com
URL: https://pseepsie.com/pfe/current/tag.min.js?z=5220162

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

139.45.197.250 , United Kingdom, ASN9002 (RETN-AS, GB),

Reverse DNS

Software

nginx /

Resource Hash

ca227298618d3157fd25b931f687dfe8b2ebeb7be14979961f2241488f133e7b

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://link.downloadr.in/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

x-trace-id: 9c8305dcc7ebda3615e2b1ec66daa790
date: Wed, 03 Aug 2022 14:11:36 GMT
x-content-type-options: nosniff
server: nginx
strict-transport-security: max-age=1
content-type: application/json; charset=utf-8
access-control-allow-origin: https://link.downloadr.in
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
content-length: 662

GET
H2 200 universal.min.js Show response
pseepsie.com/pfe/current/ 146 KB
50 KB 42ms
13ms Fetch
application/javascript 139.45.197.250
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://pseepsie.com/pfe/current/universal.min.js?v=3.1.389
Requested by: Host: pseepsie.com
URL: https://pseepsie.com/pfe/current/tag.min.js?z=5220162
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 139.45.197.250 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software: nginx /
Resource Hash: 2ab2d558d4346c9247e434f988e2765f2fab321557bb71b08e95c7fbe4fd631b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://link.downloadr.in/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 03 Aug 2022 14:11:36 GMT
content-encoding: gzip
last-modified: Thu, 21 Jul 2022 11:03:46 GMT
server: nginx
etag: W/"62d93292-24704"
content-type: application/javascript
access-control-allow-origin: https://link.downloadr.in
cache-control: no-cache
access-control-allow-credentials: true

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame C220 13 KB
5 KB 28ms
8ms Document
text/html 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://link.downloadr.in/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 2795
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Wed, 03 Aug 2022 13:25:01 GMT
expires: Thu, 03 Aug 2023 13:25:01 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 8811 783 B
1 KB 47ms
17ms Document
text/html 2a00:1450:4001:827::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

5584f6379ea42d127db217b68954db2c34ff6748da142b4397209baa6db7a65f

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-2eHNm_dSuRhFtP3ey5u2Fg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://link.downloadr.in/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private, max-age=300
content-encoding: gzip
content-length: 511
content-security-policy: script-src 'report-sample' 'nonce-2eHNm_dSuRhFtP3ey5u2Fg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Wed, 03 Aug 2022 14:11:36 GMT
expires: Wed, 03 Aug 2022 14:11:36 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

POST
H2 200 9 Show response
tovanillitechan.com/ 6 KB
3 KB 16ms
15ms XHR
application/json 139.45.197.239
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://tovanillitechan.com/9?z=5220161&ng=1&ix=0&pt=0&np=0&gp=3&bp=4&nw=1&nb=1&sw=1600&sh=1200&pl=https%3A%2F%2Flink.downloadr.in%2FbRM2sN&wy=0&wx=0&ww=1600&wh=1200&cw=1600&wiw=1600&wih=1200&wfc=7&sah=1200&drf=&hil=1&ist=0&oaid=3bcdb8a81111453197948c100c1db52f
Requested by: Host: tovanillitechan.com
URL: https://tovanillitechan.com/27/a7e038ccb70ca5898f8cc1a9cca3827a
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 139.45.197.239 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software: nginx /
Resource Hash: 10f5ee11abbd202ba16c25576a989ecf99017094fb7b811bc5194317b9588cae

Request headers

Referer: https://link.downloadr.in/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type: application/json

Response headers

x-trace-id: df4d94ecbb1f9b2b52208ddf9a50e08d
pragma: no-cache
date: Wed, 03 Aug 2022 14:11:36 GMT
content-encoding: gzip
server: nginx
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
content-type: application/json
access-control-allow-origin: https://link.downloadr.in
access-control-expose-headers: X-Sc
cache-control: no-store, no-cache, must-revalidate, max-age=0
access-control-allow-credentials: true
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION
expires: Mon, 26 Jul 1997 05:00:00 GMT

OPTIONS
H2 204 9
tovanillitechan.com/ Frame 0
0 45ms
14ms Preflight 139.45.197.239
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://tovanillitechan.com/9?z=5220161&ng=1&ix=0&pt=0&np=0&gp=3&bp=4&nw=1&nb=1&sw=1600&sh=1200&pl=https%3A%2F%2Flink.downloadr.in%2FbRM2sN&wy=0&wx=0&ww=1600&wh=1200&cw=1600&wiw=1600&wih=1200&wfc=7&sah=1200&drf=&hil=1&ist=0&oaid=3bcdb8a81111453197948c100c1db52f
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 139.45.197.239 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://link.downloadr.in
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-origin: https://link.downloadr.in
cache-control: no-store, no-cache, must-revalidate, max-age=0
date: Wed, 03 Aug 2022 14:11:36 GMT
expires: Mon, 26 Jul 1997 05:00:00 GMT
pragma: no-cache
server: nginx

GET
H3 200 4JAIKwid8f35vx5JMDPHWQJTURDOey7UpTPwaznZUPM.js Show response
pagead2.googlesyndication.com/bg/ Frame C220 36 KB
14 KB 9ms
8ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/4JAIKwid8f35vx5JMDPHWQJTURDOey7UpTPwaznZUPM.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e090082b089df1fdf9bf1e493033c75902535110ce7b2ed4a533f06b39d950f3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Mon, 01 Aug 2022 10:47:40 GMT
content-encoding: br
x-content-type-options: nosniff
age: 185036
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13903
x-xss-protection: 0
last-modified: Tue, 19 Jul 2022 12:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 01 Aug 2023 10:47:40 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 8811 0
0 41ms
41ms Image
text/html 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20220728&jk=1414660626252312&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

OPTIONS
H2 200 custom
pseepsie.com/ Frame 0
0 14ms
12ms Preflight
text/plain 139.45.197.250
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://pseepsie.com/custom
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 139.45.197.250 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://link.downloadr.in
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: https://link.downloadr.in
access-control-max-age: 86400
content-length: 0
content-type: text/plain; charset=utf-8
date: Wed, 03 Aug 2022 14:11:36 GMT
server: nginx

OPTIONS
H2 200 custom
pseepsie.com/ Frame 0
0 13ms
13ms Preflight
text/plain 139.45.197.250
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://pseepsie.com/custom
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 139.45.197.250 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://link.downloadr.in
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: https://link.downloadr.in
access-control-max-age: 86400
content-length: 0
content-type: text/plain; charset=utf-8
date: Wed, 03 Aug 2022 14:11:36 GMT
server: nginx

POST
H2 200 custom Show response
pseepsie.com/ 39 B
327 B 15ms
13ms Fetch
application/json 139.45.197.250
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://pseepsie.com/custom

Requested by

Host: link.downloadr.in
URL: https://link.downloadr.in/bRM2sN

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

139.45.197.250 , United Kingdom, ASN9002 (RETN-AS, GB),

Reverse DNS

Software

nginx /

Resource Hash

ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

Referer: https://link.downloadr.in/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type: application/json

Response headers

x-trace-id: 6fd836bc08695e3fab1c6431719eca39
date: Wed, 03 Aug 2022 14:11:36 GMT
x-content-type-options: nosniff
server: nginx
strict-transport-security: max-age=1
content-type: application/json; charset=utf-8
access-control-allow-origin: https://link.downloadr.in
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
content-length: 39

POST
H2 200 custom Show response
pseepsie.com/ 39 B
327 B 15ms
14ms Fetch
application/json 139.45.197.250
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://pseepsie.com/custom

Requested by

Host: link.downloadr.in
URL: https://link.downloadr.in/bRM2sN

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

139.45.197.250 , United Kingdom, ASN9002 (RETN-AS, GB),

Reverse DNS

Software

nginx /

Resource Hash

ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

Referer: https://link.downloadr.in/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type: application/json

Response headers

x-trace-id: 13c4ab804e44429d5503233fa6c78ef5
date: Wed, 03 Aug 2022 14:11:36 GMT
x-content-type-options: nosniff
server: nginx
strict-transport-security: max-age=1
content-type: application/json; charset=utf-8
access-control-allow-origin: https://link.downloadr.in
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
content-length: 39

GET
H3 404 sw.js
link.downloadr.in/ 3 KB
0 585ms
585ms Fetch
text/html 2606:4700:3031::6815:2660
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://link.downloadr.in/sw.js

Requested by

Host: link.downloadr.in
URL: https://link.downloadr.in/bRM2sN

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3031::6815:2660 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / PHP/7.4.30

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://link.downloadr.in/bRM2sN
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Wed, 03 Aug 2022 14:11:37 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: BYPASS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-powered-by: PHP/7.4.30
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection: 1; mode=block
pragma: no-cache
server: cloudflare
x-frame-options: SAMEORIGIN
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: User-Agent, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kGfgoKgHH%2Bigonq05XZxU2A%2BjGa6Y4z1jci4IHsaBjTpR3Nj2dwOwDsx4kvtI16e3D6kc4es72izZFj9EVCFWcKibtFI0WeFa%2Fp01oouTLepj3dBrJpIPPkwCM0FO7xwNAfMVrXUp1w3fpxm%2B6ZjnQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/html; charset=UTF-8
cache-control: no-store, no-cache, must-revalidate
cf-ray: 734fa4ba6d8890a3-FRA
expires: Thu, 19 Nov 1981 08:52:00 GMT

GET
H2 200 11 Show response
tovanillitechan.com/ 0
557 B 15ms
15ms XHR
image/jpeg 139.45.197.239
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://tovanillitechan.com/11?rnd=1257649040&z=5220161&b=5362695&var=&rqtdbc=1&rcvdbc=1&btp=7&rb=L2zuqzDg9P3iMYlL4ItKwsQTu5TxNHU9Ruv4MsjbBW8yzAUZfiSr8u9p5GBPcIvPJdbXWUP5VOXnONufy4AB6i_Izf_9gsZ29Clml0n_FQtw0j24A6mNqzLJTdfYpUKy4tlIyUckh5_kDkU3Q-doSDE5acfhDTv2HcLLa0yrfo3tRQsvvDYWgsR1jnWmtRMOc7S4uqjP-h4Ku4GOUUSkH9X__ToRk-hUvlV_LVtl37noLR5GQY1Ht-kUVrZe9EYegPIo2Zr2IsJ1WTW65t_GMklYtxs=&ruid=dd1deee6-ffc4-4406-af2c-37af663231fb&ng=1&ix=0&pt=0&np=0&gp=3&bp=4&nw=1&nb=1&sw=1600&sh=1200&pl=https%3A%2F%2Flink.downloadr.in%2FbRM2sN&wy=0&wx=0&ww=1600&wh=1200&cw=1600&wiw=1600&wih=1200&wfc=7&sah=1200&drf=&hil=1&ist=0&ot=68
Requested by: Host: tovanillitechan.com
URL: https://tovanillitechan.com/27/a7e038ccb70ca5898f8cc1a9cca3827a
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 139.45.197.239 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://link.downloadr.in/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

x-trace-id: 1ff8ae774fcd1e3b7155f98569cb1720
pragma: no-cache
date: Wed, 03 Aug 2022 14:11:36 GMT
server: nginx
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
content-type: image/jpeg
access-control-allow-origin: https://link.downloadr.in
access-control-expose-headers: X-Sc
cache-control: no-store, no-cache, must-revalidate, max-age=0
access-control-allow-credentials: true
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION
content-length: 0
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2 200 / Show response
interstitial-08.com/ Frame ACA6 20 KB
6 KB 87ms
52ms Document
text/html 139.45.197.151
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://interstitial-08.com/?l=9PjAqTQETOzNIxm&cd_meta_crid=21588&trkintimp&target_url=https%3A%2F%2Ftovanillitechan.com%2F12%3Frnd%3D440032048%26z%3D5220161%26b%3D5362695%26c%3D2755022%26var%3D%26d%3Dhttps%253A%252F%252Fnaigristoa.com%252F%253Fb%253D%257Bbannerid%257D%2526ba%253D1%2526campid%253D%257Bcampaignid%257D%2526did%253D%257Bdeviceid%257D%2526dm%253D0%2526ep%253D1%2526fp%253D0%2526g%253D%257Bgeo%257D%2526i18db%253D1%2526l%253DEf3r9LOIFX3llkF%2526oaid%253D%257Boaid%257D%2526pshr%253D0%2526s%253D%2524%257BSUBID%257D%2526ssk%253D%257Btimestamp_key%257D%2526svar%253D%257Btimestamp%257D%2526vi%253D1%2526vo%253D1%2526z%253D%257Bzoneid%257D%2526tr%253Ddefault%26cln%3D1%26btp%3D7%26rb%3DL2zuqzDg9P3iMYlL4ItKwsQTu5TxNHU9Ruv4MsjbBW8yzAUZfiSr8u9p5GBPcIvPJdbXWUP5VOXnONufy4AB6i_Izf_9gsZ29Clml0n_FQtw0j24A6mNqzLJTdfYpUKy4tlIyUckh5_kDkU3Q-doSDE5acfhDTv2HcLLa0yrfo3tRQsvvDYWgsR1jnWmtRMOc7S4uqjP-h4Ku4GOUUSkH9X__ToRk-hUvlV_LVtl37noLR5GQY1Ht-kUVrZe9EYegPIo2Zr2IsJ1WTW65t_GMklYtxs%3D%26bag%3DydU9kaAfa6I%3D%26ruid%3Ddd1deee6-ffc4-4406-af2c-37af663231fb%26ng%3D1%26ix%3D0%26pt%3D0%26np%3D0%26gp%3D3%26bp%3D4%26nw%3D1%26nb%3D1%26sw%3D1600%26sh%3D1200%26pl%3Dhttps%253A%252F%252Flink.downloadr.in%252FbRM2sN%26wy%3D0%26wx%3D0%26ww%3D1600%26wh%3D1200%26cw%3D1600%26wiw%3D1600%26wih%3D1200%26wfc%3D7%26sah%3D1200%26drf%3D%26hil%3D1%26ist%3D0%26tbc%3D0
Requested by: Host: tovanillitechan.com
URL: https://tovanillitechan.com/27/a7e038ccb70ca5898f8cc1a9cca3827a
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 139.45.197.151 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software: nginx / PHP/7.4.26
Resource Hash: 900d6b8470553275027f7ec5acb385c06c962bddd104add0d68114aa02ddcb11

Request headers

Referer: https://link.downloadr.in/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
access-control-allow-methods: GET, POST, OPTIONS, HEAD
access-control-allow-origin: *
access-control-expose-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Wed, 03 Aug 2022 14:11:36 GMT
server: nginx
vary: Accept-Encoding
x-powered-by: PHP/7.4.26

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame C220 0
9 B 7ms
7ms Image
text/plain 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?Bw9Qgg
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Wed, 03 Aug 2022 14:11:36 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0

GET
H2 200 fv.js Show response
unphionetor.com/ Frame ACA6 5 KB
3 KB 50ms
13ms Script
text/javascript 139.45.197.236
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://unphionetor.com/fv.js?t=72747&cb=940188474

Requested by

Host: interstitial-08.com
URL: https://interstitial-08.com/?l=9PjAqTQETOzNIxm&cd_meta_crid=21588&trkintimp&target_url=https%3A%2F%2Ftovanillitechan.com%2F12%3Frnd%3D440032048%26z%3D5220161%26b%3D5362695%26c%3D2755022%26var%3D%26d%3Dhttps%253A%252F%252Fnaigristoa.com%252F%253Fb%253D%257Bbannerid%257D%2526ba%253D1%2526campid%253D%257Bcampaignid%257D%2526did%253D%257Bdeviceid%257D%2526dm%253D0%2526ep%253D1%2526fp%253D0%2526g%253D%257Bgeo%257D%2526i18db%253D1%2526l%253DEf3r9LOIFX3llkF%2526oaid%253D%257Boaid%257D%2526pshr%253D0%2526s%253D%2524%257BSUBID%257D%2526ssk%253D%257Btimestamp_key%257D%2526svar%253D%257Btimestamp%257D%2526vi%253D1%2526vo%253D1%2526z%253D%257Bzoneid%257D%2526tr%253Ddefault%26cln%3D1%26btp%3D7%26rb%3DL2zuqzDg9P3iMYlL4ItKwsQTu5TxNHU9Ruv4MsjbBW8yzAUZfiSr8u9p5GBPcIvPJdbXWUP5VOXnONufy4AB6i_Izf_9gsZ29Clml0n_FQtw0j24A6mNqzLJTdfYpUKy4tlIyUckh5_kDkU3Q-doSDE5acfhDTv2HcLLa0yrfo3tRQsvvDYWgsR1jnWmtRMOc7S4uqjP-h4Ku4GOUUSkH9X__ToRk-hUvlV_LVtl37noLR5GQY1Ht-kUVrZe9EYegPIo2Zr2IsJ1WTW65t_GMklYtxs%3D%26bag%3DydU9kaAfa6I%3D%26ruid%3Ddd1deee6-ffc4-4406-af2c-37af663231fb%26ng%3D1%26ix%3D0%26pt%3D0%26np%3D0%26gp%3D3%26bp%3D4%26nw%3D1%26nb%3D1%26sw%3D1600%26sh%3D1200%26pl%3Dhttps%253A%252F%252Flink.downloadr.in%252FbRM2sN%26wy%3D0%26wx%3D0%26ww%3D1600%26wh%3D1200%26cw%3D1600%26wiw%3D1600%26wih%3D1200%26wfc%3D7%26sah%3D1200%26drf%3D%26hil%3D1%26ist%3D0%26tbc%3D0

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

139.45.197.236 , United Kingdom, ASN9002 (RETN-AS, GB),

Reverse DNS

Software

nginx /

Resource Hash

0f467a48a494f7f63968707dc43785b728d0c17f93c12937c1e5b12798f3a98a

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://interstitial-08.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Wed, 03 Aug 2022 14:11:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-trace-id: ea1cfb249eb144b0641c03d0821dba82
pragma: no-cache
server: nginx
strict-transport-security: max-age=1
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
content-type: text/javascript; charset=utf8
access-control-allow-origin
access-control-expose-headers: Authorization
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
access-control-allow-credentials: true
timing-allow-origin: *, *
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
expires: Tue, 11 Jan 1994 10:00:00 GMT

GET
H2 200 style.css
littlecdn.com/interstital/templates/inapp/Players/_gen-carousel-3d/css/ Frame ACA6 12 KB
3 KB 36ms
14ms Stylesheet
text/css 2606:4700:10::6816:1974
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://littlecdn.com/interstital/templates/inapp/Players/_gen-carousel-3d/css/style.css?v=1518177503492
Requested by: Host: interstitial-08.com
URL: https://interstitial-08.com/?l=9PjAqTQETOzNIxm&cd_meta_crid=21588&trkintimp&target_url=https%3A%2F%2Ftovanillitechan.com%2F12%3Frnd%3D440032048%26z%3D5220161%26b%3D5362695%26c%3D2755022%26var%3D%26d%3Dhttps%253A%252F%252Fnaigristoa.com%252F%253Fb%253D%257Bbannerid%257D%2526ba%253D1%2526campid%253D%257Bcampaignid%257D%2526did%253D%257Bdeviceid%257D%2526dm%253D0%2526ep%253D1%2526fp%253D0%2526g%253D%257Bgeo%257D%2526i18db%253D1%2526l%253DEf3r9LOIFX3llkF%2526oaid%253D%257Boaid%257D%2526pshr%253D0%2526s%253D%2524%257BSUBID%257D%2526ssk%253D%257Btimestamp_key%257D%2526svar%253D%257Btimestamp%257D%2526vi%253D1%2526vo%253D1%2526z%253D%257Bzoneid%257D%2526tr%253Ddefault%26cln%3D1%26btp%3D7%26rb%3DL2zuqzDg9P3iMYlL4ItKwsQTu5TxNHU9Ruv4MsjbBW8yzAUZfiSr8u9p5GBPcIvPJdbXWUP5VOXnONufy4AB6i_Izf_9gsZ29Clml0n_FQtw0j24A6mNqzLJTdfYpUKy4tlIyUckh5_kDkU3Q-doSDE5acfhDTv2HcLLa0yrfo3tRQsvvDYWgsR1jnWmtRMOc7S4uqjP-h4Ku4GOUUSkH9X__ToRk-hUvlV_LVtl37noLR5GQY1Ht-kUVrZe9EYegPIo2Zr2IsJ1WTW65t_GMklYtxs%3D%26bag%3DydU9kaAfa6I%3D%26ruid%3Ddd1deee6-ffc4-4406-af2c-37af663231fb%26ng%3D1%26ix%3D0%26pt%3D0%26np%3D0%26gp%3D3%26bp%3D4%26nw%3D1%26nb%3D1%26sw%3D1600%26sh%3D1200%26pl%3Dhttps%253A%252F%252Flink.downloadr.in%252FbRM2sN%26wy%3D0%26wx%3D0%26ww%3D1600%26wh%3D1200%26cw%3D1600%26wiw%3D1600%26wih%3D1200%26wfc%3D7%26sah%3D1200%26drf%3D%26hil%3D1%26ist%3D0%26tbc%3D0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:1974 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d12ec824a66b6ad652e1cf0952853b6ba3053dd76a84bbcf4bdb3c055e411c78

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://interstitial-08.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Wed, 03 Aug 2022 14:11:36 GMT
content-encoding: br
cf-cache-status: HIT
age: 2717
last-modified: Fri, 15 Jul 2022 11:26:50 GMT
server: cloudflare
etag: W/"62d14efa-30c9"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS, HEAD
content-type: text/css
access-control-allow-origin: *
access-control-expose-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
cache-control: max-age=3600
cf-ray: 734fa4bb6a0fbbfd-FRA
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range

