nets4.com Open in urlscan Pro
2a06:98c1:3121::7 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://nets4.com/domain/1800victims.org
Submission: On April 01 via api (April 1st 2022, 5:46:02 pm UTC) from US — Scanned from DE

Summary HTTP 254 Redirects Links 15 Behaviour Indicators

Summary

This website contacted 52 IPs in 10 countries across 41 domains to perform 254 HTTP transactions. The main IP is 2a06:98c1:3121::7, located in United States and belongs to CLOUDFLARENET, US. The main domain is nets4.com. The Cisco Umbrella rank of the primary domain is 406603.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on March 29th 2022. Valid for: a year.

This is the only time nets4.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
35	2a06:98c1:312... 2a06:98c1:3121::7	13335 (CLOUDFLAR...) (CLOUDFLARENET)
11	2606:4700::68... 2606:4700::6810:125e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	99.86.7.102 99.86.7.102	16509 (AMAZON-02) (AMAZON-02)
25	34.227.128.233 34.227.128.233	14618 (AMAZON-AES) (AMAZON-AES)
9	2a00:1450:400... 2a00:1450:4001:830::2004	15169 (GOOGLE) (GOOGLE)
1	2606:4700:440... 2606:4700:440e::ac40:9c1a	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2a00:1450:400... 2a00:1450:4001:830::200e	15169 (GOOGLE) (GOOGLE)
1	2620:1ec:27::... 2620:1ec:27::cafe:1377	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
5	40.76.174.66 40.76.174.66	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
2	2606:4700:10:... 2606:4700:10::6816:46c5	13335 (CLOUDFLAR...) (CLOUDFLARENET)
6	2a04:4e42::649 2a04:4e42::649	54113 (FASTLY) (FASTLY)
2	2a04:4e42:600... 2a04:4e42:600::649	54113 (FASTLY) (FASTLY)
1 2	52.142.114.2 52.142.114.2	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1 1	2620:1ec:c11:... 2620:1ec:c11::200	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
5	2a00:1450:400... 2a00:1450:4001:803::2003	15169 (GOOGLE) (GOOGLE)
3	2606:4700:440... 2606:4700:440e::6812:2fe6	13335 (CLOUDFLAR...) (CLOUDFLARENET)
13	142.250.186.130 142.250.186.130	15169 (GOOGLE) (GOOGLE)
2 4	104.18.17.65 104.18.17.65	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2a00:1450:400... 2a00:1450:4001:810::200a	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:80e::2002	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:80f::2002	15169 (GOOGLE) (GOOGLE)
24	2a00:1450:400... 2a00:1450:4001:827::2002	15169 (GOOGLE) (GOOGLE)
7	2a00:1450:400... 2a00:1450:4001:827::2001	15169 (GOOGLE) (GOOGLE)
22	2a00:1450:400... 2a00:1450:4001:808::2001	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:829::2003	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:828::2002	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:401... 2a00:1450:4014:80e::2002	15169 (GOOGLE) (GOOGLE)
2	142.250.185.194 142.250.185.194	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:827::2006	15169 (GOOGLE) (GOOGLE)
1	2.22.34.3 2.22.34.3	16625 (AKAMAI-AS) (AKAMAI-AS)
2	64.202.112.159 64.202.112.159	22075 (AS-OUTBRAIN) (AS-OUTBRAIN)
6 15	172.217.23.98 172.217.23.98	15169 (GOOGLE) (GOOGLE)
4 8	104.102.29.65 104.102.29.65	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
3 5	37.252.172.36 37.252.172.36	29990 (ASN-APPNEX) (ASN-APPNEX)
4	46.4.10.49 46.4.10.49	24940 (HETZNER-AS) (HETZNER-AS)
1	2a02:2638::2 2a02:2638::2	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1	2a02:2638:1::4 2a02:2638:1::4	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1	2a02:fa8:8806... 2a02:fa8:8806:13::1400	41041 (VCLK-EU-SE) (VCLK-EU-SE)
1 1	85.114.159.93 85.114.159.93	24961 (MYLOC-AS ...) (MYLOC-AS IP Backbone of myLoc managed IT AG)
1 1	69.173.144.139 69.173.144.139	26667 (RUBICONPR...) (RUBICONPROJECT)
2 2	213.19.147.45 213.19.147.45	3356 (LEVEL3) (LEVEL3)
1 4	78.46.23.46 78.46.23.46	24940 (HETZNER-AS) (HETZNER-AS)
1 2	2606:4700::68... 2606:4700::6812:c05	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 1	169.50.137.184 169.50.137.184	36351 (SOFTLAYER) (SOFTLAYER)
1	66.155.71.149 66.155.71.149	13768 (COGECO-PEER1) (COGECO-PEER1)
3 3	18.185.246.45 18.185.246.45	16509 (AMAZON-02) (AMAZON-02)
2 2	35.210.53.219 35.210.53.219	19527 (GOOGLE-2) (GOOGLE-2)
7	2a02:2638:1::3 2a02:2638:1::3	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1	2600:9000:206... 2600:9000:206f:6600:1e:a43d:b640:93a1	16509 (AMAZON-02) (AMAZON-02)
1	178.250.2.148 178.250.2.148	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1	178.250.0.139 178.250.0.139	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
2	178.250.0.162 178.250.0.162	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
2 2	145.239.193.130 145.239.193.130	16276 (OVH) (OVH)
1	88.198.250.30 88.198.250.30	24940 (HETZNER-AS) (HETZNER-AS)
1 2	104.92.94.3 104.92.94.3	16625 (AKAMAI-AS) (AKAMAI-AS)
1 1	85.239.105.10 85.239.105.10	16097 (HLKOMM 04...) (HLKOMM 04107 Leipzig)
5	2606:4700::68... 2606:4700::6813:ba79	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	54.76.176.197 54.76.176.197	16509 (AMAZON-02) (AMAZON-02)
1	2606:4700::68... 2606:4700::6810:cc16	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	108.128.44.193 108.128.44.193	16509 (AMAZON-02) (AMAZON-02)
254	52

35 2a06:98c1:3121::7 (United States)

ASN13335 (CLOUDFLARENET, US)

nets4.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
img.nets4.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
s0.nets4.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 2606:4700::6810:125e (United States)

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 99.86.7.102 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-99-86-7-102.fra6.r.cloudfront.net

cdn.purpleads.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

25 34.227.128.233 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-227-128-233.compute-1.amazonaws.com

api.purpleads.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2a00:1450:4001:830::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:440e::ac40:9c1a (United States)

ASN13335 (CLOUDFLARENET, US)

static.cloudflareinsights.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:830::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:1ec:27::cafe:1377 (United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

www.clarity.ms	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 40.76.174.66 (Tappahannock, United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

d.clarity.ms	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700:10::6816:46c5 (United States)

ASN13335 (CLOUDFLARENET, US)

static.addtoany.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a04:4e42::649 (United States)

ASN54113 (FASTLY, US)

a.tile.openstreetmap.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
c.tile.openstreetmap.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a04:4e42:600::649 (United States)

ASN54113 (FASTLY, US)

b.tile.openstreetmap.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.142.114.2 (Dublin, Ireland) 1 redirects

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

c.clarity.ms	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:1ec:c11::200 (United States) 1 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

c.bing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:803::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700:440e::6812:2fe6 (United States)

ASN13335 (CLOUDFLARENET, US)

cloudflareinsights.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
static.cloudflareinsights.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 142.250.186.130 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s07-in-f2.1e100.net

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 104.18.17.65 (None, ) 2 redirects

ASN13335 (CLOUDFLARENET, US)

c.adskeeper.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
s-img.adskeeper.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:810::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:80e::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:80f::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

24 2a00:1450:4001:827::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a00:1450:4001:827::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

deed42aff4ff1675ae0a2ca3fb3a7eb8.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
56591f2fb35485a454aea223b764c8fb.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
e1f9c77bf5a35643b4bd056e089e3ef5.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
05e677a25dfd6c4f47b6a28676ce2f35.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

22 2a00:1450:4001:808::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:829::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:828::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4014:80e::2002 (Ireland)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.185.194 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s52-in-f2.1e100.net

googleads4.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:827::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

s0.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2.22.34.3 (Milan, Italy)

ASN16625 (AKAMAI-AS, US)
PTR: a2-22-34-3.deploy.static.akamaitechnologies.com

images.outbrainimg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 64.202.112.159 (Leesburg, United States)

ASN22075 (AS-OUTBRAIN, US)
PTR: ny.outbrain.com

log.outbrainimg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

15 172.217.23.98 (United States) 6 redirects

ASN15169 (GOOGLE, US)
PTR: fra16s45-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 104.102.29.65 (Milan, Italy) 4 redirects

ASN20940 (AKAMAI-ASN1, NL)
PTR: a104-102-29-65.deploy.static.akamaitechnologies.com

dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 37.252.172.36 (Frankfurt am Main, Germany) 3 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 692.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 46.4.10.49 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.49.10.4.46.clients.your-server.de

hal9000.redintelligence.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:2638::2 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

rtb.fr.eu.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:2638:1::4 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

ads.eu.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:fa8:8806:13::1400 (Singapore)

ASN41041 (VCLK-EU-SE, US)

dclk-match.dotomi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 85.114.159.93 (Rheinfelden, Germany) 1 redirects

ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE)
PTR: dsp.adfarm1.adition.com

dsp.adfarm1.adition.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 69.173.144.139 (Frankfurt am Main, Germany) 1 redirects

ASN26667 (RUBICONPROJECT, US)

pixel.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 213.19.147.45 (Utrecht, Netherlands) 2 redirects

ASN3356 (LEVEL3, US)

sync.1rx.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 78.46.23.46 (Germany) 1 redirects

ASN24940 (HETZNER-AS, DE)
PTR: static.46.23.46.78.clients.your-server.de

hal900023.redintelligence.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6812:c05 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

a.tribalfusion.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
s.tribalfusion.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 169.50.137.184 (United States) 1 redirects

ASN36351 (SOFTLAYER, US)
PTR: b8.89.32a9.ip4.static.sl-reverse.com

um.simpli.fi	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 66.155.71.149 (Portsmouth, United Kingdom)

ASN13768 (COGECO-PEER1, CA)

pixel-sync.sitescout.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 18.185.246.45 (Frankfurt am Main, Germany) 3 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-18-185-246-45.eu-central-1.compute.amazonaws.com

x.bidswitch.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.210.53.219 (Brussels, Belgium) 2 redirects

ASN19527 (GOOGLE-2, US)
PTR: 219.53.210.35.bc.googleusercontent.com

pool.admedo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a02:2638:1::3 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

static.criteo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:206f:6600:1e:a43d:b640:93a1 (United States)

ASN16509 (AMAZON-02, US)

secure-gl.imrworldwide.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 178.250.2.148 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

cat.nl.eu.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 178.250.0.139 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)
PTR: pix.par.vip.prod.criteo.com

pix.eu.criteo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 178.250.0.162 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

csm.eu.criteo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 145.239.193.130 (France) 2 redirects

ASN16276 (OVH, FR)

pv.medialead.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 88.198.250.30 (Hamburg, Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.88-198-250-30.clients.your-server.de

pb.media01.eu	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.92.94.3 (Frankfurt am Main, Germany) 1 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a104-92-94-3.deploy.static.akamaitechnologies.com

www.awin1.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 85.239.105.10 (Leipzig, Germany) 1 redirects

ASN16097 (HLKOMM 04107 Leipzig, DE)

trf.greatviews.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2606:4700::6813:ba79 (United States)

ASN13335 (CLOUDFLARENET, US)

singles.parship.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.76.176.197 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-76-176-197.eu-west-1.compute.amazonaws.com

ad-server.eu	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:cc16 (United States)

ASN13335 (CLOUDFLARENET, US)

eum.instana.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 108.128.44.193 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-108-128-44-193.eu-west-1.compute.amazonaws.com

eum-eu-west-1.instana.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
53	googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 98 deed42aff4ff1675ae0a2ca3fb3a7eb8.safeframe.googlesyndication.com 56591f2fb35485a454aea223b764c8fb.safeframe.googlesyndication.com e1f9c77bf5a35643b4bd056e089e3ef5.safeframe.googlesyndication.com tpc.googlesyndication.com — Cisco Umbrella Rank: 125 05e677a25dfd6c4f47b6a28676ce2f35.safeframe.googlesyndication.com	260 KB
35	nets4.com nets4.com — Cisco Umbrella Rank: 406603 img.nets4.com — Cisco Umbrella Rank: 575665 s0.nets4.com	207 KB
33	doubleclick.net 6 redirects securepubads.g.doubleclick.net — Cisco Umbrella Rank: 193 googleads.g.doubleclick.net — Cisco Umbrella Rank: 43 googleads4.g.doubleclick.net — Cisco Umbrella Rank: 274 cm.g.doubleclick.net — Cisco Umbrella Rank: 206	676 KB
27	purpleads.io cdn.purpleads.io — Cisco Umbrella Rank: 131948 api.purpleads.io — Cisco Umbrella Rank: 109672	36 KB
13	google.com www.google.com — Cisco Umbrella Rank: 7 adservice.google.com — Cisco Umbrella Rank: 76	27 KB
11	cloudflare.com cdnjs.cloudflare.com — Cisco Umbrella Rank: 229	271 KB
10	criteo.net static.criteo.net — Cisco Umbrella Rank: 631 pix.eu.criteo.net — Cisco Umbrella Rank: 7880 csm.eu.criteo.net — Cisco Umbrella Rank: 7886	24 KB
8	redintelligence.net 1 redirects hal9000.redintelligence.net — Cisco Umbrella Rank: 31903 hal900023.redintelligence.net — Cisco Umbrella Rank: 291130	51 KB
8	casalemedia.com 4 redirects dsum-sec.casalemedia.com — Cisco Umbrella Rank: 568	7 KB
8	openstreetmap.org a.tile.openstreetmap.org — Cisco Umbrella Rank: 14498 b.tile.openstreetmap.org — Cisco Umbrella Rank: 14729 c.tile.openstreetmap.org — Cisco Umbrella Rank: 14837	45 KB
8	clarity.ms 1 redirects www.clarity.ms — Cisco Umbrella Rank: 1230 d.clarity.ms — Cisco Umbrella Rank: 2076 c.clarity.ms — Cisco Umbrella Rank: 644	25 KB
6	gstatic.com www.gstatic.com fonts.gstatic.com	501 KB
5	parship.de singles.parship.de — Cisco Umbrella Rank: 466908	15 KB
5	adnxs.com 3 redirects ib.adnxs.com — Cisco Umbrella Rank: 245	5 KB
4	google.de adservice.google.de — Cisco Umbrella Rank: 8069	1 KB
4	adskeeper.com 2 redirects c.adskeeper.com — Cisco Umbrella Rank: 15336 s-img.adskeeper.com — Cisco Umbrella Rank: 15924	30 KB
4	cloudflareinsights.com static.cloudflareinsights.com — Cisco Umbrella Rank: 1209 cloudflareinsights.com — Cisco Umbrella Rank: 1202	11 KB
3	bidswitch.net 3 redirects x.bidswitch.net — Cisco Umbrella Rank: 285	2 KB
3	criteo.com rtb.fr.eu.criteo.com — Cisco Umbrella Rank: 14133 ads.eu.criteo.com — Cisco Umbrella Rank: 7887 cat.nl.eu.criteo.com — Cisco Umbrella Rank: 10021	53 KB
3	outbrainimg.com images.outbrainimg.com — Cisco Umbrella Rank: 1899 log.outbrainimg.com — Cisco Umbrella Rank: 2058	109 KB
3	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 169	109 KB
2	instana.io eum.instana.io — Cisco Umbrella Rank: 6587 eum-eu-west-1.instana.io — Cisco Umbrella Rank: 24796	10 KB
2	awin1.com 1 redirects www.awin1.com — Cisco Umbrella Rank: 15359	1 KB
2	medialead.de 2 redirects pv.medialead.de — Cisco Umbrella Rank: 45052	1 KB
2	admedo.com 2 redirects pool.admedo.com — Cisco Umbrella Rank: 4594	713 B
2	tribalfusion.com 1 redirects a.tribalfusion.com — Cisco Umbrella Rank: 800 s.tribalfusion.com — Cisco Umbrella Rank: 2468	1 KB
2	1rx.io 2 redirects sync.1rx.io — Cisco Umbrella Rank: 534	1 KB
2	2mdn.net s0.2mdn.net — Cisco Umbrella Rank: 257	79 KB
2	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 45	1 KB
2	addtoany.com static.addtoany.com — Cisco Umbrella Rank: 4110	34 KB
2	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 39	20 KB
1	ad-server.eu ad-server.eu — Cisco Umbrella Rank: 80262	312 B
1	greatviews.de 1 redirects trf.greatviews.de — Cisco Umbrella Rank: 369409	1 KB
1	media01.eu pb.media01.eu — Cisco Umbrella Rank: 43911	629 B
1	imrworldwide.com secure-gl.imrworldwide.com — Cisco Umbrella Rank: 1381	688 B
1	sitescout.com pixel-sync.sitescout.com — Cisco Umbrella Rank: 613	191 B
1	simpli.fi 1 redirects um.simpli.fi — Cisco Umbrella Rank: 809	711 B
1	rubiconproject.com 1 redirects pixel.rubiconproject.com — Cisco Umbrella Rank: 348	455 B
1	adition.com 1 redirects dsp.adfarm1.adition.com — Cisco Umbrella Rank: 1593	583 B
1	dotomi.com dclk-match.dotomi.com — Cisco Umbrella Rank: 2899	104 B
1	bing.com 1 redirects c.bing.com — Cisco Umbrella Rank: 230	554 B
254	41

	Domain	Requested by
25	api.purpleads.io	cdn.purpleads.io nets4.com
24	pagead2.googlesyndication.com	securepubads.g.doubleclick.net 56591f2fb35485a454aea223b764c8fb.safeframe.googlesyndication.com nets4.com e1f9c77bf5a35643b4bd056e089e3ef5.safeframe.googlesyndication.com tpc.googlesyndication.com 05e677a25dfd6c4f47b6a28676ce2f35.safeframe.googlesyndication.com www.googletagservices.com
22	tpc.googlesyndication.com	securepubads.g.doubleclick.net tpc.googlesyndication.com 56591f2fb35485a454aea223b764c8fb.safeframe.googlesyndication.com nets4.com e1f9c77bf5a35643b4bd056e089e3ef5.safeframe.googlesyndication.com googleads.g.doubleclick.net 05e677a25dfd6c4f47b6a28676ce2f35.safeframe.googlesyndication.com
21	img.nets4.com	nets4.com
15	cm.g.doubleclick.net	6 redirects googleads.g.doubleclick.net e1f9c77bf5a35643b4bd056e089e3ef5.safeframe.googlesyndication.com 05e677a25dfd6c4f47b6a28676ce2f35.safeframe.googlesyndication.com
13	securepubads.g.doubleclick.net	cdn.purpleads.io securepubads.g.doubleclick.net nets4.com
11	cdnjs.cloudflare.com	nets4.com cdnjs.cloudflare.com
11	nets4.com	nets4.com
9	www.google.com	nets4.com www.gstatic.com www.google.com tpc.googlesyndication.com e1f9c77bf5a35643b4bd056e089e3ef5.safeframe.googlesyndication.com
8	dsum-sec.casalemedia.com	4 redirects googleads.g.doubleclick.net
7	static.criteo.net	ads.eu.criteo.com
5	singles.parship.de	hal900023.redintelligence.net singles.parship.de eum.instana.io
5	ib.adnxs.com	3 redirects googleads.g.doubleclick.net
5	www.gstatic.com	www.google.com
5	d.clarity.ms	www.clarity.ms d.clarity.ms
4	hal900023.redintelligence.net	1 redirects 56591f2fb35485a454aea223b764c8fb.safeframe.googlesyndication.com hal900023.redintelligence.net
4	hal9000.redintelligence.net	56591f2fb35485a454aea223b764c8fb.safeframe.googlesyndication.com hal900023.redintelligence.net
4	adservice.google.com	securepubads.g.doubleclick.net
4	adservice.google.de	securepubads.g.doubleclick.net
3	x.bidswitch.net	3 redirects
3	www.googletagservices.com	56591f2fb35485a454aea223b764c8fb.safeframe.googlesyndication.com e1f9c77bf5a35643b4bd056e089e3ef5.safeframe.googlesyndication.com 05e677a25dfd6c4f47b6a28676ce2f35.safeframe.googlesyndication.com
3	googleads.g.doubleclick.net	56591f2fb35485a454aea223b764c8fb.safeframe.googlesyndication.com nets4.com e1f9c77bf5a35643b4bd056e089e3ef5.safeframe.googlesyndication.com
3	c.tile.openstreetmap.org
3	a.tile.openstreetmap.org
3	s0.nets4.com	nets4.com
2	www.awin1.com	1 redirects 56591f2fb35485a454aea223b764c8fb.safeframe.googlesyndication.com
2	pv.medialead.de	2 redirects
2	csm.eu.criteo.net	ads.eu.criteo.com
2	pool.admedo.com	2 redirects
2	sync.1rx.io	2 redirects
2	log.outbrainimg.com	nets4.com
2	s0.2mdn.net	e1f9c77bf5a35643b4bd056e089e3ef5.safeframe.googlesyndication.com
2	googleads4.g.doubleclick.net	nets4.com
2	05e677a25dfd6c4f47b6a28676ce2f35.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
2	e1f9c77bf5a35643b4bd056e089e3ef5.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
2	56591f2fb35485a454aea223b764c8fb.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
2	fonts.googleapis.com	cdn.purpleads.io hal900023.redintelligence.net
2	s-img.adskeeper.com	nets4.com
2	c.adskeeper.com	2 redirects
2	cloudflareinsights.com	static.cloudflareinsights.com
2	c.clarity.ms	1 redirects
2	b.tile.openstreetmap.org
2	static.addtoany.com	nets4.com
2	www.google-analytics.com	nets4.com www.google-analytics.com
2	static.cloudflareinsights.com	nets4.com singles.parship.de
2	cdn.purpleads.io	nets4.com
1	eum-eu-west-1.instana.io	eum.instana.io
1	eum.instana.io	singles.parship.de
1	ad-server.eu	56591f2fb35485a454aea223b764c8fb.safeframe.googlesyndication.com
1	trf.greatviews.de	1 redirects
1	pb.media01.eu	hal900023.redintelligence.net
1	pix.eu.criteo.net	ads.eu.criteo.com
1	cat.nl.eu.criteo.com	ads.eu.criteo.com
1	secure-gl.imrworldwide.com	ads.eu.criteo.com
1	pixel-sync.sitescout.com	05e677a25dfd6c4f47b6a28676ce2f35.safeframe.googlesyndication.com
1	um.simpli.fi	1 redirects
1	s.tribalfusion.com	05e677a25dfd6c4f47b6a28676ce2f35.safeframe.googlesyndication.com
1	a.tribalfusion.com	1 redirects
1	pixel.rubiconproject.com	1 redirects
1	dsp.adfarm1.adition.com	1 redirects
1	dclk-match.dotomi.com	e1f9c77bf5a35643b4bd056e089e3ef5.safeframe.googlesyndication.com
1	ads.eu.criteo.com	05e677a25dfd6c4f47b6a28676ce2f35.safeframe.googlesyndication.com
1	rtb.fr.eu.criteo.com	nets4.com
1	images.outbrainimg.com	nets4.com
1	fonts.gstatic.com	fonts.googleapis.com
1	deed42aff4ff1675ae0a2ca3fb3a7eb8.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
1	c.bing.com	1 redirects
1	www.clarity.ms	nets4.com
254	68

This site contains links to these domains. Also see Links.

Domain
blog.nets4.com
link.nets4.com
1800victims.org
leafletjs.com
www.openstreetmap.org
www.addtoany.com

Subject Issuer	Validity	Valid
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2022-03-29` - `2023-03-29`	a year	crt.sh
*.purpleads.io Amazon	`2021-12-01` - `2022-12-29`	a year	crt.sh
www.google.com GTS CA 1C3	`2022-03-17` - `2022-06-09`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2022-03-17` - `2022-06-09`	3 months	crt.sh
www.clarity.ms DigiCert TLS RSA SHA256 2020 CA1	`2022-02-27` - `2023-02-27`	a year	crt.sh
a.clarity.ms Microsoft RSA TLS CA 01	`2021-07-27` - `2022-07-27`	a year	crt.sh
*.tile.openstreetmap.org GlobalSign Atlas R3 DV TLS CA H2 2021	`2021-11-26` - `2022-12-28`	a year	crt.sh
*.gstatic.com GTS CA 1C3	`2022-03-17` - `2022-06-09`	3 months	crt.sh
*.google.com GTS CA 1C3	`2022-03-17` - `2022-06-09`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2022-03-17` - `2022-06-09`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2022-03-17` - `2022-06-09`	3 months	crt.sh
*.google.de GTS CA 1C3	`2022-03-17` - `2022-06-09`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2022-03-17` - `2022-06-09`	3 months	crt.sh
*.doubleclick.net GTS CA 1C3	`2022-03-17` - `2022-06-09`	3 months	crt.sh
*.outbrainimg.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-03-11` - `2023-03-15`	a year	crt.sh
redintelligence.net R3	`2022-03-29` - `2022-06-27`	3 months	crt.sh
*.fr.eu.criteo.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-03-13` - `2022-06-09`	3 months	crt.sh
*.eu.criteo.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-03-19` - `2022-06-18`	3 months	crt.sh
*.dotomi.com GlobalSign RSA OV SSL CA 2018	`2021-08-10` - `2022-09-11`	a year	crt.sh
*.sitescout.com GeoTrust TLS DV RSA Mixed SHA256 2020 CA-1	`2021-12-15` - `2023-01-15`	a year	crt.sh
*.criteo.net DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-02-02` - `2022-05-03`	3 months	crt.sh
*.imrworldwide.com DigiCert TLS RSA SHA256 2020 CA1	`2022-01-04` - `2023-02-03`	a year	crt.sh
*.nl.eu.criteo.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-03-15` - `2022-06-13`	3 months	crt.sh
*.eu.criteo.net DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-02-03` - `2022-05-02`	3 months	crt.sh
*.media01.eu RapidSSL TLS DV RSA Mixed SHA256 2020 CA-1	`2021-05-27` - `2022-05-27`	a year	crt.sh
singles.parship.de Cloudflare Inc ECC CA-3	`2021-06-29` - `2022-06-28`	a year	crt.sh
www.awin1.com DigiCert SHA2 Secure Server CA	`2021-06-11` - `2022-06-16`	a year	crt.sh
*.instana.io DigiCert TLS RSA SHA256 2020 CA1	`2021-11-09` - `2022-12-10`	a year	crt.sh

This page contains 36 frames:

Primary Page: https://nets4.com/domain/1800victims.org
Frame ID: 1DFB950195F65E2404215839E3AC92D5
Requests: 82 HTTP requests in this frame

Frame: https://static.addtoany.com/menu/sm.22.html
Frame ID: 3FAE4DB4E38119A5F117911E33900EB9
Requests: 1 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LdBUMUZAAAAAK9sWAfAA-Kd5C0Y4AGlWbDlHXpD&co=aHR0cHM6Ly9uZXRzNC5jb206NDQz&hl=de&v=gZWLhEUEJFxEhoT5hpjn2xHK&size=normal&cb=4ucublv40syl
Frame ID: F01365D3EFC2C8E8C1147E8E376A36C4
Requests: 4 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/tag/js/gpt.js
Frame ID: 17FF89B109C780CDDCF0DAECD873AEC7
Requests: 8 HTTP requests in this frame

Frame: https://s-img.adskeeper.com/g/8193519/328x328/105x0x421x421/aHR0cDovL2ltZ2hvc3RzLmNvbS90LzIwMjEtMDEvMTAxOTI0Lzk2ZDhiNjBmNGJlYWExYWE4YWJmNjU5M2EwNWUzMWIyLmpwZWc.webp?v=1648835155-Y3fJt9fmCJqT6cEcOj9yjqcgSMVBnXhfwjAr6GlVHWg
Frame ID: 3EDF10A2FBFFA8D061142911E1647D28
Requests: 2 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/tag/js/gpt.js
Frame ID: 95FEAB061D205EDB50F9BC645A017DA5
Requests: 7 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/tag/js/gpt.js
Frame ID: 777C965382697C2E39999ABE7BC6F109
Requests: 8 HTTP requests in this frame

Frame: data://truncated
Frame ID: 7FFDB62647A4C4A65B74A16A5C07C283
Requests: 3 HTTP requests in this frame

Frame: https://fonts.googleapis.com/css?family=Lato&display=swap
Frame ID: A7969545394BAB4637EAB9EDE3A61E4A
Requests: 10 HTTP requests in this frame

Frame: https://deed42aff4ff1675ae0a2ca3fb3a7eb8.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Frame ID: 642AF43014AAD2593BAA8BB74D542D88
Requests: 1 HTTP requests in this frame

Frame: https://56591f2fb35485a454aea223b764c8fb.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Frame ID: 2FE952651302C150B7066C829533D6F3
Requests: 1 HTTP requests in this frame

Frame: https://e1f9c77bf5a35643b4bd056e089e3ef5.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Frame ID: 9D85D700F4909A357EF59F5A76556D0F
Requests: 1 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/bframe?hl=de&v=gZWLhEUEJFxEhoT5hpjn2xHK&k=6LdBUMUZAAAAAK9sWAfAA-Kd5C0Y4AGlWbDlHXpD
Frame ID: D46E080195D52A4AE46F6F1C2D45B4F1
Requests: 3 HTTP requests in this frame

Frame: https://05e677a25dfd6c4f47b6a28676ce2f35.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Frame ID: 190B6051CFB37E22BB9E21BAA2062E5F
Requests: 1 HTTP requests in this frame

Frame: https://56591f2fb35485a454aea223b764c8fb.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Frame ID: C04D398D0681A6C5B862FC9081913137
Requests: 12 HTTP requests in this frame

Frame: https://e1f9c77bf5a35643b4bd056e089e3ef5.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Frame ID: E620403411FA0DAA59E348D6E4BA53B1
Requests: 13 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 66F876A729DE763BB566DD81AD260A00
Requests: 1 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 49C7C76D24EB55E9FCC302B2B8FAFED6
Requests: 2 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 7912150D112DDCEC79C6BD259F326376
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 0C4A80A4BB1E10A78813EEF61DCEE34B
Requests: 2 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 0889A844DA2F991D9AF687087843F745
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 22718DCB6D3F8E260312754025C76D70
Requests: 2 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxj-rbvGATAB&v=APEucNXnCL1nHgd6DK_hcEVJikMLahVMDuC4GrzAHYANrbnHfGaTd4SQiQ7P8nFi79MCSxSUAnB7hUmSfRLzyiLk678RKr9hr7PTG6HjEq6-KtcszF3wDoy0xdPbmvQBe4KBBPVEDb2cjp73l3rMqDoTqVDCrV3HNfyb3tcWM-JYbvZTxTjFxXY
Frame ID: F6A322F0C6B404D0C496ED05D91E1EFF
Requests: 5 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CM_NShDr9lwYrbeZxwEwAQ&v=APEucNXmekQFKOArGFMYExXCAJPVfQGoPd3NJ9GFrZ5bKfEfNi6IxgM0dqvYErFgQTqAcycOnC2zzXdiygwBy6NX69i31fkm119NRH-ub7-olpxHTdvUszgeu-aFw_x3hsR-8u2oAzuPBo2aHPNajlVnKU7QOIV-AWz0cuEMfvOGxfkQ7wb6baU
Frame ID: B01E1ED546035AB5EEEF3E9E178F7A4A
Requests: 5 HTTP requests in this frame

Frame: https://images.outbrainimg.com/transform/v3/eyJpdSI6Ijc3MzE0MmQ0ZGZmZDNlYjliMTRlNTFhMDQ4OTkzMjJjMzFlN2JkODVjMThkMGYzOTFkZTY1MGE1MzU5YmI1NmQiLCJ3Ijo2NDAsImgiOjQ4MCwiZCI6MS4wLCJjcyI6MCwiZiI6NH0.webp
Frame ID: C05F95A50218D7C2A87E1B07995CE18F
Requests: 4 HTTP requests in this frame

Frame: https://05e677a25dfd6c4f47b6a28676ce2f35.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Frame ID: 1D4B045251E79BA7957EFE3688D9B487
Requests: 9 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 9627671835BD8FE67BF6BAFCEC1C62FB
Requests: 9 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 54EBBD9D7A4927DB9CA69C9E6BA6226D
Requests: 3 HTTP requests in this frame

Frame: https://ads.eu.criteo.com/delivery/r/afr.php?z=Ykc6VAAOoq4Kd8ETAAM3owWGC5823H1NIfeABA&u=%7C8ptA%2B%2FJQAJAtpNjYAfWsuh9hmk5J7hH6AYv%2Bf4bdGJg%3D%7C&c1=JrbohDAzizBCiLKN5O6jHUI-6dJ9lV_AM8iEE4GHx4VBZk7o6r4u2Tz-b9i3H_G-X5MXpmH_vXDDH0SawykmzfKm9HhYbZW_Win2tHjUrTNILpc-Z_S6hr1hgU9-4xr_zvm8vjOxyB51O4CsD9wRbVQhKlcGRYJPnYXFqzm_3k13oFKn8jrJEk-Dop0O1fC6V3stBh5yxdI63kphaJ_mPLODgisFbmHw9r3XVWiUv8fUq5RKnGDtMXlLbN_G5CxfquJn1ePBNB272qB7-m0IZtq14lipAeDTzEuEu8sFflQJZfYJ-w4lHgU-WLRCxF2b4yKNAyQM_n8AJ46sDgQb28ugejzp_dZj6lHzq06m3c2oN6rhh-wQwJ116DJAHnCFewsDnBeuGAx5WJJGF_r1Bag8qYGk9xA5KFuneXptj_Z54bGtweA3lwZfFQYg86tVRzSSHmnWvPn_5M9LZfZpf372QFxof3uhVTW79xIjfGA&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCLq8VVDpHYq7FOpOC3wOj74yAA8me0rFc1Z2R93DAjbcBEAEgAGCVgoCAoAeCARdjYS1wdWItNTQxMzMyOTU0NDA0MDk0N6AB1bbS6gPIAQmpAkw1b0v8h7I-4AIAqAMBqgTHAk_Q3OapdoNI0It23rNpgZoWyOv6egwUdTAziwABGCwEmeEE1yIByOMrXhBPtNmiaHfjONcwwV2D9XCQ3o-z-cG7F-j-NxD55XF7E0_aW36oxB1PZkDPESRuUp-XjsF_p3amdi6Byxaa1dU99zqvoQxGw4kjTOA2YLFqgz0bXo-piRvGVzJ9noEzBz9B8rAHW1fSqeT-3EiGRIFVOpS7eKdsO3Upups4UpJ4ty9QoHV1TlWHMQi3fH1oQWgX4iKtblb5nMYjT5NRceHGzQTBOqmlrd6ahFeRaORrTwsVDkbyvTygp3APzu9qrh7Y77PAH1YiFuG2TnK6OsPwUZYikg7Xtv9uoJ6mqD52VCLkspDKD3W-dE2LaKJZF1wt70b64fR42_8paCspjMzDr_SdMFh3u5Qlmjc15q834A3eUTqJVtN9UjqK8-AEAYAG1KCKy6SbqKNsoAYhqAeKmLECqAemvhuoB5bYG6gHqpuxAqgH35-xAtgHANIIBwiA4YAQEAH6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_3RIJrPvxQncNT4VXLTp2-mKXHsmQ%26client%3Dca-pub-5413329544040947%26adurl%3D
Frame ID: 133725081A300E8E184F879454F786BD
Requests: 13 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 2AE1A3414AF04A1B86ADABCCE625CDD8
Requests: 6 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 8B333CFB6460082F1B93F67A57BA096B
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 1E4D449115F73852E4568DDE20CD3581
Requests: 2 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 7FE7D571E35078B491CC72BF6101B7BD
Requests: 3 HTTP requests in this frame

Frame: https://pb.media01.eu/view.aspx?trackid=529D4F146E3238B0FD87AE72E1190AD4&dt_subid1=52180&dt_subid2=55647300209773804444550011916023&actionid=981741&produktid=&dt_url=
Frame ID: E0DBF283A30BD2CC9EB1EE1C648E9DA0
Requests: 1 HTTP requests in this frame

Frame: https://singles.parship.de/lp/v00/6/U/htlp/index2.html?pscode=01_100_60078_1026_0001_0001_empty_AF00ID_GV1648835157.5503284.965323d8-b1e3-11ec-92b4-00155d255900ID
Frame ID: 7092903281A879B1F98D09E2307A43D1
Requests: 8 HTTP requests in this frame

Frame: https://hal900023.redintelligence.net/request_content.php?s=55647300209773804444550011916023&a=f1ad237d
Frame ID: 1AC364FF9A48593982BA03913DDD13F0
Requests: 6 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

1800victims.org - Victim of Crime Resource Center

Detected technologies

Leaflet (Maps) Expand

Overall confidence: 100%
Detected patterns

leaflet.{0,32}\.js

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

Cloudflare Browser Insights (Analytics) Expand

Overall confidence: 100%
Detected patterns

static\.cloudflareinsights\.com/beacon(?:\.min)?\.js

DoubleClick Ad Exchange (AdX) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

tpc\.googlesyndication\.com/safeframe

DoubleClick Campaign Manager (DCM) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

2mdn\.net

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/
2mdn\.net

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Popper (Miscellaneous) Expand

Overall confidence: 100%
Detected patterns

<script [^>]*src="[^"]*/popper\.js/([0-9.]+)
/popper\.js/([0-9.]+)

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

/([\d.]+)/jquery(?:\.min)?\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

reCAPTCHA (Captchas) Expand

Overall confidence: 100%
Detected patterns

/recaptcha/api\.js

Page Statistics

254
Requests

91 %
HTTPS

50 %
IPv6

41
Domains

68
Subdomains

52
IPs

10
Countries

2598 kB
Transfer

6077 kB
Size

45
Cookies

15 Outgoing links

These are links going to different origins than the main page.