GET
H2 200 audible.png
littlecdn.com/interstital/templates/inapp/Players/_gen-carousel-3d/images/ Frame ACA6 3 KB
3 KB 13ms
13ms Image
image/png 2606:4700:10::6816:1974
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://littlecdn.com/interstital/templates/inapp/Players/_gen-carousel-3d/images/audible.png
Requested by: Host: interstitial-08.com
URL: https://interstitial-08.com/?l=9PjAqTQETOzNIxm&cd_meta_crid=21588&trkintimp&target_url=https%3A%2F%2Ftovanillitechan.com%2F12%3Frnd%3D440032048%26z%3D5220161%26b%3D5362695%26c%3D2755022%26var%3D%26d%3Dhttps%253A%252F%252Fnaigristoa.com%252F%253Fb%253D%257Bbannerid%257D%2526ba%253D1%2526campid%253D%257Bcampaignid%257D%2526did%253D%257Bdeviceid%257D%2526dm%253D0%2526ep%253D1%2526fp%253D0%2526g%253D%257Bgeo%257D%2526i18db%253D1%2526l%253DEf3r9LOIFX3llkF%2526oaid%253D%257Boaid%257D%2526pshr%253D0%2526s%253D%2524%257BSUBID%257D%2526ssk%253D%257Btimestamp_key%257D%2526svar%253D%257Btimestamp%257D%2526vi%253D1%2526vo%253D1%2526z%253D%257Bzoneid%257D%2526tr%253Ddefault%26cln%3D1%26btp%3D7%26rb%3DL2zuqzDg9P3iMYlL4ItKwsQTu5TxNHU9Ruv4MsjbBW8yzAUZfiSr8u9p5GBPcIvPJdbXWUP5VOXnONufy4AB6i_Izf_9gsZ29Clml0n_FQtw0j24A6mNqzLJTdfYpUKy4tlIyUckh5_kDkU3Q-doSDE5acfhDTv2HcLLa0yrfo3tRQsvvDYWgsR1jnWmtRMOc7S4uqjP-h4Ku4GOUUSkH9X__ToRk-hUvlV_LVtl37noLR5GQY1Ht-kUVrZe9EYegPIo2Zr2IsJ1WTW65t_GMklYtxs%3D%26bag%3DydU9kaAfa6I%3D%26ruid%3Ddd1deee6-ffc4-4406-af2c-37af663231fb%26ng%3D1%26ix%3D0%26pt%3D0%26np%3D0%26gp%3D3%26bp%3D4%26nw%3D1%26nb%3D1%26sw%3D1600%26sh%3D1200%26pl%3Dhttps%253A%252F%252Flink.downloadr.in%252FbRM2sN%26wy%3D0%26wx%3D0%26ww%3D1600%26wh%3D1200%26cw%3D1600%26wiw%3D1600%26wih%3D1200%26wfc%3D7%26sah%3D1200%26drf%3D%26hil%3D1%26ist%3D0%26tbc%3D0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:1974 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 871975b8040629c7b43de81b1a0878f40991ec2f49caddd6441b5d1f8322aeed

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://interstitial-08.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Wed, 03 Aug 2022 14:11:36 GMT
cf-cache-status: HIT
age: 1822
content-length: 3429
last-modified: Fri, 15 Jul 2022 11:26:50 GMT
server: cloudflare
etag: "62d14efa-d65"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS, HEAD
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
cache-control: max-age=3600
accept-ranges: bytes
cf-ray: 734fa4bb9a6ebbfd-FRA
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range

GET
H2 200 0100657458245.jpeg
interstitial-08.com/contents/s/2d/3f/7f/35d1f144fa688a67ba834d0931/ Frame ACA6 52 KB
53 KB 26ms
24ms Image
image/jpeg 139.45.197.151
RETN-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://interstitial-08.com/contents/s/2d/3f/7f/35d1f144fa688a67ba834d0931/0100657458245.jpeg
Requested by: Host: interstitial-08.com
URL: https://interstitial-08.com/?l=9PjAqTQETOzNIxm&cd_meta_crid=21588&trkintimp&target_url=https%3A%2F%2Ftovanillitechan.com%2F12%3Frnd%3D440032048%26z%3D5220161%26b%3D5362695%26c%3D2755022%26var%3D%26d%3Dhttps%253A%252F%252Fnaigristoa.com%252F%253Fb%253D%257Bbannerid%257D%2526ba%253D1%2526campid%253D%257Bcampaignid%257D%2526did%253D%257Bdeviceid%257D%2526dm%253D0%2526ep%253D1%2526fp%253D0%2526g%253D%257Bgeo%257D%2526i18db%253D1%2526l%253DEf3r9LOIFX3llkF%2526oaid%253D%257Boaid%257D%2526pshr%253D0%2526s%253D%2524%257BSUBID%257D%2526ssk%253D%257Btimestamp_key%257D%2526svar%253D%257Btimestamp%257D%2526vi%253D1%2526vo%253D1%2526z%253D%257Bzoneid%257D%2526tr%253Ddefault%26cln%3D1%26btp%3D7%26rb%3DL2zuqzDg9P3iMYlL4ItKwsQTu5TxNHU9Ruv4MsjbBW8yzAUZfiSr8u9p5GBPcIvPJdbXWUP5VOXnONufy4AB6i_Izf_9gsZ29Clml0n_FQtw0j24A6mNqzLJTdfYpUKy4tlIyUckh5_kDkU3Q-doSDE5acfhDTv2HcLLa0yrfo3tRQsvvDYWgsR1jnWmtRMOc7S4uqjP-h4Ku4GOUUSkH9X__ToRk-hUvlV_LVtl37noLR5GQY1Ht-kUVrZe9EYegPIo2Zr2IsJ1WTW65t_GMklYtxs%3D%26bag%3DydU9kaAfa6I%3D%26ruid%3Ddd1deee6-ffc4-4406-af2c-37af663231fb%26ng%3D1%26ix%3D0%26pt%3D0%26np%3D0%26gp%3D3%26bp%3D4%26nw%3D1%26nb%3D1%26sw%3D1600%26sh%3D1200%26pl%3Dhttps%253A%252F%252Flink.downloadr.in%252FbRM2sN%26wy%3D0%26wx%3D0%26ww%3D1600%26wh%3D1200%26cw%3D1600%26wiw%3D1600%26wih%3D1200%26wfc%3D7%26sah%3D1200%26drf%3D%26hil%3D1%26ist%3D0%26tbc%3D0
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 139.45.197.151 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software: nginx /
Resource Hash: be88718a0eb175ebc4385600fe4168853a2ba705d814d2f9887ca7aa8cbd9238

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://interstitial-08.com/?l=9PjAqTQETOzNIxm&cd_meta_crid=21588&trkintimp&target_url=https%3A%2F%2Ftovanillitechan.com%2F12%3Frnd%3D440032048%26z%3D5220161%26b%3D5362695%26c%3D2755022%26var%3D%26d%3Dhttps%253A%252F%252Fnaigristoa.com%252F%253Fb%253D%257Bbannerid%257D%2526ba%253D1%2526campid%253D%257Bcampaignid%257D%2526did%253D%257Bdeviceid%257D%2526dm%253D0%2526ep%253D1%2526fp%253D0%2526g%253D%257Bgeo%257D%2526i18db%253D1%2526l%253DEf3r9LOIFX3llkF%2526oaid%253D%257Boaid%257D%2526pshr%253D0%2526s%253D%2524%257BSUBID%257D%2526ssk%253D%257Btimestamp_key%257D%2526svar%253D%257Btimestamp%257D%2526vi%253D1%2526vo%253D1%2526z%253D%257Bzoneid%257D%2526tr%253Ddefault%26cln%3D1%26btp%3D7%26rb%3DL2zuqzDg9P3iMYlL4ItKwsQTu5TxNHU9Ruv4MsjbBW8yzAUZfiSr8u9p5GBPcIvPJdbXWUP5VOXnONufy4AB6i_Izf_9gsZ29Clml0n_FQtw0j24A6mNqzLJTdfYpUKy4tlIyUckh5_kDkU3Q-doSDE5acfhDTv2HcLLa0yrfo3tRQsvvDYWgsR1jnWmtRMOc7S4uqjP-h4Ku4GOUUSkH9X__ToRk-hUvlV_LVtl37noLR5GQY1Ht-kUVrZe9EYegPIo2Zr2IsJ1WTW65t_GMklYtxs%3D%26bag%3DydU9kaAfa6I%3D%26ruid%3Ddd1deee6-ffc4-4406-af2c-37af663231fb%26ng%3D1%26ix%3D0%26pt%3D0%26np%3D0%26gp%3D3%26bp%3D4%26nw%3D1%26nb%3D1%26sw%3D1600%26sh%3D1200%26pl%3Dhttps%253A%252F%252Flink.downloadr.in%252FbRM2sN%26wy%3D0%26wx%3D0%26ww%3D1600%26wh%3D1200%26cw%3D1600%26wiw%3D1600%26wih%3D1200%26wfc%3D7%26sah%3D1200%26drf%3D%26hil%3D1%26ist%3D0%26tbc%3D0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Wed, 03 Aug 2022 14:11:36 GMT
last-modified: Thu, 31 Jan 2019 11:14:34 GMT
server: nginx
etag: "5c52d89a-d0e0"
access-control-allow-methods: GET, POST, OPTIONS, HEAD
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
accept-ranges: bytes
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
content-length: 53472

GET
H2 200 0933414948049.jpeg
interstitial-08.com/contents/s/54/58/11/b0a815692a6ca16dd9a46924ab/ Frame ACA6 14 KB
15 KB 39ms
38ms Image
image/jpeg 139.45.197.151
RETN-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://interstitial-08.com/contents/s/54/58/11/b0a815692a6ca16dd9a46924ab/0933414948049.jpeg
Requested by: Host: interstitial-08.com
URL: https://interstitial-08.com/?l=9PjAqTQETOzNIxm&cd_meta_crid=21588&trkintimp&target_url=https%3A%2F%2Ftovanillitechan.com%2F12%3Frnd%3D440032048%26z%3D5220161%26b%3D5362695%26c%3D2755022%26var%3D%26d%3Dhttps%253A%252F%252Fnaigristoa.com%252F%253Fb%253D%257Bbannerid%257D%2526ba%253D1%2526campid%253D%257Bcampaignid%257D%2526did%253D%257Bdeviceid%257D%2526dm%253D0%2526ep%253D1%2526fp%253D0%2526g%253D%257Bgeo%257D%2526i18db%253D1%2526l%253DEf3r9LOIFX3llkF%2526oaid%253D%257Boaid%257D%2526pshr%253D0%2526s%253D%2524%257BSUBID%257D%2526ssk%253D%257Btimestamp_key%257D%2526svar%253D%257Btimestamp%257D%2526vi%253D1%2526vo%253D1%2526z%253D%257Bzoneid%257D%2526tr%253Ddefault%26cln%3D1%26btp%3D7%26rb%3DL2zuqzDg9P3iMYlL4ItKwsQTu5TxNHU9Ruv4MsjbBW8yzAUZfiSr8u9p5GBPcIvPJdbXWUP5VOXnONufy4AB6i_Izf_9gsZ29Clml0n_FQtw0j24A6mNqzLJTdfYpUKy4tlIyUckh5_kDkU3Q-doSDE5acfhDTv2HcLLa0yrfo3tRQsvvDYWgsR1jnWmtRMOc7S4uqjP-h4Ku4GOUUSkH9X__ToRk-hUvlV_LVtl37noLR5GQY1Ht-kUVrZe9EYegPIo2Zr2IsJ1WTW65t_GMklYtxs%3D%26bag%3DydU9kaAfa6I%3D%26ruid%3Ddd1deee6-ffc4-4406-af2c-37af663231fb%26ng%3D1%26ix%3D0%26pt%3D0%26np%3D0%26gp%3D3%26bp%3D4%26nw%3D1%26nb%3D1%26sw%3D1600%26sh%3D1200%26pl%3Dhttps%253A%252F%252Flink.downloadr.in%252FbRM2sN%26wy%3D0%26wx%3D0%26ww%3D1600%26wh%3D1200%26cw%3D1600%26wiw%3D1600%26wih%3D1200%26wfc%3D7%26sah%3D1200%26drf%3D%26hil%3D1%26ist%3D0%26tbc%3D0
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 139.45.197.151 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software: nginx /
Resource Hash: f710c2b11df9cadcb3a6d25a9dc8306172c04ff1d2fa8d96d4019d70833f695d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://interstitial-08.com/?l=9PjAqTQETOzNIxm&cd_meta_crid=21588&trkintimp&target_url=https%3A%2F%2Ftovanillitechan.com%2F12%3Frnd%3D440032048%26z%3D5220161%26b%3D5362695%26c%3D2755022%26var%3D%26d%3Dhttps%253A%252F%252Fnaigristoa.com%252F%253Fb%253D%257Bbannerid%257D%2526ba%253D1%2526campid%253D%257Bcampaignid%257D%2526did%253D%257Bdeviceid%257D%2526dm%253D0%2526ep%253D1%2526fp%253D0%2526g%253D%257Bgeo%257D%2526i18db%253D1%2526l%253DEf3r9LOIFX3llkF%2526oaid%253D%257Boaid%257D%2526pshr%253D0%2526s%253D%2524%257BSUBID%257D%2526ssk%253D%257Btimestamp_key%257D%2526svar%253D%257Btimestamp%257D%2526vi%253D1%2526vo%253D1%2526z%253D%257Bzoneid%257D%2526tr%253Ddefault%26cln%3D1%26btp%3D7%26rb%3DL2zuqzDg9P3iMYlL4ItKwsQTu5TxNHU9Ruv4MsjbBW8yzAUZfiSr8u9p5GBPcIvPJdbXWUP5VOXnONufy4AB6i_Izf_9gsZ29Clml0n_FQtw0j24A6mNqzLJTdfYpUKy4tlIyUckh5_kDkU3Q-doSDE5acfhDTv2HcLLa0yrfo3tRQsvvDYWgsR1jnWmtRMOc7S4uqjP-h4Ku4GOUUSkH9X__ToRk-hUvlV_LVtl37noLR5GQY1Ht-kUVrZe9EYegPIo2Zr2IsJ1WTW65t_GMklYtxs%3D%26bag%3DydU9kaAfa6I%3D%26ruid%3Ddd1deee6-ffc4-4406-af2c-37af663231fb%26ng%3D1%26ix%3D0%26pt%3D0%26np%3D0%26gp%3D3%26bp%3D4%26nw%3D1%26nb%3D1%26sw%3D1600%26sh%3D1200%26pl%3Dhttps%253A%252F%252Flink.downloadr.in%252FbRM2sN%26wy%3D0%26wx%3D0%26ww%3D1600%26wh%3D1200%26cw%3D1600%26wiw%3D1600%26wih%3D1200%26wfc%3D7%26sah%3D1200%26drf%3D%26hil%3D1%26ist%3D0%26tbc%3D0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Wed, 03 Aug 2022 14:11:36 GMT
last-modified: Wed, 15 Aug 2018 10:56:50 GMT
server: nginx
etag: "5b7406f2-393b"
access-control-allow-methods: GET, POST, OPTIONS, HEAD
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
accept-ranges: bytes
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
content-length: 14651

GET
H2 200 0350025199145.jpeg
interstitial-08.com/contents/s/4e/61/84/4a7532ee6d30450abd6bb2a1da/ Frame ACA6 35 KB
35 KB 39ms
38ms Image
image/jpeg 139.45.197.151
RETN-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://interstitial-08.com/contents/s/4e/61/84/4a7532ee6d30450abd6bb2a1da/0350025199145.jpeg
Requested by: Host: interstitial-08.com
URL: https://interstitial-08.com/?l=9PjAqTQETOzNIxm&cd_meta_crid=21588&trkintimp&target_url=https%3A%2F%2Ftovanillitechan.com%2F12%3Frnd%3D440032048%26z%3D5220161%26b%3D5362695%26c%3D2755022%26var%3D%26d%3Dhttps%253A%252F%252Fnaigristoa.com%252F%253Fb%253D%257Bbannerid%257D%2526ba%253D1%2526campid%253D%257Bcampaignid%257D%2526did%253D%257Bdeviceid%257D%2526dm%253D0%2526ep%253D1%2526fp%253D0%2526g%253D%257Bgeo%257D%2526i18db%253D1%2526l%253DEf3r9LOIFX3llkF%2526oaid%253D%257Boaid%257D%2526pshr%253D0%2526s%253D%2524%257BSUBID%257D%2526ssk%253D%257Btimestamp_key%257D%2526svar%253D%257Btimestamp%257D%2526vi%253D1%2526vo%253D1%2526z%253D%257Bzoneid%257D%2526tr%253Ddefault%26cln%3D1%26btp%3D7%26rb%3DL2zuqzDg9P3iMYlL4ItKwsQTu5TxNHU9Ruv4MsjbBW8yzAUZfiSr8u9p5GBPcIvPJdbXWUP5VOXnONufy4AB6i_Izf_9gsZ29Clml0n_FQtw0j24A6mNqzLJTdfYpUKy4tlIyUckh5_kDkU3Q-doSDE5acfhDTv2HcLLa0yrfo3tRQsvvDYWgsR1jnWmtRMOc7S4uqjP-h4Ku4GOUUSkH9X__ToRk-hUvlV_LVtl37noLR5GQY1Ht-kUVrZe9EYegPIo2Zr2IsJ1WTW65t_GMklYtxs%3D%26bag%3DydU9kaAfa6I%3D%26ruid%3Ddd1deee6-ffc4-4406-af2c-37af663231fb%26ng%3D1%26ix%3D0%26pt%3D0%26np%3D0%26gp%3D3%26bp%3D4%26nw%3D1%26nb%3D1%26sw%3D1600%26sh%3D1200%26pl%3Dhttps%253A%252F%252Flink.downloadr.in%252FbRM2sN%26wy%3D0%26wx%3D0%26ww%3D1600%26wh%3D1200%26cw%3D1600%26wiw%3D1600%26wih%3D1200%26wfc%3D7%26sah%3D1200%26drf%3D%26hil%3D1%26ist%3D0%26tbc%3D0
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 139.45.197.151 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software: nginx /
Resource Hash: 01a91cef52f9849703fb84a945f9fb51b9debf7ac36730043d097c3865550e8c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://interstitial-08.com/?l=9PjAqTQETOzNIxm&cd_meta_crid=21588&trkintimp&target_url=https%3A%2F%2Ftovanillitechan.com%2F12%3Frnd%3D440032048%26z%3D5220161%26b%3D5362695%26c%3D2755022%26var%3D%26d%3Dhttps%253A%252F%252Fnaigristoa.com%252F%253Fb%253D%257Bbannerid%257D%2526ba%253D1%2526campid%253D%257Bcampaignid%257D%2526did%253D%257Bdeviceid%257D%2526dm%253D0%2526ep%253D1%2526fp%253D0%2526g%253D%257Bgeo%257D%2526i18db%253D1%2526l%253DEf3r9LOIFX3llkF%2526oaid%253D%257Boaid%257D%2526pshr%253D0%2526s%253D%2524%257BSUBID%257D%2526ssk%253D%257Btimestamp_key%257D%2526svar%253D%257Btimestamp%257D%2526vi%253D1%2526vo%253D1%2526z%253D%257Bzoneid%257D%2526tr%253Ddefault%26cln%3D1%26btp%3D7%26rb%3DL2zuqzDg9P3iMYlL4ItKwsQTu5TxNHU9Ruv4MsjbBW8yzAUZfiSr8u9p5GBPcIvPJdbXWUP5VOXnONufy4AB6i_Izf_9gsZ29Clml0n_FQtw0j24A6mNqzLJTdfYpUKy4tlIyUckh5_kDkU3Q-doSDE5acfhDTv2HcLLa0yrfo3tRQsvvDYWgsR1jnWmtRMOc7S4uqjP-h4Ku4GOUUSkH9X__ToRk-hUvlV_LVtl37noLR5GQY1Ht-kUVrZe9EYegPIo2Zr2IsJ1WTW65t_GMklYtxs%3D%26bag%3DydU9kaAfa6I%3D%26ruid%3Ddd1deee6-ffc4-4406-af2c-37af663231fb%26ng%3D1%26ix%3D0%26pt%3D0%26np%3D0%26gp%3D3%26bp%3D4%26nw%3D1%26nb%3D1%26sw%3D1600%26sh%3D1200%26pl%3Dhttps%253A%252F%252Flink.downloadr.in%252FbRM2sN%26wy%3D0%26wx%3D0%26ww%3D1600%26wh%3D1200%26cw%3D1600%26wiw%3D1600%26wih%3D1200%26wfc%3D7%26sah%3D1200%26drf%3D%26hil%3D1%26ist%3D0%26tbc%3D0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Wed, 03 Aug 2022 14:11:36 GMT
last-modified: Tue, 17 Jul 2018 10:46:08 GMT
server: nginx
etag: "5b4dc8f0-8b17"
access-control-allow-methods: GET, POST, OPTIONS, HEAD
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
accept-ranges: bytes
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
content-length: 35607

GET
H2 200 01289039865190.jpeg
interstitial-08.com/contents/s/aa/5b/71/730bd1c1e09e51bf17160def9a/ Frame ACA6 49 KB
50 KB 40ms
39ms Image
image/jpeg 139.45.197.151
RETN-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://interstitial-08.com/contents/s/aa/5b/71/730bd1c1e09e51bf17160def9a/01289039865190.jpeg
Requested by: Host: interstitial-08.com
URL: https://interstitial-08.com/?l=9PjAqTQETOzNIxm&cd_meta_crid=21588&trkintimp&target_url=https%3A%2F%2Ftovanillitechan.com%2F12%3Frnd%3D440032048%26z%3D5220161%26b%3D5362695%26c%3D2755022%26var%3D%26d%3Dhttps%253A%252F%252Fnaigristoa.com%252F%253Fb%253D%257Bbannerid%257D%2526ba%253D1%2526campid%253D%257Bcampaignid%257D%2526did%253D%257Bdeviceid%257D%2526dm%253D0%2526ep%253D1%2526fp%253D0%2526g%253D%257Bgeo%257D%2526i18db%253D1%2526l%253DEf3r9LOIFX3llkF%2526oaid%253D%257Boaid%257D%2526pshr%253D0%2526s%253D%2524%257BSUBID%257D%2526ssk%253D%257Btimestamp_key%257D%2526svar%253D%257Btimestamp%257D%2526vi%253D1%2526vo%253D1%2526z%253D%257Bzoneid%257D%2526tr%253Ddefault%26cln%3D1%26btp%3D7%26rb%3DL2zuqzDg9P3iMYlL4ItKwsQTu5TxNHU9Ruv4MsjbBW8yzAUZfiSr8u9p5GBPcIvPJdbXWUP5VOXnONufy4AB6i_Izf_9gsZ29Clml0n_FQtw0j24A6mNqzLJTdfYpUKy4tlIyUckh5_kDkU3Q-doSDE5acfhDTv2HcLLa0yrfo3tRQsvvDYWgsR1jnWmtRMOc7S4uqjP-h4Ku4GOUUSkH9X__ToRk-hUvlV_LVtl37noLR5GQY1Ht-kUVrZe9EYegPIo2Zr2IsJ1WTW65t_GMklYtxs%3D%26bag%3DydU9kaAfa6I%3D%26ruid%3Ddd1deee6-ffc4-4406-af2c-37af663231fb%26ng%3D1%26ix%3D0%26pt%3D0%26np%3D0%26gp%3D3%26bp%3D4%26nw%3D1%26nb%3D1%26sw%3D1600%26sh%3D1200%26pl%3Dhttps%253A%252F%252Flink.downloadr.in%252FbRM2sN%26wy%3D0%26wx%3D0%26ww%3D1600%26wh%3D1200%26cw%3D1600%26wiw%3D1600%26wih%3D1200%26wfc%3D7%26sah%3D1200%26drf%3D%26hil%3D1%26ist%3D0%26tbc%3D0
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 139.45.197.151 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software: nginx /
Resource Hash: 89d93e12a15f6a5d57b5f8aca8bd1e6984dc4c8c5dec7840a8c8e8c8274c1568

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://interstitial-08.com/?l=9PjAqTQETOzNIxm&cd_meta_crid=21588&trkintimp&target_url=https%3A%2F%2Ftovanillitechan.com%2F12%3Frnd%3D440032048%26z%3D5220161%26b%3D5362695%26c%3D2755022%26var%3D%26d%3Dhttps%253A%252F%252Fnaigristoa.com%252F%253Fb%253D%257Bbannerid%257D%2526ba%253D1%2526campid%253D%257Bcampaignid%257D%2526did%253D%257Bdeviceid%257D%2526dm%253D0%2526ep%253D1%2526fp%253D0%2526g%253D%257Bgeo%257D%2526i18db%253D1%2526l%253DEf3r9LOIFX3llkF%2526oaid%253D%257Boaid%257D%2526pshr%253D0%2526s%253D%2524%257BSUBID%257D%2526ssk%253D%257Btimestamp_key%257D%2526svar%253D%257Btimestamp%257D%2526vi%253D1%2526vo%253D1%2526z%253D%257Bzoneid%257D%2526tr%253Ddefault%26cln%3D1%26btp%3D7%26rb%3DL2zuqzDg9P3iMYlL4ItKwsQTu5TxNHU9Ruv4MsjbBW8yzAUZfiSr8u9p5GBPcIvPJdbXWUP5VOXnONufy4AB6i_Izf_9gsZ29Clml0n_FQtw0j24A6mNqzLJTdfYpUKy4tlIyUckh5_kDkU3Q-doSDE5acfhDTv2HcLLa0yrfo3tRQsvvDYWgsR1jnWmtRMOc7S4uqjP-h4Ku4GOUUSkH9X__ToRk-hUvlV_LVtl37noLR5GQY1Ht-kUVrZe9EYegPIo2Zr2IsJ1WTW65t_GMklYtxs%3D%26bag%3DydU9kaAfa6I%3D%26ruid%3Ddd1deee6-ffc4-4406-af2c-37af663231fb%26ng%3D1%26ix%3D0%26pt%3D0%26np%3D0%26gp%3D3%26bp%3D4%26nw%3D1%26nb%3D1%26sw%3D1600%26sh%3D1200%26pl%3Dhttps%253A%252F%252Flink.downloadr.in%252FbRM2sN%26wy%3D0%26wx%3D0%26ww%3D1600%26wh%3D1200%26cw%3D1600%26wiw%3D1600%26wih%3D1200%26wfc%3D7%26sah%3D1200%26drf%3D%26hil%3D1%26ist%3D0%26tbc%3D0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Wed, 03 Aug 2022 14:11:36 GMT
last-modified: Thu, 31 Jan 2019 11:14:34 GMT
server: nginx
etag: "5c52d89a-c502"
access-control-allow-methods: GET, POST, OPTIONS, HEAD
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
accept-ranges: bytes
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
content-length: 50434

GET
H2 200 player.png
littlecdn.com/interstital/templates/inapp/Players/_gen-carousel-3d/images/ Frame ACA6 28 KB
28 KB 16ms
15ms Image
image/png 2606:4700:10::6816:1974
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://littlecdn.com/interstital/templates/inapp/Players/_gen-carousel-3d/images/player.png
Requested by: Host: interstitial-08.com
URL: https://interstitial-08.com/?l=9PjAqTQETOzNIxm&cd_meta_crid=21588&trkintimp&target_url=https%3A%2F%2Ftovanillitechan.com%2F12%3Frnd%3D440032048%26z%3D5220161%26b%3D5362695%26c%3D2755022%26var%3D%26d%3Dhttps%253A%252F%252Fnaigristoa.com%252F%253Fb%253D%257Bbannerid%257D%2526ba%253D1%2526campid%253D%257Bcampaignid%257D%2526did%253D%257Bdeviceid%257D%2526dm%253D0%2526ep%253D1%2526fp%253D0%2526g%253D%257Bgeo%257D%2526i18db%253D1%2526l%253DEf3r9LOIFX3llkF%2526oaid%253D%257Boaid%257D%2526pshr%253D0%2526s%253D%2524%257BSUBID%257D%2526ssk%253D%257Btimestamp_key%257D%2526svar%253D%257Btimestamp%257D%2526vi%253D1%2526vo%253D1%2526z%253D%257Bzoneid%257D%2526tr%253Ddefault%26cln%3D1%26btp%3D7%26rb%3DL2zuqzDg9P3iMYlL4ItKwsQTu5TxNHU9Ruv4MsjbBW8yzAUZfiSr8u9p5GBPcIvPJdbXWUP5VOXnONufy4AB6i_Izf_9gsZ29Clml0n_FQtw0j24A6mNqzLJTdfYpUKy4tlIyUckh5_kDkU3Q-doSDE5acfhDTv2HcLLa0yrfo3tRQsvvDYWgsR1jnWmtRMOc7S4uqjP-h4Ku4GOUUSkH9X__ToRk-hUvlV_LVtl37noLR5GQY1Ht-kUVrZe9EYegPIo2Zr2IsJ1WTW65t_GMklYtxs%3D%26bag%3DydU9kaAfa6I%3D%26ruid%3Ddd1deee6-ffc4-4406-af2c-37af663231fb%26ng%3D1%26ix%3D0%26pt%3D0%26np%3D0%26gp%3D3%26bp%3D4%26nw%3D1%26nb%3D1%26sw%3D1600%26sh%3D1200%26pl%3Dhttps%253A%252F%252Flink.downloadr.in%252FbRM2sN%26wy%3D0%26wx%3D0%26ww%3D1600%26wh%3D1200%26cw%3D1600%26wiw%3D1600%26wih%3D1200%26wfc%3D7%26sah%3D1200%26drf%3D%26hil%3D1%26ist%3D0%26tbc%3D0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:1974 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d1eb8cf889202f439bb6bd1a03049b2e71953c7c0a5aadddde498cbea9bcadac

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://interstitial-08.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Wed, 03 Aug 2022 14:11:36 GMT
cf-cache-status: HIT
age: 3305
content-length: 28527
last-modified: Fri, 15 Jul 2022 11:26:50 GMT
server: cloudflare
etag: "62d14efa-6f6f"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS, HEAD
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
cache-control: max-age=3600
accept-ranges: bytes
cf-ray: 734fa4bbaa84bbfd-FRA
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range

GET
H2 200 script.js Show response
littlecdn.com/interstital/templates/inapp/Players/_gen-carousel-3d/js/ Frame ACA6 1 KB
562 B 15ms
15ms Script
application/javascript 2606:4700:10::6816:1974
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://littlecdn.com/interstital/templates/inapp/Players/_gen-carousel-3d/js/script.js?v=1518177503494
Requested by: Host: interstitial-08.com
URL: https://interstitial-08.com/?l=9PjAqTQETOzNIxm&cd_meta_crid=21588&trkintimp&target_url=https%3A%2F%2Ftovanillitechan.com%2F12%3Frnd%3D440032048%26z%3D5220161%26b%3D5362695%26c%3D2755022%26var%3D%26d%3Dhttps%253A%252F%252Fnaigristoa.com%252F%253Fb%253D%257Bbannerid%257D%2526ba%253D1%2526campid%253D%257Bcampaignid%257D%2526did%253D%257Bdeviceid%257D%2526dm%253D0%2526ep%253D1%2526fp%253D0%2526g%253D%257Bgeo%257D%2526i18db%253D1%2526l%253DEf3r9LOIFX3llkF%2526oaid%253D%257Boaid%257D%2526pshr%253D0%2526s%253D%2524%257BSUBID%257D%2526ssk%253D%257Btimestamp_key%257D%2526svar%253D%257Btimestamp%257D%2526vi%253D1%2526vo%253D1%2526z%253D%257Bzoneid%257D%2526tr%253Ddefault%26cln%3D1%26btp%3D7%26rb%3DL2zuqzDg9P3iMYlL4ItKwsQTu5TxNHU9Ruv4MsjbBW8yzAUZfiSr8u9p5GBPcIvPJdbXWUP5VOXnONufy4AB6i_Izf_9gsZ29Clml0n_FQtw0j24A6mNqzLJTdfYpUKy4tlIyUckh5_kDkU3Q-doSDE5acfhDTv2HcLLa0yrfo3tRQsvvDYWgsR1jnWmtRMOc7S4uqjP-h4Ku4GOUUSkH9X__ToRk-hUvlV_LVtl37noLR5GQY1Ht-kUVrZe9EYegPIo2Zr2IsJ1WTW65t_GMklYtxs%3D%26bag%3DydU9kaAfa6I%3D%26ruid%3Ddd1deee6-ffc4-4406-af2c-37af663231fb%26ng%3D1%26ix%3D0%26pt%3D0%26np%3D0%26gp%3D3%26bp%3D4%26nw%3D1%26nb%3D1%26sw%3D1600%26sh%3D1200%26pl%3Dhttps%253A%252F%252Flink.downloadr.in%252FbRM2sN%26wy%3D0%26wx%3D0%26ww%3D1600%26wh%3D1200%26cw%3D1600%26wiw%3D1600%26wih%3D1200%26wfc%3D7%26sah%3D1200%26drf%3D%26hil%3D1%26ist%3D0%26tbc%3D0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:1974 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 55c72f42fc6ee2c502a5f86fe215690719ce746f383ec8551af1f1fb66252b2e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://interstitial-08.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Wed, 03 Aug 2022 14:11:36 GMT
content-encoding: br
cf-cache-status: HIT
age: 2572
last-modified: Fri, 15 Jul 2022 11:26:50 GMT
server: cloudflare
etag: W/"62d14efa-58b"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS, HEAD
content-type: application/javascript
access-control-allow-origin: *
access-control-expose-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
cache-control: max-age=3600
cf-ray: 734fa4bb8a32bbfd-FRA
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range

GET
H2 204 vctx Show response
unphionetor.com/ Frame ACA6 0
494 B 13ms
13ms XHR
text/plain 139.45.197.236
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://unphionetor.com/vctx?t=72747

Requested by

Host: unphionetor.com
URL: https://unphionetor.com/fv.js?t=72747&cb=940188474

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

139.45.197.236 , United Kingdom, ASN9002 (RETN-AS, GB),

Reverse DNS

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://interstitial-08.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

x-trace-id: 2cdb250a7fdfcdf57229dfeb774cf085
pragma: no-cache
date: Wed, 03 Aug 2022 14:11:36 GMT
x-content-type-options: nosniff
server: nginx
strict-transport-security: max-age=1
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-origin: https://interstitial-08.com
access-control-expose-headers: Authorization
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
access-control-allow-credentials: true
timing-allow-origin: *, *
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
expires: Tue, 11 Jan 1994 10:00:00 GMT

POST
H2 204 vbl
unphionetor.com/ Frame ACA6 0
494 B 13ms
12ms Ping
text/plain 139.45.197.236
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://unphionetor.com/vbl?t=72747&bid=undefined&aid=undefined

Requested by

Host: unphionetor.com
URL: https://unphionetor.com/fv.js?t=72747&cb=940188474

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

139.45.197.236 , United Kingdom, ASN9002 (RETN-AS, GB),

Reverse DNS

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://interstitial-08.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

x-trace-id: e5d0fcd66b4bc28aba0b6a5a9003f104
pragma: no-cache
date: Wed, 03 Aug 2022 14:11:36 GMT
x-content-type-options: nosniff
server: nginx
strict-transport-security: max-age=1
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-origin: https://interstitial-08.com
access-control-expose-headers: Authorization
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
access-control-allow-credentials: true
timing-allow-origin: *, *
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
expires: Tue, 11 Jan 1994 10:00:00 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220728/r20110914/client/ Frame 38E1 3 KB
1 KB 9ms
8ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220728/r20110914/client/window_focus_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2206060008528585&output=html&h=280&slotname=1565748402&adk=3406233744&adf=1715028348&pi=t.ma~as.1565748402&w=728&fwrn=4&fwrnh=100&lmt=1659535896&rafmt=1&psa=0&format=728x280&url=https%3A%2F%2Flink.downloadr.in%2FbRM2sN&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1659535896370&bpp=2&bdt=213&idt=110&shv=r20220728&mjsv=m202207280101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=7342178961261&frm=20&pv=1&ga_vid=1909549036.1659535896&ga_sid=1659535896&ga_hid=892286789&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=436&ady=165&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C44763505%2C31067984%2C31068651%2C21066434%2C42531606%2C44764001%2C21065725&oid=2&pvsid=1414660626252312&tmod=1062838501&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=C2Mlx8wrP1&p=https%3A//link.downloadr.in&dtd=117

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Wed, 03 Aug 2022 14:06:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 313
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1359
x-xss-protection: 0
server: cafe
etag: 1484984001845508991
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 17 Aug 2022 14:06:24 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 38E1 139 KB
43 KB 57ms
33ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

92aaa12adb4161114f57fe1c38584f80895525c642d8778be4d5b2d68fcab715

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Wed, 03 Aug 2022 14:11:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 43813
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1659353321385471"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Wed, 03 Aug 2022 14:11:37 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220728/r20110914/client/ Frame 38E1 18 KB
7 KB 9ms
8ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220728/r20110914/client/qs_click_protection_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5e5ee07c0b9aebe4b9fe10f351068879e9046771eaae0fecc0d06a320e75d472

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Wed, 03 Aug 2022 14:05:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 341
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7643
x-xss-protection: 0
server: cafe
etag: 5476907727954993956
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 17 Aug 2022 14:05:56 GMT

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame 38E1 0
0 52ms
50ms Fetch
text/html 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CiRVyGILqYrmKI8aDhAbMi4eAB8me0rFcjfDi1pMBwI23ARABIABglbqAgpgHggEXY2EtcHViLTIyMDYwNjAwMDg1Mjg1ODWgAdW20uoDyAEJqQIhbGD-6xexPqgDAaoEyQFP0F9jXql9kSj1nXCpKnmkn27GKk1mMfaYvEYTurkYv9ylHzZWTo4i2CaNCrxx495qmnr6oHGdvtKF6FsvFYn61DTKOHL5EfP7ao-BsymNF6v3CWXVj0VbulKUfO2k6VbH5ShYt4AfMBsxO1a8CrQdvv4IeZlThg6A6hLzrb53K6u6FT3nubd3GOZ6Mds-_Z7Y5eQR7p6VUfuw7wjBQxc9c1fCOQgK5cD0YARv99-MpysHy5aMafEwQSUCcR8Jti1HMlwIKZVaGCCABtSgisukm6ijbKAGIagHipixAqgHpr4bqAeW2BuoB6qbsQKoB_-esQKoB9-fsQLYBwDSCA8IgOGAEBABMgKqAjoCgECACgH6CwIIAYAMAdAVAYAXAbIXGgoYEhRwdWItMjIwNjA2MDAwODUyODU4NRgA&sigh=69APZvkWwQQ&uach_m=[UACH]&cid=CAQSGwCsnQUxpOqGbYQviSYumoRysoQAGv5D5hkfYxgB

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2206060008528585&output=html&h=280&slotname=1565748402&adk=3406233744&adf=1715028348&pi=t.ma~as.1565748402&w=728&fwrn=4&fwrnh=100&lmt=1659535896&rafmt=1&psa=0&format=728x280&url=https%3A%2F%2Flink.downloadr.in%2FbRM2sN&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1659535896370&bpp=2&bdt=213&idt=110&shv=r20220728&mjsv=m202207280101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=7342178961261&frm=20&pv=1&ga_vid=1909549036.1659535896&ga_sid=1659535896&ga_hid=892286789&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=436&ady=165&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C44763505%2C31067984%2C31068651%2C21066434%2C42531606%2C44764001%2C21065725&oid=2&pvsid=1414660626252312&tmod=1062838501&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=C2Mlx8wrP1&p=https%3A//link.downloadr.in&dtd=117
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
date: Wed, 03 Aug 2022 14:11:37 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Wed, 03 Aug 2022 14:11:37 GMT

GET
H2 200 notify
rtb.fr.eu.criteo.com/google/auction/ Frame 38E1 0
0 64ms
18ms Fetch 2a02:2638::2
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://rtb.fr.eu.criteo.com/google/auction/notify?profile=14&payload=kOb8EMz6RNgFmAKdg2ICAgAAAE2W6BFMXiWSEBiC6mIwCSAoNAaXCS56zgASAAA&wp=YuqCGAAIxTkKwQHGAAHFzOPOCOAPHl2NSxVPrw

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::2 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Wed, 03 Aug 2022 14:11:36 GMT
server: Kestrel
server-processing-duration-in-ticks: 314696
content-length: 0
strict-transport-security: max-age=31536000; preload;

GET
H2 200 afr.php Show response
ads.eu.criteo.com/delivery/r/ Frame 9BBC 194 KB
56 KB 191ms
148ms Document
text/html 2a02:2638::b
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://ads.eu.criteo.com/delivery/r/afr.php?z=YuqCGAAIxTkKwQHGAAHFzOPOCOAPHl2NSxVPrw&u=%7CbKGK0upUC9ztXLcxiXL%2Ba2YDhkuMEl7Wp7VfvFnxWpY%3D%7C&c1=0n2XosTo5ckbeNFvq0zVIcsyhyT3WKD0PIixkNz--ZUG2JILUkurhSkBmqMNl2IWHL9APLQJ6z2MBXjcXbJi68TGX3bfL3WTSq1UDcvhEKOD6kU-WiEl4XvQvX3V_L0VyW-7TZlfNA-P_WXkl1RfzDnGlPp_vX0IwNkCYdLl3AyNcnvBFUb_nVC0RYdsXgXW5BqVc1PZ91bqCdEnnHScLHio67N3YxN3ZuOWPW_T26LVLgPty1YBd7pp---SyLVSOnCF0G9UmKjsv6Yf1Fl5zIu9tJ9Y78jE2MZTLCJZ8RBeYBeJVb7j_SntuPzcP_5oMCDot86f9o8zJ-9_lkOXun0FwLWDf3euRHQZSkNzgAUEmsLMrGmIFArPo0lbglkzmOT1Eweh2_fP0tos8UncGrsVt7TPZLA_NlP1J3Oh4-UXxJmesLRildUdMy2yiR6BdjRIMWDL8dyJO00Q_orFdYfoHsFmhKgD&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC4yfaGILqYrmKI8aDhAbMi4eAB8me0rFcjfDi1pMBwI23ARABIABglbqAgpgHggEXY2EtcHViLTIyMDYwNjAwMDg1Mjg1ODWgAdW20uoDyAEJqQIhbGD-6xexPqgDAaoEzAFP0F9jXql9kSj1nXCpKnmkn27GKk1mMfaYvEYTurkYv9ylHzZWTo4i2CaNCrxx495qmnr6oHGdvtKF6FsvFYn61DTKOHL5EfP7ao-BsymNF6v3CWXVj0VbulKUfO2k6VbH5ShYt4AfMBsxO1a8CrQdvv4IeZlThg6A6hLzrb53K6u6FT3nubd3GOZ6Mds-_Z7Y5eQR7p6VUfuw7wjBQxc9c1fCeword0d7_BfQa8svdxahM5-YY0c6bz2Axdc0EN_4LHAQrD_eC5_3u5yABtSgisukm6ijbKAGIagHipixAqgHpr4bqAeW2BuoB6qbsQKoB_-esQKoB9-fsQLYBwDSCA8IgOGAEBABMgKqAjoCgED6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_1j9rcuFfDpoEZB8x7zHzot-znrYw%26client%3Dca-pub-2206060008528585%26adurl%3D

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::b , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