URL: https://blog.nets4.com/
Title: Blog

Search URL Search Domain Scan URL

URL: https://link.nets4.com/digitalocean

Search URL Search Domain Scan URL

URL: https://link.nets4.com/google
Title: Signin to Nets4.com

Search URL Search Domain Scan URL

URL: http://1800victims.org/?utm_source=nets4.com&utm_medium=referral&utm_campaign=domain_page
Title: 1800victims.org

Search URL Search Domain Scan URL

URL: https://leafletjs.com/
Title: Leaflet

Search URL Search Domain Scan URL

URL: https://www.openstreetmap.org/copyright
Title: OpenStreetMap

Search URL Search Domain Scan URL

URL: https://blog.nets4.com/p/privacy-policy.html
Title: Privacy

Search URL Search Domain Scan URL

URL: https://blog.nets4.com/p/about.html
Title: About Us

Search URL Search Domain Scan URL

URL: https://link.nets4.com/facebook

Search URL Search Domain Scan URL

URL: https://link.nets4.com/twitter

Search URL Search Domain Scan URL

URL: https://link.nets4.com/youtube

Search URL Search Domain Scan URL

URL: https://link.nets4.com/instagram

Search URL Search Domain Scan URL

URL: https://link.nets4.com/quora

Search URL Search Domain Scan URL

URL: https://link.nets4.com/pinterest

Search URL Search Domain Scan URL

URL: https://www.addtoany.com/
Title: AddToAny

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 65

https://c.clarity.ms/c.gif HTTP 302
https://c.bing.com/c.gif?CtsSyncId=5BD9058C533F4E82971729C9277F01AA&RedC=c.clarity.ms&MXFR=0C6D6CE5FC89661D3D8A7D9CF889689B HTTP 302
https://c.clarity.ms/c.gif?CtsSyncId=5BD9058C533F4E82971729C9277F01AA&MUID=3A49F951769367E82E8EE82877F8661F

Request Chain 86

https://c.adskeeper.com/c?pv=2&v=0|0|0|hYfToSCShhcLaNN9QiO3T8gQtxKxbISbu4POjj7iKdIg9x5bQTiEC5_cuCm5rQq7&cid=1220982&f=1&h2=CBvd3SiXK6CDlaashqQY2B-LAifAvcAwR1nWkedwnPI*&rid=9513c111-b1e3-11ec-980d-e4434b374bc6&psid=608532c2eac0e20ce6d36538&iub=aHR0cHM6Ly9zLWltZy5hZHNrZWVwZXIuY29tL2cvODE5MzUxOS8zMjh4MzI4LzEwNXgweDQyMXg0MjEvYUhSMGNEb3ZMMmx0WjJodmMzUnpMbU52YlM5MEx6SXdNakV0TURFdk1UQXhPVEkwTHprMlpEaGlOakJtTkdKbFlXRXhZV0U0WVdKbU5qVTVNMkV3TldVek1XSXlMbXB3WldjLndlYnA_dj0xNjQ4ODM1MTU1LVkzZkp0OWZtQ0pxVDZjRWNPajl5anFjZ1NNVkJuWGhmd2pBcjZHbFZIV2c= HTTP 301
https://s-img.adskeeper.com/g/8193519/328x328/105x0x421x421/aHR0cDovL2ltZ2hvc3RzLmNvbS90LzIwMjEtMDEvMTAxOTI0Lzk2ZDhiNjBmNGJlYWExYWE4YWJmNjU5M2EwNWUzMWIyLmpwZWc.webp?v=1648835155-Y3fJt9fmCJqT6cEcOj9yjqcgSMVBnXhfwjAr6GlVHWg

Request Chain 95

https://c.adskeeper.com/c?pv=2&v=0|0|0|IrsjIziL-g-dyOWA0HS5QzlzoOC_iZpmXullOwm0FA7zI_kyRs3FMQrt4TdWjitQ&cid=1220982&f=1&h2=CBvd3SiXK6CDlaashqQY2B-LAifAvcAwR1nWkedwnPI*&rid=9534b872-b1e3-11ec-8266-e4434b151356&psid=608532c2eac0e20ce6d36538&iub=aHR0cHM6Ly9zLWltZy5hZHNrZWVwZXIuY29tL2cvMzgwNTYwNS8zMjh4MzI4LzB4MHg2MzR4NjM0L2FIUjBjRG92TDJsdFoyaHZjM1J6TG1OdmJTOTBaVzF3THpJd01UY3RNRFl0TWpJdk1UQXhPVEkwTDJFMFpqY3hOall4WmpRNFlXTTNZVE5tWW1FeE1qRXlNVE00T0RWbFpHSmtMbXB3Wno5MFBURTBPVGd4TmpFNE1qWXpNekEud2VicD92PTE2NDg4MzUxNTYtS2x3UGZDQTRQX1FEZFhsSW55bFNKNTNaSjh5dU5KX0g5Sm02UHB2Mm9nNA== HTTP 301
https://s-img.adskeeper.com/g/3805605/328x328/0x0x634x634/aHR0cDovL2ltZ2hvc3RzLmNvbS90ZW1wLzIwMTctMDYtMjIvMTAxOTI0L2E0ZjcxNjYxZjQ4YWM3YTNmYmExMjEyMTM4ODVlZGJkLmpwZz90PTE0OTgxNjE4MjYzMzA.webp?v=1648835156-KlwPfCA4P_QDdXlInylSJ53ZJ8yuNJ_H9Jm6Ppv2og4

Request Chain 171

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEG65ho3wu-MPYcfikJnkqHU&google_cver=1

Request Chain 172

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=Ykc6VcjD6AygT2j5hLzZygAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEG65ho3wu-MPYcfikJnkqHU&google_cver=1

Request Chain 173

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEEGL2_hoBahc-eB6PCdcqxg&google_cver=1

Request Chain 174

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MjE2MTU1MzMyMjY3NTY0OTE1

Request Chain 176

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEG65ho3wu-MPYcfikJnkqHU&google_cver=1

Request Chain 177

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=Ykc6VcjD6AygT2j5hLzZygAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEG65ho3wu-MPYcfikJnkqHU&google_cver=1

Request Chain 178

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEEGL2_hoBahc-eB6PCdcqxg&google_cver=1

Request Chain 179

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MjE2MTU1MzMyMjY3NTY0OTE1

Request Chain 197

https://dsp.adfarm1.adition.com/cookie/?ssp=2&google_gid=CAESEGmAfXAmAdvGtj5hBXBgxPo&google_cver=1&google_push=AYg5qPKmr8F2XLL6sXjUsG04LqsYHAOPkjvskSx0QhqBbaWClIFGnxdYkBAi7hSdkOGlsvFid0Ivf1WQEh5bDY1KK3R2ynkQa1g HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=NzA4MTY5MzA3NTgyNDUwNzAyMA%3D%3D&google_push=AYg5qPKmr8F2XLL6sXjUsG04LqsYHAOPkjvskSx0QhqBbaWClIFGnxdYkBAi7hSdkOGlsvFid0Ivf1WQEh5bDY1KK3R2ynkQa1g

Request Chain 198

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESELlC1ExmiUmM5X60KHvbpN0&google_cver=1&google_push=AYg5qPJXKaq2MY1cdOnooRaXIGjqp9g9XeRu6TMwVsbMKkeoZy4UMvbsAoum5TttX4BJIhBbPryld9FxzYJpuuCKFy1djCOStQ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDFHUFZQWUEtQy1IUVBB&google_push=AYg5qPJXKaq2MY1cdOnooRaXIGjqp9g9XeRu6TMwVsbMKkeoZy4UMvbsAoum5TttX4BJIhBbPryld9FxzYJpuuCKFy1djCOStQ

Request Chain 199

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEN78aTTefshPupouBqMYAOw&google_cver=1&google_push=AYg5qPIHnoURpFdo5sS-1Msa0dNgqGDuogdXykmQwuoandjxnxFt9ZX3rZ68d1754X6Yue8C09c1qpQoQQ5uWDFs72sL03xbbow HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Ykc6VcjD6AygT2j5hLzZygAABHAAAAIB&google_cver=1&google_gid=CAESEN78aTTefshPupouBqMYAOw&google_push=AYg5qPIHnoURpFdo5sS-1Msa0dNgqGDuogdXykmQwuoandjxnxFt9ZX3rZ68d1754X6Yue8C09c1qpQoQQ5uWDFs72sL03xbbow HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Ykc6VcjD6AygT2j5hLzZygAABHAAAAIB&google_cver=1&google_gid=CAESEN78aTTefshPupouBqMYAOw&google_push=AYg5qPIHnoURpFdo5sS-1Msa0dNgqGDuogdXykmQwuoandjxnxFt9ZX3rZ68d1754X6Yue8C09c1qpQoQQ5uWDFs72sL03xbbow HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Ykc6VcjD6AygT2j5hLzZygAABHAAAAIB&google_cver=1&google_gid=CAESEN78aTTefshPupouBqMYAOw&google_push=AYg5qPIHnoURpFdo5sS-1Msa0dNgqGDuogdXykmQwuoandjxnxFt9ZX3rZ68d1754X6Yue8C09c1qpQoQQ5uWDFs72sL03xbbow HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Ykc6VcjD6AygT2j5hLzZygAABHAAAAIB&google_cver=1&google_gid=CAESEN78aTTefshPupouBqMYAOw&google_push=AYg5qPIHnoURpFdo5sS-1Msa0dNgqGDuogdXykmQwuoandjxnxFt9ZX3rZ68d1754X6Yue8C09c1qpQoQQ5uWDFs72sL03xbbow HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Ykc6VcjD6AygT2j5hLzZygAABHAAAAIB&google_cver=1&google_gid=CAESEN78aTTefshPupouBqMYAOw&google_push=AYg5qPIHnoURpFdo5sS-1Msa0dNgqGDuogdXykmQwuoandjxnxFt9ZX3rZ68d1754X6Yue8C09c1qpQoQQ5uWDFs72sL03xbbow HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Ykc6VcjD6AygT2j5hLzZygAABHAAAAIB&google_cver=1&google_gid=CAESEN78aTTefshPupouBqMYAOw&google_push=AYg5qPIHnoURpFdo5sS-1Msa0dNgqGDuogdXykmQwuoandjxnxFt9ZX3rZ68d1754X6Yue8C09c1qpQoQQ5uWDFs72sL03xbbow HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Ykc6VcjD6AygT2j5hLzZygAABHAAAAIB&google_cver=1&google_gid=CAESEN78aTTefshPupouBqMYAOw&google_push=AYg5qPIHnoURpFdo5sS-1Msa0dNgqGDuogdXykmQwuoandjxnxFt9ZX3rZ68d1754X6Yue8C09c1qpQoQQ5uWDFs72sL03xbbow HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Ykc6VcjD6AygT2j5hLzZygAABHAAAAIB&google_cver=1&google_gid=CAESEN78aTTefshPupouBqMYAOw&google_push=AYg5qPIHnoURpFdo5sS-1Msa0dNgqGDuogdXykmQwuoandjxnxFt9ZX3rZ68d1754X6Yue8C09c1qpQoQQ5uWDFs72sL03xbbow HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Ykc6VcjD6AygT2j5hLzZygAABHAAAAIB&google_cver=1&google_gid=CAESEN78aTTefshPupouBqMYAOw&google_push=AYg5qPIHnoURpFdo5sS-1Msa0dNgqGDuogdXykmQwuoandjxnxFt9ZX3rZ68d1754X6Yue8C09c1qpQoQQ5uWDFs72sL03xbbow HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Ykc6VcjD6AygT2j5hLzZygAABHAAAAIB&google_cver=1&google_gid=CAESEN78aTTefshPupouBqMYAOw&google_push=AYg5qPIHnoURpFdo5sS-1Msa0dNgqGDuogdXykmQwuoandjxnxFt9ZX3rZ68d1754X6Yue8C09c1qpQoQQ5uWDFs72sL03xbbow HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Ykc6VcjD6AygT2j5hLzZygAABHAAAAIB&google_cver=1&google_gid=CAESEN78aTTefshPupouBqMYAOw&google_push=AYg5qPIHnoURpFdo5sS-1Msa0dNgqGDuogdXykmQwuoandjxnxFt9ZX3rZ68d1754X6Yue8C09c1qpQoQQ5uWDFs72sL03xbbow HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Ykc6VcjD6AygT2j5hLzZygAABHAAAAIB&google_cver=1&google_gid=CAESEN78aTTefshPupouBqMYAOw&google_push=AYg5qPIHnoURpFdo5sS-1Msa0dNgqGDuogdXykmQwuoandjxnxFt9ZX3rZ68d1754X6Yue8C09c1qpQoQQ5uWDFs72sL03xbbow HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Ykc6VcjD6AygT2j5hLzZygAABHAAAAIB&google_cver=1&google_gid=CAESEN78aTTefshPupouBqMYAOw&google_push=AYg5qPIHnoURpFdo5sS-1Msa0dNgqGDuogdXykmQwuoandjxnxFt9ZX3rZ68d1754X6Yue8C09c1qpQoQQ5uWDFs72sL03xbbow HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Ykc6VcjD6AygT2j5hLzZygAABHAAAAIB&google_cver=1&google_gid=CAESEN78aTTefshPupouBqMYAOw&google_push=AYg5qPIHnoURpFdo5sS-1Msa0dNgqGDuogdXykmQwuoandjxnxFt9ZX3rZ68d1754X6Yue8C09c1qpQoQQ5uWDFs72sL03xbbow HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Ykc6VcjD6AygT2j5hLzZygAABHAAAAIB&google_cver=1&google_gid=CAESEN78aTTefshPupouBqMYAOw&google_push=AYg5qPIHnoURpFdo5sS-1Msa0dNgqGDuogdXykmQwuoandjxnxFt9ZX3rZ68d1754X6Yue8C09c1qpQoQQ5uWDFs72sL03xbbow HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Ykc6VcjD6AygT2j5hLzZygAABHAAAAIB&google_cver=1&google_gid=CAESEN78aTTefshPupouBqMYAOw&google_push=AYg5qPIHnoURpFdo5sS-1Msa0dNgqGDuogdXykmQwuoandjxnxFt9ZX3rZ68d1754X6Yue8C09c1qpQoQQ5uWDFs72sL03xbbow HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Ykc6VcjD6AygT2j5hLzZygAABHAAAAIB&google_cver=1&google_gid=CAESEN78aTTefshPupouBqMYAOw&google_push=AYg5qPIHnoURpFdo5sS-1Msa0dNgqGDuogdXykmQwuoandjxnxFt9ZX3rZ68d1754X6Yue8C09c1qpQoQQ5uWDFs72sL03xbbow HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Ykc6VcjD6AygT2j5hLzZygAABHAAAAIB&google_cver=1&google_gid=CAESEN78aTTefshPupouBqMYAOw&google_push=AYg5qPIHnoURpFdo5sS-1Msa0dNgqGDuogdXykmQwuoandjxnxFt9ZX3rZ68d1754X6Yue8C09c1qpQoQQ5uWDFs72sL03xbbow HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Ykc6VcjD6AygT2j5hLzZygAABHAAAAIB&google_cver=1&google_gid=CAESEN78aTTefshPupouBqMYAOw&google_push=AYg5qPIHnoURpFdo5sS-1Msa0dNgqGDuogdXykmQwuoandjxnxFt9ZX3rZ68d1754X6Yue8C09c1qpQoQQ5uWDFs72sL03xbbow HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Ykc6VcjD6AygT2j5hLzZygAABHAAAAIB&google_cver=1&google_gid=CAESEN78aTTefshPupouBqMYAOw&google_push=AYg5qPIHnoURpFdo5sS-1Msa0dNgqGDuogdXykmQwuoandjxnxFt9ZX3rZ68d1754X6Yue8C09c1qpQoQQ5uWDFs72sL03xbbow

Request Chain 200

https://match.360yield.com/match/ebda?google_gid=CAESEID5fC7PMbNGZehouq9o_Q4&google_cver=1&google_push=AYg5qPKbCVBmluU4afOOyYDI1qzZ_5J8Y4LIc_h_8VSLyjFympD99kOS0zGM6qPB8HFQEM1D_invuOxgrgoXVZfNOFJNRcAQEuw HTTP 302
https://match.360yield.com/ul_cb/match/ebda?google_gid=CAESEID5fC7PMbNGZehouq9o_Q4&google_cver=1&google_push=AYg5qPKbCVBmluU4afOOyYDI1qzZ_5J8Y4LIc_h_8VSLyjFympD99kOS0zGM6qPB8HFQEM1D_invuOxgrgoXVZfNOFJNRcAQEuw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=aAWKgpxFQUSmgMzr3Zucbw&google_push=AYg5qPKbCVBmluU4afOOyYDI1qzZ_5J8Y4LIc_h_8VSLyjFympD99kOS0zGM6qPB8HFQEM1D_invuOxgrgoXVZfNOFJNRcAQEuw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=aAWKgpxFQUSmgMzr3Zucbw&google_push=AYg5qPKbCVBmluU4afOOyYDI1qzZ_5J8Y4LIc_h_8VSLyjFympD99kOS0zGM6qPB8HFQEM1D_invuOxgrgoXVZfNOFJNRcAQEuw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=aAWKgpxFQUSmgMzr3Zucbw&google_push=AYg5qPKbCVBmluU4afOOyYDI1qzZ_5J8Y4LIc_h_8VSLyjFympD99kOS0zGM6qPB8HFQEM1D_invuOxgrgoXVZfNOFJNRcAQEuw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=aAWKgpxFQUSmgMzr3Zucbw&google_push=AYg5qPKbCVBmluU4afOOyYDI1qzZ_5J8Y4LIc_h_8VSLyjFympD99kOS0zGM6qPB8HFQEM1D_invuOxgrgoXVZfNOFJNRcAQEuw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=aAWKgpxFQUSmgMzr3Zucbw&google_push=AYg5qPKbCVBmluU4afOOyYDI1qzZ_5J8Y4LIc_h_8VSLyjFympD99kOS0zGM6qPB8HFQEM1D_invuOxgrgoXVZfNOFJNRcAQEuw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=aAWKgpxFQUSmgMzr3Zucbw&google_push=AYg5qPKbCVBmluU4afOOyYDI1qzZ_5J8Y4LIc_h_8VSLyjFympD99kOS0zGM6qPB8HFQEM1D_invuOxgrgoXVZfNOFJNRcAQEuw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=aAWKgpxFQUSmgMzr3Zucbw&google_push=AYg5qPKbCVBmluU4afOOyYDI1qzZ_5J8Y4LIc_h_8VSLyjFympD99kOS0zGM6qPB8HFQEM1D_invuOxgrgoXVZfNOFJNRcAQEuw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=aAWKgpxFQUSmgMzr3Zucbw&google_push=AYg5qPKbCVBmluU4afOOyYDI1qzZ_5J8Y4LIc_h_8VSLyjFympD99kOS0zGM6qPB8HFQEM1D_invuOxgrgoXVZfNOFJNRcAQEuw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=aAWKgpxFQUSmgMzr3Zucbw&google_push=AYg5qPKbCVBmluU4afOOyYDI1qzZ_5J8Y4LIc_h_8VSLyjFympD99kOS0zGM6qPB8HFQEM1D_invuOxgrgoXVZfNOFJNRcAQEuw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=aAWKgpxFQUSmgMzr3Zucbw&google_push=AYg5qPKbCVBmluU4afOOyYDI1qzZ_5J8Y4LIc_h_8VSLyjFympD99kOS0zGM6qPB8HFQEM1D_invuOxgrgoXVZfNOFJNRcAQEuw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=aAWKgpxFQUSmgMzr3Zucbw&google_push=AYg5qPKbCVBmluU4afOOyYDI1qzZ_5J8Y4LIc_h_8VSLyjFympD99kOS0zGM6qPB8HFQEM1D_invuOxgrgoXVZfNOFJNRcAQEuw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=aAWKgpxFQUSmgMzr3Zucbw&google_push=AYg5qPKbCVBmluU4afOOyYDI1qzZ_5J8Y4LIc_h_8VSLyjFympD99kOS0zGM6qPB8HFQEM1D_invuOxgrgoXVZfNOFJNRcAQEuw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=aAWKgpxFQUSmgMzr3Zucbw&google_push=AYg5qPKbCVBmluU4afOOyYDI1qzZ_5J8Y4LIc_h_8VSLyjFympD99kOS0zGM6qPB8HFQEM1D_invuOxgrgoXVZfNOFJNRcAQEuw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=aAWKgpxFQUSmgMzr3Zucbw&google_push=AYg5qPKbCVBmluU4afOOyYDI1qzZ_5J8Y4LIc_h_8VSLyjFympD99kOS0zGM6qPB8HFQEM1D_invuOxgrgoXVZfNOFJNRcAQEuw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=aAWKgpxFQUSmgMzr3Zucbw&google_push=AYg5qPKbCVBmluU4afOOyYDI1qzZ_5J8Y4LIc_h_8VSLyjFympD99kOS0zGM6qPB8HFQEM1D_invuOxgrgoXVZfNOFJNRcAQEuw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=aAWKgpxFQUSmgMzr3Zucbw&google_push=AYg5qPKbCVBmluU4afOOyYDI1qzZ_5J8Y4LIc_h_8VSLyjFympD99kOS0zGM6qPB8HFQEM1D_invuOxgrgoXVZfNOFJNRcAQEuw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=aAWKgpxFQUSmgMzr3Zucbw&google_push=AYg5qPKbCVBmluU4afOOyYDI1qzZ_5J8Y4LIc_h_8VSLyjFympD99kOS0zGM6qPB8HFQEM1D_invuOxgrgoXVZfNOFJNRcAQEuw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=aAWKgpxFQUSmgMzr3Zucbw&google_push=AYg5qPKbCVBmluU4afOOyYDI1qzZ_5J8Y4LIc_h_8VSLyjFympD99kOS0zGM6qPB8HFQEM1D_invuOxgrgoXVZfNOFJNRcAQEuw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=aAWKgpxFQUSmgMzr3Zucbw&google_push=AYg5qPKbCVBmluU4afOOyYDI1qzZ_5J8Y4LIc_h_8VSLyjFympD99kOS0zGM6qPB8HFQEM1D_invuOxgrgoXVZfNOFJNRcAQEuw

Request Chain 201

https://sync.1rx.io/usersync2/rmpssp?sub=google&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dr1%26google_push%3D%5BRX_SPD%5D%26google_hm%3D%5BRX_UUID_B64_BIN%5D&google_gid=CAESEKLOQXqblcR-nHSPkJgyuGw&google_cver=1&google_push=AYg5qPJiIfBAdJDxl9gKtNLLgk-Wal8ZMF7QC06RSuaSe__Q79J3PF1MjbvotIYF7aUUVf49Kez7nnG0l8IPlX2mkKHrAvdXuA HTTP 302
https://sync.1rx.io/usersync2/rmpssp?sub=google&zcc=1&google_push=AYg5qPJiIfBAdJDxl9gKtNLLgk-Wal8ZMF7QC06RSuaSe__Q79J3PF1MjbvotIYF7aUUVf49Kez7nnG0l8IPlX2mkKHrAvdXuA&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dr1%26google_push%3D%5BRX_SPD%5D%26google_hm%3D%5BRX_UUID_B64_BIN%5D&cb=1648835158253 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=r1&google_push=AYg5qPJiIfBAdJDxl9gKtNLLgk-Wal8ZMF7QC06RSuaSe__Q79J3PF1MjbvotIYF7aUUVf49Kez7nnG0l8IPlX2mkKHrAvdXuA&google_hm=

Request Chain 205

https://hal900023.redintelligence.net/request.php?zone=g72h7lz2c4az&nw=20&renderingType=javascript&namespace=fb947f86d4&subid=&uid=be6a56783d1d96ca&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCzVaYVDpHYtvpHYGgrATskb1opuW9oGmFlZynyQ_wLhABIPLTuXtgleKQgqAHyAEJqQJMNW9L_IeyPqgDAaoE4QFP0M2L4lglhxxWX4lW7aH9WVxrroH6QJqMlzQ31urZBtl9mGx7CZm_Gbavc2SkyLH4fHrMIghjKt-9xWUNGq-yN7wgkM1AHOSTCgsQZ0tzNVL83dcfUIvMdv7haq52lV3zECvz2o6W88dHdegWLUuEMJC-5sLzI3oaFAD0NtBJeuxR2sA2qTQGQ0JeZDRX84j-2e8f6cc7Mzs9gZlxOVmwS6apSX5S9Sl_1LtAUIDtwbK8JzwoYlCtOuMywim_lyeb1EoqSWOTp49R-yqvyJsMBtZ80XUK3iaXVGa9_95OKtHABOuP_I73A-AEA5AGAaAGTYAHrK31nwOoB47OG6gHk9gbqAfulrECqAf-nrECqAeko7ECqAfVyRuoB6a-G6gH89EbqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAkIiOGAEBABGB2ACgOYCwHICwGADAGwE4-10Q7QEwDYEwPYFAHQFQH4FgGAFwE%26ae%3D1%26num%3D1%26cid%3DCAASKORoshToJaNsu0PR_Dr7HgI2SvV6B0fg5LVs1fnYPQgv1xvYVNmoAEQ%26sig%3DAOD64_22tUbQruY9KaUkJq_qIvXjAeBqMA%26client%3Dca-pub-5413329544040947%26dbm_c%3DAKAmf-CJO5L8t2iGp7jnNPrcaQj497uxe_WoUaYkbwkaBwO4_ClsGY02GjcqrjZ4jXeem2xuLVBFJreXNPmt_t7CQm7JGfU_F4UIwajqH6p9Rqux7niik6bSyLMLPyaJzQUHLdY5g8kj-26HF8ZBmk53zanH2po3fg%26cry%3D1%26dbm_d%3DAKAmf-D1aHWHFStn6NP8G-cAjOuS_5flFCd6-9NMk7Ddyp87_xTcbVeYNJkhdbv779L9dVD0y7vjLfvl2mpmiYntHpS9vPl54RWK1f2t2px3a5RTwxE4XK9pvYfWeeT3NUnyN7gjGNZWvyp_FWImxN4RAJhWXmlDxs71JUVfUj8hxWHv7orRuJ6iGFSR2IZVqMNSo-p_7WyguZ-Y1VDNCL1XVOdfan6GEyvNM6Dlg4yT9NKr7CcvXvN_Eo6u3ZphsdzRPmLrkLZYtYBtrmjw9VwfAOHbhKAUjyxbmzhmuKB5Yl9L4KzaaFe_n4fVk9-F3_wL3CHDJpW4d1HEdyMxrRwCeuJbHtXWthM92UCZj0kF0VKBA7xKSJnZnXObLz83pggnXZ5G0bQQO1xrNKDJ6hsGP5VhYij6ovZCLd7K9sghM3cQG9uOFbu5wYKhdFy3ML0bfGVDdRuuo2fv0k0ql34_A-1DosH9-KECNJedK7pPaloaskcV088%26adurl%3D&documentReferer=https%3A%2F%2Fnets4.com%2F&ancestorOrigins=https%3A%2F%2Fnets4.com%2Chttps%3A%2F%2Fnets4.com&random=3004329418280&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0 HTTP 302
https://hal900023.redintelligence.net/request.php?zone=g72h7lz2c4az&nw=20&renderingType=javascript&namespace=fb947f86d4&subid=&uid=be6a56783d1d96ca&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCzVaYVDpHYtvpHYGgrATskb1opuW9oGmFlZynyQ_wLhABIPLTuXtgleKQgqAHyAEJqQJMNW9L_IeyPqgDAaoE4QFP0M2L4lglhxxWX4lW7aH9WVxrroH6QJqMlzQ31urZBtl9mGx7CZm_Gbavc2SkyLH4fHrMIghjKt-9xWUNGq-yN7wgkM1AHOSTCgsQZ0tzNVL83dcfUIvMdv7haq52lV3zECvz2o6W88dHdegWLUuEMJC-5sLzI3oaFAD0NtBJeuxR2sA2qTQGQ0JeZDRX84j-2e8f6cc7Mzs9gZlxOVmwS6apSX5S9Sl_1LtAUIDtwbK8JzwoYlCtOuMywim_lyeb1EoqSWOTp49R-yqvyJsMBtZ80XUK3iaXVGa9_95OKtHABOuP_I73A-AEA5AGAaAGTYAHrK31nwOoB47OG6gHk9gbqAfulrECqAf-nrECqAeko7ECqAfVyRuoB6a-G6gH89EbqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAkIiOGAEBABGB2ACgOYCwHICwGADAGwE4-10Q7QEwDYEwPYFAHQFQH4FgGAFwE%26ae%3D1%26num%3D1%26cid%3DCAASKORoshToJaNsu0PR_Dr7HgI2SvV6B0fg5LVs1fnYPQgv1xvYVNmoAEQ%26sig%3DAOD64_22tUbQruY9KaUkJq_qIvXjAeBqMA%26client%3Dca-pub-5413329544040947%26dbm_c%3DAKAmf-CJO5L8t2iGp7jnNPrcaQj497uxe_WoUaYkbwkaBwO4_ClsGY02GjcqrjZ4jXeem2xuLVBFJreXNPmt_t7CQm7JGfU_F4UIwajqH6p9Rqux7niik6bSyLMLPyaJzQUHLdY5g8kj-26HF8ZBmk53zanH2po3fg%26cry%3D1%26dbm_d%3DAKAmf-D1aHWHFStn6NP8G-cAjOuS_5flFCd6-9NMk7Ddyp87_xTcbVeYNJkhdbv779L9dVD0y7vjLfvl2mpmiYntHpS9vPl54RWK1f2t2px3a5RTwxE4XK9pvYfWeeT3NUnyN7gjGNZWvyp_FWImxN4RAJhWXmlDxs71JUVfUj8hxWHv7orRuJ6iGFSR2IZVqMNSo-p_7WyguZ-Y1VDNCL1XVOdfan6GEyvNM6Dlg4yT9NKr7CcvXvN_Eo6u3ZphsdzRPmLrkLZYtYBtrmjw9VwfAOHbhKAUjyxbmzhmuKB5Yl9L4KzaaFe_n4fVk9-F3_wL3CHDJpW4d1HEdyMxrRwCeuJbHtXWthM92UCZj0kF0VKBA7xKSJnZnXObLz83pggnXZ5G0bQQO1xrNKDJ6hsGP5VhYij6ovZCLd7K9sghM3cQG9uOFbu5wYKhdFy3ML0bfGVDdRuuo2fv0k0ql34_A-1DosH9-KECNJedK7pPaloaskcV088%26adurl%3D&documentReferer=https%3A%2F%2Fnets4.com%2F&ancestorOrigins=https%3A%2F%2Fnets4.com%2Chttps%3A%2F%2Fnets4.com&random=3004329418280&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1