607922c6812cab13ed96e086d94d82b1755aaeeaa8a94e6496129e0ec8e24c1b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
access-control-max-age: 1000
cache-control: private, max-age=0, no-cache
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
date: Wed, 03 Aug 2022 14:11:36 GMT
expires: Mon, 26 Jul 1997 05:00:00 GMT
link: <pix.eu.criteo.net>; rel=preconnect; crossorigin, <static.criteo.net>; rel=preconnect; crossorigin
p3p: CP='CUR ADM OUR NOR STA NID'
pragma: no-cache
report-to: {"endpoints":[{"url":"https://csm.eu.criteo.net/heavyad?cppv=3&cpp=hk_GGwc1bMMbVjXOVzaJ83J0P2zIwSYNCl1tvcZQtoFSSnGXrB1hDaV4dsWWY9UmWBjH_Hk7GgxG35Ra1UixsLlAM01NcgK-hDUF971eMw58Qkn_6TiaQkY_3HhtDrr81hstGZkwT4naiRRJZBRljlALOHZZSsaigvdG_rz1muZ-XlwrsQUcV6UmDV_8tPez-fy42iNc0s0hZgOAVg2-BjhrMGfSANXvCl5ZlyNEbqzIOuZGlSkvGL2Knyx29Jz862z1jNcGdZDIu4L9"}], "max_age": 86400}
server: Kestrel
server-processing-duration-in-ticks: 130270455
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding

GET
H3 200 reactive_library_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202207280101/ 150 KB
53 KB 28ms
28ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202207280101/reactive_library_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8344985004461fcc2cccc0620682c7435a8bcda70fe35904fb821103adf9ea83

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://link.downloadr.in/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Wed, 03 Aug 2022 14:11:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 54483
x-xss-protection: 0
server: cafe
etag: 8822869942084081282
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=1209600
timing-allow-origin: *
expires: Wed, 03 Aug 2022 14:11:37 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220728/r20110914/client/ Frame E41A 3 KB
1 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220728/r20110914/client/window_focus_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2206060008528585&output=html&h=280&slotname=1565748402&adk=3406233744&adf=2905302740&pi=t.ma~as.1565748402&w=728&fwrn=4&fwrnh=100&lmt=1659535896&rafmt=1&psa=0&format=728x280&url=https%3A%2F%2Flink.downloadr.in%2FbRM2sN&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1659535896372&bpp=1&bdt=216&idt=118&shv=r20220728&mjsv=m202207280101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C728x280&nras=1&correlator=7342178961261&frm=20&pv=1&ga_vid=1909549036.1659535896&ga_sid=1659535896&ga_hid=892286789&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=436&ady=584&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C44763505%2C31067984%2C31068651%2C21066434%2C42531606%2C44764001%2C21065725&oid=2&pvsid=1414660626252312&tmod=1062838501&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&fsb=1&xpc=jYc2xK7knm&p=https%3A//link.downloadr.in&dtd=120

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Wed, 03 Aug 2022 14:06:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 313
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1359
x-xss-protection: 0
server: cafe
etag: 1484984001845508991
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 17 Aug 2022 14:06:24 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220728/r20110914/client/ Frame E41A 18 KB
7 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220728/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2206060008528585&output=html&h=280&slotname=1565748402&adk=3406233744&adf=2905302740&pi=t.ma~as.1565748402&w=728&fwrn=4&fwrnh=100&lmt=1659535896&rafmt=1&psa=0&format=728x280&url=https%3A%2F%2Flink.downloadr.in%2FbRM2sN&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1659535896372&bpp=1&bdt=216&idt=118&shv=r20220728&mjsv=m202207280101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C728x280&nras=1&correlator=7342178961261&frm=20&pv=1&ga_vid=1909549036.1659535896&ga_sid=1659535896&ga_hid=892286789&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=436&ady=584&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C44763505%2C31067984%2C31068651%2C21066434%2C42531606%2C44764001%2C21065725&oid=2&pvsid=1414660626252312&tmod=1062838501&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&fsb=1&xpc=jYc2xK7knm&p=https%3A//link.downloadr.in&dtd=120

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5e5ee07c0b9aebe4b9fe10f351068879e9046771eaae0fecc0d06a320e75d472

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Wed, 03 Aug 2022 14:05:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 341
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7643
x-xss-protection: 0
server: cafe
etag: 5476907727954993956
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 17 Aug 2022 14:05:56 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame E41A 139 KB
43 KB 35ms
19ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2206060008528585&output=html&h=280&slotname=1565748402&adk=3406233744&adf=2905302740&pi=t.ma~as.1565748402&w=728&fwrn=4&fwrnh=100&lmt=1659535896&rafmt=1&psa=0&format=728x280&url=https%3A%2F%2Flink.downloadr.in%2FbRM2sN&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1659535896372&bpp=1&bdt=216&idt=118&shv=r20220728&mjsv=m202207280101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C728x280&nras=1&correlator=7342178961261&frm=20&pv=1&ga_vid=1909549036.1659535896&ga_sid=1659535896&ga_hid=892286789&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=436&ady=584&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C44763505%2C31067984%2C31068651%2C21066434%2C42531606%2C44764001%2C21065725&oid=2&pvsid=1414660626252312&tmod=1062838501&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&fsb=1&xpc=jYc2xK7knm&p=https%3A//link.downloadr.in&dtd=120

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

92aaa12adb4161114f57fe1c38584f80895525c642d8778be4d5b2d68fcab715

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Wed, 03 Aug 2022 14:11:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 43813
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1659353321385471"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Wed, 03 Aug 2022 14:11:37 GMT

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame E41A 0
0 51ms
50ms Fetch
text/html 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CXTmMGILqYqSPI42mhAW0_r7AAcme0rFclaKX93DAjbcBEAEgAGCVuoCCmAeCARdjYS1wdWItMjIwNjA2MDAwODUyODU4NaAB1bbS6gPIAQmpAnjfaRAlGLE-qAMBqgTJAU_QInO6RDxpE-8HOsA7sH-FFE-tnh4Pvb1sLi9d6EuPLfMPsw5BEM1FlTOftUund8G-ZScf0ft4AkxijsMcaQeRqIac44aUA2oeAK2Vzi07eG2oFc1qT9zCAb8vvgjBcFpPWmfJarJxj9OEUTN6N7kGPmjxBeVxN8gqjwOHD972oKFc0OLhk91DqI3posM8MQ2ROpS_8_q5_ymEGMnIMKi5XGnkFmRviIYwiaT3peMttBMKT4BC6lX8ZFQjP53EY-sg-WwDA4gC-oAG1KCKy6SbqKNsoAYhqAeKmLECqAemvhuoB5bYG6gHqpuxAqgH_56xAqgH35-xAtgHANIIDwiA4YAQEAEyAqoCOgKAQIAKAfoLAggBgAwB0BUBgBcBshcaChgSFHB1Yi0yMjA2MDYwMDA4NTI4NTg1GAA&sigh=YZVZ0tHJMb0&uach_m=[UACH]&cid=CAQSGwCsnQUx9baWr3REdlAdBvCr6rdXEwbmHhn-fBgB

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2206060008528585&output=html&h=280&slotname=1565748402&adk=3406233744&adf=2905302740&pi=t.ma~as.1565748402&w=728&fwrn=4&fwrnh=100&lmt=1659535896&rafmt=1&psa=0&format=728x280&url=https%3A%2F%2Flink.downloadr.in%2FbRM2sN&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1659535896372&bpp=1&bdt=216&idt=118&shv=r20220728&mjsv=m202207280101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C728x280&nras=1&correlator=7342178961261&frm=20&pv=1&ga_vid=1909549036.1659535896&ga_sid=1659535896&ga_hid=892286789&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=436&ady=584&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C44763505%2C31067984%2C31068651%2C21066434%2C42531606%2C44764001%2C21065725&oid=2&pvsid=1414660626252312&tmod=1062838501&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&fsb=1&xpc=jYc2xK7knm&p=https%3A//link.downloadr.in&dtd=120

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2206060008528585&output=html&h=280&slotname=1565748402&adk=3406233744&adf=2905302740&pi=t.ma~as.1565748402&w=728&fwrn=4&fwrnh=100&lmt=1659535896&rafmt=1&psa=0&format=728x280&url=https%3A%2F%2Flink.downloadr.in%2FbRM2sN&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1659535896372&bpp=1&bdt=216&idt=118&shv=r20220728&mjsv=m202207280101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C728x280&nras=1&correlator=7342178961261&frm=20&pv=1&ga_vid=1909549036.1659535896&ga_sid=1659535896&ga_hid=892286789&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=436&ady=584&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C44763505%2C31067984%2C31068651%2C21066434%2C42531606%2C44764001%2C21065725&oid=2&pvsid=1414660626252312&tmod=1062838501&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&fsb=1&xpc=jYc2xK7knm&p=https%3A//link.downloadr.in&dtd=120
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
date: Wed, 03 Aug 2022 14:11:37 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H2 200 notify
rtb.fr.eu.criteo.com/google/auction/ Frame E41A 0
0 17ms
16ms Fetch 2a02:2638::2
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://rtb.fr.eu.criteo.com/google/auction/notify?profile=14&payload=kOb8EMz6RNgFmAKdg2ICAgAAAE2W6BFMXiWSEBeC6mK7iZ1rxhhcbqUktgASAAA&wp=YuqCGAAIx6QKoRMNAA-_NFDHqhbBSF0xWCLLtg

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2206060008528585&output=html&h=280&slotname=1565748402&adk=3406233744&adf=2905302740&pi=t.ma~as.1565748402&w=728&fwrn=4&fwrnh=100&lmt=1659535896&rafmt=1&psa=0&format=728x280&url=https%3A%2F%2Flink.downloadr.in%2FbRM2sN&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1659535896372&bpp=1&bdt=216&idt=118&shv=r20220728&mjsv=m202207280101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C728x280&nras=1&correlator=7342178961261&frm=20&pv=1&ga_vid=1909549036.1659535896&ga_sid=1659535896&ga_hid=892286789&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=436&ady=584&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C44763505%2C31067984%2C31068651%2C21066434%2C42531606%2C44764001%2C21065725&oid=2&pvsid=1414660626252312&tmod=1062838501&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&fsb=1&xpc=jYc2xK7knm&p=https%3A//link.downloadr.in&dtd=120

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::2 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Wed, 03 Aug 2022 14:11:37 GMT
server: Kestrel
server-processing-duration-in-ticks: 292007
content-length: 0
strict-transport-security: max-age=31536000; preload;

GET
H2 200 afr.php Show response
ads.eu.criteo.com/delivery/r/ Frame 773E 195 KB
56 KB 155ms
153ms Document
text/html 2a02:2638::b
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://ads.eu.criteo.com/delivery/r/afr.php?z=YuqCGAAIx6QKoRMNAA-_NFDHqhbBSF0xWCLLtg&u=%7CbKGK0upUC9wBAadSPOf9il9Dbr3Cw4PJtYnA3Rd5%2BZg%3D%7C&c1=0n2XosTo5ckbeNFvq0zVIcsyhyT3WKD0PIixkNz--ZUG2JILUkurhSkBmqMNl2IWHL9APLQJ6z2MBXjcXbJi68TGX3bfL3WTSq1UDcvhEKOD6kU-WiEl4WdrAIBvDDC-x-mvFsJtaszGYb3Dkcxn2mcDpiyvzE2PiBMArFsZ8ZxVSse8Qnq4qmDSgGz06GcUc2WpOA555S2Sl1BEo7ybxWLGzsdGt0ZDu5923OEoDBKKN6Q_blXl-r_N7XeRcG9Ty1wdwNsZBHglVW_s8g5yeXtZrQ_iqAl8S4Qzz89nBupfTWz6fsyWB7Tb312q0FL6jF7LlwATnsVfeLqOsEqYUf-XIdD-E6e_F1gyDRFn-ERKnhxap3dbwd_ko_Wy-BDie_94esxJrcbSyxLPXhJgap7nkVw_dFjArLvD_wjMOJl12ebUPTA3RgkqDAx6JGOg-jkSvSbyhWMZTC7pKEcFpzf1y9bJI2IOyOOa-XpnA0M&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCvEuSGILqYqSPI42mhAW0_r7AAcme0rFclaKX93DAjbcBEAEgAGCVuoCCmAeCARdjYS1wdWItMjIwNjA2MDAwODUyODU4NaAB1bbS6gPIAQmpAnjfaRAlGLE-qAMBqgTMAU_QInO6RDxpE-8HOsA7sH-FFE-tnh4Pvb1sLi9d6EuPLfMPsw5BEM1FlTOftUund8G-ZScf0ft4AkxijsMcaQeRqIac44aUA2oeAK2Vzi07eG2oFc1qT9zCAb8vvgjBcFpPWmfJarJxj9OEUTN6N7kGPmjxBeVxN8gqjwOHD972oKFc0OLhk91DqI3posM8MQ2ROpS_8_q5_ymEGMnIMKi5XGmmFEX9DwmsmhtrsUD9ibXyRpRIXF_SfNaX96BikVQ-1XSGqQwRRXJsgYAG1KCKy6SbqKNsoAYhqAeKmLECqAemvhuoB5bYG6gHqpuxAqgH_56xAqgH35-xAtgHANIIDwiA4YAQEAEyAqoCOgKAQPoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_0_M-hPcvEyjJSwQzkI2VJmbWvHsA%26client%3Dca-pub-2206060008528585%26adurl%3D

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2206060008528585&output=html&h=280&slotname=1565748402&adk=3406233744&adf=2905302740&pi=t.ma~as.1565748402&w=728&fwrn=4&fwrnh=100&lmt=1659535896&rafmt=1&psa=0&format=728x280&url=https%3A%2F%2Flink.downloadr.in%2FbRM2sN&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1659535896372&bpp=1&bdt=216&idt=118&shv=r20220728&mjsv=m202207280101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C728x280&nras=1&correlator=7342178961261&frm=20&pv=1&ga_vid=1909549036.1659535896&ga_sid=1659535896&ga_hid=892286789&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=436&ady=584&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C44763505%2C31067984%2C31068651%2C21066434%2C42531606%2C44764001%2C21065725&oid=2&pvsid=1414660626252312&tmod=1062838501&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&fsb=1&xpc=jYc2xK7knm&p=https%3A//link.downloadr.in&dtd=120

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::b , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

eb3857a2e78464274e41275080b07a939446088f9811ea004cf1a2cfbffe6506

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
access-control-max-age: 1000
cache-control: private, max-age=0, no-cache
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
date: Wed, 03 Aug 2022 14:11:36 GMT
expires: Mon, 26 Jul 1997 05:00:00 GMT
link: <pix.eu.criteo.net>; rel=preconnect; crossorigin, <static.criteo.net>; rel=preconnect; crossorigin
p3p: CP='CUR ADM OUR NOR STA NID'
pragma: no-cache
report-to: {"endpoints":[{"url":"https://csm.eu.criteo.net/heavyad?cppv=3&cpp=gkpHRAc1bMMbVjXOrk-IfRhJif2iGozYqtbdlltvdUEivv1ijUmyxjZ8eyS7TVAHx8b_qT6g3GQM7q74Xa6No-FDFlpDqGvgSQ7gzL1sb_RYHa5wpInyHCiaIkBQ394bXNDQnepjK2D6Z2X-KZuUAoRnVtwVd_AfT1tJrPKFrCEHEeXSNjP_WMCPBbSRC7T7a4nbxaVuLSBWhLmtlYzwi4msUJEqXoL2gdS5GjU2a4qu4l2_EjsrhKYc1ZZcwvwUYZTH7g"}], "max_age": 86400}
server: Kestrel
server-processing-duration-in-ticks: 131058756
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding

GET
H3 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
122 B 32ms
17ms Script
application/javascript 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=link.downloadr.in

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://link.downloadr.in/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 03 Aug 2022 14:11:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
122 B 33ms
17ms Script
application/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=link.downloadr.in

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://link.downloadr.in/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 03 Aug 2022 14:11:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20220728/r20110914/ Frame 64C1 10 KB
4 KB 7ms
7ms Document
text/html 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20220728/r20110914/zrt_lookup.html?fsb=1

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

de317176fa6b64a8e89bbd45d20b6be2560bbfa96e7e53e63eb754e18bfe6c1f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://link.downloadr.in/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 27724
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=1209600
content-encoding: gzip
content-length: 4412
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 03 Aug 2022 06:29:33 GMT
etag: 8616628553774171045
expires: Wed, 17 Aug 2022 06:29:33 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20220728/r20110914/ Frame 63CA 10 KB
4 KB 7ms
7ms Document
text/html 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20220728/r20110914/zrt_lookup.html?fsb=1

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

de317176fa6b64a8e89bbd45d20b6be2560bbfa96e7e53e63eb754e18bfe6c1f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://link.downloadr.in/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 27724
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=1209600
content-encoding: gzip
content-length: 4412
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 03 Aug 2022 06:29:33 GMT
etag: 8616628553774171045
expires: Wed, 17 Aug 2022 06:29:33 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame 38E1 211 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 5ebb8eb961d4bdebbc827531d64e66a6d4d2bbe8ca03029648c58313df8813b0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame E41A 210 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 353c13ccdc708d12239e22c607f51af32ae99329fce62e9cad86938dcc86f595

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 css2
fonts.googleapis.com/ Frame 64C1 4 KB
636 B 68ms
26ms Stylesheet
text/css 2a00:1450:400e:80d::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Roboto:wght@400;700&display=swap

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220728/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400e:80d::200a , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

c2777526a216d9692dd29697ebee7836fe8ae65f3a290faa20b75b64c0625205

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Wed, 03 Aug 2022 12:57:27 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Wed, 03 Aug 2022 14:11:37 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 03 Aug 2022 14:11:37 GMT

GET
H3 200 feedback_grey600_24dp.png
www.gstatic.com/images/icons/material/system/2x/ Frame 64C1 205 B
229 B 28ms
8ms Image
image/png 2a00:1450:4001:809::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/images/icons/material/system/2x/feedback_grey600_24dp.png

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220728/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4d45982f2dc34f36c9045ee46a75a1943666bb7fd64e103cac8c7429e7012840

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Wed, 03 Aug 2022 12:48:55 GMT
x-content-type-options: nosniff
age: 4962
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 205
x-xss-protection: 0
last-modified: Tue, 22 Oct 2019 18:15:00 GMT
server: sffe
vary: Origin
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Thu, 03 Aug 2023 12:48:55 GMT

GET
H3 200 settings_grey600_24dp.png
www.gstatic.com/images/icons/material/system/2x/ Frame 64C1 604 B
628 B 27ms
7ms Image
image/png 2a00:1450:4001:809::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/images/icons/material/system/2x/settings_grey600_24dp.png

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220728/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5c4a713ee4250851232be9f9f68d41586be39b299528cfc7266e0b0e7e582e1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Wed, 03 Aug 2022 13:55:12 GMT
x-content-type-options: nosniff
age: 985
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 604
x-xss-protection: 0
last-modified: Tue, 22 Oct 2019 18:15:00 GMT
server: sffe
vary: Origin
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Thu, 03 Aug 2023 13:55:12 GMT

GET
H3 200 interstitial_ad_frame_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220728/r20110914/elements/html/ Frame 64C1 23 KB
9 KB 13ms
9ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220728/r20110914/elements/html/interstitial_ad_frame_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220728/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

eab293839fb2aa5cfda5c6861bef235adf8127e9b7491caca48dc961a61d9b03

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Wed, 03 Aug 2022 13:54:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1025
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9690
x-xss-protection: 0
server: cafe
etag: 12381306461416256465
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 17 Aug 2022 13:54:32 GMT

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame 63CA 0
0 51ms
51ms Fetch
text/html 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CThMHGILqYo-IILXG1fAPtc-9qATJntKxXLWY49aTAcCNtwEQASAAYJW6gIKYB4IBF2NhLXB1Yi0yMjA2MDYwMDA4NTI4NTg1oAHVttLqA8gBCakCeN9pECUYsT6oAwGqBMsBT9CrtLzJgipXzGmEBDxTCCXftaaUEAwFixwPFX7Tx3bwEq-Hcv6-4yWS5fkRhyb9GGEI-R4FrGsj6oi8WRqV5uNYr_vof7EMEZsHz-DfvOGVXJxSLtw2HXXDgGD8kUydv2_c-6ESOMHSiosc8blxnuZ4Kbi1lQAbqh9isaz96sut6Fb2R_If7bBGzN8iboJLq5ByseN5ScP20cTEK51V1_eSGqxHNZMt1xgPiYrQWJVO-wdrdekH5N54Vy3g_HQVAFF_I8JVzqLL6CmABtSgisukm6ijbKAGIagHipixAqgHpr4bqAeW2BuoB6qbsQKoB_-esQKoB9-fsQLYBwDSCA8IgOGAEBABMgKqAjoCgECACgH6CwIIAYAMAdAVAYAXAbIXGgoYEhRwdWItMjIwNjA2MDAwODUyODU4NRgA&sigh=bZH3r33ctno&uach_m=[UACH]&cid=CAQSGwCsnQUxT4N7_8EEOrMdnzXpja6sZHENTOXjmhgB

Requested by

Host: link.downloadr.in
URL: https://link.downloadr.in/bRM2sN

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/html/r20220728/r20110914/zrt_lookup.html?fsb=1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
date: Wed, 03 Aug 2022 14:11:37 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H2 200 notify
rtb.fr.eu.criteo.com/google/auction/ Frame 63CA 0
0 18ms
17ms Fetch 2a02:2638::2
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://rtb.fr.eu.criteo.com/google/auction/notify?profile=14&payload=kOb8EMz6RO0HfJ2DYgICAAAAUpyUcVYlMlkQGILqYuyscD5r2KLyjdfIABIAAA&wp=YuqCGAAIBA8IFWM1AA9ntWmlq75-x7qARH8J8A

Requested by

Host: link.downloadr.in
URL: https://link.downloadr.in/bRM2sN

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::2 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Wed, 03 Aug 2022 14:11:37 GMT
server: Kestrel
server-processing-duration-in-ticks: 285919
content-length: 0
strict-transport-security: max-age=31536000; preload;