Request Chain 208

https://a.tribalfusion.com/i.match?p=b6&u=CAESEHqiVvrmscUXc2OeQMkvBok&google_cver=1&google_push=AYg5qPJGcckxbl8oRypUDjyb7E05QXjCzipFSY3mX0hUhE_wtBnwSQmu3GF307Ra3Zv05gPTnUKf-2XPtkzhUdzaNP2rPCB_O8Ab&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAYg5qPJGcckxbl8oRypUDjyb7E05QXjCzipFSY3mX0hUhE_wtBnwSQmu3GF307Ra3Zv05gPTnUKf-2XPtkzhUdzaNP2rPCB_O8Ab%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24 HTTP 302
https://s.tribalfusion.com/z/i.match?p=b6&u=CAESEHqiVvrmscUXc2OeQMkvBok&google_cver=1&google_push=AYg5qPJGcckxbl8oRypUDjyb7E05QXjCzipFSY3mX0hUhE_wtBnwSQmu3GF307Ra3Zv05gPTnUKf-2XPtkzhUdzaNP2rPCB_O8Ab&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAYg5qPJGcckxbl8oRypUDjyb7E05QXjCzipFSY3mX0hUhE_wtBnwSQmu3GF307Ra3Zv05gPTnUKf-2XPtkzhUdzaNP2rPCB_O8Ab%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24

Request Chain 209

https://um.simpli.fi/gp_match?google_gid=CAESELsTFJ3Z8fLHOW08WF1-KrU&google_cver=1&google_push=AYg5qPJIASv9pUBH57xemHO83yRU4C5WFjQImCC-yzyMAltT1-mF7xJjMCaLzWaIDLALON8BGWyNHX5gMZH_GeE59jkH82YVA9U_ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=1C61582BE2764616972C109DAF982F13&google_push=AYg5qPJIASv9pUBH57xemHO83yRU4C5WFjQImCC-yzyMAltT1-mF7xJjMCaLzWaIDLALON8BGWyNHX5gMZH_GeE59jkH82YVA9U_

Request Chain 211

https://x.bidswitch.net/sync?ssp=google&google_gid=CAESEOiHsTL00QDzqLRyAaMr05E&google_cver=1&google_push=AYg5qPIa1vUSaWt1IXlLXF6CseVSxqs8a8Wy8j5TNcmUK69bZnyKp451ngvR8L7Pbvqgg-mi5p-ygRPOwMJ73xtUN_9JB1Z_sSg HTTP 302
https://x.bidswitch.net/ul_cb/sync?ssp=google&google_gid=CAESEOiHsTL00QDzqLRyAaMr05E&google_cver=1&google_push=AYg5qPIa1vUSaWt1IXlLXF6CseVSxqs8a8Wy8j5TNcmUK69bZnyKp451ngvR8L7Pbvqgg-mi5p-ygRPOwMJ73xtUN_9JB1Z_sSg HTTP 302
https://pool.admedo.com/sync?ssp=bidswitch&bidswitch_ssp_id=google&bsw_custom_parameter=e75e67cc-9573-48cc-998a-b036165251fd HTTP 302
https://pool.admedo.com/ul_cb/sync?ssp=bidswitch&bidswitch_ssp_id=google&bsw_custom_parameter=e75e67cc-9573-48cc-998a-b036165251fd HTTP 302
https://x.bidswitch.net/sync?dsp_id=23&expires=14&user_id=4be4a0f6-db11-4591-9f9e-b3348011002e&user_group=1&ssp=google&bsw_param=e75e67cc-9573-48cc-998a-b036165251fd HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=bdsw&google_push=AYg5qPIa1vUSaWt1IXlLXF6CseVSxqs8a8Wy8j5TNcmUK69bZnyKp451ngvR8L7Pbvqgg-mi5p-ygRPOwMJ73xtUN_9JB1Z_sSg&google_hm=515nzJVzSMyZirA2FlJR_Q==

Request Chain 229

https://pv.medialead.de/trck/epv/e99aace94e6e5873830a7df8deda4aa6?subid=55647300209773804444550011916023&t=htlp HTTP 302
https://pb.media01.eu/view.aspx?trackid=529D4F146E3238B0FD87AE72E1190AD4&dt_subid1=52180&dt_subid2=55647300209773804444550011916023&actionid=981741&produktid=&dt_url=

Request Chain 230

https://www.awin1.com/cshow.php?s=2661283&v=11524&q=391598&r=296283&pref1=55647300209773804444550011916023&pv=1 HTTP 302
https://trf.greatviews.de/cl?m315=c&q=nyVlHJ2acuRY7q9fsD728kyQ HTTP 302
https://singles.parship.de/lp/v00/6/U/htlp/index2.html?pscode=01_100_60078_1026_0001_0001_empty_AF00ID_GV1648835157.5503284.965323d8-b1e3-11ec-92b4-00155d255900ID

Request Chain 232

https://pv.medialead.de/trck/eview/e99aace94e6e5873830a7df8deda4aa6?subid=55647300209773804444550011916023 HTTP 302
https://ad-server.eu/wm/pb/native.png

254 HTTP transactions
5 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request 1800victims.org Show response
nets4.com/domain/ 47 KB
12 KB 616ms
567ms Document
text/html 2a06:98c1:3121::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://nets4.com/domain/1800victims.org
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3121::7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 123fd85b583d1b5491a997e0d3432f3a311b5d7316a1b03dfd13dafeff234eba

Request headers

Accept-Language: de-DE,de;q=0.9
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control: public, max-age=86400, proxy-revalidate
cf-cache-status: MISS
cf-ray: 6f53241e394b5caa-FRA
content-encoding: br
content-type: text/html; charset=UTF-8
date: Fri, 01 Apr 2022 17:45:54 GMT
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
last-modified: Fri, 01 Apr 2022 17:45:54 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9LYCPFERcRKyxGs2CWIWI8ySB7zKJjlbkyE0ZNiZz7Iu1eyvo44xBg17xOXqlbsxvCMWK7%2FdXUIuAE7RIs1MGXdXYLH0zlPAqw86%2FuQwFdJ%2BIJrcWLBAwRuTt5M802ENGDN%2F11bUvps%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding

GET
H2 200 awkqrI1qzYcE0gTfW6uXyLl_1bA.js Show response
nets4.com/cdn-cgi/apps/head/ 7 KB
3 KB 29ms
28ms Script
application/javascript 2a06:98c1:3121::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://nets4.com/cdn-cgi/apps/head/awkqrI1qzYcE0gTfW6uXyLl_1bA.js
Requested by: Host: nets4.com
URL: https://nets4.com/domain/1800victims.org
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3121::7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f70751d4b3f5d5c9f208ea16e8cbcac3c6abf1bda80357da3fcd21dde4333449

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/domain/1800victims.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Fri, 01 Apr 2022 17:45:54 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 7467006
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: 07K7R0E8EZNWXT79
x-amz-id-2: OMUg+mT+hOG19680g7fOd55T/KCYRnANxr5FzhTlCPRIxj4G18VfrEGY5SzocIg08tKdfo3u4bs=
last-modified: Fri, 10 Dec 2021 11:06:12 GMT
server: cloudflare
etag: W/"e951628ea64bbeadb19c6d855ca98c7a"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IAGAyULQhPpCGk1v2jCAtyHBqHlviDxV%2B1Gw6hGsUc%2Br8KuijJEOWDXJgGUCWaRgOqkBxPGhMYUtgVz2bSjdYiSP2PLC5wV8fMT5rrGnWpI2liBnCYR709KL3fwsSTFLJucRqvLFM5U%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: public, max-age=31536000
x-amz-version-id: 7KspX51u1Msx7FcOmJWweyW7FbGqzJNg
cf-ray: 6f532421ffae5caa-FRA

GET
H2 200 bootstrap.min.css
cdnjs.cloudflare.com/ajax/libs/bootstrap/4.5.3/css/ 157 KB
18 KB 54ms
22ms Stylesheet
text/css 2606:4700::6810:125e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/bootstrap/4.5.3/css/bootstrap.min.css

Requested by

Host: nets4.com
URL: https://nets4.com/domain/1800victims.org

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:125e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f77c0d1739b618edc4a01ca3f6b2990b01a3009030af49ee8cf68e83052df194

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Fri, 01 Apr 2022 17:45:54 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 1288661
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 17620
timing-allow-origin: *
last-modified: Tue, 20 Jul 2021 01:00:47 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "60f6203f-44d4"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DgiPyOQpS%2BC28qpxWJR5VaEWImmdK%2FwETa3k8lC2Vx4EPQ6UODXd57XCsMLHWZsTtKQjCALE58pX%2BDPf78OkASYXV%2FGW3P667oqUUl8CcspS2P46Kvh0Lkkd4s1xLV7wSi8Tsx9cyhTfGPTFrEmPYgsK"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 6f5324222a599bee-FRA
expires: Wed, 22 Mar 2023 17:45:54 GMT

GET
H2 200 all.min.css
cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.4/css/ 58 KB
11 KB 59ms
27ms Stylesheet
text/css 2606:4700::6810:125e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.4/css/all.min.css

Requested by

Host: nets4.com
URL: https://nets4.com/domain/1800victims.org

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:125e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

99464ceb71bc9bbdcc72275faefe44f98eb5cbb6b5d8ee665b87b35376f1a96e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Fri, 01 Apr 2022 17:45:54 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 2741269
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 10462
timing-allow-origin: *
last-modified: Mon, 13 Sep 2021 19:10:03 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "613fa20b-28de"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HlJwzyanGOhR%2B7u0TEAoXejLUq%2BUHdnseIpsf9ez5IIQS9XcJ0HIvzqBmg9ZWq%2B5o6uuxm4g906IzQfPJIxz%2BtvkKKZArCb6TTkQMq1ykOy8tHJcyke41PdyQt1vcLM1%2BOH6Ys%2B0QguB4BzOz%2FCo04v%2B"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 6f5324222a5a9bee-FRA
expires: Wed, 22 Mar 2023 17:45:54 GMT

GET
H2 200 style.css
nets4.com/assets/css/ 345 B
568 B 44ms
44ms Stylesheet
text/css 2a06:98c1:3121::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://nets4.com/assets/css/style.css
Requested by: Host: nets4.com
URL: https://nets4.com/domain/1800victims.org
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3121::7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f0f382f3320ade05dd14f969ff7dd9d894c6a6571165ab6d7fcdade2f4836dfc

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/domain/1800victims.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Fri, 01 Apr 2022 17:45:54 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 5143
cf-polished: origSize=451
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Mon, 01 Nov 2021 12:55:19 GMT
server: cloudflare
etag: W/"617fe3b7-1c3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pKRfx0LK0NmZrLPzS1fFgqal8uKXkFISljDkI68%2BKyZD88BooMdiwdU4VoKd35G3NrUCwpX7DYYdA4iRHP27lXbwph3c16LE33R1VlohcLL%2BwYOS%2BRq%2Fjc493gG6CnLoEO%2Bo9SEbw2s%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cf-ray: 6f532421ffb25caa-FRA
cf-bgj: minify

GET
H3 200 invisible.js Show response
nets4.com/cdn-cgi/challenge-platform/h/b/scripts/ 46 KB
17 KB 31ms
30ms Script
text/javascript 2a06:98c1:3121::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://nets4.com/cdn-cgi/challenge-platform/h/b/scripts/invisible.js?ts=1648832400
Requested by: Host: nets4.com
URL: https://nets4.com/domain/1800victims.org
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3121::7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a83f80598d727c5285825719cade774c09bf9f613c79f36c87d719ed27630313

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/domain/1800victims.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Fri, 01 Apr 2022 17:45:54 GMT
content-encoding: br
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CvwSlS0U%2BNLeQl%2Ft9plHkFCe%2Fj%2FfB8LBN9wvbskk%2BmMn%2FUdX7vEInuz4P2elQF2pmpPnVeeC7QTpN5QrK50NCwQZoakLFVdlvIJu9zIfgyWbB%2BcgqiIgUrB8Y6iQp6b7%2FNzFlAmQVIE%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/javascript
cache-control: max-age=604800, public
x-control-type-options: nosniff
cf-ray: 6f532422580692b7-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 Th69y9F.png
img.nets4.com/img/i.imgur.com/ 3 KB
4 KB 59ms
48ms Image
image/gif 2a06:98c1:3121::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://img.nets4.com/img/i.imgur.com/Th69y9F.png?w=120&h=20&f=auto

Requested by

Host: nets4.com
URL: https://nets4.com/domain/1800victims.org

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a06:98c1:3121::7 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

704f6f54ae77cd5ea0a0bf47ebb70727a9bd76a311d7e54788ad3dc79b366739

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Fri, 01 Apr 2022 17:45:54 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 4373777
cf-ray: 6f532422689a5caa-FRA
x-cache: MISS
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 3395
x-served-by: cache-sea4474-SEA
server: cloudflare
etag: W/"6df89d86deba278d112332afb4bb100b1a6165842a7fdb7f78a5a70c7c7218aa"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IFbvRRwZ2zxynD9fcqaUeHSM3AQHXcoYR9knXsBbkbSgeVopwqh1JsNYtOQIePFzI8Q1R4C6bFZ4zvApXUCkt0pATYqm9u5gFRXQQI%2BXWWzcHNowE%2FJpUPcqb%2BPO6V8SvIi3i0WfHPNdt1Te"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
access-control-allow-origin: *
vary: Accept, Accept-Encoding
cache-control: public, max-age=31536000, immutable
accept-ranges: bytes
timing-allow-origin: *
link: <https://img.nets4.com/image/Th69y9F.png>; rel="canonical"
access-control-expose-headers: *

GET
H2 200 58T3Wrl.png
img.nets4.com/img/i.imgur.com/ 1 KB
2 KB 60ms
49ms Image
image/gif 2a06:98c1:3121::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://img.nets4.com/img/i.imgur.com/58T3Wrl.png?w=20h=20&f=auto

Requested by

Host: nets4.com
URL: https://nets4.com/domain/1800victims.org

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a06:98c1:3121::7 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2255ec4c3254a41b448889224b2cc5c32f8d6f8a6165d3c58aa6523f86c0957c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Fri, 01 Apr 2022 17:45:54 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 3080287
cf-ray: 6f53242268995caa-FRA
x-cache: MISS
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 1117
x-served-by: cache-sea4474-SEA
server: cloudflare
etag: W/"86d32e1b83f7c87590ac6aad5f278dca67bb9675a7a7869ed47749c6cf91763d"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JrjwQxclbysT%2BhBt7JDCP%2BWt4jxSdk9uVW5%2FGAsUJMf9QaoWNXQ%2FHrTu168I%2Fvtt8yMdEaMdiNWuauD0VgnRGsRIwUFzPtLmyS7eIGEkwXIiR1QYQA%2FdHNw0Ok9pK1FFTm5EErMWPeQ%2B%2B7Qr"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
access-control-allow-origin: *
vary: Accept, Accept-Encoding
cache-control: public, max-age=31536000, immutable
accept-ranges: bytes
timing-allow-origin: *
link: <https://img.nets4.com/image/58T3Wrl.png>; rel="canonical"
access-control-expose-headers: *

GET
H3 200 leaflet.min.css
cdnjs.cloudflare.com/ajax/libs/leaflet/1.7.1/ 10 KB
3 KB 45ms
27ms Stylesheet
text/css 2606:4700::6810:125e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/leaflet/1.7.1/leaflet.min.css

Requested by

Host: nets4.com
URL: https://nets4.com/domain/1800victims.org

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6810:125e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

722c5b95144aaf980dafacd36b1df0a3a0cff78962e8eee8f56e40c423f00b6f

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Referer: https://nets4.com/
Origin: https://nets4.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Fri, 01 Apr 2022 17:45:54 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 4919713
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 2153
timing-allow-origin: *
last-modified: Thu, 03 Sep 2020 12:27:33 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5f50e135-298f"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rox2KSRf2yjAd0R1GWI7ECB%2BkzAHiKjJsPSiYw2SLKSsGJz7FeuieKr4DILfmgUrqnRqTod8WLm4a3cS34q9Tbf4TmQgO0tVdsbaNpriQGbzrcki0eEsj0U%2FisiHZzRJjQyiieh%2FEJi2mnzpUzMHCKb7"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 6f532422692e9963-FRA
expires: Wed, 22 Mar 2023 17:45:54 GMT

GET
H3 200 rocket-loader.min.js Show response
nets4.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/ 12 KB
4 KB 20ms
20ms Script
application/javascript 2a06:98c1:3121::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://nets4.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Requested by

Host: nets4.com
URL: https://nets4.com/domain/1800victims.org

Protocol

Security

QUIC, , AES_128_GCM

Server

2a06:98c1:3121::7 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ccf00d1923b0131a10e0c6d26f95e5dee6ebf8621a27e83c5a2f68a2e0093142

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/domain/1800victims.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Fri, 01 Apr 2022 17:45:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 24 Mar 2022 11:29:35 GMT
server: cloudflare
etag: W/"623c561f-302c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-frame-options: DENY
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DZeS81KJgMTwN2X0wi9kHXrjFkGzQWfA54wojpfSiHUYDbvingHyVgs7KVwjaPzWWkbJ5fZilsgXl21liWCDZlMWrVCSxcDOj732ZBbLgTP12mJnxBire9G9XwkSBipW0WnGtIqQdtM%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=172800, public
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 6f5324225ff392b7-FRA
vary: Accept-Encoding
expires: Sun, 03 Apr 2022 17:45:54 GMT

GET
H2 200 Zc4iwuj.png
img.nets4.com/img/i.imgur.com/ 276 B
827 B 60ms
49ms Image
image/webp 2a06:98c1:3121::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://img.nets4.com/img/i.imgur.com/Zc4iwuj.png?w=15h=15&f=auto

Requested by

Host: nets4.com
URL: https://nets4.com/domain/1800victims.org

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a06:98c1:3121::7 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d4648625a5fae7230decf8abcad29c8ebee03c7a1b2a96a855b59afa3d79c72f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Fri, 01 Apr 2022 17:45:54 GMT
via: 1.1 varnish
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 13359166
cf-ray: 6f532422689e5caa-FRA
x-cache: HIT, MISS
x-cache-hits: 0
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 276
x-served-by: cache-sea4455-SEA, cache-fra19150-FRA
st-img-id: 68f950008bd130ec-SEA
server: cloudflare
x-timer: S1635475988.075430,VS0,VE331
etag: "stlyF3QRxIsyMBMOzqO7SdrLBA:7e9cf63ea9ef81cea66567607047245c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OoFfbqhuGu94xFtl69oBikiA5gMDmpTEkfbpEx4DOuDzMzk6wXlIi5SX%2F6OlW7XnBMvBbdAYvImgH2BTLUeAvwj1DtO0ZiKT1DuqUru73csA26AEIDeZeBeJcI4RQDyOlkr75UuEasxzQwE3"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
access-control-allow-origin: *
vary: Accept, Accept-Encoding
cache-control: public, max-age=31536000, immutable
accept-ranges: bytes
timing-allow-origin: *
link: <https://i.imgur.com/Zc4iwuj.png>; rel="canonical"
access-control-expose-headers: *

GET
H3 200 email-decode.min.js Show response
nets4.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/ 1 KB
1 KB 17ms
16ms Script
application/javascript 2a06:98c1:3121::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://nets4.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js

Requested by

Host: nets4.com
URL: https://nets4.com/domain/1800victims.org

Protocol

Security

QUIC, , AES_128_GCM

Server

2a06:98c1:3121::7 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/domain/1800victims.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Fri, 01 Apr 2022 17:45:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 24 Mar 2022 11:29:35 GMT
server: cloudflare
etag: W/"623c561f-4d7"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-frame-options: DENY
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BuuCmI4j2c7TfJraH0dkq3ERzjtvlYy4nISIQIGOzqz0Unf77Sf9gHHTGLzQIHtDmuWuQE3v2lQS9lEDlcuo0D4RojYflcMqmIHGEnCuVUsuA3ZgzxtM7KXUmlf5Ai03A11Qd4Bva8I%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=172800, public
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 6f532422580092b7-FRA
vary: Accept-Encoding
expires: Sun, 03 Apr 2022 17:45:54 GMT

GET
H2 200 W25b9ht.png
img.nets4.com/img/i.imgur.com/ 2 KB
2 KB 56ms
56ms Image
image/gif 2a06:98c1:3121::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://img.nets4.com/img/i.imgur.com/W25b9ht.png?w=40&h=40&f=auto

Requested by

Host: nets4.com
URL: https://nets4.com/domain/1800victims.org

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a06:98c1:3121::7 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

17a97981604a1fe56f8804e77655010e70cbfbbac2c66e03a303e876dfd72640

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Fri, 01 Apr 2022 17:45:54 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2790005
cf-ray: 6f53242288c05caa-FRA
x-cache: MISS
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 1574
x-served-by: cache-sea4438-SEA
server: cloudflare
etag: W/"74f823912b396fff2471f0918e1ae56696e6d198857eb0589e93307e557ccf4c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cDiCE7wlg7dQTf2yKfGIaW5T1RzUgaMDavhpAdzSZezTUICKy4fCdkGK9EpDw1LmPPU80D9xke4FWIPjm3RXlgTpZJAOlEJVuCZUYzEoD8v3RZPtFrS73Ci5EpUQqp2w004AfopNaE8ukw4G"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
access-control-allow-origin: *
vary: Accept, Accept-Encoding
cache-control: public, max-age=31536000, immutable
accept-ranges: bytes
timing-allow-origin: *
link: <https://img.nets4.com/image/W25b9ht.png>; rel="canonical"
access-control-expose-headers: *

GET
H3 200 jquery.min.js Show response
cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/ 87 KB
28 KB 45ms
29ms Script
application/javascript 2606:4700::6810:125e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/jquery.min.js

Requested by

Host: nets4.com
URL: https://nets4.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6810:125e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Referer: https://nets4.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36
Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

date: Fri, 01 Apr 2022 17:45:54 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 769607
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 27938
timing-allow-origin: *
last-modified: Tue, 02 Mar 2021 18:58:36 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "603e8adc-15d9d"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=AmVt3Bd7nqCOiJzcoaIJb5W5QqoBJlnSvEpEvCGIqGpWyYkcoJJJez5HXcjGZRlAClSr6qaU5sI53MOFxTBb1fshuN9ScJ4Y9wYveK%2FZHf68U6vMFjLL%2BeOIFQeKPePizQbLu%2B2rycm277sO23qZfBYy"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 6f532422ad2790c0-FRA
expires: Wed, 22 Mar 2023 17:45:54 GMT

GET
H3 200 popper.min.js Show response
cdnjs.cloudflare.com/ajax/libs/popper.js/2.10.0/umd/ 18 KB
7 KB 22ms
21ms Script
application/javascript 2606:4700::6810:125e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/popper.js/2.10.0/umd/popper.min.js

Requested by

Host: nets4.com
URL: https://nets4.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6810:125e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

691d4bd7b9b31f9ab1b1837e7d956e0e3041ef63c1ee0edee8ca6208a4234efd

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Referer: https://nets4.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36
Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

date: Fri, 01 Apr 2022 17:45:54 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 765963
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 6107
timing-allow-origin: *
last-modified: Thu, 02 Sep 2021 17:01:41 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "61310375-17db"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6nTRJpbfG6Qcq6rXI5yumtisaolGxPTexrtYyZHGSzDXFPh545%2B4B00Y5SXybqsGk4XjsEffIL5VFzVNtZRxMcqJPLN6k7rzym%2BSEbwjhAjyfFR6e8%2FxnFmFzQrOvbEGmOboqFVFRijuFFYn0yRJjqUV"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 6f5324231db290c0-FRA
expires: Wed, 22 Mar 2023 17:45:54 GMT

GET
H3 200 bootstrap.min.js Show response
cdnjs.cloudflare.com/ajax/libs/bootstrap/4.5.3/js/ 62 KB
13 KB 24ms
23ms Script
application/javascript 2606:4700::6810:125e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/bootstrap/4.5.3/js/bootstrap.min.js

Requested by

Host: nets4.com
URL: https://nets4.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6810:125e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d8968086f7509df34c3278563dab87399da4f9dcdfb419818e3a309eedc70b88

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Referer: https://nets4.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36
Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

date: Fri, 01 Apr 2022 17:45:54 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 2769568
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 13102
timing-allow-origin: *
last-modified: Tue, 20 Jul 2021 01:00:47 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "60f6203f-332e"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZBsAuQnJDsb5GAXzPJvl9S%2Bwu%2FlAl%2FSuT22Z%2BQ1HNb26bQc%2BZ9xMYhxn5eUA7xdxcXwl%2BAAp9AQ4coOe%2BWmIMlkGn6wSYcQubRhIu2YlfXJIpH4mt6ya23jaDpx3h8ECcWEYDtsOAihhx77mMtn9yaQF"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 6f5324234df090c0-FRA
expires: Wed, 22 Mar 2023 17:45:54 GMT

GET
H2 200 load.js Show response
cdn.purpleads.io/ 23 KB
7 KB 50ms
7ms Script
application/javascript 99.86.7.102
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.purpleads.io/load.js?publisherId=344ad2e45bc351c4ada152793585a015:8aed5d81ec539e8e6c45776fc6ee38d0aa92f5aeb356bf9114996f6476591916247996f56f76a9fe14770cd4806b54edb29d6938615ba1769d3b435fb1fcd83b
Requested by: Host: nets4.com
URL: https://nets4.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.86.7.102 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-7-102.fra6.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 1be3f8db7331dbe20847830fe8f0cd134175676ccd9d3db4ae6a00e21b7fb541

Request headers

Referer: https://nets4.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36
Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

date: Fri, 01 Apr 2022 09:26:23 GMT
content-encoding: gzip
last-modified: Thu, 24 Mar 2022 11:56:20 GMT
server: AmazonS3
age: 29972
etag: "49ae84e8390be6f705ad2d720112c923"
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 a56d6b55603697d6c44b19d4f907baaa.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA6-C1
accept-ranges: bytes
content-length: 6561
x-amz-cf-id: fJCui9EK0w8Y4HiUMjnSxEz-0K8cyIE7othW3kNIrVle-ZukXVebFw==

GET
H2 200 / Show response
api.purpleads.io/x/ 3 KB
2 KB 380ms
183ms Fetch
application/json 34.227.128.233
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://api.purpleads.io/x/?ts=1648835153859
Requested by: Host: cdn.purpleads.io
URL: https://cdn.purpleads.io/load.js?publisherId=344ad2e45bc351c4ada152793585a015:8aed5d81ec539e8e6c45776fc6ee38d0aa92f5aeb356bf9114996f6476591916247996f56f76a9fe14770cd4806b54edb29d6938615ba1769d3b435fb1fcd83b
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.227.128.233 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-227-128-233.compute-1.amazonaws.com
Software: /
Resource Hash: 7596910afe4e770f36a213491b9b17187556d579c8e8180455e59f1ec6a57ffe

Request headers

Accept-Language: de-DE,de;q=0.9
Authorization: Bearer 344ad2e45bc351c4ada152793585a015:8aed5d81ec539e8e6c45776fc6ee38d0aa92f5aeb356bf9114996f6476591916247996f56f76a9fe14770cd4806b54edb29d6938615ba1769d3b435fb1fcd83b
x-request-url: aHR0cHM6Ly9uZXRzNC5jb20vZG9tYWluLzE4MDB2aWN0aW1zLm9yZw==
Accept: application/json
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36
Content-Type: application/json
x-purpleads-version: 0.4.18

Response headers

date: Fri, 01 Apr 2022 17:45:55 GMT
content-encoding: gzip
etag: W/"ced-NmrAtD8+RXfNUb+2U0w8YhOFjng"
vary: Accept-Encoding
access-control-allow-methods: GET, PUT, POST, DELETE, HEAD, OPTIONS
content-type: application/json; charset=utf-8
access-control-allow-origin: https://nets4.com
access-control-allow-credentials: true
x-request-id: ff4790b4-37df-44b6-94e1-9da838a6840b

OPTIONS
H2 200 /
api.purpleads.io/x/ Frame 0
0 369ms
150ms Preflight 34.227.128.233
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://api.purpleads.io/x/?ts=1648835153859
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.227.128.233 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-227-128-233.compute-1.amazonaws.com
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: authorization,content-type,x-purpleads-version,x-request-url
Access-Control-Request-Method: GET
Origin: https://nets4.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: authorization,content-type,x-purpleads-version,x-request-url
access-control-allow-methods: GET, PUT, POST, DELETE, HEAD, OPTIONS
access-control-allow-origin: https://nets4.com
date: Fri, 01 Apr 2022 17:45:54 GMT
x-request-id: b389a047-b48b-4812-9da0-1c499a7e6bb9

GET
H3 200 1800victims.org
nets4.com/domain/ 15 B
0 32ms
32ms Fetch
application/json 2a06:98c1:3121::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://nets4.com/domain/1800victims.org
Requested by: Host: nets4.com
URL: https://nets4.com/domain/1800victims.org
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3121::7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Referer: https://nets4.com/domain/1800victims.org
ts-request-embed-key: 73fb860e-3f09-4693-9742-77d732bb5be8:f82e6ff0feef67bb4cad5a0436308435df3e62a5ca9b1a957c87fdb89361e94a
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 01 Apr 2022 17:45:54 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BWR36NNnWaCvBXB2oPYXRhBMBjyTRPFzpkin5dSOtJXrcrYh2aq3NBUvB%2BjIWtfgQ5VOs1gtui3RxheaYnWFON092mtui0v537BbovJrfkpFDtA6VvU64OuEPkx2KnOXa6ptlA4bP0Q%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/json; charset=UTF-8
cache-control: no-store
cf-ray: 6f532423fb4392b7-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 15

GET
H3 200 leaflet.js Show response
cdnjs.cloudflare.com/ajax/libs/leaflet/1.7.1/ 139 KB
36 KB 22ms
21ms Script
application/javascript 2606:4700::6810:125e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/leaflet/1.7.1/leaflet.js

Requested by

Host: nets4.com
URL: https://nets4.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6810:125e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c837347a297c1a35852aa375392cc74950a2b868214e8b1909c4637b8b63ee24

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Referer: https://nets4.com/
Origin: https://nets4.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Fri, 01 Apr 2022 17:45:54 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 929895
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 35659
timing-allow-origin: *
last-modified: Thu, 03 Sep 2020 12:27:01 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5f50e115-22a75"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=By5h77ERscKqHiUgLoBaYTU7uTLEI%2F9KIMmcCLLwr6%2FU1vYaQIwx2srBLfbrkTE9Lnq5vqTjnq4mPRGijwRi7pIL9wbCgOyZQzkx3KvsTer8L8oOu2C0yhtwtHfhtuxNhx0d8zl2PN%2F%2BEu1IlQL9B9jS"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 6f532423fc679963-FRA
expires: Wed, 22 Mar 2023 17:45:54 GMT

GET
H2 200 agent.js Show response
cdn.purpleads.io/ 36 KB
11 KB 8ms
7ms Script
application/javascript 99.86.7.102
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.purpleads.io/agent.js?publisherId=344ad2e45bc351c4ada152793585a015:8aed5d81ec539e8e6c45776fc6ee38d0aa92f5aeb356bf9114996f6476591916247996f56f76a9fe14770cd4806b54edb29d6938615ba1769d3b435fb1fcd83b
Requested by: Host: nets4.com
URL: https://nets4.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.86.7.102 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-7-102.fra6.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: eef64f7a397e400b8f553622d72e44cfcfb2630f74b958fb561f0392a13ba48d

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Fri, 01 Apr 2022 09:26:19 GMT
content-encoding: gzip
last-modified: Wed, 30 Mar 2022 09:26:13 GMT
server: AmazonS3
age: 29976
etag: "459fced820cea712f76c27f56f23821c"
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 a56d6b55603697d6c44b19d4f907baaa.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA6-C1
accept-ranges: bytes
content-length: 10804
x-amz-cf-id: aYHNsoUSIgpuYd-CpUHjKouCrj4tFF7inwkFhE5Q3GSbCFe-ffHILA==

GET
H3 200 sharebutton.js Show response
nets4.com/assets/js/ 80 KB
28 KB 48ms
48ms Script
application/javascript 2a06:98c1:3121::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://nets4.com/assets/js/sharebutton.js
Requested by: Host: nets4.com
URL: https://nets4.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3121::7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 21af66f64bb18b1159ee363a933d5630e27419c83915d4d5ef42d8154f3921da

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/domain/1800victims.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Fri, 01 Apr 2022 17:45:54 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 83
cf-polished: origSize=120806
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Sat, 03 Jul 2021 07:08:27 GMT
server: cloudflare
etag: W/"60e00ceb-1d7e6"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xM8qwAfgxLr7SiQVVzyNlSgFymx42N7dJFJkhjOjRCFoqctUNp8a%2FL9w2tvkfHaJyvlnegLf4%2BJ32lyIC9Jo8Nt1U8zymbjfES%2F%2B2IrvyBIJNK3r61c42Bj%2BUTMBnft%2Bs8kAvvQIKYw%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cf-ray: 6f532423fb5692b7-FRA
cf-bgj: minify

GET
H2 200 api.js Show response
www.google.com/recaptcha/ 850 B
969 B 181ms
67ms Script
text/javascript 2a00:1450:4001:830::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api.js

Requested by

Host: nets4.com
URL: https://nets4.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

e1afac4f639ccfd2a3176184d598ee162e4c2f66e56900e5897e9d821553f169

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Fri, 01 Apr 2022 17:45:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: GSE
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=300
cross-origin-resource-policy: cross-origin
content-security-policy: frame-ancestors 'self'
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 556
x-xss-protection: 1; mode=block
expires: Fri, 01 Apr 2022 17:45:54 GMT

GET
H2 200 beacon.min.js Show response
static.cloudflareinsights.com/ 14 KB
5 KB 79ms
45ms Script
text/javascript 2606:4700:440e::ac40:9c1a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://static.cloudflareinsights.com/beacon.min.js
Requested by: Host: nets4.com
URL: https://nets4.com/cdn-cgi/apps/head/awkqrI1qzYcE0gTfW6uXyLl_1bA.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:440e::ac40:9c1a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: fd0a1ac929c11b08e819fe4b0a18c5574012c44f09de8987c6be99a0f055a505

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Fri, 01 Apr 2022 17:45:54 GMT
content-encoding: gzip
last-modified: Thu, 09 Dec 2021 19:55:17 GMT
server: cloudflare
etag: W/2021.12.0
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
cf-ray: 6f5324243ad19b86-FRA

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 49 KB
20 KB 165ms
52ms Script
text/javascript 2a00:1450:4001:830::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: nets4.com
URL: https://nets4.com/domain/1800victims.org

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 02 Nov 2021 17:39:06 GMT
server: Golfe2
age: 6068
date: Fri, 01 Apr 2022 16:04:46 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20006
expires: Fri, 01 Apr 2022 18:04:46 GMT

GET
H3 200 s.js Show response
nets4.com/cdn-cgi/zaraz/ 4 KB
2 KB 91ms
91ms Script
text/javascript 2a06:98c1:3121::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://nets4.com/cdn-cgi/zaraz/s.js?z=JTdCJTIyZXhlY3V0ZWQlMjIlM0ElNUIlNUQlMkMlMjJ0cmFja3MlMjIlM0ElNUIlNUQlMkMlMjJ0JTIyJTNBJTIyMTgwMHZpY3RpbXMub3JnJTIwLSUyMCUyMFZpY3RpbSUyMG9mJTIwQ3JpbWUlMjBSZXNvdXJjZSUyMENlbnRlciUyMiUyQyUyMnclMjIlM0ExNjAwJTJDJTIyaCUyMiUzQTEyMDAlMkMlMjJqJTIyJTNBMTIwMCUyQyUyMmUlMjIlM0ExNjAwJTJDJTIybCUyMiUzQSUyMmh0dHBzJTNBJTJGJTJGbmV0czQuY29tJTJGZG9tYWluJTJGMTgwMHZpY3RpbXMub3JnJTIyJTJDJTIyciUyMiUzQSUyMiUyMiUyQyUyMmslMjIlM0EyNCUyQyUyMm4lMjIlM0ElMjJVVEYtOCUyMiUyQyUyMm8lMjIlM0EwJTdE
Requested by: Host: nets4.com
URL: https://nets4.com/domain/1800victims.org
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3121::7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d81da1c2333ea18b9649d21dd0dbb2a09141d43d18ef3e2eea1157f3e56d6277

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/domain/1800victims.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Fri, 01 Apr 2022 17:45:54 GMT
content-encoding: br
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin, Accept-Encoding
access-control-allow-methods: GET, HEAD, POST, OPTIONS
content-type: text/javascript
access-control-allow-origin: https://nets4.com
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UAI9HRmwlOaOw2UyJBEvztCiadrh2IzNMx4TABLUrMeFblAZIXxFZUJgpxs9hvuLC8SkZKQb09k5ZHxDuAE1%2Fqc8a25tMKOCgPS9VPg9FWYYLFqdzzYU0bS97CoM9Q4jqncyYBLs4WA%3D"}],"group":"cf-nel","max_age":604800}
access-control-max-age: 600
access-control-allow-credentials: true
cf-ray: 6f5324240b6792b7-FRA
access-control-allow-headers: Content-Type, Set-Cookie, Cache-Control
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H3 200 fa-brands-400.woff2
cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.4/webfonts/ 75 KB
76 KB 41ms
41ms Font
application/octet-stream 2606:4700::6810:125e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.4/webfonts/fa-brands-400.woff2

Requested by

Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.4/css/all.min.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6810:125e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

23cc8f32949c8b6960b1a4ca216ccaff2db4b769f6565bef2ee1fa954e072029

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Referer: https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.4/css/all.min.css
Origin: https://nets4.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Fri, 01 Apr 2022 17:45:54 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 691337
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 76736
timing-allow-origin: *
last-modified: Mon, 13 Sep 2021 19:10:03 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "613fa20b-12bc0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9M%2FkMPJeaKlYKkivcuB4CeDrqT8axDTTWkzXOqd5R7JctARicYFKJ5Y5jsMXUpE6pALzH9paXJKfEslg84iHZKSOXOXpkihP%2BVlxf1t3wRHALoxMpjYeLBom7oJQBnHQUZQSXf0Wj%2B%2FIk5VkBhHI26mV"}],"group":"cf-nel","max_age":604800}
content-type: application/octet-stream; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 6f5324240c919963-FRA
expires: Wed, 22 Mar 2023 17:45:54 GMT

GET
H3 200 fa-solid-900.woff2
cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.4/webfonts/ 76 KB
77 KB 25ms
25ms Font
application/octet-stream 2606:4700::6810:125e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.4/webfonts/fa-solid-900.woff2

Requested by

Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.4/css/all.min.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6810:125e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8f52ae059ebd18fcb45ca5d2f81ab410ade2b54e096aa1284fd4b2b97bf3ddc9

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Referer: https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.4/css/all.min.css
Origin: https://nets4.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Fri, 01 Apr 2022 17:45:54 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 774405
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 78268
timing-allow-origin: *
last-modified: Mon, 13 Sep 2021 19:10:03 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "613fa20b-131bc"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MO6LFcPpooNcBjSELZPMhozdNAOhy3mdtbDaD2Fsa0sK0nVZdjnv2RPOZe5RxNvmfRaKURmoR4mxeGCIzFht%2B2flSTumAv%2B9tVIiivR1T8wLgnhFQ1D04X8MdX%2F8Y8IbhAsMxhxO3qC6gSlElUe%2Fjgx2"}],"group":"cf-nel","max_age":604800}
content-type: application/octet-stream; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 6f5324240c9c9963-FRA
expires: Wed, 22 Mar 2023 17:45:54 GMT

GET
H2 200 1a84e98a-8af3-4e4b-a9a4-8e0e2e3a5afd.png
s0.nets4.com/s/ 41 KB
41 KB 2340ms
2328ms Image
image/webp 2a06:98c1:3121::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.nets4.com/s/1a84e98a-8af3-4e4b-a9a4-8e0e2e3a5afd.png?w=500

Requested by

Host: nets4.com
URL: https://nets4.com/domain/1800victims.org

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a06:98c1:3121::7 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

07fffee6209a2423e9530bebcc84330a0b5996a731d0aa5ee2b590e83442d70e

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Fri, 01 Apr 2022 17:45:56 GMT
access-control-allow-methods: GET, HEAD
x-content-type-options: nosniff
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
timing-allow-origin: *
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 41544
x-nc: MISS bur 3
last-modified: Fri, 01 Apr 2022 17:45:56 GMT
server: cloudflare
etag: "13ac0d3d191e8a6b"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Q6lMdNgl4vyQkpj5EtqnJM4wQzlFLr2EMLvsES0DpNYVJeTotMSVggpJo8oKCRaQqKdOYxF2533VV3aI%2FhA3d7mQtdVGPM3slGrRxRDDG7XIwy5r%2BY0xE6O0C4nS864a8vtpVgqJkf33S88%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=63115200
accept-ranges: bytes
cf-ray: 6f5324248bf85caa-FRA
link: <http://urlscan.io/screenshots/1a84e98a-8af3-4e4b-a9a4-8e0e2e3a5afd.png>; rel="canonical"
expires: Mon, 01 Apr 2024 05:45:56 GMT

GET
H3 200 1800victims.org
img.nets4.com/favs/ 1 KB
2 KB 497ms
497ms Image
image/png 2a06:98c1:3121::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://img.nets4.com/favs/1800victims.org?size=32

Requested by

Host: nets4.com
URL: https://nets4.com/domain/1800victims.org

Protocol

Security

QUIC, , AES_128_GCM

Server

2a06:98c1:3121::7 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d412d30f453a8fb532e64ba8a4fbfe1192c2f1befb941ad9f967c01a6d41fa5f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Fri, 01 Apr 2022 17:45:55 GMT
x-content-type-options: nosniff
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 1416
x-xss-protection: 1; mode=block
last-modified: Fri, 01 Apr 2022 17:45:55 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rlwtH%2BYGaOgzyLwo1e0zzZoUETe8fMGsk923FhzZYPswHmhse38aoQvkJpa2PP4Vd%2B5CeFbKT9sQs9j1lIe0GVZHSIscke%2BQFSA7L0GJ8wnICtcuQ9S6FkRhuilYgxUtVNhuejhw6iY1pMIz"}],"group":"cf-nel","max_age":604800}
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=691200
accept-ranges: bytes
cf-ray: 6f5324247c3b92b7-FRA

GET
H3 200 1800victims.org
img.nets4.com/favs/ 560 B
1 KB 1061ms
1060ms Image
image/png 2a06:98c1:3121::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://img.nets4.com/favs/1800victims.org?size=16

Requested by

Host: nets4.com
URL: https://nets4.com/domain/1800victims.org

Protocol

Security

QUIC, , AES_128_GCM

Server

2a06:98c1:3121::7 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4a456bdc98d8c25b11782b44b87ef09c99294eb99f1b29039213bc64687856fb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Fri, 01 Apr 2022 17:45:55 GMT
x-content-type-options: nosniff
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 560
x-xss-protection: 1; mode=block
last-modified: Fri, 01 Apr 2022 17:45:55 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BitaqY9upUjXpiKHKGkKwtpuqwHPcE6bpN3R1sSw0Pqahv2ZGYG%2FYsbP9ntyqZUNQ3auMu440EsGBBCJK5DlCZSdzxrsTpq45dhrs0N304AH4b7JXyyT5%2F6Sl3%2B9NrO%2BFGjRRNEEcVu7nwgi"}],"group":"cf-nel","max_age":604800}
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=691200
accept-ranges: bytes
cf-ray: 6f5324247c3e92b7-FRA

GET
H3 200 replay.io
img.nets4.com/favs/ 457 B
996 B 472ms
471ms Image
image/png 2a06:98c1:3121::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://img.nets4.com/favs/replay.io?size=16

Requested by

Host: nets4.com
URL: https://nets4.com/domain/1800victims.org

Protocol

Security

QUIC, , AES_128_GCM

Server

2a06:98c1:3121::7 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

66a8216773209cfb80f182bc2df47c23170cf0384d2463e1c81b00bfd89d6974

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Fri, 01 Apr 2022 17:45:55 GMT
x-content-type-options: nosniff
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 457
x-xss-protection: 1; mode=block
last-modified: Fri, 01 Apr 2022 17:45:55 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hRFqsviIiv7WJ%2BoSvhG8iLRPXsuZJGpy%2FoW%2B2bb894VG6CYleYrIXmkTDqIUxjZh9wLid3aM05Q0YBNIIR3390%2B6%2F0mvCIU4Mke6jKzJm%2BooSiilRTpMF%2BSAU%2BqdZz1Fd3%2BTSLTK9hphxoDH"}],"group":"cf-nel","max_age":604800}
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=691200
accept-ranges: bytes
cf-ray: 6f5324247c4092b7-FRA

GET
H3 200 prodirectory.in
img.nets4.com/favs/ 362 B
906 B 50ms
49ms Image
image/png 2a06:98c1:3121::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://img.nets4.com/favs/prodirectory.in?size=16

Requested by

Host: nets4.com
URL: https://nets4.com/domain/1800victims.org

Protocol

Security

QUIC, , AES_128_GCM

Server

2a06:98c1:3121::7 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9a5bea7686257a22c5575321d9a30ff3d5da5d6289ff2f391c749e70a17044b4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Fri, 01 Apr 2022 17:45:54 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 12734
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 362
x-xss-protection: 1; mode=block
last-modified: Fri, 01 Apr 2022 14:13:40 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=814tdMRPwOt5sZLRgHko%2F49hlzEkScukkV6ll%2F%2BooCNXKOlj%2F%2BmY%2FdXg5IauRn3puSLMWzJ8AlpSuf30sQNKr5EgrUK8EIjrDwShy%2BjoC2WC0cY1xdzj%2Fls38G%2BvEz1wtXlkwdYyzC%2B0d80r"}],"group":"cf-nel","max_age":604800}
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=691200
accept-ranges: bytes
cf-ray: 6f5324247c4292b7-FRA

GET
H3 200 pivalink.com
img.nets4.com/favs/ 365 B
897 B 52ms
51ms Image
image/png 2a06:98c1:3121::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://img.nets4.com/favs/pivalink.com?size=16

Requested by

Host: nets4.com
URL: https://nets4.com/domain/1800victims.org

Protocol

Security

QUIC, , AES_128_GCM

Server

2a06:98c1:3121::7 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d9395b4ee73c4b08fb63ed6fa26adc4ebfc369976b3246e9956543db5e788051

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Fri, 01 Apr 2022 17:45:54 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 18336
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 365
x-xss-protection: 1; mode=block
last-modified: Fri, 01 Apr 2022 12:40:18 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hGrlnHixFKlemi5jqPrs9NCy6mGVkgRX3BC%2BvK9qAdLi7nb8luixIvBrtLK2UBppK1jeccP6LsFlwntQPodhMC%2F6vcLlgzmdNdEbbUdz%2BoGcntbczkriuJoE4dETjr589CrgAr2Y3qS2O8wT"}],"group":"cf-nel","max_age":604800}
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=691200
accept-ranges: bytes
cf-ray: 6f5324247c4392b7-FRA

GET
H3 200 omniaretail.com
img.nets4.com/favs/ 689 B
1 KB 667ms
665ms Image
image/png 2a06:98c1:3121::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://img.nets4.com/favs/omniaretail.com?size=16

Requested by

Host: nets4.com
URL: https://nets4.com/domain/1800victims.org

Protocol

Security

QUIC, , AES_128_GCM

Server

2a06:98c1:3121::7 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a40d4bb1fce8297264703173c0bd6e2c6832b75966706e3a63d3df8917137033

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Fri, 01 Apr 2022 17:45:55 GMT
x-content-type-options: nosniff
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 689
x-xss-protection: 1; mode=block
last-modified: Fri, 01 Apr 2022 17:45:55 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rhZifkKsI9dHcX3RIaUH5bixvi2UvwyNimtyoairbeKzW1ZjhgVgtn%2FVRpNjWzqeHi8BI8v%2BpLMIp3GheaXZDwsQsAxZ7hnt1J%2FDqSC3NwN5hpMSRtV%2FT%2FrIIRsBWxnVRGwIMDj2RfFswvvS"}],"group":"cf-nel","max_age":604800}
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=691200
accept-ranges: bytes
cf-ray: 6f5324247c4592b7-FRA

GET
H3 200 braze.com
img.nets4.com/favs/ 441 B
973 B 489ms
488ms Image
image/png 2a06:98c1:3121::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://img.nets4.com/favs/braze.com?size=16

Requested by

Host: nets4.com
URL: https://nets4.com/domain/1800victims.org

Protocol

Security

QUIC, , AES_128_GCM

Server

2a06:98c1:3121::7 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

de9ad4639361cb38d4a8c55ac93a37069ea59315db11279439023d96fd2a8888

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Fri, 01 Apr 2022 17:45:55 GMT
x-content-type-options: nosniff
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 441
x-xss-protection: 1; mode=block
last-modified: Fri, 01 Apr 2022 17:45:55 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1Ifn1NmV0lomOy2yMYOXNxy%2B6sO04amyytfNoAym5qyYWEcBw0HJiO3EOrfPtcgaSG%2Be3x7mvYFF%2F%2F0lAZZnkbMQMj5vwFhEDLbGdx8QEt3g7iAVVqYocYIbC3QQEMqisWem%2F49yEGUDhzmG"}],"group":"cf-nel","max_age":604800}
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=691200
accept-ranges: bytes
cf-ray: 6f5324247c4692b7-FRA

GET
H3 200 rnvalves.com
img.nets4.com/favs/ 597 B
1 KB 505ms
503ms Image
image/png 2a06:98c1:3121::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://img.nets4.com/favs/rnvalves.com?size=16

Requested by

Host: nets4.com
URL: https://nets4.com/domain/1800victims.org

Protocol

Security

QUIC, , AES_128_GCM

Server

2a06:98c1:3121::7 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ca9f66e70b6831bdc1e064836f9ff385121c1f850149b2c7687a0f71f4eff7aa

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Fri, 01 Apr 2022 17:45:55 GMT
x-content-type-options: nosniff
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 597
x-xss-protection: 1; mode=block
last-modified: Fri, 01 Apr 2022 17:45:55 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FI3JpI827Y2cpOhQnbP9ow8SSKadtlxRTha7TOlL3pvv9v%2FK3z7wEj5f789zfK6ocCsF6D7EYH%2FJhpZPW8gKpP7yPhvWk0PGZncxg%2FGL3a8cF91JZJJ%2B0EPevynBSYdGNUubFV%2BhoxRQ7rWj"}],"group":"cf-nel","max_age":604800}
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=691200
accept-ranges: bytes
cf-ray: 6f5324247c4c92b7-FRA

GET
H2 200 backlinks-discovery-chart
s0.nets4.com/charts/ 32 KB
32 KB 1351ms
1341ms Image
image/png 2a06:98c1:3121::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.nets4.com/charts/backlinks-discovery-chart?d=1800victims.org&w=400&h=200&entries=12&ctype=2

Requested by

Host: nets4.com
URL: https://nets4.com/domain/1800victims.org

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a06:98c1:3121::7 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e09f7b1ddd74acb002ff33d9a41c22f2c29565d5fe344c17f426eb1aa6d48471

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://docs.google.com https://*.googleusercontent.com;
X-Content-Type-Options	nosniff
X-Frame-Options	ALLOW-FROM https://docs.google.com
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Fri, 01 Apr 2022 17:45:55 GMT
x-content-type-options: nosniff
cf-cache-status: BYPASS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-security-policy-report-only: default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' analytics.majesticseo.com analytics.majestic.com info.majestic.com https://www.googletagmanager.com www.google-analytics.com https://www.googleadservices.com/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://platform.twitter.com/;style-src 'self' 'unsafe-inline';img-src 'self' data: https:;font-src 'none';object-src 'none';media-src 'none';frame-src www.openstreetmap.org www.youtube.com https://www.google.com/recaptcha/ https://platform.twitter.com/ https://syndication.twitter.com/;child-src www.openstreetmap.org www.youtube.com https://www.google.com/recaptcha/ https://platform.twitter.com/ https://syndication.twitter.com/;frame-ancestors https://docs.google.com https://*.googleusercontent.com;report-uri /csp/report
content-disposition: filename=BacklinkHistoryChart.png
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 32299
x-xss-protection: 1; mode=block
server: cloudflare
x-frame-options: ALLOW-FROM https://docs.google.com
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Language, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wNT%2BlYD0RyOLWPMT%2FTEnR8OoQ9m3Y41Fnh1XQ8bX4x4QUZ5JjvjYqdj8FEq20sZgGftSAcXzqDN%2FIHdDTzbZ1oy89Mb5eoOp9wh7ixNLlMfwHHFsjD04ChosjqMG2U%2B4bQtrkCdsZfkMCy4%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=604800
content-security-policy: frame-ancestors https://docs.google.com https://*.googleusercontent.com;
accept-ranges: bytes
cf-ray: 6f5324248bfb5caa-FRA
expires: Fri, 08 Apr 2022 17:45:55 GMT

GET
H2 200 referring-domains-discovery
s0.nets4.com/charts/ 31 KB
33 KB 1160ms
1151ms Image
image/png 2a06:98c1:3121::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.nets4.com/charts/referring-domains-discovery?d=1800victims.org&w=400&h=200&entries=12&ctype=2

Requested by

Host: nets4.com
URL: https://nets4.com/domain/1800victims.org

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a06:98c1:3121::7 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

80a9466f65cf07ab855fe6f5e53a504d0a8f9110052eda1fecbec4f2ec0ab1bf

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://docs.google.com https://*.googleusercontent.com;
X-Content-Type-Options	nosniff
X-Frame-Options	ALLOW-FROM https://docs.google.com
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Fri, 01 Apr 2022 17:45:55 GMT
x-content-type-options: nosniff
cf-cache-status: BYPASS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-security-policy-report-only: default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' analytics.majesticseo.com analytics.majestic.com info.majestic.com https://www.googletagmanager.com www.google-analytics.com https://www.googleadservices.com/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://platform.twitter.com/;style-src 'self' 'unsafe-inline';img-src 'self' data: https:;font-src 'none';object-src 'none';media-src 'none';frame-src www.openstreetmap.org www.youtube.com https://www.google.com/recaptcha/ https://platform.twitter.com/ https://syndication.twitter.com/;child-src www.openstreetmap.org www.youtube.com https://www.google.com/recaptcha/ https://platform.twitter.com/ https://syndication.twitter.com/;frame-ancestors https://docs.google.com https://*.googleusercontent.com;report-uri /csp/report
content-disposition: filename=BacklinkHistoryChart.png
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 31958
x-xss-protection: 1; mode=block
server: cloudflare
x-frame-options: ALLOW-FROM https://docs.google.com
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Language, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=35rh%2Bg4Y3G4Iu1JgNL4bbn72%2FSqtqiMMDdyuEBuqFT1q78L%2BI5Ep8ODcYb%2BGNrljJ1xyrKfPBSlhvYBSpn%2BB42Zii7AEtiBsqZ8OoBljYQ6zZUAlEZwhSsKCx%2BCoaicdiZjfT92nKn8eP64%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=604800
content-security-policy: frame-ancestors https://docs.google.com https://*.googleusercontent.com;
accept-ranges: bytes
cf-ray: 6f5324248bfa5caa-FRA
expires: Fri, 08 Apr 2022 17:45:55 GMT

GET
H3 200 123serieshd.com
img.nets4.com/favs/ 70 B
599 B 472ms
470ms Image
image/png 2a06:98c1:3121::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://img.nets4.com/favs/123serieshd.com?size=16

Requested by

Host: nets4.com
URL: https://nets4.com/domain/1800victims.org

Protocol

Security

QUIC, , AES_128_GCM

Server

2a06:98c1:3121::7 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9681c0a0a13d8581f202bfaf62e53563ea6d0d6bd8e542b35b6d7c09b0e7b41b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Fri, 01 Apr 2022 17:45:55 GMT
x-content-type-options: nosniff
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 70
x-xss-protection: 1; mode=block
last-modified: Fri, 01 Apr 2022 17:45:55 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Jr3R0t%2BbJyQVzrIhgG3sMmy1pNOHxoW96UHwDoGHRtXSPbEqbiYES8dQa1egOhIclNZjnbjB0vHWQZP2R0eW4ZmVXB9FT1RJgkJ1wtp%2FeLJTzyu3ern%2BNYEMbYNsGTdNWHsbWRaTbTdGZ90O"}],"group":"cf-nel","max_age":604800}
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=691200
accept-ranges: bytes
cf-ray: 6f5324247c4e92b7-FRA

GET
H3 200 quitt.net
img.nets4.com/favs/ 584 B
1 KB 506ms
504ms Image
image/png 2a06:98c1:3121::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://img.nets4.com/favs/quitt.net?size=16

Requested by

Host: nets4.com
URL: https://nets4.com/domain/1800victims.org

Protocol

Security

QUIC, , AES_128_GCM

Server

2a06:98c1:3121::7 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

919493007387137186f9f926c00992060d64567cfbf6643fb27375bcd71279e5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Fri, 01 Apr 2022 17:45:55 GMT
x-content-type-options: nosniff
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 584
x-xss-protection: 1; mode=block
last-modified: Fri, 01 Apr 2022 17:45:55 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FBPaYC5LgZKwH7PYh0gp75beAbFlDmcSKrBKdTTJT40mFut8Wd0CN%2BGtgpBC%2FT2wd6z%2BbwSX8RFnXmum7yGbt0xZ0TvMxgaVHfJh2e24kIjxwOwewlnQKyLWH5GpicSDGN845QN6DYHqD%2FzK"}],"group":"cf-nel","max_age":604800}
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=691200
accept-ranges: bytes
cf-ray: 6f5324247c5092b7-FRA

GET
H3 200 prorab42.ru
img.nets4.com/favs/ 293 B
829 B 71ms
69ms Image
image/png 2a06:98c1:3121::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://img.nets4.com/favs/prorab42.ru?size=16

Requested by

Host: nets4.com
URL: https://nets4.com/domain/1800victims.org

Protocol

Security

QUIC, , AES_128_GCM

Server

2a06:98c1:3121::7 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

08c423d83d7e3c09954f177c0cb476cbec9c8060e801c3ffb4014524381bfc22

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Fri, 01 Apr 2022 17:45:54 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2476
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 293
x-xss-protection: 1; mode=block
last-modified: Fri, 01 Apr 2022 17:04:38 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=x3rdZvEUGBUWACDx1C90SS7qvWH2zF4k3unIIZfv9gZ%2BZnUGwUObUEih6lXzrjW0yF8SuxrBalM71I8u%2B36PNrxAAJ1NNwQZjU8CNDV6bTltJM2vwXbsM5HUahi7tEphvCYDmC%2BqJyr3TGBJ"}],"group":"cf-nel","max_age":604800}
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=691200
accept-ranges: bytes
cf-ray: 6f5324247c5192b7-FRA

GET
H3 200 siteentry.com
img.nets4.com/favs/ 515 B
1 KB 64ms
62ms Image
image/png 2a06:98c1:3121::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://img.nets4.com/favs/siteentry.com?size=16

Requested by

Host: nets4.com
URL: https://nets4.com/domain/1800victims.org

Protocol

Security

QUIC, , AES_128_GCM

Server

2a06:98c1:3121::7 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d42f0da740d00666c43a825cfa803e742c57786a8fd895ed0603c9d9cb55a686

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Fri, 01 Apr 2022 17:45:54 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 836
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 515
x-xss-protection: 1; mode=block
last-modified: Fri, 01 Apr 2022 17:31:58 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EvQy%2FKiTajxkZx%2FPpMK14ztYinMDlAQ9xMX1DzaeRr2JA1f3Mv972uiGZUmUo0gyAkVJuhVDjC%2B1cY%2BMDqjpP8iGCAX4Ys2uTqca5TozOFnp1Nqhb30Zg0b7i5oqRn1B1lsCSgosswluzcZQ"}],"group":"cf-nel","max_age":604800}
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=691200
accept-ranges: bytes
cf-ray: 6f5324247c5392b7-FRA

GET
H3 200 tpgps.in
img.nets4.com/favs/ 782 B
1 KB 59ms
57ms Image
image/png 2a06:98c1:3121::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://img.nets4.com/favs/tpgps.in?size=16

Requested by

Host: nets4.com
URL: https://nets4.com/domain/1800victims.org

Protocol

Security

QUIC, , AES_128_GCM

Server

2a06:98c1:3121::7 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

901df05a01f17cfd29e09df3934bf0f9360e7848d4c7f18fdbd2e4588656c032

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Fri, 01 Apr 2022 17:45:54 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 4498
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 782
x-xss-protection: 1; mode=block
last-modified: Fri, 01 Apr 2022 16:30:56 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=44Zkc3w7ZIwX1XPAFVN%2BiyKmlJxsLWe0rvb4jJi0Na0eyVVDczLPlG4PozmtWlXS1y6sY8AhE%2BwJVKK6y5KyHMvgYpL%2BnPDUeaKqTrWZP06Ol7G9ZSY8ghbrrA6ttyvF54RDOmm%2FhRsOXO6j"}],"group":"cf-nel","max_age":604800}
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=691200
accept-ranges: bytes
cf-ray: 6f5324247c5492b7-FRA

GET
H3 200 guvi.in
img.nets4.com/favs/ 581 B
1 KB 63ms
61ms Image
image/png 2a06:98c1:3121::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://img.nets4.com/favs/guvi.in?size=16

Requested by

Host: nets4.com
URL: https://nets4.com/domain/1800victims.org

Protocol

Security

QUIC, , AES_128_GCM

Server

2a06:98c1:3121::7 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9e11f4927e481cfd9b5d306bd524d016f8ca8d6a1dccdc9e195ae0665e400495

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Fri, 01 Apr 2022 17:45:54 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 4498
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 581
x-xss-protection: 1; mode=block
last-modified: Fri, 01 Apr 2022 16:30:56 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=A0ftLoDD04m3AA3aMGvlfP4yK5BsiPNotUPvDNlT0kYAw%2FVf8HbirpDgLmB41%2FELS8DzD6HmKuO75oVkoZubRPE7%2FA2l6S1TE15CfxwZdSkCTsYYHIwx6DQlh3W3yRGrJAwXJaWJ0%2FDiWD%2Fk"}],"group":"cf-nel","max_age":604800}
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=691200
accept-ranges: bytes
cf-ray: 6f5324247c5592b7-FRA

GET
H3 200 comyaz.com
img.nets4.com/favs/ 70 B
609 B 51ms
49ms Image
image/png 2a06:98c1:3121::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://img.nets4.com/favs/comyaz.com?size=16

Requested by

Host: nets4.com
URL: https://nets4.com/domain/1800victims.org

Protocol

Security

QUIC, , AES_128_GCM

Server

2a06:98c1:3121::7 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9681c0a0a13d8581f202bfaf62e53563ea6d0d6bd8e542b35b6d7c09b0e7b41b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Fri, 01 Apr 2022 17:45:54 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 836
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 70
x-xss-protection: 1; mode=block
last-modified: Fri, 01 Apr 2022 17:31:58 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=C3fmMe8WBmwUOjmxGN%2FON08WgULUUGA1K%2BIgisY%2FZE6PR43VVbYSBa4r%2BAv6FlCcDEc9BV5hYSOGyporUd%2FvmSffy2ZQNlT68HnuZEoxD1xDtvpSfLa%2F%2BsfxWGwYhjeHswMehNWDnIdFFAHr"}],"group":"cf-nel","max_age":604800}
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=691200
accept-ranges: bytes
cf-ray: 6f5324247c5892b7-FRA

GET
H3 200 9anime.to
img.nets4.com/favs/ 242 B
783 B 56ms
55ms Image
image/png 2a06:98c1:3121::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://img.nets4.com/favs/9anime.to?size=16

Requested by

Host: nets4.com
URL: https://nets4.com/domain/1800victims.org

Protocol

Security

QUIC, , AES_128_GCM

Server

2a06:98c1:3121::7 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

50fb88e3a2d413c5c0a0294b71e0da34829b2ec9444ba55af7e1d6935a4029a3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Fri, 01 Apr 2022 17:45:54 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 588465
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 242
x-xss-protection: 1; mode=block
last-modified: Fri, 25 Mar 2022 22:18:09 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Drus%2BZg4G%2FKq59piGUpn57qKK%2B1ixOt6P%2BLT0YN7iMVcrFrw82Qsy74bBx6LH%2B0sRUOmLLFxabXJM%2BZTR6L3PxlAz1TMkOI22%2FzzZgOhYi5SpH%2FF5nmejIV4r4iAWknH2TeZWahq3Acm8DWt"}],"group":"cf-nel","max_age":604800}
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=691200
accept-ranges: bytes
cf-ray: 6f5324247c5a92b7-FRA

GET
H3 200 9anime.me
img.nets4.com/favs/ 242 B
783 B 64ms
62ms Image
image/png 2a06:98c1:3121::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://img.nets4.com/favs/9anime.me?size=16

Requested by

Host: nets4.com
URL: https://nets4.com/domain/1800victims.org

Protocol

Security

QUIC, , AES_128_GCM

Server

2a06:98c1:3121::7 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

50fb88e3a2d413c5c0a0294b71e0da34829b2ec9444ba55af7e1d6935a4029a3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Fri, 01 Apr 2022 17:45:54 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 106757
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 242
x-xss-protection: 1; mode=block
last-modified: Thu, 31 Mar 2022 12:06:37 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JxCHw8NEFc2L7Rmy2qElTA1wAa0QqaWJ%2FqYm8E%2FHHa4lzt%2BjC60%2F1qgULZZcQE9N0caGrVQCZfxeuYN05Fjy2hPH7aE1EHa8ue%2Fu%2B%2BMm2GBc8x%2BCCUHubRPLSiZoEWn3boI7UAa9X8BvV1pD"}],"group":"cf-nel","max_age":604800}
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=691200
accept-ranges: bytes
cf-ray: 6f5324247c5c92b7-FRA

GET
H2 200 550j6zn5gn Show response
www.clarity.ms/tag/ 680 B
1 KB 254ms
138ms Script
application/x-javascript 2620:1ec:27::cafe:1377
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.clarity.ms/tag/550j6zn5gn
Requested by: Host: nets4.com
URL: https://nets4.com/domain/1800victims.org
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:27::cafe:1377 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: / ASP.NET
Resource Hash: 061a44d5b966e21229ea3df4730c26673edeada2a3da5da55062e7d720f378b1

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Fri, 01 Apr 2022 17:45:54 GMT
x-powered-by: ASP.NET
x-azure-ref: 0UjpHYgAAAABRf6DVw5XwRqRaYUB567rvSEVMMDFFREdFMDYyMQA2Y2ZiZWVlMC01MDI3LTQ4NGItODk2Ny00YTI5YWY3N2YxZTE=
x-cache: CONFIG_NOCACHE
content-type: application/x-javascript
expires: -1
cache-control: no-cache, no-store
request-context: appId=cid-v1:238681e8-7d6b-453a-acb6-7dcad74f3111

POST
H3 200 collect Show response
www.google-analytics.com/j/ 2 B
22 B 123ms
61ms XHR
text/plain 2a00:1450:4001:830::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j96&a=378676388&t=pageview&_s=1&dl=https%3A%2F%2Fnets4.com%2Fdomain%2F1800victims.org&ul=en-us&de=UTF-8&dt=1800victims.org%20-%20Victim%20of%20Crime%20Resource%20Center&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAEABAAAAAC~&jid=1956460388&gjid=2066879538&cid=466562161.1648835154&tid=UA-123511935-10&_gid=1551955203.1648835154&_r=1&_slc=1&z=651102260

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

a048e640908046be06e00eab37742b5d5ff80964af58cfd22f7cb2de4dfe375f

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://nets4.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Fri, 01 Apr 2022 17:45:54 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://nets4.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 clarity.js Show response
d.clarity.ms/s/0.6.34/ 53 KB
23 KB 297ms
93ms Script
application/javascript 40.76.174.66
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://d.clarity.ms/s/0.6.34/clarity.js
Requested by: Host: www.clarity.ms
URL: https://www.clarity.ms/tag/550j6zn5gn
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 40.76.174.66 Tappahannock, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: ca63193ce799e4e00c9106349365981dc6e26cb77632ebf5df23dffba2aaccfa

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Fri, 01 Apr 2022 17:45:54 GMT
content-encoding: br
etag: "1d83fcbec22f254"
last-modified: Thu, 24 Mar 2022 22:10:08 GMT
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
vary: Accept-Encoding
content-type: application/javascript;charset=utf-8
cache-control: public,max-age=86400
accept-ranges: bytes
content-length: 23150
request-context: appId=cid-v1:238681e8-7d6b-453a-acb6-7dcad74f3111

GET
H2 200 sm.22.html Show response
static.addtoany.com/menu/ Frame 3FAE 278 B
650 B 65ms
27ms Document
text/html 2606:4700:10::6816:46c5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.addtoany.com/menu/sm.22.html

Requested by

Host: nets4.com
URL: https://nets4.com/assets/js/sharebutton.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:46c5 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4fef239ebd936e96f316dee1aca599952e7adaaba26fab72b45328871855ac4b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

age: 892968
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control: max-age=315360000, immutable
cf-cache-status: HIT
cf-ray: 6f5324294f4891f5-FRA
content-encoding: br
content-type: text/html; charset=utf-8
date: Fri, 01 Apr 2022 17:45:55 GMT
etag: W/"116-5cd1487afaaea"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
last-modified: Tue, 28 Sep 2021 21:02:23 GMT
p3p: CP="ALL DSP COR CURa ADMa DEVa TAIa PSAa PSDa OUR IND UNI COM NAV INT"
server: cloudflare
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept-Encoding
via: e3s
x-content-type-options: nosniff