GET
H2 200 afr.php Show response
ads.eu.criteo.com/delivery/r/ Frame C339 198 KB
57 KB 141ms
139ms Document
text/html 2a02:2638::b
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://ads.eu.criteo.com/delivery/r/afr.php?z=YuqCGAAIBA8IFWM1AA9ntWmlq75-x7qARH8J8A&u=%7CbKGK0upUC9ySDGLT0j%2FB%2BNn%2BtRsE7TH3CFH8WfRvsg4%3D%7C&c1=0n2XosTo5ckbeNFvq0zVIcsyhyT3WKD0PIixkNz--ZUG2JILUkurhSkBmqMNl2IWHL9APLQJ6z2MBXjcXbJi68TGX3bfL3WT03MXv48W6vZSBt_EcmkJPI6rhm8WDPmD7NYd8iBN8t0oS_8-cZam5SxoL7RvVpTTGPEfr5LaxrmYq9jVRQSLtGXBdBRSid4NUCcSI42MkS2ftBOvtW_rh2Oyxxvs2DOPzhhdez1P7xqScA_M7eYgX1-F0N1sgBz3fV2jECDIhhitCyOd5rdWpIE1RsuiKgdv_Zv7hz1pUkKt3yNSDXU2lq0_j8F5xS6h1J6-t79BDXYEbqM_aIubVr5jZAdRl7TUqNWfskGOMMQEhzm3wA-aiu6Ompz_yT677h2K_6un0DL8LOb6CLdQa_R_IcpDvpwpLKka1ZBMtsCzzEJ8-o_Xc8RzdPWGtvqM-e80inN8i0Juhnb1xiJTICO1ES7HO1PrZ2ekxDpP4VU&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCN1jRGILqYo-IILXG1fAPtc-9qATJntKxXLWY49aTAcCNtwEQASAAYJW6gIKYB4IBF2NhLXB1Yi0yMjA2MDYwMDA4NTI4NTg1oAHVttLqA8gBCakCeN9pECUYsT6oAwGqBM4BT9CrtLzJgipXzGmEBDxTCCXftaaUEAwFixwPFX7Tx3bwEq-Hcv6-4yWS5fkRhyb9GGEI-R4FrGsj6oi8WRqV5uNYr_vof7EMEZsHz-DfvOGVXJxSLtw2HXXDgGD8kUydv2_c-6ESOMHSiosc8blxnuZ4Kbi1lQAbqh9isaz96sut6Fb2R_If7bBGzN8iboJLq5ByseN5ScP20cTEK51V1_eSGqxHd5EMRZ-AFZlvxIHtKzrNjeAT7mhyeTViSLwopqPAPe5NSwhP-5aVUMmABtSgisukm6ijbKAGIagHipixAqgHpr4bqAeW2BuoB6qbsQKoB_-esQKoB9-fsQLYBwDSCA8IgOGAEBABMgKqAjoCgED6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_0q8OOxGP1QVi1G_4yO9rMbcPFvDg%26client%3Dca-pub-2206060008528585%26adurl%3D

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220728/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::b , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

bb4ce10037297a6d510bec9b131a360e9ffb3ce209035426cee179d2580182b4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
access-control-max-age: 1000
cache-control: private, max-age=0, no-cache
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
date: Wed, 03 Aug 2022 14:11:36 GMT
expires: Mon, 26 Jul 1997 05:00:00 GMT
link: <pix.eu.criteo.net>; rel=preconnect; crossorigin, <static.criteo.net>; rel=preconnect; crossorigin
p3p: CP='CUR ADM OUR NOR STA NID'
pragma: no-cache
report-to: {"endpoints":[{"url":"https://csm.eu.criteo.net/heavyad?cppv=3&cpp=MQoigAc1bMMbVjXO-ZjtaCt_Od2Rf5hSfWwJLRza9zvIsAVeocusMqzmPbtyxKVpn4IsWnWoIqChzEd2Rc_Dn0FIW83nmA1i31Zy9UjMM9AW2sq-Al1LJGa8Jl1Kb_vkxC09zy_s3ZtY708CwvJW2Q3WcjWaeQXUhqA2-fGpbbcW76lwDeg_oFvKTJhFtavKXHWJr04OhXCHXyjadpVDff8TpNQRhmO8muaUZMgoO1jNA3anODMdA0MzMKETHse0EwCgdQ"}], "max_age": 86400}
server: Kestrel
server-processing-duration-in-ticks: 119736530
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220728/r20110914/client/ Frame 63CA 3 KB
1 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220728/r20110914/client/window_focus_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220728/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Wed, 03 Aug 2022 14:06:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 313
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1359
x-xss-protection: 0
server: cafe
etag: 1484984001845508991
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 17 Aug 2022 14:06:24 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 63CA 139 KB
43 KB 51ms
49ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220728/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

92aaa12adb4161114f57fe1c38584f80895525c642d8778be4d5b2d68fcab715

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Wed, 03 Aug 2022 14:11:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 43813
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1659353321385471"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Wed, 03 Aug 2022 14:11:37 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220728/r20110914/client/ Frame 63CA 18 KB
7 KB 12ms
11ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220728/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220728/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5e5ee07c0b9aebe4b9fe10f351068879e9046771eaae0fecc0d06a320e75d472

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Wed, 03 Aug 2022 14:05:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 341
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7643
x-xss-protection: 0
server: cafe
etag: 5476907727954993956
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 17 Aug 2022 14:05:56 GMT

GET
H2 200 privacy_small.svg
static.criteo.net/flash/icon/ Frame 9BBC 2 KB
1 KB 98ms
68ms Image
image/svg+xml 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/privacy_small.svg

Requested by

Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=YuqCGAAIxTkKwQHGAAHFzOPOCOAPHl2NSxVPrw&u=%7CbKGK0upUC9ztXLcxiXL%2Ba2YDhkuMEl7Wp7VfvFnxWpY%3D%7C&c1=0n2XosTo5ckbeNFvq0zVIcsyhyT3WKD0PIixkNz--ZUG2JILUkurhSkBmqMNl2IWHL9APLQJ6z2MBXjcXbJi68TGX3bfL3WTSq1UDcvhEKOD6kU-WiEl4XvQvX3V_L0VyW-7TZlfNA-P_WXkl1RfzDnGlPp_vX0IwNkCYdLl3AyNcnvBFUb_nVC0RYdsXgXW5BqVc1PZ91bqCdEnnHScLHio67N3YxN3ZuOWPW_T26LVLgPty1YBd7pp---SyLVSOnCF0G9UmKjsv6Yf1Fl5zIu9tJ9Y78jE2MZTLCJZ8RBeYBeJVb7j_SntuPzcP_5oMCDot86f9o8zJ-9_lkOXun0FwLWDf3euRHQZSkNzgAUEmsLMrGmIFArPo0lbglkzmOT1Eweh2_fP0tos8UncGrsVt7TPZLA_NlP1J3Oh4-UXxJmesLRildUdMy2yiR6BdjRIMWDL8dyJO00Q_orFdYfoHsFmhKgD&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC4yfaGILqYrmKI8aDhAbMi4eAB8me0rFcjfDi1pMBwI23ARABIABglbqAgpgHggEXY2EtcHViLTIyMDYwNjAwMDg1Mjg1ODWgAdW20uoDyAEJqQIhbGD-6xexPqgDAaoEzAFP0F9jXql9kSj1nXCpKnmkn27GKk1mMfaYvEYTurkYv9ylHzZWTo4i2CaNCrxx495qmnr6oHGdvtKF6FsvFYn61DTKOHL5EfP7ao-BsymNF6v3CWXVj0VbulKUfO2k6VbH5ShYt4AfMBsxO1a8CrQdvv4IeZlThg6A6hLzrb53K6u6FT3nubd3GOZ6Mds-_Z7Y5eQR7p6VUfuw7wjBQxc9c1fCeword0d7_BfQa8svdxahM5-YY0c6bz2Axdc0EN_4LHAQrD_eC5_3u5yABtSgisukm6ijbKAGIagHipixAqgHpr4bqAeW2BuoB6qbsQKoB_-esQKoB9-fsQLYBwDSCA8IgOGAEBABMgKqAjoCgED6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_1j9rcuFfDpoEZB8x7zHzot-znrYw%26client%3Dca-pub-2206060008528585%26adurl%3D

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a71fdb2af0679f36edbf63eb7944dc2403c85572d9de916cfcb12bf6277c5c37

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Wed, 03 Aug 2022 14:11:37 GMT
content-encoding: gzip
last-modified: Tue, 11 Feb 2020 14:30:28 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e42ba84-6aa"
strict-transport-security: max-age=31536000; preload;
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sat, 29 Jul 2023 14:11:37 GMT

GET
H2 200 adchoices_de.svg
static.criteo.net/flash/icon/ Frame 9BBC 2 KB
1 KB 43ms
13ms Image
image/svg+xml 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/adchoices_de.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

f5ac04f16be2eb0fbb4477e9e100a88674bda296ce7acf2419ec2898858b37f1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Wed, 03 Aug 2022 14:11:37 GMT
content-encoding: gzip
last-modified: Tue, 11 Feb 2020 14:27:58 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e42b9ee-763"
strict-transport-security: max-age=31536000; preload;
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sat, 29 Jul 2023 14:11:37 GMT

GET
H2 200 close_button.svg
static.criteo.net/flash/icon/ Frame 9BBC 308 B
636 B 42ms
15ms Image
image/svg+xml 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/close_button.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

8ec89605fe3d580e9539c7b858e8f69ba4e26fe06377ebe04585397de23a7395

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Wed, 03 Aug 2022 14:11:37 GMT
last-modified: Fri, 14 Feb 2020 13:51:32 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "5e46a5e4-134"
strict-transport-security: max-age=31536000; preload;
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 308
expires: Sat, 29 Jul 2023 14:11:37 GMT

GET
H2 200 back_button2.svg
static.criteo.net/flash/icon/ Frame 9BBC 293 B
621 B 42ms
15ms Image
image/svg+xml 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/back_button2.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

725e869434fef8013208ed4c233d29744f9b363f867dcfb8f23e862880fa699a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Wed, 03 Aug 2022 14:11:37 GMT
last-modified: Thu, 28 Apr 2022 09:09:48 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "626a59dc-125"
strict-transport-security: max-age=31536000; preload;
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 293
expires: Sat, 29 Jul 2023 14:11:37 GMT

GET
H2 200 lg.php
cat.fr.eu.criteo.com/delivery/ Frame 9BBC 43 B
348 B 66ms
20ms Image
image/gif 178.250.0.160
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cat.fr.eu.criteo.com/delivery/lg.php?cppv=3&cpp=X783s6Igar3PdS5R9BM-mVDRxQVkieRYhW8wXUbAed_WCcjckRsssVPMGQPpN3AmaoE-6v90_qG9wll1aFEp_VxX-Gm09oJa640Pp9pJzpp5hksWMehyk4BR6APOy5grJrCXm-AH3HzZAn3sFfycW_gtOyUM9u7am_nHkCDltVdPcsB5JjvoUqQzFQEo4yz9hYHlSSN8d3067CDXfOUWlew3WQqw4xhBUexx0PHWu9mQJBP3UIxVB82IdG70SYw34TYk9kMzQ97nSMkxOV5JQEhSKJNa-ERFptBjohcM_X1-Dbb-LxINrbaMWqSP-98CfuXzkGbu5dLYvcqk1xE1iysEc_AQbteSSLhFZ86RKGbAPuyrGC2MPPhBJWf175Pr2Adzdtu7f5F6J8f6iX91IpbYFW7IcO93b2RooseCc3KeqdpT

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.0.160 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 03 Aug 2022 14:11:36 GMT
server: Kestrel
strict-transport-security: max-age=31536000; preload;
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
cache-control: no-cache
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 3438601
content-type: image/gif
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2 200 m
secure-gl.imrworldwide.com/cgi-bin/ Frame 9BBC 0
688 B 145ms
103ms Image
text/plain 2600:9000:21f3:a00:1e:a43d:b640:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://secure-gl.imrworldwide.com/cgi-bin/m?ca=nlsn184820&cr=crtve&ce=criteo&pc=criteo_plc0001&ci=nlsnci162&am=3&at=view&rt=banner&st=image&r=1659535896
Requested by: Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=YuqCGAAIxTkKwQHGAAHFzOPOCOAPHl2NSxVPrw&u=%7CbKGK0upUC9ztXLcxiXL%2Ba2YDhkuMEl7Wp7VfvFnxWpY%3D%7C&c1=0n2XosTo5ckbeNFvq0zVIcsyhyT3WKD0PIixkNz--ZUG2JILUkurhSkBmqMNl2IWHL9APLQJ6z2MBXjcXbJi68TGX3bfL3WTSq1UDcvhEKOD6kU-WiEl4XvQvX3V_L0VyW-7TZlfNA-P_WXkl1RfzDnGlPp_vX0IwNkCYdLl3AyNcnvBFUb_nVC0RYdsXgXW5BqVc1PZ91bqCdEnnHScLHio67N3YxN3ZuOWPW_T26LVLgPty1YBd7pp---SyLVSOnCF0G9UmKjsv6Yf1Fl5zIu9tJ9Y78jE2MZTLCJZ8RBeYBeJVb7j_SntuPzcP_5oMCDot86f9o8zJ-9_lkOXun0FwLWDf3euRHQZSkNzgAUEmsLMrGmIFArPo0lbglkzmOT1Eweh2_fP0tos8UncGrsVt7TPZLA_NlP1J3Oh4-UXxJmesLRildUdMy2yiR6BdjRIMWDL8dyJO00Q_orFdYfoHsFmhKgD&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC4yfaGILqYrmKI8aDhAbMi4eAB8me0rFcjfDi1pMBwI23ARABIABglbqAgpgHggEXY2EtcHViLTIyMDYwNjAwMDg1Mjg1ODWgAdW20uoDyAEJqQIhbGD-6xexPqgDAaoEzAFP0F9jXql9kSj1nXCpKnmkn27GKk1mMfaYvEYTurkYv9ylHzZWTo4i2CaNCrxx495qmnr6oHGdvtKF6FsvFYn61DTKOHL5EfP7ao-BsymNF6v3CWXVj0VbulKUfO2k6VbH5ShYt4AfMBsxO1a8CrQdvv4IeZlThg6A6hLzrb53K6u6FT3nubd3GOZ6Mds-_Z7Y5eQR7p6VUfuw7wjBQxc9c1fCeword0d7_BfQa8svdxahM5-YY0c6bz2Axdc0EN_4LHAQrD_eC5_3u5yABtSgisukm6ijbKAGIagHipixAqgHpr4bqAeW2BuoB6qbsQKoB_-esQKoB9-fsQLYBwDSCA8IgOGAEBABMgKqAjoCgED6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_1j9rcuFfDpoEZB8x7zHzot-znrYw%26client%3Dca-pub-2206060008528585%26adurl%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:21f3:a00:1e:a43d:b640:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 03 Aug 2022 14:11:37 GMT
via: 1.1 f8fe53d5464b299529d281799da8de30.cloudfront.net (CloudFront)
server: nginx
x-amz-cf-pop: FRA2-C2
access-control-allow-methods: POST, OPTIONS
p3p: P3P policyref="http://secure-gl.imrworldwide.com/w3c/p3p.xml", CP="NOI DSP COR NID PSA ADM OUR IND UNI NAV COM"
access-control-allow-origin: *
cache-control: no-cache
cross-origin-resource-policy: cross-origin
x-cache: Miss from cloudfront
accept-ch: Sec-CH-Save-Data, Sec-CH-DPR, Sec-CH-Width, Sec-CH-Viewport-Width, Sec-CH-Viewport-Height, Sec-CH-Device-Memory, Sec-CH-RTT, Sec-CH-Downlink, Sec-CH-ECT, Sec-CH-Prefers-Color-Scheme, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
content-length: 0
x-amz-cf-id: EbRBZug8CPMO-g-vvgzg-g3kptNjkzJOsrrb2SlJDwm9zF-hzos2Eg==
expires: Thu, 01 Dec 1994 16:00:00 GMT

GET
H2 200 animejs.js Show response
static.criteo.net/animejs/ Frame 9BBC 12 KB
6 KB 13ms
13ms Script
text/javascript 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/animejs/animejs.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a2e14a498cfcc1b6920f069a9d657ad3c6fbbe217dd26dbfe54815db5107fed6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Wed, 03 Aug 2022 14:11:37 GMT
content-encoding: gzip
last-modified: Tue, 26 Mar 2019 17:44:11 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5c9a64eb-3181"
strict-transport-security: max-age=31536000; preload;
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sat, 29 Jul 2023 14:11:37 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame 9BBC 5 KB
5 KB 58ms
17ms Image
image/png 178.250.0.139
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.eu.criteo.net/img/img?h=556&m=0&partner=2861&q=80&r=0&u=http%3A%2F%2Fstatic.fr.eu.criteo.net%2Fdesign%2Fdt%2F2861%2F190124%2F8d6bc06124f044d4973e0db21c495799_logo.png&v=3&w=196&s=cv-0XWAuCUcnqwngfrtP0s7A

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.0.139 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

pix.par.vip.prod.criteo.com

Software

Finatra /

Resource Hash

080069b2dce01872cbc2bfcc0b6a2cd9b9a5b9fbb22fc1683ece0cea17aac96f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Wed, 03 Aug 2022 14:11:37 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/png
cache-control: public, max-age=30193679
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
timing-allow-origin: *
content-length: 5106
expires: Wed, 19 Jul 2023 01:19:37 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame 9BBC 1 KB
1 KB 59ms
19ms Image
image/webp 178.250.0.139
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.eu.criteo.net/img/img?c=3&cq=256&h=800&m=0&partner=2861&q=80&r=0&u=http%3A%2F%2Fwww.stepstone.de%2Fupload_DE%2Flogo%2FB%2FlogoBKA_Bundeskriminalamt_4558DE.gif%3Feb%3D1&v=3&w=800&s=DI0SONUVXrdIf4n2KRU4NSEh&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.0.139 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

pix.par.vip.prod.criteo.com

Software

Finatra /

Resource Hash

e4b58a351151e4da3ebfac8c923fc7c19c7bbbd6696d716a2f3465bf869f1138

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Wed, 03 Aug 2022 14:11:37 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=139068
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
timing-allow-origin: *
content-length: 1266
expires: Fri, 05 Aug 2022 04:49:26 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame 9BBC 2 KB
2 KB 58ms
18ms Image
image/webp 178.250.0.139
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.eu.criteo.net/img/img?c=3&cq=256&h=800&m=0&partner=2861&q=80&r=0&u=http%3A%2F%2Fwww.stepstone.de%2Fupload_DE%2Flogo%2FA%2FlogoAction-Deutschland-GmbH-160959DE.gif%3Feb%3D1&v=3&w=800&s=eYmd4wjFUQ8Yj2CUTtsRUG9-&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.0.139 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

pix.par.vip.prod.criteo.com

Software

Finatra /

Resource Hash

b490123c25600d6dfd80373766fe281c96763bebf5d26e2ad47fa3736774eecd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Wed, 03 Aug 2022 14:11:37 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=1480639
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
timing-allow-origin: *
content-length: 1690
expires: Sat, 20 Aug 2022 17:28:56 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame 9BBC 2 KB
2 KB 58ms
18ms Image
image/webp 178.250.0.139
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.eu.criteo.net/img/img?c=3&cq=256&h=800&m=0&partner=2861&q=80&r=0&u=http%3A%2F%2Fwww.stepstone.de%2Fupload_DE%2Flogo%2FC%2FlogoFraGround-Fraport-Ground-Services-GmbH-222375DE.gif%3Feb%3D1&v=3&w=800&s=p7imNlwxxrodxxqEMEPxBMSf&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.0.139 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

pix.par.vip.prod.criteo.com

Software

Finatra /

Resource Hash

5aeca3b44d1a071a3a4271a080470f383d077f1c0d1298845266e690449e6607

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Wed, 03 Aug 2022 14:11:36 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=838963
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
timing-allow-origin: *
content-length: 1960
expires: Sat, 13 Aug 2022 07:14:20 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame 9BBC 1 KB
2 KB 70ms
30ms Image
image/png 178.250.0.139
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.eu.criteo.net/img/img?c=3&cq=256&h=800&m=0&partner=2861&q=80&r=0&u=http%3A%2F%2Fwww.stepstone.de%2Fupload_DE%2Flogo%2FB%2Flogoumlaut-22544DE-2011191708.gif%3Feb%3D1&v=3&w=800&s=AkP6VzvhlWQHomqr6ocOPfaW&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.0.139 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

pix.par.vip.prod.criteo.com

Software

Finatra /

Resource Hash

1e04cc8c7f4f0ea9326b4de881d5734b2a1f8a96e9b11c11f6a24ff5997d9b18

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Wed, 03 Aug 2022 14:11:36 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/png
cache-control: public, max-age=1728129
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
timing-allow-origin: *
content-length: 1403
expires: Tue, 23 Aug 2022 14:13:47 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame 9BBC 2 KB
2 KB 70ms
31ms Image
image/webp 178.250.0.139
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.eu.criteo.net/img/img?c=3&cq=256&h=800&m=0&partner=2861&q=80&r=0&u=http%3A%2F%2Fwww.stepstone.de%2Fupload_DE%2Flogo%2F6%2FlogoBosch-Gruppe-2804DE-1909091413.gif%3Feb%3D1&v=3&w=800&s=HYbmSDVtbe5wAnm1TH3AhaIB&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.0.139 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

pix.par.vip.prod.criteo.com

Software

Finatra /

Resource Hash

490319aff00a55cfc00d9e24f71f39fc0801858055c62c07bec8fabf2f6e24ff

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Wed, 03 Aug 2022 14:11:37 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=1500897
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
timing-allow-origin: *
content-length: 1584
expires: Sat, 20 Aug 2022 23:06:35 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame 9BBC 1 KB
2 KB 17ms
15ms Image
image/webp 178.250.0.139
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.eu.criteo.net/img/img?c=3&cq=256&h=800&m=0&partner=2861&q=80&r=0&u=http%3A%2F%2Fwww.stepstone.de%2Fupload_DE%2Flogo%2F0%2FlogoMagazino-GmbH-152780DE.gif%3Feb%3D1&v=3&w=800&s=xD1aQ7NOXQwZP9XZtiaSsXrf&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.0.139 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

pix.par.vip.prod.criteo.com

Software

Finatra /

Resource Hash

74d9ee5df6f12c1e360250d4a0823cc8f142acc9e6ccd856ed6658628a454d56

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Wed, 03 Aug 2022 14:11:37 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=1143639
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
timing-allow-origin: *
content-length: 1480
expires: Tue, 16 Aug 2022 19:52:17 GMT

POST
H2 200 all
csm.eu.criteo.net/ Frame 9BBC 0
128 B 63ms
19ms Ping
text/plain 178.250.0.162
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://csm.eu.criteo.net/all?cppv=3&cpp=hk_GGwc1bMMbVjXOVzaJ83J0P2zIwSYNCl1tvcZQtoFSSnGXrB1hDaV4dsWWY9UmWBjH_Hk7GgxG35Ra1UixsLlAM01NcgK-hDUF971eMw58Qkn_6TiaQkY_3HhtDrr81hstGZkwT4naiRRJZBRljlALOHZZSsaigvdG_rz1muZ-XlwrsQUcV6UmDV_8tPez-fy42iNc0s0hZgOAVg2-BjhrMGfSANXvCl5ZlyNEbqzIOuZGlSkvGL2Knyx29Jz862z1jNcGdZDIu4L9&sds=2&rev=82250&sendBeacon=true

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.0.162 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Finatra /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://ads.eu.criteo.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Wed, 03 Aug 2022 14:11:37 GMT
cross-origin-resource-policy: cross-origin
server: Finatra
content-length: 0
strict-transport-security: max-age=31536000; preload;

GET
H2 200 criteo_logo_2021.svg
static.criteo.net/flash/icon/ Frame 9BBC 2 KB
1 KB 13ms
13ms Image
image/svg+xml 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/criteo_logo_2021.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a0e62ca4a82bef79bbe9dc2aba6c0782a7d8eca046bb1baa30ee91ec37931553

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Wed, 03 Aug 2022 14:11:37 GMT
content-encoding: gzip
last-modified: Thu, 27 May 2021 13:21:59 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"60af9cf7-891"
strict-transport-security: max-age=31536000; preload;
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sat, 29 Jul 2023 14:11:37 GMT

GET
H2 200 privacy.svg
static.criteo.net/flash/icon/ Frame 9BBC 2 KB
1 KB 32ms
32ms Image
image/svg+xml 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/privacy.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

095c997695f6a290fdba58b778eb0a0fdcdd9c108669e41265527a262223f1e6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Wed, 03 Aug 2022 14:11:37 GMT
content-encoding: gzip
last-modified: Wed, 19 Feb 2020 10:57:21 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e4d1491-646"
strict-transport-security: max-age=31536000; preload;
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sat, 29 Jul 2023 14:11:37 GMT

GET
H2 200 privacy_small.svg
static.criteo.net/flash/icon/ Frame 773E 2 KB
1 KB 14ms
14ms Image
image/svg+xml 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/privacy_small.svg

Requested by

Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=YuqCGAAIx6QKoRMNAA-_NFDHqhbBSF0xWCLLtg&u=%7CbKGK0upUC9wBAadSPOf9il9Dbr3Cw4PJtYnA3Rd5%2BZg%3D%7C&c1=0n2XosTo5ckbeNFvq0zVIcsyhyT3WKD0PIixkNz--ZUG2JILUkurhSkBmqMNl2IWHL9APLQJ6z2MBXjcXbJi68TGX3bfL3WTSq1UDcvhEKOD6kU-WiEl4WdrAIBvDDC-x-mvFsJtaszGYb3Dkcxn2mcDpiyvzE2PiBMArFsZ8ZxVSse8Qnq4qmDSgGz06GcUc2WpOA555S2Sl1BEo7ybxWLGzsdGt0ZDu5923OEoDBKKN6Q_blXl-r_N7XeRcG9Ty1wdwNsZBHglVW_s8g5yeXtZrQ_iqAl8S4Qzz89nBupfTWz6fsyWB7Tb312q0FL6jF7LlwATnsVfeLqOsEqYUf-XIdD-E6e_F1gyDRFn-ERKnhxap3dbwd_ko_Wy-BDie_94esxJrcbSyxLPXhJgap7nkVw_dFjArLvD_wjMOJl12ebUPTA3RgkqDAx6JGOg-jkSvSbyhWMZTC7pKEcFpzf1y9bJI2IOyOOa-XpnA0M&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCvEuSGILqYqSPI42mhAW0_r7AAcme0rFclaKX93DAjbcBEAEgAGCVuoCCmAeCARdjYS1wdWItMjIwNjA2MDAwODUyODU4NaAB1bbS6gPIAQmpAnjfaRAlGLE-qAMBqgTMAU_QInO6RDxpE-8HOsA7sH-FFE-tnh4Pvb1sLi9d6EuPLfMPsw5BEM1FlTOftUund8G-ZScf0ft4AkxijsMcaQeRqIac44aUA2oeAK2Vzi07eG2oFc1qT9zCAb8vvgjBcFpPWmfJarJxj9OEUTN6N7kGPmjxBeVxN8gqjwOHD972oKFc0OLhk91DqI3posM8MQ2ROpS_8_q5_ymEGMnIMKi5XGmmFEX9DwmsmhtrsUD9ibXyRpRIXF_SfNaX96BikVQ-1XSGqQwRRXJsgYAG1KCKy6SbqKNsoAYhqAeKmLECqAemvhuoB5bYG6gHqpuxAqgH_56xAqgH35-xAtgHANIIDwiA4YAQEAEyAqoCOgKAQPoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_0_M-hPcvEyjJSwQzkI2VJmbWvHsA%26client%3Dca-pub-2206060008528585%26adurl%3D

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a71fdb2af0679f36edbf63eb7944dc2403c85572d9de916cfcb12bf6277c5c37

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Wed, 03 Aug 2022 14:11:37 GMT
content-encoding: gzip
last-modified: Tue, 11 Feb 2020 14:30:28 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e42ba84-6aa"
strict-transport-security: max-age=31536000; preload;
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sat, 29 Jul 2023 14:11:37 GMT

GET
H2 200 adchoices_de.svg
static.criteo.net/flash/icon/ Frame 773E 2 KB
1 KB 13ms
13ms Image
image/svg+xml 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/adchoices_de.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

f5ac04f16be2eb0fbb4477e9e100a88674bda296ce7acf2419ec2898858b37f1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Wed, 03 Aug 2022 14:11:37 GMT
content-encoding: gzip
last-modified: Tue, 11 Feb 2020 14:27:58 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e42b9ee-763"
strict-transport-security: max-age=31536000; preload;
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sat, 29 Jul 2023 14:11:37 GMT

GET
H2 200 close_button.svg
static.criteo.net/flash/icon/ Frame 773E 308 B
636 B 21ms
20ms Image
image/svg+xml 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/close_button.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

8ec89605fe3d580e9539c7b858e8f69ba4e26fe06377ebe04585397de23a7395

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Wed, 03 Aug 2022 14:11:37 GMT
last-modified: Fri, 14 Feb 2020 13:51:32 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "5e46a5e4-134"
strict-transport-security: max-age=31536000; preload;
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 308
expires: Sat, 29 Jul 2023 14:11:37 GMT

GET
H2 200 back_button2.svg
static.criteo.net/flash/icon/ Frame 773E 293 B
621 B 38ms
38ms Image
image/svg+xml 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/back_button2.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

725e869434fef8013208ed4c233d29744f9b363f867dcfb8f23e862880fa699a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Wed, 03 Aug 2022 14:11:37 GMT
last-modified: Thu, 28 Apr 2022 09:09:48 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "626a59dc-125"
strict-transport-security: max-age=31536000; preload;
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 293
expires: Sat, 29 Jul 2023 14:11:37 GMT

GET
H2 200 lg.php
cat.fr.eu.criteo.com/delivery/ Frame 773E 43 B
347 B 20ms
19ms Image
image/gif 178.250.0.160
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cat.fr.eu.criteo.com/delivery/lg.php?cppv=3&cpp=RzfnlaIgar3PdS5R9BM-mVDRxQVy-Jl7CJkcoIDGOYCUPWP0SXEvJ-D2TjeosAgIVOiZIMk6Eqig5NxD_xvo91LD8FJhropq0clQ0qpHxIc3YkXahQXI6qp7ZaHK89D1u57tFERUZ_yahZHqiYTp7rep8ka6cMnCGAsfj3JGOCKSbeBIoG6N8HcbeHx_W91FeTcItly36RTVHWaeYqdJinfPe1htCFKvYt_5JEo77MOgymUGrycOrwGo_ajnNol471GJ7L4ow9Xfh2zBsgSKC6RyFfbKfDVd-Jwv-VaqkB8XRAzayo5v_yEDictl8ELeVImUOuKxYXmyreaIAFY2wt1zsIJb5sMBtyb3RqF7ygHEAPWRpI1PNwDuczbQop84tLVVwK7T4p4-4r_F3xbYmTupC0Cax-W1YVUyUZ0ennPxK6kr

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.0.160 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 03 Aug 2022 14:11:36 GMT
server: Kestrel
strict-transport-security: max-age=31536000; preload;
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
cache-control: no-cache
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 2996852
content-type: image/gif
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2 200 m
secure-gl.imrworldwide.com/cgi-bin/ Frame 773E 0
688 B 106ms
105ms Image
text/plain 2600:9000:21f3:a00:1e:a43d:b640:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://secure-gl.imrworldwide.com/cgi-bin/m?ca=nlsn184820&cr=crtve&ce=criteo&pc=criteo_plc0001&ci=nlsnci162&am=3&at=view&rt=banner&st=image&r=1659535896
Requested by: Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=YuqCGAAIx6QKoRMNAA-_NFDHqhbBSF0xWCLLtg&u=%7CbKGK0upUC9wBAadSPOf9il9Dbr3Cw4PJtYnA3Rd5%2BZg%3D%7C&c1=0n2XosTo5ckbeNFvq0zVIcsyhyT3WKD0PIixkNz--ZUG2JILUkurhSkBmqMNl2IWHL9APLQJ6z2MBXjcXbJi68TGX3bfL3WTSq1UDcvhEKOD6kU-WiEl4WdrAIBvDDC-x-mvFsJtaszGYb3Dkcxn2mcDpiyvzE2PiBMArFsZ8ZxVSse8Qnq4qmDSgGz06GcUc2WpOA555S2Sl1BEo7ybxWLGzsdGt0ZDu5923OEoDBKKN6Q_blXl-r_N7XeRcG9Ty1wdwNsZBHglVW_s8g5yeXtZrQ_iqAl8S4Qzz89nBupfTWz6fsyWB7Tb312q0FL6jF7LlwATnsVfeLqOsEqYUf-XIdD-E6e_F1gyDRFn-ERKnhxap3dbwd_ko_Wy-BDie_94esxJrcbSyxLPXhJgap7nkVw_dFjArLvD_wjMOJl12ebUPTA3RgkqDAx6JGOg-jkSvSbyhWMZTC7pKEcFpzf1y9bJI2IOyOOa-XpnA0M&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCvEuSGILqYqSPI42mhAW0_r7AAcme0rFclaKX93DAjbcBEAEgAGCVuoCCmAeCARdjYS1wdWItMjIwNjA2MDAwODUyODU4NaAB1bbS6gPIAQmpAnjfaRAlGLE-qAMBqgTMAU_QInO6RDxpE-8HOsA7sH-FFE-tnh4Pvb1sLi9d6EuPLfMPsw5BEM1FlTOftUund8G-ZScf0ft4AkxijsMcaQeRqIac44aUA2oeAK2Vzi07eG2oFc1qT9zCAb8vvgjBcFpPWmfJarJxj9OEUTN6N7kGPmjxBeVxN8gqjwOHD972oKFc0OLhk91DqI3posM8MQ2ROpS_8_q5_ymEGMnIMKi5XGmmFEX9DwmsmhtrsUD9ibXyRpRIXF_SfNaX96BikVQ-1XSGqQwRRXJsgYAG1KCKy6SbqKNsoAYhqAeKmLECqAemvhuoB5bYG6gHqpuxAqgH_56xAqgH35-xAtgHANIIDwiA4YAQEAEyAqoCOgKAQPoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_0_M-hPcvEyjJSwQzkI2VJmbWvHsA%26client%3Dca-pub-2206060008528585%26adurl%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:21f3:a00:1e:a43d:b640:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 03 Aug 2022 14:11:37 GMT
via: 1.1 f8fe53d5464b299529d281799da8de30.cloudfront.net (CloudFront)
server: nginx
x-amz-cf-pop: FRA2-C2
access-control-allow-methods: POST, OPTIONS
p3p: P3P policyref="http://secure-gl.imrworldwide.com/w3c/p3p.xml", CP="NOI DSP COR NID PSA ADM OUR IND UNI NAV COM"
access-control-allow-origin: *
cache-control: no-cache
cross-origin-resource-policy: cross-origin
x-cache: Miss from cloudfront
accept-ch: Sec-CH-Save-Data, Sec-CH-DPR, Sec-CH-Width, Sec-CH-Viewport-Width, Sec-CH-Viewport-Height, Sec-CH-Device-Memory, Sec-CH-RTT, Sec-CH-Downlink, Sec-CH-ECT, Sec-CH-Prefers-Color-Scheme, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
content-length: 0
x-amz-cf-id: j6GE2kuISbtqN1Ds8fPfB4yFpV-FNY2jt6ncLECC041lrl_g6hjqqQ==
expires: Thu, 01 Dec 1994 16:00:00 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ 0
0 46ms
45ms Image
text/html 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gda_r20220728&jk=1414660626252312&bg=!MDOlM3fNAAacadVKvGk7ACkAdvg8Wqth8bxIQt2ByU5DiBqyMNeSUdm0KGJWAAlb4uqi6PNcMM20OwIAAABUUgAAAANoAQeZAtaz7zTEwGvEY7r5ubMQuueSkNekbyQvY543-cEfVO1K2PdWG7oJjmtDEvx0ZII_XImiH6pxStQ0oejbP8J_tq-UFLq1wMcomVvVbqXQmni5n8HgGkXbCDcbUlqPpJRZc8428pblktR6riTxQNRmF-RdT383EYFzwtRDsTe0NC3uWvrA_Ms11p4yUrQcuLLZUjGqjyFC8d9WakgtjDqIO4Ko_NNfUzKCzvFESjA17aak0Iplos45kTxi63FBQqr2DzG4yTMlCpkcW1dJ0nwDHT5gu0JVlFvN3fCZ5YHiukCAFuOVTL31y0bhNZeq6Gab_LGZ76FmbIKhfHM08MGvIg8aLaR5OEHytm0glhW-6mX47r646WF8A-UVKaLbXOccW26QDxW-Hc7WhRP3TKcgHpYIgSSl8KhRvTe8HMOdX_Y0fUozAMNfH0hmq5sr4pzLmmUED6CXOH40CLSC3LoUZK1zVErq8s6VLYQmQtrHzxJH_v5gC6eGl8pINC6elJ0jdt63jVkbjGN9ytM7KqkD3u0vR0_jci0HrWhWZW6GNPFJ2A5coCfj_Qbwj8yb5wcjw8K-ii5WOG2e6flzeQioHtfdGwCxN0-_LnMtR94V9i794eMt-Tl7KSymJzV9HZJqGP5J92z-K80mousFo-zr-OvqzK9YghcW5tHWm-Ysl3p7uh_YidBvnyxh_uUJSNA6AqfMQwFoZI6cG6RCcwlpSkb3iKPx_B0P82DLyjuUV3WDGtx6tMnhvVu-NcDpk8lGWgX1UIJjfdG_hgcbd8aONsUH9yWsoSaKq6lp7T_MsC3XbscWIAEY4wwuQry_11QaGs8KtksTonY3SI1Nr6prVUWa_RC_mFKguQ8VF853OuiUNEVHvkKNssczjHJFr-BezSVceHljtNVjhVaMAXgJ1NjMxufdaP86oDC2xyJjjpzG-w-ncDUYuex0eue-3tjF4DFmLFingik
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://link.downloadr.in/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

GET
H3 200 css
fonts.googleapis.com/ Frame E5EC 8 KB
893 B 26ms
26ms Stylesheet
text/css 2a00:1450:400e:80d::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220728/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400e:80d::200a , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

4cf6f3dffbc65f9231255bf31f40ddc84a45bc57428b41d6786afc7153b90b7a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Wed, 03 Aug 2022 12:59:07 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Wed, 03 Aug 2022 14:11:37 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 03 Aug 2022 14:11:37 GMT

GET
H3 200 load_preloaded_resource_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220728/r20110914/client/ Frame E5EC 2 KB
902 B 7ms
7ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220728/r20110914/client/load_preloaded_resource_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220728/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

981c0bff12cb03203363a70e8ffe9b7fdf4af3b0b10c7a02a639eb13327574c0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Wed, 03 Aug 2022 14:05:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 351
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 875
x-xss-protection: 0
server: cafe
etag: 16974406330603315520
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 17 Aug 2022 14:05:46 GMT

GET
H3 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220728/r20110914/ Frame E5EC 23 KB
9 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220728/r20110914/abg_lite_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220728/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4c44b7ac3b0fb4895714ee8a35ed0a452b849df7759ee470ed8a7455ed15270f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Wed, 03 Aug 2022 13:54:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1046
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9504
x-xss-protection: 0
server: cafe
etag: 17733382080043146658
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 17 Aug 2022 13:54:11 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220728/r20110914/client/ Frame E5EC 3 KB
1 KB 9ms
8ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220728/r20110914/client/window_focus_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220728/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Wed, 03 Aug 2022 14:06:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 313
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1359
x-xss-protection: 0
server: cafe
etag: 1484984001845508991
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 17 Aug 2022 14:06:24 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame E5EC 139 KB
43 KB 22ms
22ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220728/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

92aaa12adb4161114f57fe1c38584f80895525c642d8778be4d5b2d68fcab715

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Wed, 03 Aug 2022 14:11:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 43813
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1659353321385471"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Wed, 03 Aug 2022 14:11:37 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220728/r20110914/client/ Frame E5EC 18 KB
7 KB 9ms
8ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220728/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220728/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5e5ee07c0b9aebe4b9fe10f351068879e9046771eaae0fecc0d06a320e75d472

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Wed, 03 Aug 2022 14:05:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 341
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7643
x-xss-protection: 0
server: cafe
etag: 5476907727954993956
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 17 Aug 2022 14:05:56 GMT

GET
H3 200 feee445475856395ba7fe4dbc8183291.js Show response
www.gstatic.com/mysidia/ Frame E5EC 31 KB
13 KB 11ms
10ms Script
text/javascript 2a00:1450:4001:809::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/feee445475856395ba7fe4dbc8183291.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220728/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

acc59f9b5fce9cdc25d3dc8ca8011fe8bf3e07ca3d24440fa26b221c57ffd499

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Thu, 28 Jul 2022 20:45:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 494762
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13052
x-xss-protection: 0
last-modified: Thu, 28 Jul 2022 20:13:55 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Wed, 26 Oct 2022 20:45:35 GMT

GET
DATA 200
OK truncated
/ Frame 63CA 216 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 98c6d66c8ac18d05de099e68180adba6b6e43aafce6a60cdbda25bcf0c6c8c4f

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 privacy_small.svg
static.criteo.net/flash/icon/ Frame C339 2 KB
1 KB 15ms
14ms Image
image/svg+xml 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/privacy_small.svg

Requested by

Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=YuqCGAAIBA8IFWM1AA9ntWmlq75-x7qARH8J8A&u=%7CbKGK0upUC9ySDGLT0j%2FB%2BNn%2BtRsE7TH3CFH8WfRvsg4%3D%7C&c1=0n2XosTo5ckbeNFvq0zVIcsyhyT3WKD0PIixkNz--ZUG2JILUkurhSkBmqMNl2IWHL9APLQJ6z2MBXjcXbJi68TGX3bfL3WT03MXv48W6vZSBt_EcmkJPI6rhm8WDPmD7NYd8iBN8t0oS_8-cZam5SxoL7RvVpTTGPEfr5LaxrmYq9jVRQSLtGXBdBRSid4NUCcSI42MkS2ftBOvtW_rh2Oyxxvs2DOPzhhdez1P7xqScA_M7eYgX1-F0N1sgBz3fV2jECDIhhitCyOd5rdWpIE1RsuiKgdv_Zv7hz1pUkKt3yNSDXU2lq0_j8F5xS6h1J6-t79BDXYEbqM_aIubVr5jZAdRl7TUqNWfskGOMMQEhzm3wA-aiu6Ompz_yT677h2K_6un0DL8LOb6CLdQa_R_IcpDvpwpLKka1ZBMtsCzzEJ8-o_Xc8RzdPWGtvqM-e80inN8i0Juhnb1xiJTICO1ES7HO1PrZ2ekxDpP4VU&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCN1jRGILqYo-IILXG1fAPtc-9qATJntKxXLWY49aTAcCNtwEQASAAYJW6gIKYB4IBF2NhLXB1Yi0yMjA2MDYwMDA4NTI4NTg1oAHVttLqA8gBCakCeN9pECUYsT6oAwGqBM4BT9CrtLzJgipXzGmEBDxTCCXftaaUEAwFixwPFX7Tx3bwEq-Hcv6-4yWS5fkRhyb9GGEI-R4FrGsj6oi8WRqV5uNYr_vof7EMEZsHz-DfvOGVXJxSLtw2HXXDgGD8kUydv2_c-6ESOMHSiosc8blxnuZ4Kbi1lQAbqh9isaz96sut6Fb2R_If7bBGzN8iboJLq5ByseN5ScP20cTEK51V1_eSGqxHd5EMRZ-AFZlvxIHtKzrNjeAT7mhyeTViSLwopqPAPe5NSwhP-5aVUMmABtSgisukm6ijbKAGIagHipixAqgHpr4bqAeW2BuoB6qbsQKoB_-esQKoB9-fsQLYBwDSCA8IgOGAEBABMgKqAjoCgED6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_0q8OOxGP1QVi1G_4yO9rMbcPFvDg%26client%3Dca-pub-2206060008528585%26adurl%3D