GET
DATA 200
OK truncated
/ 34 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 1e85ec81b9800b4c443d39caca0d0926089a3ac201120db1ceb45b93789480b8

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Content-Type: image/gif

OPTIONS
H2 200 init
api.purpleads.io/x/ Frame 0
0 118ms
118ms Preflight 34.227.128.233
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://api.purpleads.io/x/init?ts=1648835154692
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.227.128.233 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-227-128-233.compute-1.amazonaws.com
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: authorization,content-type,x-purpleads-version,x-request-url
Access-Control-Request-Method: GET
Origin: https://nets4.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: authorization,content-type,x-purpleads-version,x-request-url
access-control-allow-methods: GET, PUT, POST, DELETE, HEAD, OPTIONS
access-control-allow-origin: https://nets4.com
date: Fri, 01 Apr 2022 17:45:55 GMT
x-request-id: f131aeca-d4db-4b48-98fa-9f127c453897

GET
H2 200 init Show response
api.purpleads.io/x/ 68 B
357 B 144ms
144ms Fetch
application/json 34.227.128.233
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://api.purpleads.io/x/init?ts=1648835154692
Requested by: Host: cdn.purpleads.io
URL: https://cdn.purpleads.io/agent.js?publisherId=344ad2e45bc351c4ada152793585a015:8aed5d81ec539e8e6c45776fc6ee38d0aa92f5aeb356bf9114996f6476591916247996f56f76a9fe14770cd4806b54edb29d6938615ba1769d3b435fb1fcd83b
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.227.128.233 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-227-128-233.compute-1.amazonaws.com
Software: /
Resource Hash: 587259314084a04755f0dfb2d0f0e9f07bdf03a575352e366e308d2e19cfc70a

Request headers

Accept-Language: de-DE,de;q=0.9
Authorization: Bearer 344ad2e45bc351c4ada152793585a015:8aed5d81ec539e8e6c45776fc6ee38d0aa92f5aeb356bf9114996f6476591916247996f56f76a9fe14770cd4806b54edb29d6938615ba1769d3b435fb1fcd83b
x-request-url: aHR0cHM6Ly9uZXRzNC5jb20vZG9tYWluLzE4MDB2aWN0aW1zLm9yZw==
Accept: application/json
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36
Content-Type: application/json
x-purpleads-version: 2.1.3

Response headers

date: Fri, 01 Apr 2022 17:45:55 GMT
etag: W/"44-Pm5SJt3t2KI5gMvsRd3GV+dxT2U"
vary: Accept-Encoding
access-control-allow-methods: GET, PUT, POST, DELETE, HEAD, OPTIONS
content-type: application/json; charset=utf-8
access-control-allow-origin: https://nets4.com
access-control-allow-credentials: true
content-length: 68
x-request-id: d91dd3a1-6df6-46f6-aaa8-952cf9c6c0a7

GET
H3 200 marker-icon.png
cdnjs.cloudflare.com/ajax/libs/leaflet/1.7.1/images/ 1 KB
2 KB 23ms
23ms Image
image/png 2606:4700::6810:125e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdnjs.cloudflare.com/ajax/libs/leaflet/1.7.1/images/marker-icon.png

Requested by

Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/leaflet/1.7.1/leaflet.min.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6810:125e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

574c3a5cca85f4114085b6841596d62f00d7c892c7b03f28cbfa301deb1dc437

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://cdnjs.cloudflare.com/ajax/libs/leaflet/1.7.1/leaflet.min.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Fri, 01 Apr 2022 17:45:55 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 2780014
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 1470
timing-allow-origin: *
last-modified: Thu, 03 Sep 2020 12:27:01 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5f50e115-5ba"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8%2FmETJdHs30clHebRS1TiW5mRzZ0Jyi0xr9SzOOOl2t97I3V9KKg3LQh44eqrQzyCZ%2F%2FgUrLMf8cUfcNbPMy8PxsXtRSr2CdDEt%2FNddP8LEJ2i4eSnPr%2Fc87B1TNwPOw9sbp13TkNDBSo%2FCVbkax2Adz"}],"group":"cf-nel","max_age":604800}
content-type: image/png; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 6f5324294e8490c0-FRA
expires: Wed, 22 Mar 2023 17:45:55 GMT

GET
H2 200 2.png
a.tile.openstreetmap.org/3/1/ 8 KB
8 KB 39ms
7ms Image
image/png 2a04:4e42::649
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://a.tile.openstreetmap.org/3/1/2.png

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42::649 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Apache/2.4.41 (Ubuntu) /

Resource Hash

1e5723f9c4473fe3863a7c925a5ff32399d1e8380db0a48da53641a2e89a7a12

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 varnish
etag: "7bd76be6c2236c8f05b9307f9e1fa0fd"
age: 7709
x-cache: HIT
x-cache-hits: 43
content-length: 8528
x-served-by: cache-hhn4055-HHN
server: Apache/2.4.41 (Ubuntu)
x-timer: S1648835155.448731,VS0,VE0
date: Fri, 01 Apr 2022 17:45:55 GMT
expect-ct: max-age=0
content-type: image/png
access-control-allow-origin: *
x-tilerender: nidhogg.openstreetmap.org
cache-control: max-age=11973, stale-while-revalidate=604800, stale-if-error=604800
accept-ranges: bytes
expires: Fri, 01 Apr 2022 18:57:00 GMT

GET
H2 200 2.png
b.tile.openstreetmap.org/3/2/ 11 KB
11 KB 36ms
6ms Image
image/png 2a04:4e42:600::649
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.tile.openstreetmap.org/3/2/2.png

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:600::649 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Apache/2.4.41 (Ubuntu) /

Resource Hash

dc88d6faff8bbfca85ef5ca8ee215f619dad33e213687418e3661319d5fb9b1d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 varnish
etag: "b8741449feea72db2b669a2cbad33c33"
age: 29643
x-cache: HIT
x-cache-hits: 359
content-length: 11083
x-served-by: cache-hhn4057-HHN
server: Apache/2.4.41 (Ubuntu)
x-timer: S1648835155.446395,VS0,VE0
date: Fri, 01 Apr 2022 17:45:55 GMT
expect-ct: max-age=0
content-type: image/png
access-control-allow-origin: *
x-tilerender: nidhogg.openstreetmap.org
cache-control: max-age=57196, stale-while-revalidate=604800, stale-if-error=604800
accept-ranges: bytes
expires: Wed, 30 Mar 2022 15:08:09 GMT

GET
H2 200 3.png
b.tile.openstreetmap.org/3/1/ 4 KB
4 KB 36ms
7ms Image
image/png 2a04:4e42:600::649
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.tile.openstreetmap.org/3/1/3.png

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:600::649 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Apache/2.4.41 (Ubuntu) /

Resource Hash

f10c3630cdf1ccac952efa7481570ba460c8402189c7c93a4ab34a9ebce737e3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 varnish
etag: "5877ac538a59d603d842f7fb5ab9871b"
fastly-original-body-size: 3910
age: 7962
x-cache: HIT
content-length: 3910
x-served-by: cache-hhn4057-HHN
server: Apache/2.4.41 (Ubuntu)
x-timer: S1648835155.446506,VS0,VE0
date: Fri, 01 Apr 2022 17:45:55 GMT
expect-ct: max-age=0
content-type: image/png
access-control-allow-origin: *
x-tilerender: odin.openstreetmap.org
expires: Sat, 02 Apr 2022 18:49:50 GMT
cache-control: max-age=98197, stale-while-revalidate=604800, stale-if-error=604800
accept-ranges: bytes
x-cache-hits: 46

GET
H2 200 3.png
c.tile.openstreetmap.org/3/2/ 5 KB
6 KB 40ms
7ms Image
image/png 2a04:4e42::649
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://c.tile.openstreetmap.org/3/2/3.png

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42::649 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Apache/2.4.41 (Ubuntu) /

Resource Hash

9ef83788b64bf27b0e6d3fad7e50f42d9680eab4a676a23f4a6daf97d22002bd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 varnish
etag: "97dfb189cbbdc36e01a81fe1732f3fda"
fastly-original-body-size: 5629
age: 32113
x-cache: HIT
content-length: 5629
x-served-by: cache-hhn4061-HHN
server: Apache/2.4.41 (Ubuntu)
x-timer: S1648835155.450162,VS0,VE0
date: Fri, 01 Apr 2022 17:45:55 GMT
expect-ct: max-age=0
content-type: image/png
access-control-allow-origin: *
x-tilerender: odin.openstreetmap.org
expires: Sat, 02 Apr 2022 12:46:01 GMT
cache-control: max-age=100519, stale-while-revalidate=604800, stale-if-error=604800
accept-ranges: bytes
x-cache-hits: 390

GET
H2 200 2.png
c.tile.openstreetmap.org/3/0/ 5 KB
5 KB 40ms
7ms Image
image/png 2a04:4e42::649
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://c.tile.openstreetmap.org/3/0/2.png

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42::649 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Apache/2.4.41 (Ubuntu) /

Resource Hash

0b018b59ae027f2a210a4569be94b95b0b8ce46d92fcf57de6732630c48f2f8d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 varnish
etag: "a20f5fb2abc43a4a47d511df001dea2e"
age: 59848
x-cache: HIT
x-cache-hits: 350
content-length: 4698
x-served-by: cache-hhn4061-HHN
server: Apache/2.4.41 (Ubuntu)
x-timer: S1648835155.450318,VS0,VE0
date: Fri, 01 Apr 2022 17:45:55 GMT
expect-ct: max-age=0
content-type: image/png
access-control-allow-origin: *
x-tilerender: odin.openstreetmap.org
cache-control: max-age=94879, stale-while-revalidate=604800, stale-if-error=604800
accept-ranges: bytes
expires: Sat, 02 Apr 2022 03:29:45 GMT

GET
H2 200 2.png
c.tile.openstreetmap.org/3/3/ 5 KB
5 KB 41ms
8ms Image
image/png 2a04:4e42::649
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://c.tile.openstreetmap.org/3/3/2.png

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42::649 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Apache/2.4.41 (Ubuntu) /

Resource Hash

bbbd0d76b4eb1b3faa278c9737e75817c677a64e1651881d2f1686e26fe27279

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 varnish
etag: "d474ef03da03270ab2ceda090aa9bc1d"
age: 78658
x-cache: HIT
x-cache-hits: 1973
content-length: 4828
x-served-by: cache-hhn4061-HHN
server: Apache/2.4.41 (Ubuntu)
x-timer: S1648835155.450389,VS0,VE0
date: Fri, 01 Apr 2022 17:45:55 GMT
expect-ct: max-age=0
content-type: image/png
access-control-allow-origin: *
x-tilerender: nidhogg.openstreetmap.org
cache-control: max-age=58466, stale-while-revalidate=604800, stale-if-error=604800
accept-ranges: bytes
expires: Wed, 30 Mar 2022 23:24:06 GMT

GET
H2 200 3.png
a.tile.openstreetmap.org/3/0/ 249 B
420 B 38ms
8ms Image
image/png 2a04:4e42::649
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://a.tile.openstreetmap.org/3/0/3.png

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42::649 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Apache/2.4.41 (Ubuntu) /

Resource Hash

6ad584690f7fa3e788ea1df9a6a567211be5d9d627908e9339e84e99efe70126

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 varnish
etag: "07a14efdf923d78dad7320032b8d412c"
age: 32852
x-cache: HIT
x-cache-hits: 11
content-length: 249
x-served-by: cache-hhn4055-HHN
server: Apache/2.4.41 (Ubuntu)
x-timer: S1648835155.448819,VS0,VE0
date: Fri, 01 Apr 2022 17:45:55 GMT
expect-ct: max-age=0
content-type: image/png
access-control-allow-origin: *
x-tilerender: nidhogg.openstreetmap.org
cache-control: max-age=57049, stale-while-revalidate=604800, stale-if-error=604800
accept-ranges: bytes
expires: Wed, 30 Mar 2022 15:28:20 GMT

GET
H2 200 3.png
a.tile.openstreetmap.org/3/3/ 5 KB
5 KB 38ms
7ms Image
image/png 2a04:4e42::649
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://a.tile.openstreetmap.org/3/3/3.png

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42::649 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Apache/2.4.41 (Ubuntu) /

Resource Hash

c65b234a2f2e7d864ae86ddac0b622528b8dcb7c96b6943840dae9e2bd493dcf

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 varnish
etag: "d913b4e4d52a9e9cd541405657f42b0c"
age: 166
x-cache: HIT
x-cache-hits: 6
content-length: 4833
x-served-by: cache-hhn4055-HHN
server: Apache/2.4.41 (Ubuntu)
x-timer: S1648835155.448905,VS0,VE0
date: Fri, 01 Apr 2022 17:45:55 GMT
expect-ct: max-age=0
content-type: image/png
access-control-allow-origin: *
x-tilerender: nidhogg.openstreetmap.org
cache-control: max-age=6449, stale-while-revalidate=604800, stale-if-error=604800
accept-ranges: bytes
expires: Fri, 01 Apr 2022 17:43:08 GMT

GET
H3 200 marker-shadow.png
cdnjs.cloudflare.com/ajax/libs/leaflet/1.7.1/images/ 618 B
1 KB 21ms
21ms Image
image/png 2606:4700::6810:125e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdnjs.cloudflare.com/ajax/libs/leaflet/1.7.1/images/marker-shadow.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6810:125e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

264f5c640339f042dd729062cfc04c17f8ea0f29882b538e3848ed8f10edb4da

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Fri, 01 Apr 2022 17:45:55 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 1977482
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 622
timing-allow-origin: *
last-modified: Thu, 03 Sep 2020 12:27:01 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5f50e115-26a"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=soSmE0vENEF1Vn0cLM3ULo2z%2Fz3VYwl46kRhbss3qHLWQVHRbkx2OeN0gU9PqMm6dbGhJ2MD0I6WnaPb2u7ZZwLYpPIcR81G589EdSshmaYEiRld4ihyJ0d%2Bu4Ci2N0dtLiSnXdbSjJ%2FXQ6UME5rYhJE"}],"group":"cf-nel","max_age":604800}
content-type: image/png; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 6f5324295ec090c0-FRA
expires: Wed, 22 Mar 2023 17:45:55 GMT

GET
H2

200

c.gif
c.clarity.ms/
Redirect Chain

https://c.clarity.ms/c.gif
https://c.bing.com/c.gif?CtsSyncId=5BD9058C533F4E82971729C9277F01AA&RedC=c.clarity.ms&MXFR=0C6D6CE5FC89661D3D8A7D9CF889689B
https://c.clarity.ms/c.gif?CtsSyncId=5BD9058C533F4E82971729C9277F01AA&MUID=3A49F951769367E82E8EE82877F8661F

42 B
369 B

26ms
26ms

Image
image/gif

52.142.114.2
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.clarity.ms/c.gif?CtsSyncId=5BD9058C533F4E82971729C9277F01AA&MUID=3A49F951769367E82E8EE82877F8661F
Protocol: H2
Server: 52.142.114.2 Dublin, Ireland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 01 Apr 2022 17:45:55 GMT
last-modified: Fri, 18 Mar 2022 19:39:54 GMT
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
etag: "8120eaf0ff3ad81:0"
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
cache-control: private, no-cache, proxy-revalidate, no-store
accept-ranges: bytes
content-type: image/gif
content-length: 42

Redirect headers

pragma: no-cache
date: Fri, 01 Apr 2022 17:45:55 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 3E6D558CA21741D69782985F0D785C01 Ref B: FRAEDGE1418 Ref C: 2022-04-01T17:45:55Z
x-powered-by: ASP.NET
x-cache: CONFIG_NOCACHE
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
location: https://c.clarity.ms/c.gif?CtsSyncId=5BD9058C533F4E82971729C9277F01AA&MUID=3A49F951769367E82E8EE82877F8661F
cache-control: private, no-cache, proxy-revalidate, no-store
content-length: 0

GET
H2 200 icons.29.svg.js Show response
static.addtoany.com/menu/svg/ 78 KB
33 KB 27ms
25ms Script
application/javascript 2606:4700:10::6816:46c5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.addtoany.com/menu/svg/icons.29.svg.js

Requested by

Host: nets4.com
URL: https://nets4.com/assets/js/sharebutton.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:46c5 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e30f848c353b8ab801c18d2109527cb32a27f145262dccb3cd4db9f309cc53bb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Fri, 01 Apr 2022 17:45:55 GMT
via: e1s
x-content-type-options: nosniff
cf-cache-status: HIT
age: 5731415
p3p: CP="ALL DSP COR CURa ADMa DEVa TAIa PSAa PSDa OUR IND UNI COM NAV INT"
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Mon, 31 Dec 2018 23:29:11 GMT
server: cloudflare
etag: W/"13937-57e59c7b88bd6"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
vary: Accept-Encoding
cache-control: max-age=315360000, immutable
cf-ray: 6f5324296f7091f5-FRA
cf-bgj: minify

GET
H2 200 recaptcha__de.js Show response
www.gstatic.com/recaptcha/releases/gZWLhEUEJFxEhoT5hpjn2xHK/ 362 KB
144 KB 175ms
54ms Script
text/javascript 2a00:1450:4001:803::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/gZWLhEUEJFxEhoT5hpjn2xHK/recaptcha__de.js

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

dff2681d8f5f16b61b464b599d7c62f61efe496b54a77044145495bc8cad36d0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://nets4.com/
Origin: https://nets4.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Fri, 01 Apr 2022 15:47:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 7113
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 146406
x-xss-protection: 0
last-modified: Mon, 28 Mar 2022 04:22:14 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 01 Apr 2023 15:47:22 GMT

GET
H3 200 pica.js
nets4.com/cdn-cgi/challenge-platform/h/b/scripts/ 21 KB
8 KB 29ms
28ms Other
text/javascript 2a06:98c1:3121::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://nets4.com/cdn-cgi/challenge-platform/h/b/scripts/pica.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3121::7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 105111ff674325446601ffdb61187b7885250d40e8bfc3c467dc004933a2e170

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/domain/1800victims.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Fri, 01 Apr 2022 17:45:55 GMT
content-encoding: br
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=idrvVdsZrMJultwsQASAJAhIVynmCS2ty7qQ74MqRfImFGCz7BN3sX8Ga8vDYVk3EdUivSZUpCTK8CpZgY9xfs7pGacXMfgnsgD%2ByYzbibHuXFVam7tyg61Cb1t38%2BzmN5250g1%2FqIw%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/javascript
cache-control: max-age=604800, public
x-control-type-options: nosniff
cf-ray: 6f532429696792b7-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

OPTIONS
H2 200 rum
cloudflareinsights.com/cdn-cgi/ Frame 0
0 51ms
21ms Preflight
text/plain 2606:4700:440e::6812:2fe6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cloudflareinsights.com/cdn-cgi/rum

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:440e::6812:2fe6 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://nets4.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Content-Type
access-control-allow-methods: POST,OPTIONS
access-control-allow-origin: https://nets4.com
access-control-max-age: 86400
cf-ray: 6f5324299f8c9232-FRA
content-encoding: gzip
content-type: text/plain
date: Fri, 01 Apr 2022 17:45:55 GMT
server: cloudflare
vary: Origin
x-content-type-options: nosniff
x-frame-options: DENY

POST
H2 200 rum Show response
cloudflareinsights.com/cdn-cgi/ 0
77 B 14ms
13ms XHR
text/plain 2606:4700:440e::6812:2fe6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cloudflareinsights.com/cdn-cgi/rum

Requested by

Host: static.cloudflareinsights.com
URL: https://static.cloudflareinsights.com/beacon.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:440e::6812:2fe6 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://nets4.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36
content-type: application/json

Response headers

date: Fri, 01 Apr 2022 17:45:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cloudflare
x-frame-options: DENY
access-control-allow-methods: POST,OPTIONS
content-type: text/plain
access-control-allow-origin: https://nets4.com
access-control-max-age: 86400
access-control-allow-credentials: true
cf-ray: 6f532429cfd39232-FRA
vary: Origin

POST
H2 204 collect Show response
d.clarity.ms/ 0
65 B 91ms
91ms XHR
text/plain 40.76.174.66
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://d.clarity.ms/collect
Requested by: Host: d.clarity.ms
URL: https://d.clarity.ms/s/0.6.34/clarity.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 40.76.174.66 Tappahannock, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/x-clarity-gzip
Referer: https://nets4.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

access-control-allow-origin: https://nets4.com
date: Fri, 01 Apr 2022 17:45:54 GMT
access-control-allow-credentials: true
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
request-context: appId=cid-v1:238681e8-7d6b-453a-acb6-7dcad74f3111

OPTIONS
H2 200 /
api.purpleads.io/x/b/ Frame 0
0 134ms
134ms Preflight 34.227.128.233
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://api.purpleads.io/x/b/?idx=0&pid=984adc29577943548c8b170430d72009&sizes=[[728,90],[468,60],[200,200],[320,100],[320,50],[300,100]]&slotid=ae0d66de-ca57-470c-a798-56e581b15db6&ts=1648835154917
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.227.128.233 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-227-128-233.compute-1.amazonaws.com
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: authorization,content-type,x-purpleads-version,x-request-url
Access-Control-Request-Method: GET
Origin: https://nets4.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: authorization,content-type,x-purpleads-version,x-request-url
access-control-allow-methods: GET, PUT, POST, DELETE, HEAD, OPTIONS
access-control-allow-origin: https://nets4.com
date: Fri, 01 Apr 2022 17:45:55 GMT
x-request-id: 320789ec-d8df-41f4-9c6b-0539d98f0951

OPTIONS
H2 200 /
api.purpleads.io/x/b/ Frame 0
0 120ms
120ms Preflight 34.227.128.233
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://api.purpleads.io/x/b/?idx=1&pid=984adc29577943548c8b170430d72009&sizes=[[728,90],[468,60],[200,200],[320,100],[320,50],[300,100]]&slotid=766ca69d-e65e-4d8d-8a6e-66a159ab8c02&ts=1648835154923
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.227.128.233 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-227-128-233.compute-1.amazonaws.com
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: authorization,content-type,x-purpleads-version,x-request-url
Access-Control-Request-Method: GET
Origin: https://nets4.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: authorization,content-type,x-purpleads-version,x-request-url
access-control-allow-methods: GET, PUT, POST, DELETE, HEAD, OPTIONS
access-control-allow-origin: https://nets4.com
date: Fri, 01 Apr 2022 17:45:55 GMT
x-request-id: 746aba71-ee93-4d2e-b49b-58e9a7cda313

OPTIONS
H2 200 /
api.purpleads.io/x/b/ Frame 0
0 107ms
106ms Preflight 34.227.128.233
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://api.purpleads.io/x/b/?idx=2&pid=984adc29577943548c8b170430d72009&sizes=[[728,90],[468,60],[200,200],[320,100],[320,50],[300,100]]&slotid=7c0c2677-71ca-4d31-8528-b2341c036368&ts=1648835154924
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.227.128.233 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-227-128-233.compute-1.amazonaws.com
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: authorization,content-type,x-purpleads-version,x-request-url
Access-Control-Request-Method: GET
Origin: https://nets4.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: authorization,content-type,x-purpleads-version,x-request-url
access-control-allow-methods: GET, PUT, POST, DELETE, HEAD, OPTIONS
access-control-allow-origin: https://nets4.com
date: Fri, 01 Apr 2022 17:45:55 GMT
x-request-id: 715b7b0e-e6e9-4f76-9561-264851f54182

OPTIONS
H2 200 /
api.purpleads.io/x/b/ Frame 0
0 112ms
111ms Preflight 34.227.128.233
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://api.purpleads.io/x/b/?idx=3&pid=984adc29577943548c8b170430d72009&sizes=[[728,90],[468,60],[200,200],[320,100],[320,50],[300,100]]&slotid=a3de098d-d230-47e2-868b-2807d45d78d8&ts=1648835154926
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.227.128.233 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-227-128-233.compute-1.amazonaws.com
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: authorization,content-type,x-purpleads-version,x-request-url
Access-Control-Request-Method: GET
Origin: https://nets4.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: authorization,content-type,x-purpleads-version,x-request-url
access-control-allow-methods: GET, PUT, POST, DELETE, HEAD, OPTIONS
access-control-allow-origin: https://nets4.com
date: Fri, 01 Apr 2022 17:45:55 GMT
x-request-id: 3ea748bc-cdb6-4732-89b4-244484bb74f9

OPTIONS
H2 200 /
api.purpleads.io/x/b/ Frame 0
0 126ms
126ms Preflight 34.227.128.233
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://api.purpleads.io/x/b/?idx=4&pid=984adc29577943548c8b170430d72009&sizes=[[160,600],[120,600],[200,200],[250,250]]&slotid=8c972c91-e7cd-4029-ba16-de692885e8ca&ts=1648835154926
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.227.128.233 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-227-128-233.compute-1.amazonaws.com
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: authorization,content-type,x-purpleads-version,x-request-url
Access-Control-Request-Method: GET
Origin: https://nets4.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: authorization,content-type,x-purpleads-version,x-request-url
access-control-allow-methods: GET, PUT, POST, DELETE, HEAD, OPTIONS
access-control-allow-origin: https://nets4.com
date: Fri, 01 Apr 2022 17:45:55 GMT
x-request-id: eb5cb4c6-9d98-42da-b012-f562b4d450a9

GET
H2 200 / Show response
api.purpleads.io/x/b/ 6 KB
2 KB 312ms
311ms Fetch
application/json 34.227.128.233
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://api.purpleads.io/x/b/?idx=0&pid=984adc29577943548c8b170430d72009&sizes=[[728,90],[468,60],[200,200],[320,100],[320,50],[300,100]]&slotid=ae0d66de-ca57-470c-a798-56e581b15db6&ts=1648835154917
Requested by: Host: cdn.purpleads.io
URL: https://cdn.purpleads.io/agent.js?publisherId=344ad2e45bc351c4ada152793585a015:8aed5d81ec539e8e6c45776fc6ee38d0aa92f5aeb356bf9114996f6476591916247996f56f76a9fe14770cd4806b54edb29d6938615ba1769d3b435fb1fcd83b
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.227.128.233 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-227-128-233.compute-1.amazonaws.com
Software: /
Resource Hash: f7033098048a7a133c0e33194abf05a77129784b9f51e55b116c60bac51217be

Request headers

Accept-Language: de-DE,de;q=0.9
Authorization: Bearer 344ad2e45bc351c4ada152793585a015:8aed5d81ec539e8e6c45776fc6ee38d0aa92f5aeb356bf9114996f6476591916247996f56f76a9fe14770cd4806b54edb29d6938615ba1769d3b435fb1fcd83b
x-request-url: aHR0cHM6Ly9uZXRzNC5jb20vZG9tYWluLzE4MDB2aWN0aW1zLm9yZw==
Accept: application/json
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36
Content-Type: application/json
x-purpleads-version: 2.1.3

Response headers

date: Fri, 01 Apr 2022 17:45:55 GMT
content-encoding: gzip
etag: W/"16a3-aSgrf645jVQ8OMe3PsQdO67wFxM"
vary: Accept-Encoding
access-control-allow-methods: GET, PUT, POST, DELETE, HEAD, OPTIONS
content-type: application/json; charset=utf-8
access-control-allow-origin: https://nets4.com
access-control-allow-credentials: true
x-request-id: d8292946-2b14-44d4-b781-2ef829a4fca1

GET
H2 200 / Show response
api.purpleads.io/x/b/ 12 KB
3 KB 261ms
261ms Fetch
application/json 34.227.128.233
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://api.purpleads.io/x/b/?idx=1&pid=984adc29577943548c8b170430d72009&sizes=[[728,90],[468,60],[200,200],[320,100],[320,50],[300,100]]&slotid=766ca69d-e65e-4d8d-8a6e-66a159ab8c02&ts=1648835154923
Requested by: Host: cdn.purpleads.io
URL: https://cdn.purpleads.io/agent.js?publisherId=344ad2e45bc351c4ada152793585a015:8aed5d81ec539e8e6c45776fc6ee38d0aa92f5aeb356bf9114996f6476591916247996f56f76a9fe14770cd4806b54edb29d6938615ba1769d3b435fb1fcd83b
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.227.128.233 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-227-128-233.compute-1.amazonaws.com
Software: /
Resource Hash: 887263858c72124c8199482e63ae5b56a1c5714d7ec28e8da0b068293036fb77

Request headers

Accept-Language: de-DE,de;q=0.9
Authorization: Bearer 344ad2e45bc351c4ada152793585a015:8aed5d81ec539e8e6c45776fc6ee38d0aa92f5aeb356bf9114996f6476591916247996f56f76a9fe14770cd4806b54edb29d6938615ba1769d3b435fb1fcd83b
x-request-url: aHR0cHM6Ly9uZXRzNC5jb20vZG9tYWluLzE4MDB2aWN0aW1zLm9yZw==
Accept: application/json
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36
Content-Type: application/json
x-purpleads-version: 2.1.3

Response headers

date: Fri, 01 Apr 2022 17:45:55 GMT
content-encoding: gzip
etag: W/"2e5c-CPb8uEYsj0IYMg5r9mnMyK4Alog"
vary: Accept-Encoding
access-control-allow-methods: GET, PUT, POST, DELETE, HEAD, OPTIONS
content-type: application/json; charset=utf-8
access-control-allow-origin: https://nets4.com
access-control-allow-credentials: true
x-request-id: 988b9a48-628b-4271-9350-d30bdb557329

GET
H2 200 / Show response
api.purpleads.io/x/b/ 6 KB
2 KB 386ms
386ms Fetch
application/json 34.227.128.233
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://api.purpleads.io/x/b/?idx=2&pid=984adc29577943548c8b170430d72009&sizes=[[728,90],[468,60],[200,200],[320,100],[320,50],[300,100]]&slotid=7c0c2677-71ca-4d31-8528-b2341c036368&ts=1648835154924
Requested by: Host: cdn.purpleads.io
URL: https://cdn.purpleads.io/agent.js?publisherId=344ad2e45bc351c4ada152793585a015:8aed5d81ec539e8e6c45776fc6ee38d0aa92f5aeb356bf9114996f6476591916247996f56f76a9fe14770cd4806b54edb29d6938615ba1769d3b435fb1fcd83b
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.227.128.233 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-227-128-233.compute-1.amazonaws.com
Software: /
Resource Hash: ecc0126939365128723cb4cc4f2eafa55f76c455511a43c06e6c5aaa7bb76504

Request headers

Accept-Language: de-DE,de;q=0.9
Authorization: Bearer 344ad2e45bc351c4ada152793585a015:8aed5d81ec539e8e6c45776fc6ee38d0aa92f5aeb356bf9114996f6476591916247996f56f76a9fe14770cd4806b54edb29d6938615ba1769d3b435fb1fcd83b
x-request-url: aHR0cHM6Ly9uZXRzNC5jb20vZG9tYWluLzE4MDB2aWN0aW1zLm9yZw==
Accept: application/json
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36
Content-Type: application/json
x-purpleads-version: 2.1.3

Response headers

date: Fri, 01 Apr 2022 17:45:56 GMT
content-encoding: gzip
etag: W/"173f-IlusgCt2hRcl0pgvjOBephRbPoU"
vary: Accept-Encoding
access-control-allow-methods: GET, PUT, POST, DELETE, HEAD, OPTIONS
content-type: application/json; charset=utf-8
access-control-allow-origin: https://nets4.com
access-control-allow-credentials: true
x-request-id: 53925878-ad8a-4f2d-91d0-e6dd6572ebb8

GET
H2 200 / Show response
api.purpleads.io/x/b/ 6 KB
2 KB 146ms
145ms Fetch
application/json 34.227.128.233
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://api.purpleads.io/x/b/?idx=3&pid=984adc29577943548c8b170430d72009&sizes=[[728,90],[468,60],[200,200],[320,100],[320,50],[300,100]]&slotid=a3de098d-d230-47e2-868b-2807d45d78d8&ts=1648835154926
Requested by: Host: cdn.purpleads.io
URL: https://cdn.purpleads.io/agent.js?publisherId=344ad2e45bc351c4ada152793585a015:8aed5d81ec539e8e6c45776fc6ee38d0aa92f5aeb356bf9114996f6476591916247996f56f76a9fe14770cd4806b54edb29d6938615ba1769d3b435fb1fcd83b
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.227.128.233 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-227-128-233.compute-1.amazonaws.com
Software: /
Resource Hash: 2a1c95046cc88352b5d5a4d406fc66cf81f61fcb150baf2036e0543cfc6b5a02

Request headers

Accept-Language: de-DE,de;q=0.9
Authorization: Bearer 344ad2e45bc351c4ada152793585a015:8aed5d81ec539e8e6c45776fc6ee38d0aa92f5aeb356bf9114996f6476591916247996f56f76a9fe14770cd4806b54edb29d6938615ba1769d3b435fb1fcd83b
x-request-url: aHR0cHM6Ly9uZXRzNC5jb20vZG9tYWluLzE4MDB2aWN0aW1zLm9yZw==
Accept: application/json
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36
Content-Type: application/json
x-purpleads-version: 2.1.3

Response headers

date: Fri, 01 Apr 2022 17:45:55 GMT
content-encoding: gzip
etag: W/"173f-zmoOdV9D/k1/rdamPM2J7aZORNQ"
vary: Accept-Encoding
access-control-allow-methods: GET, PUT, POST, DELETE, HEAD, OPTIONS
content-type: application/json; charset=utf-8
access-control-allow-origin: https://nets4.com
access-control-allow-credentials: true
x-request-id: b8e4ecdd-57b5-4ac0-9a89-e9849cede1df

GET
H2 200 / Show response
api.purpleads.io/x/b/ 12 KB
3 KB 415ms
414ms Fetch
application/json 34.227.128.233
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://api.purpleads.io/x/b/?idx=4&pid=984adc29577943548c8b170430d72009&sizes=[[160,600],[120,600],[200,200],[250,250]]&slotid=8c972c91-e7cd-4029-ba16-de692885e8ca&ts=1648835154926
Requested by: Host: cdn.purpleads.io
URL: https://cdn.purpleads.io/agent.js?publisherId=344ad2e45bc351c4ada152793585a015:8aed5d81ec539e8e6c45776fc6ee38d0aa92f5aeb356bf9114996f6476591916247996f56f76a9fe14770cd4806b54edb29d6938615ba1769d3b435fb1fcd83b
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.227.128.233 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-227-128-233.compute-1.amazonaws.com
Software: /
Resource Hash: 3994414fcb97c20d59cd17f6c622ccf06df62cbeb9adcf94e1b7b819d80f9a17