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a71fdb2af0679f36edbf63eb7944dc2403c85572d9de916cfcb12bf6277c5c37

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Wed, 03 Aug 2022 14:11:37 GMT
content-encoding: gzip
last-modified: Tue, 11 Feb 2020 14:30:28 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e42ba84-6aa"
strict-transport-security: max-age=31536000; preload;
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sat, 29 Jul 2023 14:11:37 GMT

GET
H2 200 adchoices_de.svg
static.criteo.net/flash/icon/ Frame C339 2 KB
1 KB 13ms
13ms Image
image/svg+xml 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/adchoices_de.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

f5ac04f16be2eb0fbb4477e9e100a88674bda296ce7acf2419ec2898858b37f1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Wed, 03 Aug 2022 14:11:37 GMT
content-encoding: gzip
last-modified: Tue, 11 Feb 2020 14:27:58 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e42b9ee-763"
strict-transport-security: max-age=31536000; preload;
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sat, 29 Jul 2023 14:11:37 GMT

GET
H2 200 close_button.svg
static.criteo.net/flash/icon/ Frame C339 308 B
636 B 13ms
12ms Image
image/svg+xml 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/close_button.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

8ec89605fe3d580e9539c7b858e8f69ba4e26fe06377ebe04585397de23a7395

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Wed, 03 Aug 2022 14:11:37 GMT
last-modified: Fri, 14 Feb 2020 13:51:32 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "5e46a5e4-134"
strict-transport-security: max-age=31536000; preload;
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 308
expires: Sat, 29 Jul 2023 14:11:37 GMT

GET
H2 200 back_button2.svg
static.criteo.net/flash/icon/ Frame C339 293 B
621 B 13ms
13ms Image
image/svg+xml 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/back_button2.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

725e869434fef8013208ed4c233d29744f9b363f867dcfb8f23e862880fa699a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Wed, 03 Aug 2022 14:11:37 GMT
last-modified: Thu, 28 Apr 2022 09:09:48 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "626a59dc-125"
strict-transport-security: max-age=31536000; preload;
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 293
expires: Sat, 29 Jul 2023 14:11:37 GMT

GET
H2 200 lg.php
cat.fr.eu.criteo.com/delivery/ Frame C339 43 B
347 B 20ms
20ms Image
image/gif 178.250.0.160
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cat.fr.eu.criteo.com/delivery/lg.php?cppv=3&cpp=bVIUzfEQXosB4o_DSZQa_qdMyZ6Ng2rnwBKBR6_xYmd7ap8VF8h601QzJRuwirpB0PAgcjFbyPuxEdRWVGGXvdpwNvg7KSP7S8_r6JagC8cAXXON92GsNkV1qp9VpzDFWQKYzFY7WGJvoO43dEHYmfitZrM-siiyB4fV9zsRyqyRrZlXpfVddw1jEsTfznWyg3PHimrbpOl2zpz0Wz41GQBzssA4pXAz6qQyKC4DbC6-rvYJSBGfM5-rotTusgTWWduLQJMcHDNKdTWPfM8JEw_612ZAhFhfXgkuUAGWa-pj-bXHk4Czw92w2wQvcbWIuDUeglE9LlPpK32Mk33h5jMi-g0mitO20ril_OoLe6od-7g1zKYKEkYfQ79NNTBwXrVHSwbEigduuLymZqciczBIcazxiAapoXawHC5RDBhMxgYr

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.0.160 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 03 Aug 2022 14:11:37 GMT
server: Kestrel
strict-transport-security: max-age=31536000; preload;
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
cache-control: no-cache
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 3602377
content-type: image/gif
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2 200 m
secure-gl.imrworldwide.com/cgi-bin/ Frame C339 0
688 B 102ms
101ms Image
text/plain 2600:9000:21f3:a00:1e:a43d:b640:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://secure-gl.imrworldwide.com/cgi-bin/m?ca=nlsn184820&cr=crtve&ce=criteo&pc=criteo_plc0001&ci=nlsnci162&am=3&at=view&rt=banner&st=image&r=1659535896
Requested by: Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=YuqCGAAIBA8IFWM1AA9ntWmlq75-x7qARH8J8A&u=%7CbKGK0upUC9ySDGLT0j%2FB%2BNn%2BtRsE7TH3CFH8WfRvsg4%3D%7C&c1=0n2XosTo5ckbeNFvq0zVIcsyhyT3WKD0PIixkNz--ZUG2JILUkurhSkBmqMNl2IWHL9APLQJ6z2MBXjcXbJi68TGX3bfL3WT03MXv48W6vZSBt_EcmkJPI6rhm8WDPmD7NYd8iBN8t0oS_8-cZam5SxoL7RvVpTTGPEfr5LaxrmYq9jVRQSLtGXBdBRSid4NUCcSI42MkS2ftBOvtW_rh2Oyxxvs2DOPzhhdez1P7xqScA_M7eYgX1-F0N1sgBz3fV2jECDIhhitCyOd5rdWpIE1RsuiKgdv_Zv7hz1pUkKt3yNSDXU2lq0_j8F5xS6h1J6-t79BDXYEbqM_aIubVr5jZAdRl7TUqNWfskGOMMQEhzm3wA-aiu6Ompz_yT677h2K_6un0DL8LOb6CLdQa_R_IcpDvpwpLKka1ZBMtsCzzEJ8-o_Xc8RzdPWGtvqM-e80inN8i0Juhnb1xiJTICO1ES7HO1PrZ2ekxDpP4VU&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCN1jRGILqYo-IILXG1fAPtc-9qATJntKxXLWY49aTAcCNtwEQASAAYJW6gIKYB4IBF2NhLXB1Yi0yMjA2MDYwMDA4NTI4NTg1oAHVttLqA8gBCakCeN9pECUYsT6oAwGqBM4BT9CrtLzJgipXzGmEBDxTCCXftaaUEAwFixwPFX7Tx3bwEq-Hcv6-4yWS5fkRhyb9GGEI-R4FrGsj6oi8WRqV5uNYr_vof7EMEZsHz-DfvOGVXJxSLtw2HXXDgGD8kUydv2_c-6ESOMHSiosc8blxnuZ4Kbi1lQAbqh9isaz96sut6Fb2R_If7bBGzN8iboJLq5ByseN5ScP20cTEK51V1_eSGqxHd5EMRZ-AFZlvxIHtKzrNjeAT7mhyeTViSLwopqPAPe5NSwhP-5aVUMmABtSgisukm6ijbKAGIagHipixAqgHpr4bqAeW2BuoB6qbsQKoB_-esQKoB9-fsQLYBwDSCA8IgOGAEBABMgKqAjoCgED6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_0q8OOxGP1QVi1G_4yO9rMbcPFvDg%26client%3Dca-pub-2206060008528585%26adurl%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:21f3:a00:1e:a43d:b640:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 03 Aug 2022 14:11:37 GMT
via: 1.1 f8fe53d5464b299529d281799da8de30.cloudfront.net (CloudFront)
server: nginx
x-amz-cf-pop: FRA2-C2
access-control-allow-methods: POST, OPTIONS
p3p: P3P policyref="http://secure-gl.imrworldwide.com/w3c/p3p.xml", CP="NOI DSP COR NID PSA ADM OUR IND UNI NAV COM"
access-control-allow-origin: *
cache-control: no-cache
cross-origin-resource-policy: cross-origin
x-cache: Miss from cloudfront
accept-ch: Sec-CH-Save-Data, Sec-CH-DPR, Sec-CH-Width, Sec-CH-Viewport-Width, Sec-CH-Viewport-Height, Sec-CH-Device-Memory, Sec-CH-RTT, Sec-CH-Downlink, Sec-CH-ECT, Sec-CH-Prefers-Color-Scheme, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
content-length: 0
x-amz-cf-id: 383NI3tncnKv2NLcYKoeBoEp4Dwiv0VoxsFJSYI1TALKL6OBMXRP9A==
expires: Thu, 01 Dec 1994 16:00:00 GMT

GET
H2 200 animejs.js Show response
static.criteo.net/animejs/ Frame 773E 12 KB
6 KB 13ms
13ms Script
text/javascript 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/animejs/animejs.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a2e14a498cfcc1b6920f069a9d657ad3c6fbbe217dd26dbfe54815db5107fed6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Wed, 03 Aug 2022 14:11:37 GMT
content-encoding: gzip
last-modified: Tue, 26 Mar 2019 17:44:11 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5c9a64eb-3181"
strict-transport-security: max-age=31536000; preload;
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sat, 29 Jul 2023 14:11:37 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame 773E 5 KB
5 KB 18ms
16ms Image
image/png 178.250.0.139
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.0.139 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

pix.par.vip.prod.criteo.com

Software

Finatra /

Resource Hash

080069b2dce01872cbc2bfcc0b6a2cd9b9a5b9fbb22fc1683ece0cea17aac96f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Wed, 03 Aug 2022 14:11:36 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/png
cache-control: public, max-age=30193679
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
timing-allow-origin: *
content-length: 5106
expires: Wed, 19 Jul 2023 01:19:37 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame 773E 1 KB
1 KB 18ms
17ms Image
image/webp 178.250.0.139
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.0.139 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

pix.par.vip.prod.criteo.com

Software

Finatra /

Resource Hash

e4b58a351151e4da3ebfac8c923fc7c19c7bbbd6696d716a2f3465bf869f1138

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Wed, 03 Aug 2022 14:11:37 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=139068
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
timing-allow-origin: *
content-length: 1266
expires: Fri, 05 Aug 2022 04:49:26 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame 773E 2 KB
2 KB 20ms
19ms Image
image/webp 178.250.0.139
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.0.139 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

pix.par.vip.prod.criteo.com

Software

Finatra /

Resource Hash

b490123c25600d6dfd80373766fe281c96763bebf5d26e2ad47fa3736774eecd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Wed, 03 Aug 2022 14:11:36 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=1480639
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
timing-allow-origin: *
content-length: 1690
expires: Sat, 20 Aug 2022 17:28:56 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame 773E 1 KB
2 KB 20ms
19ms Image
image/png 178.250.0.139
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.0.139 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

pix.par.vip.prod.criteo.com

Software

Finatra /

Resource Hash

1e04cc8c7f4f0ea9326b4de881d5734b2a1f8a96e9b11c11f6a24ff5997d9b18

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Wed, 03 Aug 2022 14:11:37 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/png
cache-control: public, max-age=1728129
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
timing-allow-origin: *
content-length: 1403
expires: Tue, 23 Aug 2022 14:13:47 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame 773E 2 KB
2 KB 20ms
19ms Image
image/webp 178.250.0.139
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.0.139 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

pix.par.vip.prod.criteo.com

Software

Finatra /

Resource Hash

5aeca3b44d1a071a3a4271a080470f383d077f1c0d1298845266e690449e6607

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Wed, 03 Aug 2022 14:11:36 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=838962
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
timing-allow-origin: *
content-length: 1960
expires: Sat, 13 Aug 2022 07:14:20 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame 773E 2 KB
2 KB 20ms
20ms Image
image/webp 178.250.0.139
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.0.139 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

pix.par.vip.prod.criteo.com

Software

Finatra /

Resource Hash

490319aff00a55cfc00d9e24f71f39fc0801858055c62c07bec8fabf2f6e24ff

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Wed, 03 Aug 2022 14:11:36 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=1500897
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
timing-allow-origin: *
content-length: 1584
expires: Sat, 20 Aug 2022 23:06:35 GMT

POST
H2 200 all
csm.eu.criteo.net/ Frame 773E 0
127 B 17ms
17ms Ping
text/plain 178.250.0.162
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://csm.eu.criteo.net/all?cppv=3&cpp=gkpHRAc1bMMbVjXOrk-IfRhJif2iGozYqtbdlltvdUEivv1ijUmyxjZ8eyS7TVAHx8b_qT6g3GQM7q74Xa6No-FDFlpDqGvgSQ7gzL1sb_RYHa5wpInyHCiaIkBQ394bXNDQnepjK2D6Z2X-KZuUAoRnVtwVd_AfT1tJrPKFrCEHEeXSNjP_WMCPBbSRC7T7a4nbxaVuLSBWhLmtlYzwi4msUJEqXoL2gdS5GjU2a4qu4l2_EjsrhKYc1ZZcwvwUYZTH7g&sds=2&rev=82344&sendBeacon=true

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.0.162 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Finatra /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://ads.eu.criteo.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Wed, 03 Aug 2022 14:11:36 GMT
cross-origin-resource-policy: cross-origin
server: Finatra
content-length: 0
strict-transport-security: max-age=31536000; preload;

GET
H2 200 criteo_logo_2021.svg
static.criteo.net/flash/icon/ Frame 773E 2 KB
1 KB 14ms
14ms Image
image/svg+xml 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/criteo_logo_2021.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a0e62ca4a82bef79bbe9dc2aba6c0782a7d8eca046bb1baa30ee91ec37931553

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Wed, 03 Aug 2022 14:11:37 GMT
content-encoding: gzip
last-modified: Thu, 27 May 2021 13:21:59 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"60af9cf7-891"
strict-transport-security: max-age=31536000; preload;
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sat, 29 Jul 2023 14:11:37 GMT

GET
H2 200 privacy.svg
static.criteo.net/flash/icon/ Frame 773E 2 KB
1 KB 23ms
23ms Image
image/svg+xml 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/privacy.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

095c997695f6a290fdba58b778eb0a0fdcdd9c108669e41265527a262223f1e6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Wed, 03 Aug 2022 14:11:37 GMT
content-encoding: gzip
last-modified: Wed, 19 Feb 2020 10:57:21 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e4d1491-646"
strict-transport-security: max-age=31536000; preload;
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sat, 29 Jul 2023 14:11:37 GMT

GET
H3 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame EF42 143 B
163 B 9ms
8ms Document
text/html 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220728/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/html/r20220728/r20110914/zrt_lookup.html?fsb=1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 1945
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=3600
content-encoding: gzip
content-length: 145
content-type: text/html; charset=UTF-8
date: Wed, 03 Aug 2022 13:39:12 GMT
server: cafe
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 animejs.js Show response
static.criteo.net/animejs/ Frame C339 12 KB
6 KB 16ms
13ms Script
text/javascript 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/animejs/animejs.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a2e14a498cfcc1b6920f069a9d657ad3c6fbbe217dd26dbfe54815db5107fed6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Wed, 03 Aug 2022 14:11:37 GMT
content-encoding: gzip
last-modified: Tue, 26 Mar 2019 17:44:11 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5c9a64eb-3181"
strict-transport-security: max-age=31536000; preload;
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sat, 29 Jul 2023 14:11:37 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame C339 1 KB
1 KB 19ms
18ms Image
image/webp 178.250.0.139
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.0.139 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

pix.par.vip.prod.criteo.com

Software

Finatra /

Resource Hash

e4b58a351151e4da3ebfac8c923fc7c19c7bbbd6696d716a2f3465bf869f1138

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Wed, 03 Aug 2022 14:11:37 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=139068
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
timing-allow-origin: *
content-length: 1266
expires: Fri, 05 Aug 2022 04:49:26 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame C339 2 KB
2 KB 18ms
17ms Image
image/webp 178.250.0.139
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.0.139 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

pix.par.vip.prod.criteo.com

Software

Finatra /

Resource Hash

b490123c25600d6dfd80373766fe281c96763bebf5d26e2ad47fa3736774eecd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Wed, 03 Aug 2022 14:11:37 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=1480639
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
timing-allow-origin: *
content-length: 1690
expires: Sat, 20 Aug 2022 17:28:56 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame C339 2 KB
2 KB 17ms
17ms Image
image/webp 178.250.0.139
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.0.139 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

pix.par.vip.prod.criteo.com

Software

Finatra /

Resource Hash

5aeca3b44d1a071a3a4271a080470f383d077f1c0d1298845266e690449e6607

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Wed, 03 Aug 2022 14:11:37 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=838962
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
timing-allow-origin: *
content-length: 1960
expires: Sat, 13 Aug 2022 07:14:20 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame C339 2 KB
2 KB 16ms
16ms Image
image/webp 178.250.0.139
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.0.139 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

pix.par.vip.prod.criteo.com

Software

Finatra /

Resource Hash

490319aff00a55cfc00d9e24f71f39fc0801858055c62c07bec8fabf2f6e24ff

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Wed, 03 Aug 2022 14:11:37 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=1500897
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
timing-allow-origin: *
content-length: 1584
expires: Sat, 20 Aug 2022 23:06:35 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame C339 7 KB
7 KB 19ms
18ms Image
image/png 178.250.0.139
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.eu.criteo.net/img/img?h=244&m=0&partner=2861&q=80&r=0&u=http%3A%2F%2Fstatic.fr.eu.criteo.net%2Fdesign%2Fdt%2F2861%2F190124%2F79f2c646e3f74b54931cff1f39d769d0_blue.png&v=3&w=196&s=YDZD8YNsk-thdpVjdHXSz5nU

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.0.139 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

pix.par.vip.prod.criteo.com

Software

Finatra /

Resource Hash

bfcd7a262745ac2a8520d46dbe261c5db424c001970e9ebe83c440bfb48454f7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Wed, 03 Aug 2022 14:11:37 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/png
cache-control: public, max-age=29011924
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
timing-allow-origin: *
content-length: 6722
expires: Wed, 05 Jul 2023 09:03:42 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame C339 2 KB
2 KB 18ms
18ms Image
image/webp 178.250.0.139
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.eu.criteo.net/img/img?c=3&cq=256&h=800&m=0&partner=2861&q=80&r=0&u=http%3A%2F%2Fwww.stepstone.de%2Fupload_DE%2Flogo%2FA%2FlogoAlfred-Kaercher-GmbH-Co-KG-19483DE.gif%3Feb%3D1&v=3&w=800&s=D-UisKRG_GSDDqy1Ygz-ZOIr&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.0.139 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

pix.par.vip.prod.criteo.com

Software

Finatra /

Resource Hash

a9cef79aa1651fb926232dddd75b1141775c8ab50aba6713ab8bc89bafba606a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Wed, 03 Aug 2022 14:11:37 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=948644
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
timing-allow-origin: *
content-length: 1960
expires: Sun, 14 Aug 2022 13:42:21 GMT

POST
H2 200 all
csm.eu.criteo.net/ Frame C339 0
127 B 16ms
16ms Ping
text/plain 178.250.0.162
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://csm.eu.criteo.net/all?cppv=3&cpp=MQoigAc1bMMbVjXO-ZjtaCt_Od2Rf5hSfWwJLRza9zvIsAVeocusMqzmPbtyxKVpn4IsWnWoIqChzEd2Rc_Dn0FIW83nmA1i31Zy9UjMM9AW2sq-Al1LJGa8Jl1Kb_vkxC09zy_s3ZtY708CwvJW2Q3WcjWaeQXUhqA2-fGpbbcW76lwDeg_oFvKTJhFtavKXHWJr04OhXCHXyjadpVDff8TpNQRhmO8muaUZMgoO1jNA3anODMdA0MzMKETHse0EwCgdQ&sds=2&rev=82250&sendBeacon=true

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.0.162 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Finatra /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://ads.eu.criteo.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Wed, 03 Aug 2022 14:11:36 GMT
cross-origin-resource-policy: cross-origin
server: Finatra
content-length: 0
strict-transport-security: max-age=31536000; preload;

GET
H2 200 criteo_logo_2021.svg
static.criteo.net/flash/icon/ Frame C339 2 KB
1 KB 15ms
14ms Image
image/svg+xml 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/criteo_logo_2021.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a0e62ca4a82bef79bbe9dc2aba6c0782a7d8eca046bb1baa30ee91ec37931553

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Wed, 03 Aug 2022 14:11:37 GMT
content-encoding: gzip
last-modified: Thu, 27 May 2021 13:21:59 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"60af9cf7-891"
strict-transport-security: max-age=31536000; preload;
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sat, 29 Jul 2023 14:11:37 GMT

GET
H2 200 privacy.svg
static.criteo.net/flash/icon/ Frame C339 2 KB
1 KB 13ms
13ms Image
image/svg+xml 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/privacy.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

095c997695f6a290fdba58b778eb0a0fdcdd9c108669e41265527a262223f1e6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Wed, 03 Aug 2022 14:11:37 GMT
content-encoding: gzip
last-modified: Wed, 19 Feb 2020 10:57:21 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e4d1491-646"
strict-transport-security: max-age=31536000; preload;
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sat, 29 Jul 2023 14:11:37 GMT

GET
H3

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame EF42
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
17 B

39ms
39ms

Document
text/html

2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220728/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
date: Wed, 03 Aug 2022 14:11:37 GMT
expires: Wed, 03 Aug 2022 14:11:37 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
date: Wed, 03 Aug 2022 14:11:37 GMT
location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
server: cafe
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 4JAIKwid8f35vx5JMDPHWQJTURDOey7UpTPwaznZUPM.js Show response
pagead2.googlesyndication.com/bg/ Frame BE98 36 KB
14 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/4JAIKwid8f35vx5JMDPHWQJTURDOey7UpTPwaznZUPM.js

Requested by

Host: link.downloadr.in
URL: https://link.downloadr.in/bRM2sN

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e090082b089df1fdf9bf1e493033c75902535110ce7b2ed4a533f06b39d950f3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Mon, 01 Aug 2022 10:47:40 GMT
content-encoding: br
x-content-type-options: nosniff
age: 185037
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13903
x-xss-protection: 0
last-modified: Tue, 19 Jul 2022 12:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 01 Aug 2023 10:47:40 GMT