Request headers

Accept-Language: de-DE,de;q=0.9
Authorization: Bearer 344ad2e45bc351c4ada152793585a015:8aed5d81ec539e8e6c45776fc6ee38d0aa92f5aeb356bf9114996f6476591916247996f56f76a9fe14770cd4806b54edb29d6938615ba1769d3b435fb1fcd83b
x-request-url: aHR0cHM6Ly9uZXRzNC5jb20vZG9tYWluLzE4MDB2aWN0aW1zLm9yZw==
Accept: application/json
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36
Content-Type: application/json
x-purpleads-version: 2.1.3

Response headers

date: Fri, 01 Apr 2022 17:45:56 GMT
content-encoding: gzip
etag: W/"2e81-D6QQrJT2TwM9psLbwXCwihhHbcs"
vary: Accept-Encoding
access-control-allow-methods: GET, PUT, POST, DELETE, HEAD, OPTIONS
content-type: application/json; charset=utf-8
access-control-allow-origin: https://nets4.com
access-control-allow-credentials: true
x-request-id: bdc7dc6c-3bff-4089-a918-ff73af2dd5c0

POST
H2 204 collect Show response
d.clarity.ms/ 0
48 B 276ms
275ms XHR
text/plain 40.76.174.66
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://d.clarity.ms/collect
Requested by: Host: d.clarity.ms
URL: https://d.clarity.ms/s/0.6.34/clarity.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 40.76.174.66 Tappahannock, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/x-clarity-gzip
Referer: https://nets4.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

access-control-allow-origin: https://nets4.com
date: Fri, 01 Apr 2022 17:45:55 GMT
access-control-allow-credentials: true
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
request-context: appId=cid-v1:238681e8-7d6b-453a-acb6-7dcad74f3111

POST
H3 200 6f53241e394b5caa Show response
nets4.com/cdn-cgi/challenge-platform/h/b/cv/result/ 2 B
686 B 47ms
47ms XHR
text/plain 2a06:98c1:3121::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://nets4.com/cdn-cgi/challenge-platform/h/b/cv/result/6f53241e394b5caa
Requested by: Host: nets4.com
URL: https://nets4.com/cdn-cgi/challenge-platform/h/b/scripts/invisible.js?ts=1648832400
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3121::7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df

Request headers

Referer: https://nets4.com/domain/1800victims.org
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36
Content-Type: application/json

Response headers

date: Fri, 01 Apr 2022 17:45:55 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 6f53242c6a2292b7-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QmSxiusGjf%2Br0psSUv2Y7vdB7zzMGW6o1rRe%2FrZFuwx0nUQvIlPaN%2Fu6Jh1OOsCZkNEk0%2BDwIG9AZcAQ9pe2LhCed6DpUKJe6bUfV6MBDCAH4zNkkSnbAx5koGRCTntDVpuweti57BI%3D"}],"group":"cf-nel","max_age":604800}

GET
H3 200 anchor Show response
www.google.com/recaptcha/api2/ Frame F013 43 KB
22 KB 137ms
75ms Document
text/html 2a00:1450:4001:830::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LdBUMUZAAAAAK9sWAfAA-Kd5C0Y4AGlWbDlHXpD&co=aHR0cHM6Ly9uZXRzNC5jb206NDQz&hl=de&v=gZWLhEUEJFxEhoT5hpjn2xHK&size=normal&cb=4ucublv40syl

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/gZWLhEUEJFxEhoT5hpjn2xHK/recaptcha__de.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

eaec9b33c005d28580d90a4e4a84316f5d253ed0d9b9bea1dad36c4ae86b97f5

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-PAtXDeGZ4A2+D1bFv8ImxQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-encoding: gzip
content-length: 22647
content-security-policy: script-src 'report-sample' 'nonce-PAtXDeGZ4A2+D1bFv8ImxQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Fri, 01 Apr 2022 17:45:56 GMT
expires: Mon, 01 Jan 1990 00:00:00 GMT
pragma: no-cache
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H2 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ Frame 17FF 83 KB
28 KB 108ms
40ms Script
text/javascript 142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: cdn.purpleads.io
URL: https://cdn.purpleads.io/agent.js?publisherId=344ad2e45bc351c4ada152793585a015:8aed5d81ec539e8e6c45776fc6ee38d0aa92f5aeb356bf9114996f6476591916247996f56f76a9fe14770cd4806b54edb29d6938615ba1769d3b435fb1fcd83b

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

sffe /

Resource Hash

1bebe07e837fb33f10c63429c52aba83e53af281cdebd8687b3ca740d0703829

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Fri, 01 Apr 2022 17:45:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28182
x-xss-protection: 0
server: sffe
etag: "1174 / 931 of 1000 / last-modified: 1648811202"
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Fri, 01 Apr 2022 17:45:56 GMT

GET
H2

200

aHR0cDovL2ltZ2hvc3RzLmNvbS90LzIwMjEtMDEvMTAxOTI0Lzk2ZDhiNjBmNGJlYWExYWE4YWJmNjU5M2EwNWUzMWIyLmpwZWc.webp
s-img.adskeeper.com/g/8193519/328x328/105x0x421x421/ Frame 3EDF
Redirect Chain

https://c.adskeeper.com/c?pv=2&v=0|0|0|hYfToSCShhcLaNN9QiO3T8gQtxKxbISbu4POjj7iKdIg9x5bQTiEC5_cuCm5rQq7&cid=1220982&f=1&h2=CBvd3SiXK6CDlaashqQY2B-LAifAvcAwR1nWkedwnPI*&rid=9513c111-b1e3-11ec-980d-e...
https://s-img.adskeeper.com/g/8193519/328x328/105x0x421x421/aHR0cDovL2ltZ2hvc3RzLmNvbS90LzIwMjEtMDEvMTAxOTI0Lzk2ZDhiNjBmNGJlYWExYWE4YWJmNjU5M2EwNWUzMWIyLmpwZWc.webp?v=1648835155-Y3fJt9fmCJqT6cEcOj9...

17 KB
17 KB

34ms
24ms

Image
image/webp

104.18.17.65
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s-img.adskeeper.com/g/8193519/328x328/105x0x421x421/aHR0cDovL2ltZ2hvc3RzLmNvbS90LzIwMjEtMDEvMTAxOTI0Lzk2ZDhiNjBmNGJlYWExYWE4YWJmNjU5M2EwNWUzMWIyLmpwZWc.webp?v=1648835155-Y3fJt9fmCJqT6cEcOj9yjqcgSMVBnXhfwjAr6GlVHWg
Requested by: Host: nets4.com
URL: https://nets4.com/domain/1800victims.org
Protocol: H2
Server: 104.18.17.65 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: cc7ae6d2adda002373af6727cef758e644804161d28124a89a5d725aa09fe9c1

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Fri, 01 Apr 2022 17:45:56 GMT
cf-cache-status: HIT
last-modified: Thu, 11 Nov 2021 15:56:58 GMT
x-mg-request-uuid: b9094580-7a69-49f9-9406-3aa2f968930a
age: 5737819
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/webp
access-control-allow-origin: *
cache-control: immutable, max-age=31536000
accept-ranges: bytes
cf-ray: 6f53242db8de6907-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 17246
server: cloudflare

Redirect headers

date: Fri, 01 Apr 2022 17:45:56 GMT
cf-cache-status: DYNAMIC
x-mg-request-uuid: 4361b5b8-d2e3-45f6-ad9a-9937c5d504b2
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
location: https://s-img.adskeeper.com/g/8193519/328x328/105x0x421x421/aHR0cDovL2ltZ2hvc3RzLmNvbS90LzIwMjEtMDEvMTAxOTI0Lzk2ZDhiNjBmNGJlYWExYWE4YWJmNjU5M2EwNWUzMWIyLmpwZWc.webp?v=1648835155-Y3fJt9fmCJqT6cEcOj9yjqcgSMVBnXhfwjAr6GlVHWg
cf-ray: 6f53242d58356907-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 0
server: cloudflare

GET
H2 200 i
api.purpleads.io/x/a/4f67ab70c4dce83d9a1bc7bf865bea4a:94be7bd6da90a0dda538d277cd73d9d004a04b6bd538e9e49e158a6695b185c827049616c65adc29f77255e593020941b7147eae0e4cbecc6024a1fe93883275545991593bdad39... Frame 3EDF 0
199 B 146ms
146ms Image
text/plain 34.227.128.233
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://api.purpleads.io/x/a/4f67ab70c4dce83d9a1bc7bf865bea4a:94be7bd6da90a0dda538d277cd73d9d004a04b6bd538e9e49e158a6695b185c827049616c65adc29f77255e593020941b7147eae0e4cbecc6024a1fe93883275545991593bdad39123bfb202a8607b40a3d6c776f999ab630a755543d9ca7e80e15e60ac4f4d9108a7652d093557a47db78cdbf3a28773fd74a818cce72fd23cf2536fe3119cb5336f6c39144924a483/i?id=988b9a48-628b-4271-9350-d30bdb557329
Requested by: Host: nets4.com
URL: https://nets4.com/domain/1800victims.org
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.227.128.233 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-227-128-233.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

access-control-allow-origin: api.purpleads.io
date: Fri, 01 Apr 2022 17:45:56 GMT
access-control-allow-methods: GET, PUT, POST, DELETE, HEAD, OPTIONS
access-control-allow-credentials: true
x-request-id: abdbd45e-324d-4700-80b0-7eec4e7d71f6

GET
H2 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ Frame 95FE 83 KB
28 KB 57ms
57ms Script
text/javascript 142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

sffe /

Resource Hash

132f4a7e361a25df26eb807e53b9ebbabab17a992b71679c5e0e98241a5429c7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Fri, 01 Apr 2022 17:45:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28278
x-xss-protection: 0
server: sffe
etag: "1174 / 902 of 1000 / last-modified: 1648811283"
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Fri, 01 Apr 2022 17:45:56 GMT

GET
H3 200 styles__ltr.css
www.gstatic.com/recaptcha/releases/gZWLhEUEJFxEhoT5hpjn2xHK/ Frame F013 51 KB
24 KB 116ms
56ms Stylesheet
text/css 2a00:1450:4001:803::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/gZWLhEUEJFxEhoT5hpjn2xHK/styles__ltr.css

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LdBUMUZAAAAAK9sWAfAA-Kd5C0Y4AGlWbDlHXpD&co=aHR0cHM6Ly9uZXRzNC5jb206NDQz&hl=de&v=gZWLhEUEJFxEhoT5hpjn2xHK&size=normal&cb=4ucublv40syl

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f6d032132eed5aa1a417456f07864c51fe631858b190224cf7d1a50116d15f48

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Fri, 01 Apr 2022 14:40:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 11122
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 24237
x-xss-protection: 0
last-modified: Mon, 28 Mar 2022 04:22:14 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/css
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 01 Apr 2023 14:40:34 GMT

GET
H3 200 recaptcha__de.js Show response
www.gstatic.com/recaptcha/releases/gZWLhEUEJFxEhoT5hpjn2xHK/ Frame F013 362 KB
143 KB 113ms
53ms Script
text/javascript 2a00:1450:4001:803::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/gZWLhEUEJFxEhoT5hpjn2xHK/recaptcha__de.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

dff2681d8f5f16b61b464b599d7c62f61efe496b54a77044145495bc8cad36d0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Fri, 01 Apr 2022 15:47:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 7114
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 146406
x-xss-protection: 0
last-modified: Mon, 28 Mar 2022 04:22:14 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 01 Apr 2023 15:47:22 GMT

GET
H3 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ Frame 777C 83 KB
28 KB 116ms
79ms Script
text/javascript 142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

sffe /

Resource Hash

cf2a80527ac2bd9fd995cb71ec064af285edcd8941b76bebde969f201727bbb2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Fri, 01 Apr 2022 17:45:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28279
x-xss-protection: 0
server: sffe
etag: "1174 / 769 of 1000 / last-modified: 1648811283"
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Fri, 01 Apr 2022 17:45:56 GMT

GET
H3 200 pubads_impl_2022032106.js Show response
securepubads.g.doubleclick.net/gpt/ Frame 17FF 364 KB
124 KB 63ms
42ms Script
text/javascript 142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022032106.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

sffe /

Resource Hash

8da979458600536726a4bfca5e105c96a405e0740c16e55a7d6cc59108706417

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Fri, 01 Apr 2022 15:42:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 7434
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 126678
x-xss-protection: 0
last-modified: Thu, 24 Mar 2022 20:13:14 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Sat, 01 Apr 2023 15:42:02 GMT

GET
H3 200 pubads_impl_2022032909.js Show response
securepubads.g.doubleclick.net/gpt/ Frame 95FE 367 KB
125 KB 35ms
31ms Script
text/javascript 142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022032909.js?cb=31066130

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

sffe /

Resource Hash

11992f506398f0ce551a82f7591c0448de7de4b0a84a1fdef72131fd756710ff

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Thu, 31 Mar 2022 11:15:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 109799
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 128011
x-xss-protection: 0
last-modified: Tue, 29 Mar 2022 19:35:17 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Fri, 31 Mar 2023 11:15:57 GMT

GET
DATA 200
OK truncated
/ Frame 7FFD 221 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 613603afe8c5203c59d7f9df1cbac87109df7ffdf245fd20becfa6bd95b92155

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H3

200

aHR0cDovL2ltZ2hvc3RzLmNvbS90ZW1wLzIwMTctMDYtMjIvMTAxOTI0L2E0ZjcxNjYxZjQ4YWM3YTNmYmExMjEyMTM4ODVlZGJkLmpwZz90PTE0OTgxNjE4MjYzMzA.webp
s-img.adskeeper.com/g/3805605/328x328/0x0x634x634/ Frame 7FFD
Redirect Chain

https://c.adskeeper.com/c?pv=2&v=0|0|0|IrsjIziL-g-dyOWA0HS5QzlzoOC_iZpmXullOwm0FA7zI_kyRs3FMQrt4TdWjitQ&cid=1220982&f=1&h2=CBvd3SiXK6CDlaashqQY2B-LAifAvcAwR1nWkedwnPI*&rid=9534b872-b1e3-11ec-8266-e...
https://s-img.adskeeper.com/g/3805605/328x328/0x0x634x634/aHR0cDovL2ltZ2hvc3RzLmNvbS90ZW1wLzIwMTctMDYtMjIvMTAxOTI0L2E0ZjcxNjYxZjQ4YWM3YTNmYmExMjEyMTM4ODVlZGJkLmpwZz90PTE0OTgxNjE4MjYzMzA.webp?v=1648...

11 KB
12 KB

24ms
22ms

Image
image/webp

104.18.17.65
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s-img.adskeeper.com/g/3805605/328x328/0x0x634x634/aHR0cDovL2ltZ2hvc3RzLmNvbS90ZW1wLzIwMTctMDYtMjIvMTAxOTI0L2E0ZjcxNjYxZjQ4YWM3YTNmYmExMjEyMTM4ODVlZGJkLmpwZz90PTE0OTgxNjE4MjYzMzA.webp?v=1648835156-KlwPfCA4P_QDdXlInylSJ53ZJ8yuNJ_H9Jm6Ppv2og4
Requested by: Host: nets4.com
URL: https://nets4.com/domain/1800victims.org
Protocol: H3
Server: 104.18.17.65 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 257873d0a56ea7ea8a95ca51c079fac4d608c734a5cf1edc24c53a081d7fb03b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Fri, 01 Apr 2022 17:45:56 GMT
cf-cache-status: HIT
last-modified: Thu, 11 Nov 2021 17:00:32 GMT
x-mg-request-uuid: 11dea3db-03e6-4c54-a5a6-56567798a9d7
age: 3083228
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/webp
access-control-allow-origin: *
cache-control: immutable, max-age=31536000
accept-ranges: bytes
cf-ray: 6f53242e7a309b39-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 11730
server: cloudflare

Redirect headers

date: Fri, 01 Apr 2022 17:45:56 GMT
cf-cache-status: DYNAMIC
x-mg-request-uuid: ceed5321-9b02-473e-b2f6-2538953cc8c2
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
location: https://s-img.adskeeper.com/g/3805605/328x328/0x0x634x634/aHR0cDovL2ltZ2hvc3RzLmNvbS90ZW1wLzIwMTctMDYtMjIvMTAxOTI0L2E0ZjcxNjYxZjQ4YWM3YTNmYmExMjEyMTM4ODVlZGJkLmpwZz90PTE0OTgxNjE4MjYzMzA.webp?v=1648835156-KlwPfCA4P_QDdXlInylSJ53ZJ8yuNJ_H9Jm6Ppv2og4
cf-ray: 6f53242e39cd9b39-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 0
server: cloudflare

GET
H2 200 i
api.purpleads.io/x/a/08e787be5065af5d925198917aa76b1c:c6e0cca04910787391809c73729d163be0cac15e172bd89dcdea86d7985bb57e040b188b461ff295fde8cdcfbe2ad40774376c53ea6d15ca4394a45d486c70999522f9a73420ebb... Frame 7FFD 0
199 B 176ms
176ms Image
text/plain 34.227.128.233
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://api.purpleads.io/x/a/08e787be5065af5d925198917aa76b1c:c6e0cca04910787391809c73729d163be0cac15e172bd89dcdea86d7985bb57e040b188b461ff295fde8cdcfbe2ad40774376c53ea6d15ca4394a45d486c70999522f9a73420ebbeeaf111a46b60271235f38972015559bd1685221dee166987e281f70e90fbaced9c04eee116913372b6684994e0fb3085d959e69f35291f08f5ebbdc31608e586482b52936dfca24e/i?id=bdc7dc6c-3bff-4089-a918-ff73af2dd5c0
Requested by: Host: nets4.com
URL: https://nets4.com/domain/1800victims.org
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.227.128.233 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-227-128-233.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

access-control-allow-origin: api.purpleads.io
date: Fri, 01 Apr 2022 17:45:56 GMT
access-control-allow-methods: GET, PUT, POST, DELETE, HEAD, OPTIONS
access-control-allow-credentials: true
x-request-id: 0e87de60-f9a7-4334-875d-5da24dfa42fb

GET
H3 200 pubads_impl_2022032909.js Show response
securepubads.g.doubleclick.net/gpt/ Frame 777C 367 KB
125 KB 30ms
30ms Script
text/javascript 142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022032909.js?cb=31066038

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

sffe /

Resource Hash

11992f506398f0ce551a82f7591c0448de7de4b0a84a1fdef72131fd756710ff

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Fri, 01 Apr 2022 11:02:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 24228
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 128011
x-xss-protection: 0
last-modified: Tue, 29 Mar 2022 19:35:17 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Sat, 01 Apr 2023 11:02:08 GMT

GET
H2 200 css
fonts.googleapis.com/ Frame A796 708 B
869 B 176ms
62ms Stylesheet
text/css 2a00:1450:4001:810::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Lato&display=swap

Requested by

Host: cdn.purpleads.io
URL: https://cdn.purpleads.io/load.js?publisherId=344ad2e45bc351c4ada152793585a015:8aed5d81ec539e8e6c45776fc6ee38d0aa92f5aeb356bf9114996f6476591916247996f56f76a9fe14770cd4806b54edb29d6938615ba1769d3b435fb1fcd83b

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

230f27646f2460a7e13106d06ec50cb822acf254ae08fba4058aa06ca57b9dab

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Fri, 01 Apr 2022 15:48:36 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Fri, 01 Apr 2022 17:45:56 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Fri, 01 Apr 2022 17:45:56 GMT

GET
H3 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ Frame A796 83 KB
28 KB 58ms
58ms Script
text/javascript 142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

sffe /

Resource Hash

1bebe07e837fb33f10c63429c52aba83e53af281cdebd8687b3ca740d0703829

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Fri, 01 Apr 2022 17:45:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28182
x-xss-protection: 0
server: sffe
etag: "1174 / 56 of 1000 / last-modified: 1648811202"
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Fri, 01 Apr 2022 17:45:56 GMT

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ Frame 95FE 107 B
792 B 176ms
61ms Script
application/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=nets4.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022032909.js?cb=31066130

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 01 Apr 2022 17:45:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ Frame 95FE 107 B
549 B 175ms
61ms Script
application/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=nets4.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022032909.js?cb=31066130

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 01 Apr 2022 17:45:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame 95FE 449 B
285 B 134ms
133ms XHR
text/plain 142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=4431418652372190&correlator=2029257186985942&eid=31066130%2C31065643&output=ldjh&gdfp_req=1&vrg=2022032909&ptt=17&impl=fif&iu_parts=22178702878%2Cpurpleapl%2Callsizesv2&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=728x90%7C468x60%7C200x200%7C320x100%7C320x50%7C300x100&ifi=1&adks=4203880072&sfv=1-0-38&ecs=20220401&fsapi=false&eri=4&sc=1&cookie_enabled=1&abxe=1&dt=1648835155705&dlt=1648835155388&idt=292&biw=1600&bih=1200&isw=728&ish=90&adxs=294&adys=555&ucis=lwm6szskphru&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&nhd=1&url=https%3A%2F%2Fnets4.com%2Fdomain%2F1800victims.org&top=nets4.com&frm=23&vis=1&scr_x=0&scr_y=0&psz=728x0&msz=728x0&fws=256&ohw=0&ea=0&ga_vid=466562161.1648835154&ga_sid=1648835156&ga_hid=1585519173&ga_fc=true&btvi=0&nvt=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022032909.js?cb=31066130

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

cafe /

Resource Hash

d4c31bffd84b08af53773d19ecbd18fc8c053b9cb11d04e9a408cc0143f645dc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Fri, 01 Apr 2022 17:45:56 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 255
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://nets4.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 95FE 14 KB
11 KB 180ms
66ms XHR
application/json 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2022032909&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022032909.js?cb=31066130

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b82df1888c44a2e876a3d51380488521ed43bfb5cdb258b7a353e6ac6ae814eb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 01 Apr 2022 17:45:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10598
x-xss-protection: 0

GET
H2 200 container.html Show response
deed42aff4ff1675ae0a2ca3fb3a7eb8.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 642A 6 KB
4 KB 191ms
63ms Document
text/html 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://deed42aff4ff1675ae0a2ca3fb3a7eb8.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022032909.js?cb=31066130

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, immutable, max-age=31536000
content-encoding: gzip
content-length: 3108
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Fri, 01 Apr 2022 17:45:56 GMT
expires: Sat, 01 Apr 2023 17:45:56 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ Frame 17FF 107 B
165 B 129ms
70ms Script
application/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=nets4.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022032106.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 01 Apr 2022 17:45:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ Frame 17FF 107 B
165 B 128ms
71ms Script
application/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=nets4.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022032106.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 01 Apr 2022 17:45:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame 17FF 17 KB
9 KB 353ms
353ms XHR
text/plain 142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=1126484343955818&correlator=2359048726277526&eid=31060888&output=ldjh&gdfp_req=1&vrg=2022032106&ptt=17&impl=fif&iu_parts=21902364955%3A22652385948%2Ccm_pu_nets4.com_technology_and_computing_top%2Ccm_pu_nets4.com_technology_and_computing_btf_banner&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=728x90%7C468x60%7C200x200%7C320x100%7C320x50%7C300x100&ifi=1&adks=1944610241&sfv=1-0-38&ecs=20220401&fsapi=false&eri=4&sc=1&cookie_enabled=1&abxe=1&dt=1648835155761&dlt=1648835155307&idt=432&biw=1600&bih=1200&isw=728&ish=90&adxs=294&adys=3960&ucis=ydfq48ybr8qb&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&nhd=1&url=https%3A%2F%2Fnets4.com%2Fdomain%2F1800victims.org&top=nets4.com&frm=23&vis=1&scr_x=0&scr_y=0&psz=728x0&msz=728x0&fws=256&ohw=0&ea=0&ga_vid=466562161.1648835154&ga_sid=1648835156&ga_hid=336874439&ga_fc=true&btvi=1&nvt=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022032106.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

cafe /

Resource Hash

d49a4a82817ac644181b779f918cab6e7431028a1d17222512bba3e08cc068c4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Fri, 01 Apr 2022 17:45:56 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8808
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://nets4.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 17FF 14 KB
10 KB 136ms
77ms XHR
application/json 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2022032106&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022032106.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5fd85c44def85de21ac325bb49df1610611fb7311f4e8b1aceae495fd4b35771

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 01 Apr 2022 17:45:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10614
x-xss-protection: 0

GET
H2 200 container.html Show response
56591f2fb35485a454aea223b764c8fb.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 2FE9 6 KB
4 KB 205ms
59ms Document
text/html 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://56591f2fb35485a454aea223b764c8fb.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022032106.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, immutable, max-age=31536000
content-encoding: gzip
content-length: 3108
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Fri, 01 Apr 2022 17:45:56 GMT
expires: Sat, 01 Apr 2023 17:45:56 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 webworker.js
www.google.com/recaptcha/api2/ Frame F013 102 B
134 B 63ms
63ms Other
text/javascript 2a00:1450:4001:830::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/webworker.js?hl=de&v=gZWLhEUEJFxEhoT5hpjn2xHK

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

51540e98209e949f0a7f01c1332f6bf5dfe526adeaabe2705f42184d721f90b1

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LdBUMUZAAAAAK9sWAfAA-Kd5C0Y4AGlWbDlHXpD&co=aHR0cHM6Ly9uZXRzNC5jb206NDQz&hl=de&v=gZWLhEUEJFxEhoT5hpjn2xHK&size=normal&cb=4ucublv40syl
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Fri, 01 Apr 2022 17:45:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: GSE
cross-origin-embedder-policy: require-corp
x-frame-options: SAMEORIGIN
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=300
content-security-policy: frame-ancestors 'self'
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 112
x-xss-protection: 1; mode=block
expires: Fri, 01 Apr 2022 17:45:56 GMT

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ Frame 777C 107 B
165 B 62ms
62ms Script
application/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=nets4.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022032909.js?cb=31066038

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 01 Apr 2022 17:45:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ Frame 777C 107 B
165 B 63ms
63ms Script
application/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=nets4.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022032909.js?cb=31066038

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 01 Apr 2022 17:45:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame 777C 68 KB
33 KB 347ms
347ms XHR
text/plain 142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=1845302572803266&correlator=1769794973196494&eid=31066038%2C31061828&output=ldjh&gdfp_req=1&vrg=2022032909&ptt=17&impl=fif&iu_parts=21902364955%3A22652385948%2Ccm_pu_nets4.com_technology_and_computing_top%2Ccm_pu_nets4.com_technology_and_computing_btf_banner&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=728x90%7C468x60%7C200x200%7C320x100%7C320x50%7C300x100&ifi=1&adks=1944610241&sfv=1-0-38&ecs=20220401&fsapi=false&eri=4&sc=1&cookie_enabled=1&abxe=1&dt=1648835155860&dlt=1648835155439&idt=399&biw=1600&bih=1200&isw=728&ish=90&adxs=294&adys=2262&ucis=781nr93db3sk&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&nhd=1&url=https%3A%2F%2Fnets4.com%2Fdomain%2F1800victims.org&top=nets4.com&frm=23&vis=1&scr_x=0&scr_y=0&psz=728x0&msz=728x0&fws=256&ohw=0&ea=0&ga_vid=466562161.1648835154&ga_sid=1648835156&ga_hid=1656221841&ga_fc=true&btvi=1&nvt=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022032909.js?cb=31066038

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

cafe /

Resource Hash

c2f3d37ddd19bb717a63bbfebc82365d58dbed51be816d254015d4809f0c9fd2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Fri, 01 Apr 2022 17:45:56 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 33970
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://nets4.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 777C 14 KB
10 KB 78ms
78ms XHR
application/json 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2022032909&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022032909.js?cb=31066038

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

6b9b24a7525939cbd27d3837aad9311e58043c6243b77b06d9058cb4baf24702

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 01 Apr 2022 17:45:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10568
x-xss-protection: 0

GET
H2 200 container.html Show response
e1f9c77bf5a35643b4bd056e089e3ef5.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 9D85 6 KB
3 KB 101ms
62ms Document
text/html 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://e1f9c77bf5a35643b4bd056e089e3ef5.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022032909.js?cb=31066038

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, immutable, max-age=31536000
content-encoding: gzip
content-length: 3108
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Fri, 01 Apr 2022 17:45:56 GMT
expires: Sat, 01 Apr 2023 17:45:56 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 95FE 17 KB
7 KB 394ms
61ms Script
text/javascript 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022032909.js?cb=31066130

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Fri, 01 Apr 2022 17:45:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Fri, 01 Apr 2022 17:45:56 GMT

GET
H2 200 / Show response
api.purpleads.io/x/b/ 12 KB
3 KB 374ms
374ms Fetch
application/json 34.227.128.233
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://api.purpleads.io/x/b/?idx=5&pid=984adc29577943548c8b170430d72009&sizes=[[728,90],[468,60],[200,200],[320,100],[320,50],[300,100]]&slotid=ae0d66de-ca57-470c-a798-56e581b15db6&demand=adipolo&ts=1648835155933
Requested by: Host: cdn.purpleads.io
URL: https://cdn.purpleads.io/agent.js?publisherId=344ad2e45bc351c4ada152793585a015:8aed5d81ec539e8e6c45776fc6ee38d0aa92f5aeb356bf9114996f6476591916247996f56f76a9fe14770cd4806b54edb29d6938615ba1769d3b435fb1fcd83b
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.227.128.233 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-227-128-233.compute-1.amazonaws.com
Software: /
Resource Hash: 37d3f50086814ea11d6878c51457cb3322445bb4a7d66d75309a4613525fccb3

Request headers

Accept-Language: de-DE,de;q=0.9
Authorization: Bearer 344ad2e45bc351c4ada152793585a015:8aed5d81ec539e8e6c45776fc6ee38d0aa92f5aeb356bf9114996f6476591916247996f56f76a9fe14770cd4806b54edb29d6938615ba1769d3b435fb1fcd83b
x-request-url: aHR0cHM6Ly9uZXRzNC5jb20vZG9tYWluLzE4MDB2aWN0aW1zLm9yZw==
Accept: application/json
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36
Content-Type: application/json
x-purpleads-version: 2.1.3

Response headers

date: Fri, 01 Apr 2022 17:45:57 GMT
content-encoding: gzip
etag: W/"2ef9-fc5YT+g2AzW9oMlJFdy5f7F/xN4"
vary: Accept-Encoding
access-control-allow-methods: GET, PUT, POST, DELETE, HEAD, OPTIONS
content-type: application/json; charset=utf-8
access-control-allow-origin: https://nets4.com
access-control-allow-credentials: true
x-request-id: bf98b25e-450f-4236-8ba7-e86fc3982d48

OPTIONS
H2 200 /
api.purpleads.io/x/b/ Frame 0
0 104ms
104ms Preflight 34.227.128.233
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://api.purpleads.io/x/b/?idx=5&pid=984adc29577943548c8b170430d72009&sizes=[[728,90],[468,60],[200,200],[320,100],[320,50],[300,100]]&slotid=ae0d66de-ca57-470c-a798-56e581b15db6&demand=adipolo&ts=1648835155933
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.227.128.233 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-227-128-233.compute-1.amazonaws.com
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: authorization,content-type,x-purpleads-version,x-request-url
Access-Control-Request-Method: GET
Origin: https://nets4.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: authorization,content-type,x-purpleads-version,x-request-url
access-control-allow-methods: GET, PUT, POST, DELETE, HEAD, OPTIONS
access-control-allow-origin: https://nets4.com
date: Fri, 01 Apr 2022 17:45:56 GMT
x-request-id: c49085b1-b19e-4837-bf41-46dbf1c611ad

GET
H2 200 S6uyw4BMUTPHjx4wXg.woff2
fonts.gstatic.com/s/lato/v22/ Frame A796 23 KB
24 KB 357ms
54ms Font
font/woff2 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/lato/v22/S6uyw4BMUTPHjx4wXg.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Lato&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

918b7dc3e2e2d015c16ce08b57bcb64d2253bafc1707658f361e72865498e537

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://nets4.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Wed, 30 Mar 2022 19:30:30 GMT
x-content-type-options: nosniff
age: 166526
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 23580
x-xss-protection: 0
last-modified: Wed, 26 Jan 2022 19:14:03 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Thu, 30 Mar 2023 19:30:30 GMT

GET
H2 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 17FF 17 KB
6 KB 380ms
83ms Script
text/javascript 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022032106.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Fri, 01 Apr 2022 17:45:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Fri, 01 Apr 2022 17:45:56 GMT

GET
H3 200 bframe Show response
www.google.com/recaptcha/api2/ Frame D46E 7 KB
1 KB 66ms
66ms Document
text/html 2a00:1450:4001:830::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/bframe?hl=de&v=gZWLhEUEJFxEhoT5hpjn2xHK&k=6LdBUMUZAAAAAK9sWAfAA-Kd5C0Y4AGlWbDlHXpD

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/gZWLhEUEJFxEhoT5hpjn2xHK/recaptcha__de.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

6da6acdca488e1b114974972985582b4ba64d706536b9f38062c30799d3d28f8

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-pWy5/bf76gaARP5RNs/sXg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-encoding: gzip
content-length: 1110
content-security-policy: script-src 'report-sample' 'nonce-pWy5/bf76gaARP5RNs/sXg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Fri, 01 Apr 2022 17:45:56 GMT
expires: Mon, 01 Jan 1990 00:00:00 GMT
pragma: no-cache
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 200 pubads_impl_2022032106.js Show response
securepubads.g.doubleclick.net/gpt/ Frame A796 364 KB
124 KB 31ms
30ms Script
text/javascript 142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022032106.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

sffe /

Resource Hash

8da979458600536726a4bfca5e105c96a405e0740c16e55a7d6cc59108706417

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Fri, 01 Apr 2022 15:42:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 7434
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 126678
x-xss-protection: 0
last-modified: Thu, 24 Mar 2022 20:13:14 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Sat, 01 Apr 2023 15:42:02 GMT

GET
H2 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 777C 17 KB
6 KB 350ms
76ms Script
text/javascript 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022032909.js?cb=31066038

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Fri, 01 Apr 2022 17:45:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Fri, 01 Apr 2022 17:45:56 GMT