OPTIONS
H2 200 custom
pseepsie.com/ Frame 0
0 13ms
12ms Preflight
text/plain 139.45.197.250
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://pseepsie.com/custom
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 139.45.197.250 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://link.downloadr.in
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: https://link.downloadr.in
access-control-max-age: 86400
content-length: 0
content-type: text/plain; charset=utf-8
date: Wed, 03 Aug 2022 14:11:37 GMT
server: nginx

POST
H2 200 custom Show response
pseepsie.com/ 39 B
327 B 18ms
18ms Fetch
application/json 139.45.197.250
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://pseepsie.com/custom

Requested by

Host: link.downloadr.in
URL: https://link.downloadr.in/bRM2sN

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

139.45.197.250 , United Kingdom, ASN9002 (RETN-AS, GB),

Reverse DNS

Software

nginx /

Resource Hash

ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

Referer: https://link.downloadr.in/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type: application/json

Response headers

x-trace-id: 97d84d9627c4c819f1e418e40a7ac7a3
date: Wed, 03 Aug 2022 14:11:37 GMT
x-content-type-options: nosniff
server: nginx
strict-transport-security: max-age=1
content-type: application/json; charset=utf-8
access-control-allow-origin: https://link.downloadr.in
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
content-length: 39

GET
H2 200 gid.js Show response
my.rtmark.net/ 65 B
545 B 14ms
13ms Fetch
application/json 139.45.195.8
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://my.rtmark.net/gid.js?pub=0&userId=ac49c64a0f0348c7a4123cd97ebf2954&zoneId=5220162&checkDuplicate=true&ymid=&var=

Requested by

Host: link.downloadr.in
URL: https://link.downloadr.in/bRM2sN

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

139.45.195.8 , United Kingdom, ASN9002 (RETN-AS, GB),

Reverse DNS

Software

nginx /

Resource Hash

1140ec4babe578100549a15eaac1e070fd7e7fc2670017040d4a8d7e7d8c4f9c

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://link.downloadr.in/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Wed, 03 Aug 2022 14:11:37 GMT
x-content-type-options: nosniff
server: nginx
strict-transport-security: max-age=1
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
content-type: application/json; charset=utf-8
access-control-allow-origin: https://link.downloadr.in
access-control-expose-headers: Authorization
access-control-allow-credentials: true
timing-allow-origin: *, *
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
content-length: 65

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 38E1 42 B
64 B 41ms
41ms Fetch
image/gif 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjst0_DNWZXp11bIC67Agi-GoC9MfKUdVc4yDghZ1UsJxEiMbSEzxqJYFdPHdQr9J1OPEXq8xEtOMAlv-qxFtyDzcIiNp&sig=Cg0ArKJSzFRKv185yRrhEAE&id=lidar2&mcvt=1019&p=0,0,280,728&mtos=1019,1019,1019,1019,1019&tos=1019,0,0,0,0&v=20220801&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=3406233744&rs=2&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0%3D&vs=4&r=v&rst=1659535896488&rpt=691&met=ie&wmsd=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 03 Aug 2022 14:11:38 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame E41A 42 B
64 B 42ms
42ms Fetch
image/gif 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsuUf9o8J8sOFpvBJCGMGmQ7srsP5V_zp82I-3A27F-ESoiE4Jr5gho1WGaXHmU4yQdXp4E1KT7D5FLqdSGIBmPQ2V8&sig=Cg0ArKJSzD30Ri9WcyrCEAE&id=lidar2&mcvt=1029&p=0,0,280,728&mtos=1029,1029,1029,1029,1029&tos=1029,0,0,0,0&v=20220801&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=3406233744&rs=2&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0%3D&vs=4&r=v&rst=1659535896493&rpt=758&met=ie&wmsd=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 03 Aug 2022 14:11:38 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 event Show response
pseepsie.com/ 94 B
382 B 15ms
14ms Fetch
application/json 139.45.197.250
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://pseepsie.com/event

Requested by

Host: link.downloadr.in
URL: https://link.downloadr.in/bRM2sN

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

139.45.197.250 , United Kingdom, ASN9002 (RETN-AS, GB),

Reverse DNS

Software

nginx /

Resource Hash

2577e17c95522b52649053d471b22bbbdf5f84b966850ff87c84f62481c94f8d

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

Referer: https://link.downloadr.in/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type: application/json

Response headers

x-trace-id: 504e6dce7b142f32007b2befc5bf6030
date: Wed, 03 Aug 2022 14:11:38 GMT
x-content-type-options: nosniff
server: nginx
strict-transport-security: max-age=1
content-type: application/json; charset=utf-8
access-control-allow-origin: https://link.downloadr.in
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
content-length: 94

OPTIONS
H2 200 event
pseepsie.com/ Frame 0
0 13ms
12ms Preflight
text/plain 139.45.197.250
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://pseepsie.com/event
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 139.45.197.250 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://link.downloadr.in
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: https://link.downloadr.in
access-control-max-age: 86400
content-length: 0
content-type: text/plain; charset=utf-8
date: Wed, 03 Aug 2022 14:11:38 GMT
server: nginx

POST
H2 200 all
csm.eu.criteo.net/ Frame 9BBC 0
127 B 16ms
16ms Ping
text/plain 178.250.0.162
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.0.162 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Finatra /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://ads.eu.criteo.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Wed, 03 Aug 2022 14:11:37 GMT
cross-origin-resource-policy: cross-origin
server: Finatra
content-length: 0
strict-transport-security: max-age=31536000; preload;

POST
H2 200 all
csm.eu.criteo.net/ Frame 773E 0
127 B 17ms
16ms Ping
text/plain 178.250.0.162
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.0.162 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Finatra /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://ads.eu.criteo.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Wed, 03 Aug 2022 14:11:37 GMT
cross-origin-resource-policy: cross-origin
server: Finatra
content-length: 0
strict-transport-security: max-age=31536000; preload;

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 63CA 42 B
64 B 41ms
41ms Fetch
image/gif 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvup37n_AgVkeg_1At6ABTeHn2_o0yqG5ccWJWqZJW1Pk0aenolNH0p7eyNDpZtTt2VxcqMvIY02CaxO2b35GoZEx8d&sig=Cg0ArKJSzEzFw0Nxd8rjEAE&id=lidar2&mcvt=1029&p=0,0,124,1005&mtos=117,800,1029,1127,1238&tos=117,683,229,98,111&v=20220801&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=1812271801&rs=2&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0%3D&vs=4&r=v&rst=1659535897204&rpt=187&met=ie&wmsd=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 03 Aug 2022 14:11:38 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 all
csm.eu.criteo.net/ Frame C339 0
127 B 16ms
16ms Ping
text/plain 178.250.0.162
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.0.162 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Finatra /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://ads.eu.criteo.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Wed, 03 Aug 2022 14:11:39 GMT
cross-origin-resource-policy: cross-origin
server: Finatra
content-length: 0
strict-transport-security: max-age=31536000; preload;

Verdicts & Comments Add Verdict or Comment

109 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

19 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
tovanillitechan.com/42	1970-01-20 13:44:31	Name: OAID Value: 696664fc666044e086dde99fe3266729
tovanillitechan.com/42	1970-01-20 13:44:31	Name: oaidts Value: 1659535896
link.downloadr.in/	1969-12-31 23:59:59	Name: AppSession Value: 5co54cnrnqn4mf4shhl23cni4k
link.downloadr.in/	1969-12-31 23:59:59	Name: csrfToken Value: 10f9be8003b351fe342bef2873560004259497e79b8688cd5305d57a07c60516db40089816019abf2b966c79355b21e6180529cff6512a23abf20b9a91c52bea
link.downloadr.in/	1970-01-20 04:58:56	Name: refbRM2sN Value: MzQ5MDc3ODQ4OWY0Y2JkMDdhZmNkMzczYjY4YmM2MDMxY2NmYWUwYTE4YWNhOTMyZDNkZmM4NDI2NGY0OWNiYtfgR4UpT6SsQyHLqrb165z5CLAQBSbq9R9XcjWyPu7e
link.downloadr.in/	1969-12-31 23:59:59	Name: ab Value: 2
bedrapiona.com/	1970-01-20 13:44:31	Name: OAID Value: 3bcdb8a81111453197948c100c1db52f
bedrapiona.com/	1970-01-20 13:44:31	Name: oaidts Value: 1659535896
.downloadr.in/	1970-01-20 14:20:31	Name: __gads Value: ID=826ad5ce81b7eebb-220d2a4be2cd007e:T=1659535896:RT=1659535896:S=ALNI_Ma_zOStAUsdrOKIZz97jW7NOADKdw
tovanillitechan.com/	1970-01-20 13:44:31	Name: scm Value: 1
tovanillitechan.com/	1970-01-20 13:44:31	Name: oaidts Value: 1659535896
my.rtmark.net/	1970-01-20 13:44:31	Name: ID Value: 3bcdb8a81111453197948c100c1db52f
link.downloadr.in/	1970-01-20 04:58:56	Name: prefetchAd_5220163 Value: true
onmarshtompor.com/	1970-01-20 13:44:31	Name: OAID Value: 3bcdb8a81111453197948c100c1db52f
onmarshtompor.com/	1970-01-20 13:44:31	Name: oaidts Value: 1659535896
onmarshtompor.com/	1970-01-20 05:09:00	Name: syncedCookie Value: true
tovanillitechan.com/	1970-01-20 13:44:31	Name: OAID Value: 3bcdb8a81111453197948c100c1db52f
.doubleclick.net/	1970-01-20 14:20:31	Name: IDE Value: AHWqTUkXbIaT1LAQ90-kUnejkFqIkI1ImNbklDi3N1TWdVRTCpn6-rpaS2wIXqolv-Q
.doubleclick.net/	1970-01-20 04:58:59	Name: DSID Value: NO_DATA

4 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	error	URL: https://link.downloadr.in/bRM2sN Message: Refused to execute script from 'https://dozubatan.com/400/5220160' because its MIME type ('') is not executable, and strict MIME type checking is enabled.
other	warning	URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2206060008528585&output=html&h=280&slotname=1565748402&adk=3406233744&adf=1715028348&pi=t.ma~as.1565748402&w=728&fwrn=4&fwrnh=100&lmt=1659535896&rafmt=1&psa=0&format=728x280&url=https%3A%2F%2Flink.downloadr.in%2FbRM2sN&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1659535896370&bpp=2&bdt=213&idt=110&shv=r20220728&mjsv=m202207280101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=7342178961261&frm=20&pv=1&ga_vid=1909549036.1659535896&ga_sid=1659535896&ga_hid=892286789&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=436&ady=165&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C44763505%2C31067984%2C31068651%2C21066434%2C42531606%2C44764001%2C21065725&oid=2&pvsid=1414660626252312&tmod=1062838501&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=C2Mlx8wrP1&p=https%3A//link.downloadr.in&dtd=117 Message: Origin trial controlled feature not enabled: 'attribution-reporting'.
network	error	URL: https://link.downloadr.in/sw.js Message: Failed to load resource: the server responded with a status of 404 ()
network	error	Message: A bad HTTP response code (404) was received when fetching the script.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN, SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ad.a-ads.com
ads.eu.criteo.com
adservice.google.com
adservice.google.de
bedrapiona.com
cat.fr.eu.criteo.com
csm.eu.criteo.net
dozubatan.com
fonts.googleapis.com
fonts.gstatic.com
googleads.g.doubleclick.net
inklinkor.com
interstitial-08.com
link.downloadr.in
littlecdn.com
my.rtmark.net
onmarshtompor.com
pagead2.googlesyndication.com
partner.googleadservices.com
pix.eu.criteo.net
pseepsie.com
rtb.fr.eu.criteo.com
secure-gl.imrworldwide.com
static.a-ads.com
static.criteo.net
tovanillitechan.com
tpc.googlesyndication.com
unphionetor.com
www.google.com
www.googletagservices.com
www.gstatic.com
www.recaptcha.net
139.45.195.8
139.45.197.151
139.45.197.234
139.45.197.236
139.45.197.237
139.45.197.239
139.45.197.243
139.45.197.250
142.250.184.226
148.251.53.118
178.250.0.139
178.250.0.160
178.250.0.162
2600:9000:21f3:a00:1e:a43d:b640:93a1
2606:4700:10::6816:1974
2606:4700:3030::ac43:d31d
2606:4700:3031::6815:2660
2a00:1450:4001:801::2003
2a00:1450:4001:802::2002
2a00:1450:4001:809::2002
2a00:1450:4001:809::2003
2a00:1450:4001:812::2003
2a00:1450:4001:813::2002
2a00:1450:4001:827::2004
2a00:1450:4001:828::2002
2a00:1450:4001:829::2001
2a00:1450:4001:831::2002
2a00:1450:400e:80d::200a
2a02:2638:1::3
2a02:2638::2
2a02:2638::b
01a91cef52f9849703fb84a945f9fb51b9debf7ac36730043d097c3865550e8c
080069b2dce01872cbc2bfcc0b6a2cd9b9a5b9fbb22fc1683ece0cea17aac96f
08664859baab5ed98f0bf818ed77e38464ff1826dc6406d5ecbd651409afbd92
095c997695f6a290fdba58b778eb0a0fdcdd9c108669e41265527a262223f1e6
0f467a48a494f7f63968707dc43785b728d0c17f93c12937c1e5b12798f3a98a
10f5ee11abbd202ba16c25576a989ecf99017094fb7b811bc5194317b9588cae
1140ec4babe578100549a15eaac1e070fd7e7fc2670017040d4a8d7e7d8c4f9c
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
1e04cc8c7f4f0ea9326b4de881d5734b2a1f8a96e9b11c11f6a24ff5997d9b18
211bfdb2e1d99893654a9d4b78c39095fcb2e0d8dd0ed06f6e454c9183ae25bc
2577e17c95522b52649053d471b22bbbdf5f84b966850ff87c84f62481c94f8d
26d1c4a2c55379aa0e45cdb36eb9f338d33281156167a61dafd6a82932622995
29e8794f0c549c0aabbc0a4ec71e48bc19360ceb25f164ad40ea69d9850e58e5
2ab2d558d4346c9247e434f988e2765f2fab321557bb71b08e95c7fbe4fd631b
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe
353c13ccdc708d12239e22c607f51af32ae99329fce62e9cad86938dcc86f595
3702f9c1ff6fb34633428ad1896c6494413221d09d787647d65b7bb8aa9883a2
3cf32ef78548077dcdf9de752356cd75705c5c788dbd4a36dae4a3a956a32fce
3ef0ac3809f5aacada358d6070cab7f6e7c0d21afcb59400331d6a52f4db8686
43a91fb2b4eb442eb26e7947d572209da15de6fc4f1ab6f61ed018c6555055ce
450dbea06b85c093a36f6a27ff8b1ed8c049f877207c9e2cf60eb603c2fa8651
490319aff00a55cfc00d9e24f71f39fc0801858055c62c07bec8fabf2f6e24ff
4c44b7ac3b0fb4895714ee8a35ed0a452b849df7759ee470ed8a7455ed15270f
4cf6f3dffbc65f9231255bf31f40ddc84a45bc57428b41d6786afc7153b90b7a
4d45982f2dc34f36c9045ee46a75a1943666bb7fd64e103cac8c7429e7012840
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
5584f6379ea42d127db217b68954db2c34ff6748da142b4397209baa6db7a65f
558debd1d34e4487b6ba37565784bbb7f3d7849504f0d355b14f344ef2077fa4
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
55c72f42fc6ee2c502a5f86fe215690719ce746f383ec8551af1f1fb66252b2e
574ed0467392f0d91d140cdbb5c7e38c8b2aa22731de61c50b9b5bfe01e13daf
5aeca3b44d1a071a3a4271a080470f383d077f1c0d1298845266e690449e6607
5c4a713ee4250851232be9f9f68d41586be39b299528cfc7266e0b0e7e582e1b
5e5ee07c0b9aebe4b9fe10f351068879e9046771eaae0fecc0d06a320e75d472
5ebb8eb961d4bdebbc827531d64e66a6d4d2bbe8ca03029648c58313df8813b0
5ef043454b128260dda530a42312fbb985505034036cd3f3ea23cfe324a7905b
607922c6812cab13ed96e086d94d82b1755aaeeaa8a94e6496129e0ec8e24c1b
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
63f77a19278bb4839222a13521b55fde34d5633a73cc82260d33b65aab5ec822
6d2847d8eeb8e7f8d608718b3714e86101ce51b1967f7e8587a00a26da62c70c
725e869434fef8013208ed4c233d29744f9b363f867dcfb8f23e862880fa699a
74d9ee5df6f12c1e360250d4a0823cc8f142acc9e6ccd856ed6658628a454d56
7a83dde0ee9f06593519e9556f86281d967a2b64a7c7903b56575b53935ce2a6
8344985004461fcc2cccc0620682c7435a8bcda70fe35904fb821103adf9ea83
871975b8040629c7b43de81b1a0878f40991ec2f49caddd6441b5d1f8322aeed
89d93e12a15f6a5d57b5f8aca8bd1e6984dc4c8c5dec7840a8c8e8c8274c1568
8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14
8ec89605fe3d580e9539c7b858e8f69ba4e26fe06377ebe04585397de23a7395
900d6b8470553275027f7ec5acb385c06c962bddd104add0d68114aa02ddcb11
918b7dc3e2e2d015c16ce08b57bcb64d2253bafc1707658f361e72865498e537
92aaa12adb4161114f57fe1c38584f80895525c642d8778be4d5b2d68fcab715
981c0bff12cb03203363a70e8ffe9b7fdf4af3b0b10c7a02a639eb13327574c0
98c6d66c8ac18d05de099e68180adba6b6e43aafce6a60cdbda25bcf0c6c8c4f
99f230fe4900287e9414edcb341eeb4b6c6ab9339c1c4ed163be8ecd55d39f94
9d807c16e2160c2660ffd43bf8b8bc54eb39ecd044e823209c0ade70db965d5a
a0319a0b75558303ee14a9d90af0769cd778b155206a96f14aad796c9454a454
a0e62ca4a82bef79bbe9dc2aba6c0782a7d8eca046bb1baa30ee91ec37931553
a2e14a498cfcc1b6920f069a9d657ad3c6fbbe217dd26dbfe54815db5107fed6
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a71fdb2af0679f36edbf63eb7944dc2403c85572d9de916cfcb12bf6277c5c37
a9cef79aa1651fb926232dddd75b1141775c8ab50aba6713ab8bc89bafba606a
acc59f9b5fce9cdc25d3dc8ca8011fe8bf3e07ca3d24440fa26b221c57ffd499
b338f2e5619ec54ea8ea9fc24c3e814f74e7109c5f5e986088e00af67aaad9ec
b490123c25600d6dfd80373766fe281c96763bebf5d26e2ad47fa3736774eecd
b9025ab669f2def2515321685f698025933424ea4db342ffcb5b709aa740cde7
bb4ce10037297a6d510bec9b131a360e9ffb3ce209035426cee179d2580182b4
bbbc36c2d70624097d16f07161759d08c5265ad65babff57651f28f7327efb97
bcca11a8b3798c01fdfe7187d74a3fe05c4bff9bf9f0b6920d02773678362b6d
be88718a0eb175ebc4385600fe4168853a2ba705d814d2f9887ca7aa8cbd9238
bfcd7a262745ac2a8520d46dbe261c5db424c001970e9ebe83c440bfb48454f7
c2777526a216d9692dd29697ebee7836fe8ae65f3a290faa20b75b64c0625205
c447dd7677b419db7b21dbdfc6277c7816a913ffda76fd2e52702df538de0e49
ca227298618d3157fd25b931f687dfe8b2ebeb7be14979961f2241488f133e7b
ccf00d1923b0131a10e0c6d26f95e5dee6ebf8621a27e83c5a2f68a2e0093142
d12ec824a66b6ad652e1cf0952853b6ba3053dd76a84bbcf4bdb3c055e411c78
d1eb8cf889202f439bb6bd1a03049b2e71953c7c0a5aadddde498cbea9bcadac
d4a8d14f34fb8740b9acb5123e475eaae20d83907e0e14dd267d63e93e7f82da
dd2905300b0da856aa3dc439fb2a8a8103c3ff88a8e4619b7ce8504904665915
de317176fa6b64a8e89bbd45d20b6be2560bbfa96e7e53e63eb754e18bfe6c1f
e090082b089df1fdf9bf1e493033c75902535110ce7b2ed4a533f06b39d950f3
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e4b58a351151e4da3ebfac8c923fc7c19c7bbbd6696d716a2f3465bf869f1138
eab293839fb2aa5cfda5c6861bef235adf8127e9b7491caca48dc961a61d9b03
eb3857a2e78464274e41275080b07a939446088f9811ea004cf1a2cfbffe6506
ec11f019a476068be4b56f9ae0baf42380f503deef6c828bea6c86762b35e2fb
ee16f3ddf9a9263254797764cbefb769d06e772345ccf658d13951a64318af34
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f5ac04f16be2eb0fbb4477e9e100a88674bda296ce7acf2419ec2898858b37f1
f710c2b11df9cadcb3a6d25a9dc8306172c04ff1d2fa8d96d4019d70833f695d
ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881

link.downloadr.in Open in urlscan Pro 2606:4700:3031::6815:2660 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

161 Requests

100 %HTTPS

58 %IPv6

24 Domains

32 Subdomains

32 IPs

5 Countries

2535 kBTransfer

5162 kBSize

19 Cookies

1 Outgoing links

Page URL History

Redirected requests

161 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 4 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

link.downloadr.in Open in urlscan Pro
2606:4700:3031::6815:2660 Public Scan

Screenshot
Live screenshot

Full Image

161
Requests

100 %
HTTPS

58 %
IPv6

24
Domains

32
Subdomains

32
IPs

5
Countries

2535 kB
Transfer

5162 kB
Size

19
Cookies

161 HTTP transactions
4 data transactions