GET
H3 200 integrator.js Show response
adservice.google.de/adsid/ Frame A796 107 B
122 B 127ms
65ms Script
application/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=nets4.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022032106.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 01 Apr 2022 17:45:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ Frame A796 107 B
122 B 127ms
66ms Script
application/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=nets4.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022032106.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 01 Apr 2022 17:45:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame A796 26 KB
11 KB 267ms
266ms XHR
text/plain 142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=3527874828063311&correlator=2484177588323170&eid=31062931&output=ldjh&gdfp_req=1&vrg=2022032106&ptt=17&impl=fif&iu_parts=21902364955%3A22652385948%2Ccm_pu_nets4.com_technology_and_computing_top%2Ccm_pu_nets4.com_technology_and_computing_btf_2&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=320x50%7C320x100%7C300x250&ifi=1&adks=882885121&sfv=1-0-38&ecs=20220401&fsapi=false&eri=4&sc=1&cookie=ID%3Dadb2c4bf19f473fa-2264db796ccd000c%3AT%3D1648835156%3AS%3DALNI_MaERkVgiS6EdjggkmIiHWnWdXzTmg&abxe=1&dt=1648835156241&dlt=1648835155654&idt=366&biw=1600&bih=1200&isw=345&ish=85&adxs=1244&adys=1121&ucis=67xcs34znam1&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&nhd=1&url=https%3A%2F%2Fnets4.com%2Fdomain%2F1800victims.org&top=nets4.com&frm=23&vis=1&scr_x=0&scr_y=0&psz=345x0&msz=345x0&fws=256&ohw=0&ea=0&ga_vid=466562161.1648835154&ga_sid=1648835156&ga_hid=1846462152&ga_fc=true&btvi=0&nvt=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022032106.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

cafe /

Resource Hash

7b92bc9a37aa1320f7b759297adc5d7a3a92b34511d06b5d4790ca6eff83b59e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Fri, 01 Apr 2022 17:45:57 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11168
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://nets4.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
05e677a25dfd6c4f47b6a28676ce2f35.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 190B 6 KB
3 KB 80ms
64ms Document
text/html 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://05e677a25dfd6c4f47b6a28676ce2f35.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022032106.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, immutable, max-age=31536000
content-encoding: gzip
content-length: 3108
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Fri, 01 Apr 2022 17:45:56 GMT
expires: Sat, 01 Apr 2023 17:45:56 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 container.html Show response
56591f2fb35485a454aea223b764c8fb.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame C04D 6 KB
3 KB 114ms
53ms Document
text/html 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://56591f2fb35485a454aea223b764c8fb.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022032106.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

accept-ranges: bytes
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, immutable, max-age=31536000
content-encoding: gzip
content-length: 3108
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Fri, 01 Apr 2022 17:45:56 GMT
expires: Sat, 01 Apr 2023 17:45:56 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

OPTIONS
H2 200 i
api.purpleads.io/x/a/fbd73d9e80a5247d4bbc09d610d54e90:7eb89a9230535842ee0769418c42064858e8379a64ab768b617e2a7a38cf6af7690957b7ba728c5f3493c8ef6f89e0eed07cd31f11c7a7a7a365e9af4187ed494dbab4a08f3d6f0... Frame 0
0 99ms
98ms Preflight 34.227.128.233
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://api.purpleads.io/x/a/fbd73d9e80a5247d4bbc09d610d54e90:7eb89a9230535842ee0769418c42064858e8379a64ab768b617e2a7a38cf6af7690957b7ba728c5f3493c8ef6f89e0eed07cd31f11c7a7a7a365e9af4187ed494dbab4a08f3d6f0b8fd908b03a9bf3d12bcf0272835b00d06664211d6ee04582148940e68cb867e701b0971d6456258bdd8a3b9f6f2e1bb217fe8af032da079b3b4842974125c9361260f290b3d47ff8cb9038bc572d88149c95de6699bb9d07/i?id=b8e4ecdd-57b5-4ac0-9a89-e9849cede1df&ts=1648835156265
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.227.128.233 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-227-128-233.compute-1.amazonaws.com
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: authorization,content-type,x-purpleads-version,x-request-url
Access-Control-Request-Method: GET
Origin: https://nets4.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: authorization,content-type,x-purpleads-version,x-request-url
access-control-allow-methods: GET, PUT, POST, DELETE, HEAD, OPTIONS
access-control-allow-origin: https://nets4.com
date: Fri, 01 Apr 2022 17:45:56 GMT
x-request-id: f659adb5-fd3a-43b0-9d47-c9fb57567ed5

GET
H2 200 i Show response
api.purpleads.io/x/a/fbd73d9e80a5247d4bbc09d610d54e90:7eb89a9230535842ee0769418c42064858e8379a64ab768b617e2a7a38cf6af7690957b7ba728c5f3493c8ef6f89e0eed07cd31f11c7a7a7a365e9af4187ed494dbab4a08f3d6f0... 0
200 B 152ms
151ms Fetch 34.227.128.233
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://api.purpleads.io/x/a/fbd73d9e80a5247d4bbc09d610d54e90:7eb89a9230535842ee0769418c42064858e8379a64ab768b617e2a7a38cf6af7690957b7ba728c5f3493c8ef6f89e0eed07cd31f11c7a7a7a365e9af4187ed494dbab4a08f3d6f0b8fd908b03a9bf3d12bcf0272835b00d06664211d6ee04582148940e68cb867e701b0971d6456258bdd8a3b9f6f2e1bb217fe8af032da079b3b4842974125c9361260f290b3d47ff8cb9038bc572d88149c95de6699bb9d07/i?id=b8e4ecdd-57b5-4ac0-9a89-e9849cede1df&ts=1648835156265
Requested by: Host: cdn.purpleads.io
URL: https://cdn.purpleads.io/agent.js?publisherId=344ad2e45bc351c4ada152793585a015:8aed5d81ec539e8e6c45776fc6ee38d0aa92f5aeb356bf9114996f6476591916247996f56f76a9fe14770cd4806b54edb29d6938615ba1769d3b435fb1fcd83b
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.227.128.233 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-227-128-233.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Authorization: Bearer 344ad2e45bc351c4ada152793585a015:8aed5d81ec539e8e6c45776fc6ee38d0aa92f5aeb356bf9114996f6476591916247996f56f76a9fe14770cd4806b54edb29d6938615ba1769d3b435fb1fcd83b
x-request-url: aHR0cHM6Ly9uZXRzNC5jb20vZG9tYWluLzE4MDB2aWN0aW1zLm9yZw==
Accept: application/json
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36
Content-Type: application/json
x-purpleads-version: 2.1.3

Response headers

access-control-allow-origin: https://nets4.com
date: Fri, 01 Apr 2022 17:45:57 GMT
access-control-allow-methods: GET, PUT, POST, DELETE, HEAD, OPTIONS
access-control-allow-credentials: true
x-request-id: 6440ad53-37e9-4098-85d3-302f37439f3e

GET
H3 200 container.html Show response
e1f9c77bf5a35643b4bd056e089e3ef5.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame E620 6 KB
3 KB 117ms
53ms Document
text/html 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://e1f9c77bf5a35643b4bd056e089e3ef5.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022032909.js?cb=31066038

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

accept-ranges: bytes
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, immutable, max-age=31536000
content-encoding: gzip
content-length: 3108
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Fri, 01 Apr 2022 17:45:56 GMT
expires: Sat, 01 Apr 2023 17:45:56 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

OPTIONS
H2 200 i
api.purpleads.io/x/a/69ffd034d148d508bedca098db106111:e09501919f16b309d52493f6be38a91714726fb7f2f3c823fa412694ff31b95f4a8a36d05a32bacee85e0b816e30b4378e47ba8dc6114baddb86be7657438ce13701aa544651b48... Frame 0
0 101ms
101ms Preflight 34.227.128.233
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://api.purpleads.io/x/a/69ffd034d148d508bedca098db106111:e09501919f16b309d52493f6be38a91714726fb7f2f3c823fa412694ff31b95f4a8a36d05a32bacee85e0b816e30b4378e47ba8dc6114baddb86be7657438ce13701aa544651b48d122d4d4b5aa12ac20c858ca3fcded830bd5eeaac281c7fde656c65e0579975e8c7c8f287b21079066edd36217bc641fd51da3886df6e964fc3418410448ed5643e5679b46e8df5384f8228d1044f0898ff3f6fafa0ad0fbd/i?id=53925878-ad8a-4f2d-91d0-e6dd6572ebb8&ts=1648835156286
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.227.128.233 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-227-128-233.compute-1.amazonaws.com
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: authorization,content-type,x-purpleads-version,x-request-url
Access-Control-Request-Method: GET
Origin: https://nets4.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: authorization,content-type,x-purpleads-version,x-request-url
access-control-allow-methods: GET, PUT, POST, DELETE, HEAD, OPTIONS
access-control-allow-origin: https://nets4.com
date: Fri, 01 Apr 2022 17:45:57 GMT
x-request-id: 81c4fcfa-1218-4a5c-bf99-307c4ee12632

GET
H2 200 i Show response
api.purpleads.io/x/a/69ffd034d148d508bedca098db106111:e09501919f16b309d52493f6be38a91714726fb7f2f3c823fa412694ff31b95f4a8a36d05a32bacee85e0b816e30b4378e47ba8dc6114baddb86be7657438ce13701aa544651b48... 0
199 B 174ms
173ms Fetch 34.227.128.233
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://api.purpleads.io/x/a/69ffd034d148d508bedca098db106111:e09501919f16b309d52493f6be38a91714726fb7f2f3c823fa412694ff31b95f4a8a36d05a32bacee85e0b816e30b4378e47ba8dc6114baddb86be7657438ce13701aa544651b48d122d4d4b5aa12ac20c858ca3fcded830bd5eeaac281c7fde656c65e0579975e8c7c8f287b21079066edd36217bc641fd51da3886df6e964fc3418410448ed5643e5679b46e8df5384f8228d1044f0898ff3f6fafa0ad0fbd/i?id=53925878-ad8a-4f2d-91d0-e6dd6572ebb8&ts=1648835156286
Requested by: Host: cdn.purpleads.io
URL: https://cdn.purpleads.io/agent.js?publisherId=344ad2e45bc351c4ada152793585a015:8aed5d81ec539e8e6c45776fc6ee38d0aa92f5aeb356bf9114996f6476591916247996f56f76a9fe14770cd4806b54edb29d6938615ba1769d3b435fb1fcd83b
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.227.128.233 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-227-128-233.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Authorization: Bearer 344ad2e45bc351c4ada152793585a015:8aed5d81ec539e8e6c45776fc6ee38d0aa92f5aeb356bf9114996f6476591916247996f56f76a9fe14770cd4806b54edb29d6938615ba1769d3b435fb1fcd83b
x-request-url: aHR0cHM6Ly9uZXRzNC5jb20vZG9tYWluLzE4MDB2aWN0aW1zLm9yZw==
Accept: application/json
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36
Content-Type: application/json
x-purpleads-version: 2.1.3

Response headers

access-control-allow-origin: https://nets4.com
date: Fri, 01 Apr 2022 17:45:57 GMT
access-control-allow-methods: GET, PUT, POST, DELETE, HEAD, OPTIONS
access-control-allow-credentials: true
x-request-id: 5ab24f47-e640-4828-9c08-191e96412ceb

GET
H3 200 styles__ltr.css
www.gstatic.com/recaptcha/releases/gZWLhEUEJFxEhoT5hpjn2xHK/ Frame D46E 51 KB
24 KB 53ms
52ms Stylesheet
text/css 2a00:1450:4001:803::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/gZWLhEUEJFxEhoT5hpjn2xHK/styles__ltr.css

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api2/bframe?hl=de&v=gZWLhEUEJFxEhoT5hpjn2xHK&k=6LdBUMUZAAAAAK9sWAfAA-Kd5C0Y4AGlWbDlHXpD

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f6d032132eed5aa1a417456f07864c51fe631858b190224cf7d1a50116d15f48

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Fri, 01 Apr 2022 14:40:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 11123
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 24237
x-xss-protection: 0
last-modified: Mon, 28 Mar 2022 04:22:14 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/css
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 01 Apr 2023 14:40:34 GMT

GET
H3 200 recaptcha__de.js Show response
www.gstatic.com/recaptcha/releases/gZWLhEUEJFxEhoT5hpjn2xHK/ Frame D46E 362 KB
143 KB 55ms
54ms Script
text/javascript 2a00:1450:4001:803::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/gZWLhEUEJFxEhoT5hpjn2xHK/recaptcha__de.js

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api2/bframe?hl=de&v=gZWLhEUEJFxEhoT5hpjn2xHK&k=6LdBUMUZAAAAAK9sWAfAA-Kd5C0Y4AGlWbDlHXpD

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

dff2681d8f5f16b61b464b599d7c62f61efe496b54a77044145495bc8cad36d0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Fri, 01 Apr 2022 15:47:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 7115
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 146406
x-xss-protection: 0
last-modified: Mon, 28 Mar 2022 04:22:14 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 01 Apr 2023 15:47:22 GMT

GET
H3 200 runner.html
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 66F8 0
0 124ms
61ms Document
text/html 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

accept-ranges: bytes
age: 3189
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Fri, 01 Apr 2022 16:52:48 GMT
expires: Sat, 01 Apr 2023 16:52:48 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 49C7 783 B
535 B 65ms
65ms Document
text/html 2a00:1450:4001:830::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

dd221bed3247e6cc3e15c8ad655907635e043f09d6fca25ebc5f0dbf3a0f1a4f

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-0Xk/2nHihTKfRjIsr7hM5w' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private, max-age=300
content-encoding: gzip
content-length: 513
content-security-policy: script-src 'report-sample' 'nonce-0Xk/2nHihTKfRjIsr7hM5w' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Fri, 01 Apr 2022 17:45:57 GMT
expires: Fri, 01 Apr 2022 17:45:57 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 7912 13 KB
5 KB 105ms
57ms Document
text/html 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

accept-ranges: bytes
age: 3189
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Fri, 01 Apr 2022 16:52:48 GMT
expires: Sat, 01 Apr 2023 16:52:48 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 0C4A 783 B
533 B 63ms
63ms Document
text/html 2a00:1450:4001:830::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

b6672ae1cd80a130201626cdafa7bc36f5c975d59a8969a6ad3b4099a3924c56

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-UGb0Jcr/yxOcpRus7ka1lQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private, max-age=300
content-encoding: gzip
content-length: 511
content-security-policy: script-src 'report-sample' 'nonce-UGb0Jcr/yxOcpRus7ka1lQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Fri, 01 Apr 2022 17:45:57 GMT
expires: Fri, 01 Apr 2022 17:45:57 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 0889 13 KB
5 KB 84ms
54ms Document
text/html 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

accept-ranges: bytes
age: 3189
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Fri, 01 Apr 2022 16:52:48 GMT
expires: Sat, 01 Apr 2023 16:52:48 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 2271 783 B
536 B 65ms
65ms Document
text/html 2a00:1450:4001:830::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

f44009daeb4affe4373934e4fbd79560ac05718af528b371354c0cc2e4c3b86f

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-cg0KY1muQOBuLZTX7HRV6g' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private, max-age=300
content-encoding: gzip
content-length: 514
content-security-policy: script-src 'report-sample' 'nonce-cg0KY1muQOBuLZTX7HRV6g' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Fri, 01 Apr 2022 17:45:57 GMT
expires: Fri, 01 Apr 2022 17:45:57 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame A796 14 KB
10 KB 138ms
74ms XHR
application/json 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2022032106&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022032106.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0f5e83b3ea655834bc4bc6a3aef6b19b60bb70f6cab551b8126f81edec2c0a9d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 01 Apr 2022 17:45:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10523
x-xss-protection: 0

GET
H2 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame F6A3 624 B
733 B 182ms
66ms Document
text/html 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxj-rbvGATAB&v=APEucNXnCL1nHgd6DK_hcEVJikMLahVMDuC4GrzAHYANrbnHfGaTd4SQiQ7P8nFi79MCSxSUAnB7hUmSfRLzyiLk678RKr9hr7PTG6HjEq6-KtcszF3wDoy0xdPbmvQBe4KBBPVEDb2cjp73l3rMqDoTqVDCrV3HNfyb3tcWM-JYbvZTxTjFxXY

Requested by

Host: 56591f2fb35485a454aea223b764c8fb.safeframe.googlesyndication.com
URL: https://56591f2fb35485a454aea223b764c8fb.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://56591f2fb35485a454aea223b764c8fb.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-encoding: gzip
content-length: 276
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 01 Apr 2022 17:45:57 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame C04D 14 KB
11 KB 207ms
92ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-AwK07vvKDJ0tOkxODb2p64uxWIxD4vNoHL32AM0cPzxit0iasvkrXyrQJbKH60r0WtLn5jXlh5fLxMAzYSUoCY56IVO2lYtGC2rEo5EzEhckB8d7DvtHxNl4NcQ4p-uFj4_uLVXD-8MKSnzVgtzhGt9OGK_w&cry=1&dbm_d=AKAmf-BnydbxhMr2SbXgiPY5FXYYZ-hyrd93ndOKl5DDRcF-2Ah0Fj7suzRhHdxSgKSlhvqjNWyZbSZqKd1GJ1tCyNHtDC8tWX_1PaS6fo4g8w1AFKpYKPb1jKgu1Kyqi5l1iui0-haTclIM09K7AZO9iahByIq2Wfm-kNcx1f5LM1q7a_R9BbU6Bp9Dpt6mD-xjWOJ9WNm2zk361CDHZHmUxlVHlSjeQKVfZ-kOcxqVd2fmoVFso032D7NZJuUgNPS8l7XuueyfIX0Rlzo19J3wWbBeSC_93QWUu9gRwG5QE65Ci9JwOWG0qfxTBbMLUKr-PZolOearVlgBs3qApGMYmpDMhRdjEquLU4mWpQy6udgcTOIYAvLzqXRuEKka_yAVJGHpOmIsVJViFeb-v4y1hfKK5bigljmaZDHAqqVf4uDHthoHdO7CFb9EoHYj7bqk7WALMOsogfbMO8dxhYxvidPwKir1UYQ6mU3J3zXLk_qelSaehFVPbrSIE4C8_QPZ-yNQ5jZmNZtgvXNtxMVeVlhCda4QHEsD5RW3U3miSy8_lwDVLlsdfJq3A95YPEjI1a_OMbMaMpr8Rh1AHtwkmZ1ViLj_aS3LheSkDi3q15Q1w5eV7Kvx7mVBUzAkKTpTMlyHdGsfr77D8rlZJSzHxy8i5pXS6pz3Tl8yXQIcNzgr69z1-bUAlROLNq6damsrQEafRy22enlngY97tg5RVTPZoJMn594w0PLaRm_WjfkJ1XLinPa7MiogoZadgtHO1ufuMbCpuzYuBuGv0KLvAuCmBnFBSkWprHd3BH30INXGl08gTpUP7rdZOseFit64gDg7jh7FmrmgNFWd36gSkocEIRLG1U5pzzKTlI0SdelKDVoAe19oTz7pqH3EBF2xsljBlGSAnpbOt9EiVwlMmoYH2YBf6BVBlDkUGHuTvg0G2fYZCFvztScmy7TjtQMUxLHNZqTEO7vUlJCYSfG9psh4Qq0YUegLSHfIAJtQ2SgL4PRFw53RbQ8faRIA5VIBzJG6hiqguezCL2jd1AsaSpgNEY7Kl7hBp83KMJ3Ht71WcPuLQKvjjB5M95SS0NkMk5GIqfQxDK4tTj7j8fcapPIZbFeN1XzQNLcMvG5DrllCL8NCehsr9veaIK0wzPTO5793HZzgR0wyDN6ODsSAPtXsZ1X__0syzgZuTDf4x1IOGhhSFKsz51xF_iDMf-f_cigIkCutBLB_ulSyhVaEOSOjx5TpOuzej9rzahuhOHr1azqfHBgZz4m7kkEWTo1YOTXBjd9XhxhTI0JRUajZprikplytFW524XuKGtLazM6k9gExdJFM-VSOd77S7jqr6F0gFkZC379G_UpDbGYUpQ5RKlsXCGtk6yp4jxnN-_7Nfn8Ml22x8QjDd-b7xisFZGKI7JDX-sQHWfG_w6oAhp8-YLZVgmyRpQEfzVE8fVLDxUBNEeF7EBONh_L6QXvvckstis0xsx-lCJMTtvQ0Wdr-wQGj_A1eQb9oDnUOUKtRXdtyhskZDJG48jJOM-38_wVePdyTNeixcnMJQdgQLJEoc5tFH0IcaH7ZwyWQe91OdIPkG8_gkrpxKMMfZSzyUJ-hAUCrIHTSsSNC8klKydCSDKEp5rqt5ydLqXeVOMofFbve64PT-ghQWMQ86VjQriJZNSrxl8lZY_RdbjYh_9P-qXVI6YfY_RfHslucnWxOUZ4I5GDtfcKTFzPsryXT-tY6uZ29gpjkNZxoNBsGzw3fFXjfRMwupPqNm07Q0HmS-_pNOo4gtATQxTWrBpka7Ecx1X6JASxzoZ0nATr1iFxFA6hYTm1rY5oWZvERETawhyipmPUcBPTG1AoGRmWcde3AO1qm7BF9icuI_U8qVJsnhrzAQ61ZJ6nuHpEWtbyg0wrRshHMJFjfcTriGp8bq73IV8geGrGOaMu5t8n7ftx3QaPXjeSk-MTmE4_K0QFF7C15fZDw2J716Ndp1vg7O2forDOEJi5rUNJ6If16WFyLx2FCYEffy10-K8LAteKZqk5Mga9xc9lolsf5ocPj18HZKz13Qu4qyp_zwKZ-OGUYyb3Lh3JFqt0FYfvSeUznxcq5cDMROagVdGsu5CIXVV9r7DufEr7ENT8A21jqVBIFyLxp6_3od38ys8BgXTROFxAuMltMO8uDuFEWHiqPlLvNxPgP9-3WDDxJFKU05hpxg5LJpk-SkmBARY78fhO6FbjR7YL9Vkci-FR1yq18tUXolTQt2dihr8pWZUVIizwkukUOvCr1iy0aHmLinjCt_VrEr-hJ2IKi7mmt0fHr87io4PMzHwDNzaau07_OBJX_WyqhwuuqP1EZ07eFSSVopRzEgXrDCAjelSmtAKu3vlRFnRJbPSgMmKCLipWpVvf5L5tS60EPpqopY1MzrxZ7AuHeZNZqPIKVNe8cic0EjuCEuRB9WcwXdMR6VrWW5Vo_e9s7SKjNspPr0-6RDjS701UFfQZxnREZHHt42NIiJbYkbzWT-zqaBRzX9i_Oon3cYjHHwXiweh4FyKFBOV8fYAheZ0O2HjI2AA0MN0p5QgGGnoApfwVC0jyat5ALeuVMoGojHt7PkfSO9O4xOK_3ITrmMsMSLsnVqwQBDQNvG2MgC9B2PV7E6m3fADkoFoQVgVCUF4OjwfXf9wxbQ1AlccN8xebnQbTk6Z64Buoy1-Un133EPsVh0LgG8ZklZuWf-bgoNMdvMesNzZpob2-cmlls78NUH3lw7jSXJz9qLO2M0bO8zZ5GqxdV1YbemEnGKeERR67PG0jVtIFQzazdmS__eOwiedufe1y_yvulHpo5CH0EkucCmQLpG8ULwCcTDPOh4hWuS_SgjIss0bY_JGEcbWwETans3W9X0ULZtVGL5mA_p6UzGBakt4axGTW7AR0fF5pd_6OJJPMwKRwexJw6qoeQRSoJ6PW02_QpdC-yxDnfHeIu9uwI3mF7B7dy3ukQhjtCD9wH-GB1HnSU9m99koYuIGDELHiWPHjKFdZ7PDvNFht5UlySXsM-smqF5TcZtq8rgcVJapPV-DOpVXZdrwTu8CavNnZ0yHuVVFWBgHniv-nokehrMYxV_qW37s7BxxO_JY8X61XQwI_X2Wh95z9x2Zhiw4f2AKeL2cM8dqNT1OvgCKcur-6LXB7ZZ33oU7Tm5crEJmWQ20s2YbshH1uO_dpa7xz8t4N9ZrUWNjwd7Fc0qgfvdLi92ncLWbSWTTI2Fld1ZHJs1aQ4MSz5-6I&cid=CAASKORoshToJaNsu0PR_Dr7HgI2SvV6B0fg5LVs1fnYPQgv1xvYVNmoAEQ&rfl=2%2Chttps%253A%252F%252Fnets4.com%242%2Chttps%253A%252F%252Fnets4.com%252F%240

Requested by

Host: nets4.com
URL: https://nets4.com/domain/1800victims.org

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

52e3a5353bc3da9c5420821a883d70deb2e3ad8627f50f499cf5a71aac4c1144

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://56591f2fb35485a454aea223b764c8fb.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 01 Apr 2022 17:45:57 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10754
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame C04D 42 B
63 B 147ms
86ms Image
image/gif 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-A0YMunLxQtDERLHN96O9anCKdg8K2c6EYT20NrPKw0XXy4M574xf3OwnHcZLv7O-1AvQLmQCgg0eg-LoUOBrbMBcZHm3SJiua5Gpf_ehAOLlh44m4

Requested by

Host: 56591f2fb35485a454aea223b764c8fb.safeframe.googlesyndication.com
URL: https://56591f2fb35485a454aea223b764c8fb.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://56591f2fb35485a454aea223b764c8fb.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 01 Apr 2022 17:45:57 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220330/r20110914/client/ Frame C04D 2 KB
1 KB 53ms
52ms Script
text/javascript 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220330/r20110914/client/window_focus_fy2019.js

Requested by

Host: 56591f2fb35485a454aea223b764c8fb.safeframe.googlesyndication.com
URL: https://56591f2fb35485a454aea223b764c8fb.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

68026f99511fbc5c2275b7068b5fac19797d638977ffb9db12c5c1523614c18f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://56591f2fb35485a454aea223b764c8fb.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Fri, 01 Apr 2022 17:27:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1112
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1233
x-xss-protection: 0
server: cafe
etag: 16517525077337815633
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 15 Apr 2022 17:27:25 GMT

GET
H3 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220330/r20110914/client/ Frame C04D 15 KB
6 KB 55ms
54ms Script
text/javascript 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220330/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: 56591f2fb35485a454aea223b764c8fb.safeframe.googlesyndication.com
URL: https://56591f2fb35485a454aea223b764c8fb.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ecc2e585ea072abb205881f3aad6f36e92d556537e7100a8a128ddbc75edb436

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://56591f2fb35485a454aea223b764c8fb.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Fri, 01 Apr 2022 17:43:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 140
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6407
x-xss-protection: 0
server: cafe
etag: 6055885685211612390
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 15 Apr 2022 17:43:37 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame C04D 119 KB
37 KB 152ms
54ms Script
text/javascript 2a00:1450:4014:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 56591f2fb35485a454aea223b764c8fb.safeframe.googlesyndication.com
URL: https://56591f2fb35485a454aea223b764c8fb.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4014:80e::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d593fdf64289375adaa96b87ebf4c4beec2995d730e3601254e0a226808bfe57

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://56591f2fb35485a454aea223b764c8fb.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Fri, 01 Apr 2022 17:45:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36916
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1648640521462251"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Fri, 01 Apr 2022 17:45:57 GMT

GET
H2 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame B01E 624 B
340 B 64ms
63ms Document
text/html 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CM_NShDr9lwYrbeZxwEwAQ&v=APEucNXmekQFKOArGFMYExXCAJPVfQGoPd3NJ9GFrZ5bKfEfNi6IxgM0dqvYErFgQTqAcycOnC2zzXdiygwBy6NX69i31fkm119NRH-ub7-olpxHTdvUszgeu-aFw_x3hsR-8u2oAzuPBo2aHPNajlVnKU7QOIV-AWz0cuEMfvOGxfkQ7wb6baU

Requested by

Host: e1f9c77bf5a35643b4bd056e089e3ef5.safeframe.googlesyndication.com
URL: https://e1f9c77bf5a35643b4bd056e089e3ef5.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://e1f9c77bf5a35643b4bd056e089e3ef5.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-encoding: gzip
content-length: 276
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 01 Apr 2022 17:45:57 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 abg_lite_fy2019.js Show response
pagead2.googlesyndication.com/pagead/js/r20220330/r20110914/ Frame E620 19 KB
8 KB 54ms
53ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20220330/r20110914/abg_lite_fy2019.js

Requested by

Host: nets4.com
URL: https://nets4.com/domain/1800victims.org

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d072a09604e6a1fea8ef42203503771aa36b63a3c91fd1059966e26e6f5812b3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://e1f9c77bf5a35643b4bd056e089e3ef5.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Fri, 01 Apr 2022 17:41:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 267
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7871
x-xss-protection: 0
server: cafe
etag: 7397949449432438406
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 15 Apr 2022 17:41:30 GMT

GET
H3 200 omrhp_fy2019.js Show response
pagead2.googlesyndication.com/pagead/js/r20220330/r20110914/elements/html/ Frame E620 6 KB
3 KB 65ms
65ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20220330/r20110914/elements/html/omrhp_fy2019.js

Requested by

Host: nets4.com
URL: https://nets4.com/domain/1800victims.org

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

2d0744b54be7eab148245653f8fad2e4a0e8875b886bcacbb2c70741872eda55

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://e1f9c77bf5a35643b4bd056e089e3ef5.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Fri, 01 Apr 2022 17:24:52 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1265
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2626
x-xss-protection: 0
server: cafe
etag: 8548655983161038638
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 15 Apr 2022 17:24:52 GMT

POST
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame E620 0
622 B 141ms
73ms Ping
image/gif 142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsvtVT8HV_Rrkuzg72D_0yeJYNtfh6_n6CjecA9G5WKfcqGgZ5B1hYIhh_j-inBkH9UptxdgB_LiTSpbbtXMUdnCKx2qWoRTjlOJDK8W0u1Nl83ZeaKlPqcdkEi4TLqqJvxgYkXA9bHcJh1y2cnkqhBvFZ7-12M8-Q9CtCOF3FDsDwzwQy9jQ1j7gEQ4UIQ0N_YU8hduDKKNyKaahCuf31jbW7Ml4VNEUZsJJ_5qrrbAyCpPKeondJYYBsRyP3EceLnftVpGjy-BlavompCGLftKiAvnJKlj8YiNk__7Ti0x1HCHrFF83zU5MUkf4mhUO4MfJ4h02fw94JjSNPiW9Lk8WGHYhHhs6lWfoUamysAGwxqMCgM_GMEjydEeOX1V8TK1RSPpZu1EsaWY3CZtmOoXMyJNwThNKEEr8CtTRA88sTg97brDnBwKIvbm3yxBBMBIOJnweRASvCUy52CqE3wPTv7qQ8ug50MYb8NEU9VzPnEyR8_TNGSbRFgi9FKF1k-He6p9PdKxis_W_cjLWLNo0xZpOlOKm7zu3mV_EB0TLe7tJ4lpYMtEDFBkYHfg31v5IpurO4MdIIYoD55KnKrH8WiTCp7lenWrSufJEtDR_oHOlAt0OF8a2mmwvfsJUEo-WpMG62-tixksc8Z4XxDHPwXqUEgp4J-jUP4vfeDGJKYtBM1HkwrmgS4G1dScnwy1pkSw9JoJBwDnE5EEId8d6wmb-vCBW78lPR6wS_kwDet2qhVAMyVrYGxbSA0AdEJxKmBoBiaYqZi7ooXZgFfYI1XYc8qolC3BferHrfbkjBrs2PUDyG8byBbgw_eGeMm_tiFIvGdQHQR6UlnhRe6rx6MYd_XG5E71XycVPD9XsA7-bEl3pkPMurqLrguhCr5aNeMR8XYQGxVFdGdrof_FneUUCeUd6Yr4u5RyC_U6xeuSsejmakByvHdFIndb2Pajes_9PYqEvW6puk3PUVx6uBNAOSXZ75w8Kc4xUy063lthjqQNGn3Q8TxuFgIDOX7YRv7j4uAYPrZxLnYZS8vAeGS1QYRqCmJnsuxVxmoxlNXmhAlCx78IdUT_XQ1Ml4rcGtUWoXNrhezBQejweViS9Hfh_gRKz6L0n77-hZN-r0JC-RXsB1VhIqrxZ3fp-g&sai=AMfl-YT1wyDGWc35RpoONImEMJCQg5xOLs-xehLqcsXZBY5VOMm4pPOhsuqQdVTRX_YTp_x-E55AZf-ZPtDWUm4BjNmSuClixF7wnqmz0sa9IBKEZGPPtKVMJJaSatTtyAZDrhzLEKgwnhHdJi5YQ5PvSH-w7emFgxdDvA2Q6YzkGwNo8jbhUT1u_p6LQExJYG-LLw6C-PovKrOnAqyuN0PM_hhYnqERXfsPYHOvytw-u_dGwGHRioOlMZ0fykCvsYqaUhfvd6NzgI7flbTHpkJaVyPzQtiTyh9U8CD--7s&sig=Cg0ArKJSzOBiWDZI9yOREAE&uach_m=[UACH]&pr=missingexchangepricemacro&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=2&cbvp=1&cstd=0&cisv=r20220330.23477&adurl=

Requested by

Host: nets4.com
URL: https://nets4.com/domain/1800victims.org

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://e1f9c77bf5a35643b4bd056e089e3ef5.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
date: Fri, 01 Apr 2022 17:45:57 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame E620 41 KB
15 KB 53ms
52ms Script
text/javascript 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: nets4.com
URL: https://nets4.com/domain/1800victims.org

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://e1f9c77bf5a35643b4bd056e089e3ef5.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Wed, 30 Mar 2022 13:41:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 187494
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 30 Mar 2023 13:41:03 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame E620 42 B
63 B 88ms
86ms Image
image/gif 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-DiVJl9tqfr95q6naCp4fmlTx6tYeMG5B0yyzYMa8pzDeDaoNDVhNbp7yu-6P4V3Ez7sKUM3oTIhNO0qErPEno5PsSVDU75LspqvF7Mh9anb7zpDFk

Requested by

Host: e1f9c77bf5a35643b4bd056e089e3ef5.safeframe.googlesyndication.com
URL: https://e1f9c77bf5a35643b4bd056e089e3ef5.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://e1f9c77bf5a35643b4bd056e089e3ef5.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 01 Apr 2022 17:45:57 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220330/r20110914/client/ Frame E620 2 KB
1 KB 54ms
52ms Script
text/javascript 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220330/r20110914/client/window_focus_fy2019.js

Requested by

Host: e1f9c77bf5a35643b4bd056e089e3ef5.safeframe.googlesyndication.com
URL: https://e1f9c77bf5a35643b4bd056e089e3ef5.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

68026f99511fbc5c2275b7068b5fac19797d638977ffb9db12c5c1523614c18f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://e1f9c77bf5a35643b4bd056e089e3ef5.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Fri, 01 Apr 2022 17:27:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1112
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1233
x-xss-protection: 0
server: cafe
etag: 16517525077337815633
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 15 Apr 2022 17:27:25 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame E620 119 KB
36 KB 74ms
72ms Script
text/javascript 2a00:1450:4014:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: e1f9c77bf5a35643b4bd056e089e3ef5.safeframe.googlesyndication.com
URL: https://e1f9c77bf5a35643b4bd056e089e3ef5.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4014:80e::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d593fdf64289375adaa96b87ebf4c4beec2995d730e3601254e0a226808bfe57

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://e1f9c77bf5a35643b4bd056e089e3ef5.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Fri, 01 Apr 2022 17:45:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36916
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1648640521462251"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Fri, 01 Apr 2022 17:45:57 GMT

GET
H3 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220330/r20110914/client/ Frame E620 15 KB
6 KB 56ms
54ms Script
text/javascript 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220330/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: e1f9c77bf5a35643b4bd056e089e3ef5.safeframe.googlesyndication.com
URL: https://e1f9c77bf5a35643b4bd056e089e3ef5.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ecc2e585ea072abb205881f3aad6f36e92d556537e7100a8a128ddbc75edb436

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://e1f9c77bf5a35643b4bd056e089e3ef5.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Fri, 01 Apr 2022 17:43:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 140
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6407
x-xss-protection: 0
server: cafe
etag: 6055885685211612390
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 15 Apr 2022 17:43:37 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame E620 0
0 63ms
61ms Image
text/html 2a00:1450:4001:830::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaRSCP59pNwlwXU1k2ZNLRAdZnh-kK3edqLVjsdafBJwsbg6laWnlfBIvPi0HAImzI2sFstRHpAykoJ0x6U8nRxdQQd2zA
Requested by: Host: e1f9c77bf5a35643b4bd056e089e3ef5.safeframe.googlesyndication.com
URL: https://e1f9c77bf5a35643b4bd056e089e3ef5.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:830::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://e1f9c77bf5a35643b4bd056e089e3ef5.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

GET
H2 200 104796032003567685
s0.2mdn.net/simgad/ Frame E620 78 KB
79 KB 190ms
53ms Image
image/jpeg 2a00:1450:4001:827::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/simgad/104796032003567685

Requested by

Host: e1f9c77bf5a35643b4bd056e089e3ef5.safeframe.googlesyndication.com
URL: https://e1f9c77bf5a35643b4bd056e089e3ef5.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

15a0f2e01339d14bd886be9bc6720c65cb1cb734611ee3e89e4d7eafe48e74f7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://e1f9c77bf5a35643b4bd056e089e3ef5.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Fri, 01 Apr 2022 11:23:29 GMT
x-content-type-options: nosniff
age: 22948
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 80029
x-xss-protection: 0
last-modified: Fri, 01 Apr 2022 09:12:46 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 01 Apr 2023 11:23:29 GMT

GET sodar
pagead2.googlesyndication.com/pagead/ Frame 49C7 0
0

GET
H2 200 eyJpdSI6Ijc3MzE0MmQ0ZGZmZDNlYjliMTRlNTFhMDQ4OTkzMjJjMzFlN2JkODVjMThkMGYzOTFkZTY1MGE1MzU5YmI1NmQiLCJ3Ijo2NDAsImgiOjQ4MCwiZCI6MS4wLCJjcyI6MCwiZiI6NH0.webp
images.outbrainimg.com/transform/v3/ Frame C05F 108 KB
109 KB 88ms
23ms Image
image/webp 2.22.34.3
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.outbrainimg.com/transform/v3/eyJpdSI6Ijc3MzE0MmQ0ZGZmZDNlYjliMTRlNTFhMDQ4OTkzMjJjMzFlN2JkODVjMThkMGYzOTFkZTY1MGE1MzU5YmI1NmQiLCJ3Ijo2NDAsImgiOjQ4MCwiZCI6MS4wLCJjcyI6MCwiZiI6NH0.webp
Requested by: Host: nets4.com
URL: https://nets4.com/domain/1800victims.org
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.22.34.3 Milan, Italy, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-22-34-3.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 98cf8668637d23f3f77c3f3d2374239e67b7f263d7202f0ca7c636e056f0afdd

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Fri, 01 Apr 2022 17:45:57 GMT
cache-control: max-age=1852143
last-modified: Tue, 22 Mar 2022 11:16:22 GMT
x-traceid: 76cb9def4344a8a68e4b013e6ac99be9
timing-allow-origin: *
content-length: 111002
content-type: image/webp

GET
H2 200 i
api.purpleads.io/x/a/f280d625d65a6da471e8c2544f209311:70b6167132021fbc94223e7fc899d903d91ac6a57bad5b53092a9ed9005b300f394ad626e09e56d12cb96f240fd476508389b5c7e8f90a1b31b7e59094c2ecd32b0bf601aec2745... Frame C05F 0
199 B 168ms
168ms Image
text/plain 34.227.128.233
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://api.purpleads.io/x/a/f280d625d65a6da471e8c2544f209311:70b6167132021fbc94223e7fc899d903d91ac6a57bad5b53092a9ed9005b300f394ad626e09e56d12cb96f240fd476508389b5c7e8f90a1b31b7e59094c2ecd32b0bf601aec2745f93f26a9a4e53f1c80a5e4ded366bf3772c23aa04f57e9787cb6d8d4ea5b3d17e48764f28f17664181eef58653037ecdf712bb66e6dc28833c2a94aff76b0490f9d1635c29e0713ef/i?id=bf98b25e-450f-4236-8ba7-e86fc3982d48
Requested by: Host: nets4.com
URL: https://nets4.com/domain/1800victims.org
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.227.128.233 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-227-128-233.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

access-control-allow-origin: api.purpleads.io
date: Fri, 01 Apr 2022 17:45:57 GMT
access-control-allow-methods: GET, PUT, POST, DELETE, HEAD, OPTIONS
access-control-allow-credentials: true
x-request-id: af10d184-4669-4a97-b6f7-88bb1f1e825d

GET
H/1.1 200
OK widgetGlobalEvent
log.outbrainimg.com/loggerServices/ Frame C05F 4 B
325 B 406ms
92ms Image
application/json 64.202.112.159
AS-OUTBRAIN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://log.outbrainimg.com/loggerServices/widgetGlobalEvent?rId=69c07691feae7db925f774049d3f3b13&pvId=69c07691feae7db925f774049d3f3b13&sid=8304872&pid=45718&idx=5&wId=171&pad=1&org=0&tm=0&eT=3&cnsnt=no_consent
Requested by: Host: nets4.com
URL: https://nets4.com/domain/1800victims.org
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 64.202.112.159 Leesburg, United States, ASN22075 (AS-OUTBRAIN, US),
Reverse DNS: ny.outbrain.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 01 Apr 2022 17:45:57 GMT
Access-Control-Allow-Methods: GET,POST
Content-Type: application/json; charset=UTF-8
Access-Control-Allow-Origin: *
Cache-Control: no-cache, no-store, must-revalidate
X-TraceId: 0ab0be1b453c957044f15c8f76cdbf6f
Content-Length: 4
Expires: 0

GET
H/1.1 200
OK log-viewability
log.outbrainimg.com/loggerServices/ Frame C05F 4 B
325 B 407ms
92ms Image
application/json 64.202.112.159
AS-OUTBRAIN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://log.outbrainimg.com/loggerServices/log-viewability?requestId=69c07691feae7db925f774049d3f3b13&position=0
Requested by: Host: nets4.com
URL: https://nets4.com/domain/1800victims.org
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 64.202.112.159 Leesburg, United States, ASN22075 (AS-OUTBRAIN, US),
Reverse DNS: ny.outbrain.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 01 Apr 2022 17:45:57 GMT
Access-Control-Allow-Methods: GET,POST
Content-Type: application/json; charset=UTF-8
Access-Control-Allow-Origin: *
Cache-Control: no-cache, no-store, must-revalidate
X-TraceId: 13ddccc585e0e9c07b0ec9e93784b183
Content-Length: 4
Expires: 0

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame A796 17 KB
6 KB 88ms
87ms Script
text/javascript 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022032106.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Fri, 01 Apr 2022 17:45:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Fri, 01 Apr 2022 17:45:57 GMT

GET
H3 200 container.html Show response
05e677a25dfd6c4f47b6a28676ce2f35.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 1D4B 6 KB
3 KB 53ms
53ms Document
text/html 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://05e677a25dfd6c4f47b6a28676ce2f35.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022032106.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

accept-ranges: bytes
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, immutable, max-age=31536000
content-encoding: gzip
content-length: 3108
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Fri, 01 Apr 2022 17:45:56 GMT
expires: Sat, 01 Apr 2023 17:45:56 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

OPTIONS
H2 200 i
api.purpleads.io/x/a/19b654ccc33aac9bb02204d71e42cf31:da644b2585a2858421f4a119e37c95f767c35a45cc7eee4f4506cb0886291db46a63293bc2537641565790bdf9b7a8e406572e8a2fb8442a11c1266b65c8446167d490a87999228... Frame 0
0 102ms
101ms Preflight 34.227.128.233
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://api.purpleads.io/x/a/19b654ccc33aac9bb02204d71e42cf31:da644b2585a2858421f4a119e37c95f767c35a45cc7eee4f4506cb0886291db46a63293bc2537641565790bdf9b7a8e406572e8a2fb8442a11c1266b65c8446167d490a879992282c643860e93303e29a0bcc8a8544ae309e0d0889ced898c20/i?id=ff4790b4-37df-44b6-94e1-9da838a6840b&ts=1648835156572
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.227.128.233 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-227-128-233.compute-1.amazonaws.com
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: authorization,content-type,x-purpleads-version,x-request-url
Access-Control-Request-Method: GET
Origin: https://nets4.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: authorization,content-type,x-purpleads-version,x-request-url
access-control-allow-methods: GET, PUT, POST, DELETE, HEAD, OPTIONS
access-control-allow-origin: https://nets4.com
date: Fri, 01 Apr 2022 17:45:57 GMT
x-request-id: 51417a17-8c0b-48fd-883b-0b7421721be6

GET
H2 200 i Show response
api.purpleads.io/x/a/19b654ccc33aac9bb02204d71e42cf31:da644b2585a2858421f4a119e37c95f767c35a45cc7eee4f4506cb0886291db46a63293bc2537641565790bdf9b7a8e406572e8a2fb8442a11c1266b65c8446167d490a87999228... 0
199 B 163ms
162ms Fetch 34.227.128.233
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://api.purpleads.io/x/a/19b654ccc33aac9bb02204d71e42cf31:da644b2585a2858421f4a119e37c95f767c35a45cc7eee4f4506cb0886291db46a63293bc2537641565790bdf9b7a8e406572e8a2fb8442a11c1266b65c8446167d490a879992282c643860e93303e29a0bcc8a8544ae309e0d0889ced898c20/i?id=ff4790b4-37df-44b6-94e1-9da838a6840b&ts=1648835156572
Requested by: Host: cdn.purpleads.io
URL: https://cdn.purpleads.io/load.js?publisherId=344ad2e45bc351c4ada152793585a015:8aed5d81ec539e8e6c45776fc6ee38d0aa92f5aeb356bf9114996f6476591916247996f56f76a9fe14770cd4806b54edb29d6938615ba1769d3b435fb1fcd83b
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.227.128.233 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-227-128-233.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Authorization: Bearer 344ad2e45bc351c4ada152793585a015:8aed5d81ec539e8e6c45776fc6ee38d0aa92f5aeb356bf9114996f6476591916247996f56f76a9fe14770cd4806b54edb29d6938615ba1769d3b435fb1fcd83b
x-request-url: aHR0cHM6Ly9uZXRzNC5jb20vZG9tYWluLzE4MDB2aWN0aW1zLm9yZw==
Accept: application/json
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36
Content-Type: application/json
x-purpleads-version: 0.4.18

Response headers

access-control-allow-origin: https://nets4.com
date: Fri, 01 Apr 2022 17:45:57 GMT
access-control-allow-methods: GET, PUT, POST, DELETE, HEAD, OPTIONS
access-control-allow-credentials: true
x-request-id: 9b372efd-b4d0-4538-b0ea-c1160aa9075f

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 0C4A 0
0 151ms
150ms Image
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_2022032909&jk=1845302572803266&rc=null
Requested by: Host: nets4.com
URL: https://nets4.com/domain/1800victims.org
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 2271 0
0 114ms
114ms Image
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_2022032106&jk=1126484343955818&rc=null
Requested by: Host: nets4.com
URL: https://nets4.com/domain/1800victims.org
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame F6A3
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEG65ho3wu-MPYcfikJnkqHU&google_cver=1

43 B
894 B

62ms
33ms

Image
image/gif

104.102.29.65
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEG65ho3wu-MPYcfikJnkqHU&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxj-rbvGATAB&v=APEucNXnCL1nHgd6DK_hcEVJikMLahVMDuC4GrzAHYANrbnHfGaTd4SQiQ7P8nFi79MCSxSUAnB7hUmSfRLzyiLk678RKr9hr7PTG6HjEq6-KtcszF3wDoy0xdPbmvQBe4KBBPVEDb2cjp73l3rMqDoTqVDCrV3HNfyb3tcWM-JYbvZTxTjFxXY
Protocol: HTTP/1.1
Server: 104.102.29.65 Milan, Italy, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a104-102-29-65.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 01 Apr 2022 17:45:57 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Fri, 01 Apr 2022 17:45:57 GMT

Redirect headers

pragma: no-cache
date: Fri, 01 Apr 2022 17:45:57 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEG65ho3wu-MPYcfikJnkqHU&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame F6A3
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=Ykc6VcjD6AygT2j5hLzZygAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEG65ho3wu-MPYcfikJnkqHU&google_cver=1

43 B
894 B

29ms
29ms

Image
image/gif

104.102.29.65
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEG65ho3wu-MPYcfikJnkqHU&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxj-rbvGATAB&v=APEucNXnCL1nHgd6DK_hcEVJikMLahVMDuC4GrzAHYANrbnHfGaTd4SQiQ7P8nFi79MCSxSUAnB7hUmSfRLzyiLk678RKr9hr7PTG6HjEq6-KtcszF3wDoy0xdPbmvQBe4KBBPVEDb2cjp73l3rMqDoTqVDCrV3HNfyb3tcWM-JYbvZTxTjFxXY
Protocol: HTTP/1.1
Server: 104.102.29.65 Milan, Italy, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a104-102-29-65.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 01 Apr 2022 17:45:57 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Fri, 01 Apr 2022 17:45:57 GMT

Redirect headers

pragma: no-cache
date: Fri, 01 Apr 2022 17:45:57 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEG65ho3wu-MPYcfikJnkqHU&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

setuid
ib.adnxs.com/ Frame F6A3
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEEGL2_hoBahc-eB6PCdcqxg&google_cver=1

43 B
1019 B

7ms
6ms

Image
image/gif

37.252.172.36
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESEEGL2_hoBahc-eB6PCdcqxg&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxj-rbvGATAB&v=APEucNXnCL1nHgd6DK_hcEVJikMLahVMDuC4GrzAHYANrbnHfGaTd4SQiQ7P8nFi79MCSxSUAnB7hUmSfRLzyiLk678RKr9hr7PTG6HjEq6-KtcszF3wDoy0xdPbmvQBe4KBBPVEDb2cjp73l3rMqDoTqVDCrV3HNfyb3tcWM-JYbvZTxTjFxXY

Protocol

HTTP/1.1

Server

37.252.172.36 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

692.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 01 Apr 2022 17:45:57 GMT
X-Proxy-Origin: 185.213.155.165; 185.213.155.165; 692.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
AN-X-Request-Uuid: 2e2b4125-24bb-407f-91ce-546639eda002
Server: nginx/1.21.3
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Fri, 01 Apr 2022 17:45:57 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://ib.adnxs.com/setuid?entity=101&code=CAESEEGL2_hoBahc-eB6PCdcqxg&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame F6A3
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MjE2MTU1MzMyMjY3NTY0OTE1

170 B
243 B

48ms
47ms

Image
image/png

172.217.23.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MjE2MTU1MzMyMjY3NTY0OTE1

Requested by

Protocol

Server

172.217.23.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s45-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 01 Apr 2022 17:45:57 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Fri, 01 Apr 2022 17:45:57 GMT
X-Proxy-Origin: 185.213.155.165; 185.213.155.165; 692.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
AN-X-Request-Uuid: 186910c6-3180-47be-abb3-c3b4797e2a37
Server: nginx/1.21.3
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MjE2MTU1MzMyMjY3NTY0OTE1
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 9627 1 KB
749 B 54ms
54ms Document
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: e1f9c77bf5a35643b4bd056e089e3ef5.safeframe.googlesyndication.com
URL: https://e1f9c77bf5a35643b4bd056e089e3ef5.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://e1f9c77bf5a35643b4bd056e089e3ef5.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

age: 15585
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=86400
content-encoding: gzip
content-length: 724
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 01 Apr 2022 13:26:12 GMT
etag: 48472445140208031
expires: Sat, 02 Apr 2022 13:26:12 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame B01E
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEG65ho3wu-MPYcfikJnkqHU&google_cver=1

43 B
894 B

83ms
53ms

Image
image/gif

104.102.29.65
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEG65ho3wu-MPYcfikJnkqHU&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CM_NShDr9lwYrbeZxwEwAQ&v=APEucNXmekQFKOArGFMYExXCAJPVfQGoPd3NJ9GFrZ5bKfEfNi6IxgM0dqvYErFgQTqAcycOnC2zzXdiygwBy6NX69i31fkm119NRH-ub7-olpxHTdvUszgeu-aFw_x3hsR-8u2oAzuPBo2aHPNajlVnKU7QOIV-AWz0cuEMfvOGxfkQ7wb6baU
Protocol: HTTP/1.1
Server: 104.102.29.65 Milan, Italy, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a104-102-29-65.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 01 Apr 2022 17:45:57 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Fri, 01 Apr 2022 17:45:57 GMT

Redirect headers

pragma: no-cache
date: Fri, 01 Apr 2022 17:45:57 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEG65ho3wu-MPYcfikJnkqHU&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame B01E
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=Ykc6VcjD6AygT2j5hLzZygAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEG65ho3wu-MPYcfikJnkqHU&google_cver=1

43 B
894 B

30ms
30ms

Image
image/gif

104.102.29.65
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEG65ho3wu-MPYcfikJnkqHU&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CM_NShDr9lwYrbeZxwEwAQ&v=APEucNXmekQFKOArGFMYExXCAJPVfQGoPd3NJ9GFrZ5bKfEfNi6IxgM0dqvYErFgQTqAcycOnC2zzXdiygwBy6NX69i31fkm119NRH-ub7-olpxHTdvUszgeu-aFw_x3hsR-8u2oAzuPBo2aHPNajlVnKU7QOIV-AWz0cuEMfvOGxfkQ7wb6baU
Protocol: HTTP/1.1
Server: 104.102.29.65 Milan, Italy, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a104-102-29-65.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 01 Apr 2022 17:45:57 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Fri, 01 Apr 2022 17:45:57 GMT

Redirect headers

pragma: no-cache
date: Fri, 01 Apr 2022 17:45:57 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEG65ho3wu-MPYcfikJnkqHU&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

setuid
ib.adnxs.com/ Frame B01E
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEEGL2_hoBahc-eB6PCdcqxg&google_cver=1

43 B
1019 B

23ms
22ms

Image
image/gif

37.252.172.36
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESEEGL2_hoBahc-eB6PCdcqxg&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CM_NShDr9lwYrbeZxwEwAQ&v=APEucNXmekQFKOArGFMYExXCAJPVfQGoPd3NJ9GFrZ5bKfEfNi6IxgM0dqvYErFgQTqAcycOnC2zzXdiygwBy6NX69i31fkm119NRH-ub7-olpxHTdvUszgeu-aFw_x3hsR-8u2oAzuPBo2aHPNajlVnKU7QOIV-AWz0cuEMfvOGxfkQ7wb6baU

Protocol

HTTP/1.1

Server

37.252.172.36 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

692.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 01 Apr 2022 17:45:57 GMT
X-Proxy-Origin: 185.213.155.165; 185.213.155.165; 692.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
AN-X-Request-Uuid: 476df863-276e-4493-8769-a6a32dffe7ea
Server: nginx/1.21.3
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Fri, 01 Apr 2022 17:45:57 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://ib.adnxs.com/setuid?entity=101&code=CAESEEGL2_hoBahc-eB6PCdcqxg&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame B01E
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MjE2MTU1MzMyMjY3NTY0OTE1

170 B
188 B

118ms
96ms

Image
image/png

172.217.23.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MjE2MTU1MzMyMjY3NTY0OTE1

Requested by

Protocol

Server

172.217.23.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s45-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 01 Apr 2022 17:45:57 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Fri, 01 Apr 2022 17:45:57 GMT
X-Proxy-Origin: 185.213.155.165; 185.213.155.165; 692.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
AN-X-Request-Uuid: 579d1ad2-0334-4b71-bd7e-75e4f8a02535
Server: nginx/1.21.3
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MjE2MTU1MzMyMjY3NTY0OTE1
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 54EB 22 KB
8 KB 53ms
52ms Document
text/html 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://e1f9c77bf5a35643b4bd056e089e3ef5.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

accept-ranges: bytes
age: 125589
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Thu, 31 Mar 2022 06:52:48 GMT
expires: Fri, 31 Mar 2023 06:52:48 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame C04D 41 KB
15 KB 58ms
58ms Script
text/javascript 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-AwK07vvKDJ0tOkxODb2p64uxWIxD4vNoHL32AM0cPzxit0iasvkrXyrQJbKH60r0WtLn5jXlh5fLxMAzYSUoCY56IVO2lYtGC2rEo5EzEhckB8d7DvtHxNl4NcQ4p-uFj4_uLVXD-8MKSnzVgtzhGt9OGK_w&cry=1&dbm_d=AKAmf-BnydbxhMr2SbXgiPY5FXYYZ-hyrd93ndOKl5DDRcF-2Ah0Fj7suzRhHdxSgKSlhvqjNWyZbSZqKd1GJ1tCyNHtDC8tWX_1PaS6fo4g8w1AFKpYKPb1jKgu1Kyqi5l1iui0-haTclIM09K7AZO9iahByIq2Wfm-kNcx1f5LM1q7a_R9BbU6Bp9Dpt6mD-xjWOJ9WNm2zk361CDHZHmUxlVHlSjeQKVfZ-kOcxqVd2fmoVFso032D7NZJuUgNPS8l7XuueyfIX0Rlzo19J3wWbBeSC_93QWUu9gRwG5QE65Ci9JwOWG0qfxTBbMLUKr-PZolOearVlgBs3qApGMYmpDMhRdjEquLU4mWpQy6udgcTOIYAvLzqXRuEKka_yAVJGHpOmIsVJViFeb-v4y1hfKK5bigljmaZDHAqqVf4uDHthoHdO7CFb9EoHYj7bqk7WALMOsogfbMO8dxhYxvidPwKir1UYQ6mU3J3zXLk_qelSaehFVPbrSIE4C8_QPZ-yNQ5jZmNZtgvXNtxMVeVlhCda4QHEsD5RW3U3miSy8_lwDVLlsdfJq3A95YPEjI1a_OMbMaMpr8Rh1AHtwkmZ1ViLj_aS3LheSkDi3q15Q1w5eV7Kvx7mVBUzAkKTpTMlyHdGsfr77D8rlZJSzHxy8i5pXS6pz3Tl8yXQIcNzgr69z1-bUAlROLNq6damsrQEafRy22enlngY97tg5RVTPZoJMn594w0PLaRm_WjfkJ1XLinPa7MiogoZadgtHO1ufuMbCpuzYuBuGv0KLvAuCmBnFBSkWprHd3BH30INXGl08gTpUP7rdZOseFit64gDg7jh7FmrmgNFWd36gSkocEIRLG1U5pzzKTlI0SdelKDVoAe19oTz7pqH3EBF2xsljBlGSAnpbOt9EiVwlMmoYH2YBf6BVBlDkUGHuTvg0G2fYZCFvztScmy7TjtQMUxLHNZqTEO7vUlJCYSfG9psh4Qq0YUegLSHfIAJtQ2SgL4PRFw53RbQ8faRIA5VIBzJG6hiqguezCL2jd1AsaSpgNEY7Kl7hBp83KMJ3Ht71WcPuLQKvjjB5M95SS0NkMk5GIqfQxDK4tTj7j8fcapPIZbFeN1XzQNLcMvG5DrllCL8NCehsr9veaIK0wzPTO5793HZzgR0wyDN6ODsSAPtXsZ1X__0syzgZuTDf4x1IOGhhSFKsz51xF_iDMf-f_cigIkCutBLB_ulSyhVaEOSOjx5TpOuzej9rzahuhOHr1azqfHBgZz4m7kkEWTo1YOTXBjd9XhxhTI0JRUajZprikplytFW524XuKGtLazM6k9gExdJFM-VSOd77S7jqr6F0gFkZC379G_UpDbGYUpQ5RKlsXCGtk6yp4jxnN-_7Nfn8Ml22x8QjDd-b7xisFZGKI7JDX-sQHWfG_w6oAhp8-YLZVgmyRpQEfzVE8fVLDxUBNEeF7EBONh_L6QXvvckstis0xsx-lCJMTtvQ0Wdr-wQGj_A1eQb9oDnUOUKtRXdtyhskZDJG48jJOM-38_wVePdyTNeixcnMJQdgQLJEoc5tFH0IcaH7ZwyWQe91OdIPkG8_gkrpxKMMfZSzyUJ-hAUCrIHTSsSNC8klKydCSDKEp5rqt5ydLqXeVOMofFbve64PT-ghQWMQ86VjQriJZNSrxl8lZY_RdbjYh_9P-qXVI6YfY_RfHslucnWxOUZ4I5GDtfcKTFzPsryXT-tY6uZ29gpjkNZxoNBsGzw3fFXjfRMwupPqNm07Q0HmS-_pNOo4gtATQxTWrBpka7Ecx1X6JASxzoZ0nATr1iFxFA6hYTm1rY5oWZvERETawhyipmPUcBPTG1AoGRmWcde3AO1qm7BF9icuI_U8qVJsnhrzAQ61ZJ6nuHpEWtbyg0wrRshHMJFjfcTriGp8bq73IV8geGrGOaMu5t8n7ftx3QaPXjeSk-MTmE4_K0QFF7C15fZDw2J716Ndp1vg7O2forDOEJi5rUNJ6If16WFyLx2FCYEffy10-K8LAteKZqk5Mga9xc9lolsf5ocPj18HZKz13Qu4qyp_zwKZ-OGUYyb3Lh3JFqt0FYfvSeUznxcq5cDMROagVdGsu5CIXVV9r7DufEr7ENT8A21jqVBIFyLxp6_3od38ys8BgXTROFxAuMltMO8uDuFEWHiqPlLvNxPgP9-3WDDxJFKU05hpxg5LJpk-SkmBARY78fhO6FbjR7YL9Vkci-FR1yq18tUXolTQt2dihr8pWZUVIizwkukUOvCr1iy0aHmLinjCt_VrEr-hJ2IKi7mmt0fHr87io4PMzHwDNzaau07_OBJX_WyqhwuuqP1EZ07eFSSVopRzEgXrDCAjelSmtAKu3vlRFnRJbPSgMmKCLipWpVvf5L5tS60EPpqopY1MzrxZ7AuHeZNZqPIKVNe8cic0EjuCEuRB9WcwXdMR6VrWW5Vo_e9s7SKjNspPr0-6RDjS701UFfQZxnREZHHt42NIiJbYkbzWT-zqaBRzX9i_Oon3cYjHHwXiweh4FyKFBOV8fYAheZ0O2HjI2AA0MN0p5QgGGnoApfwVC0jyat5ALeuVMoGojHt7PkfSO9O4xOK_3ITrmMsMSLsnVqwQBDQNvG2MgC9B2PV7E6m3fADkoFoQVgVCUF4OjwfXf9wxbQ1AlccN8xebnQbTk6Z64Buoy1-Un133EPsVh0LgG8ZklZuWf-bgoNMdvMesNzZpob2-cmlls78NUH3lw7jSXJz9qLO2M0bO8zZ5GqxdV1YbemEnGKeERR67PG0jVtIFQzazdmS__eOwiedufe1y_yvulHpo5CH0EkucCmQLpG8ULwCcTDPOh4hWuS_SgjIss0bY_JGEcbWwETans3W9X0ULZtVGL5mA_p6UzGBakt4axGTW7AR0fF5pd_6OJJPMwKRwexJw6qoeQRSoJ6PW02_QpdC-yxDnfHeIu9uwI3mF7B7dy3ukQhjtCD9wH-GB1HnSU9m99koYuIGDELHiWPHjKFdZ7PDvNFht5UlySXsM-smqF5TcZtq8rgcVJapPV-DOpVXZdrwTu8CavNnZ0yHuVVFWBgHniv-nokehrMYxV_qW37s7BxxO_JY8X61XQwI_X2Wh95z9x2Zhiw4f2AKeL2cM8dqNT1OvgCKcur-6LXB7ZZ33oU7Tm5crEJmWQ20s2YbshH1uO_dpa7xz8t4N9ZrUWNjwd7Fc0qgfvdLi92ncLWbSWTTI2Fld1ZHJs1aQ4MSz5-6I&cid=CAASKORoshToJaNsu0PR_Dr7HgI2SvV6B0fg5LVs1fnYPQgv1xvYVNmoAEQ&rfl=2%2Chttps%253A%252F%252Fnets4.com%242%2Chttps%253A%252F%252Fnets4.com%252F%240

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://56591f2fb35485a454aea223b764c8fb.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Wed, 30 Mar 2022 13:41:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 187494
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 30 Mar 2023 13:41:03 GMT

GET
H3 200 xnyDcLTJFFqRrOSh_tGs93TmBGWOIlQl9rUvBjKFBOc.js Show response
pagead2.googlesyndication.com/bg/ Frame 0889 35 KB
13 KB 53ms
53ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/xnyDcLTJFFqRrOSh_tGs93TmBGWOIlQl9rUvBjKFBOc.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c67c8370b4c9145a91ace4a1fed1acf774e604658e225425f6b52f06328504e7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Fri, 01 Apr 2022 05:20:46 GMT
content-encoding: br
x-content-type-options: nosniff
age: 44711
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13781
x-xss-protection: 0
last-modified: Mon, 28 Mar 2022 10:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 01 Apr 2023 05:20:46 GMT

GET
H3 200 xnyDcLTJFFqRrOSh_tGs93TmBGWOIlQl9rUvBjKFBOc.js Show response
pagead2.googlesyndication.com/bg/ Frame 7912 35 KB
13 KB 54ms
54ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/xnyDcLTJFFqRrOSh_tGs93TmBGWOIlQl9rUvBjKFBOc.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c67c8370b4c9145a91ace4a1fed1acf774e604658e225425f6b52f06328504e7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Fri, 01 Apr 2022 05:20:46 GMT
content-encoding: br
x-content-type-options: nosniff
age: 44711
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13781
x-xss-protection: 0
last-modified: Mon, 28 Mar 2022 10:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 01 Apr 2023 05:20:46 GMT

GET
H/1.1 200
OK g72h7lz2c4az Show response
hal9000.redintelligence.net/zone/ Frame C04D 11 KB
4 KB 51ms
12ms Script
text/html 46.4.10.49
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal9000.redintelligence.net/zone/g72h7lz2c4az?subid=&gdpr=-1&gdpr_consent=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCzVaYVDpHYtvpHYGgrATskb1opuW9oGmFlZynyQ_wLhABIPLTuXtgleKQgqAHyAEJqQJMNW9L_IeyPqgDAaoE4QFP0M2L4lglhxxWX4lW7aH9WVxrroH6QJqMlzQ31urZBtl9mGx7CZm_Gbavc2SkyLH4fHrMIghjKt-9xWUNGq-yN7wgkM1AHOSTCgsQZ0tzNVL83dcfUIvMdv7haq52lV3zECvz2o6W88dHdegWLUuEMJC-5sLzI3oaFAD0NtBJeuxR2sA2qTQGQ0JeZDRX84j-2e8f6cc7Mzs9gZlxOVmwS6apSX5S9Sl_1LtAUIDtwbK8JzwoYlCtOuMywim_lyeb1EoqSWOTp49R-yqvyJsMBtZ80XUK3iaXVGa9_95OKtHABOuP_I73A-AEA5AGAaAGTYAHrK31nwOoB47OG6gHk9gbqAfulrECqAf-nrECqAeko7ECqAfVyRuoB6a-G6gH89EbqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAkIiOGAEBABGB2ACgOYCwHICwGADAGwE4-10Q7QEwDYEwPYFAHQFQH4FgGAFwE%26ae%3D1%26num%3D1%26cid%3DCAASKORoshToJaNsu0PR_Dr7HgI2SvV6B0fg5LVs1fnYPQgv1xvYVNmoAEQ%26sig%3DAOD64_22tUbQruY9KaUkJq_qIvXjAeBqMA%26client%3Dca-pub-5413329544040947%26dbm_c%3DAKAmf-CJO5L8t2iGp7jnNPrcaQj497uxe_WoUaYkbwkaBwO4_ClsGY02GjcqrjZ4jXeem2xuLVBFJreXNPmt_t7CQm7JGfU_F4UIwajqH6p9Rqux7niik6bSyLMLPyaJzQUHLdY5g8kj-26HF8ZBmk53zanH2po3fg%26cry%3D1%26dbm_d%3DAKAmf-D1aHWHFStn6NP8G-cAjOuS_5flFCd6-9NMk7Ddyp87_xTcbVeYNJkhdbv779L9dVD0y7vjLfvl2mpmiYntHpS9vPl54RWK1f2t2px3a5RTwxE4XK9pvYfWeeT3NUnyN7gjGNZWvyp_FWImxN4RAJhWXmlDxs71JUVfUj8hxWHv7orRuJ6iGFSR2IZVqMNSo-p_7WyguZ-Y1VDNCL1XVOdfan6GEyvNM6Dlg4yT9NKr7CcvXvN_Eo6u3ZphsdzRPmLrkLZYtYBtrmjw9VwfAOHbhKAUjyxbmzhmuKB5Yl9L4KzaaFe_n4fVk9-F3_wL3CHDJpW4d1HEdyMxrRwCeuJbHtXWthM92UCZj0kF0VKBA7xKSJnZnXObLz83pggnXZ5G0bQQO1xrNKDJ6hsGP5VhYij6ovZCLd7K9sghM3cQG9uOFbu5wYKhdFy3ML0bfGVDdRuuo2fv0k0ql34_A-1DosH9-KECNJedK7pPaloaskcV088%26adurl%3D
Requested by: Host: 56591f2fb35485a454aea223b764c8fb.safeframe.googlesyndication.com
URL: https://56591f2fb35485a454aea223b764c8fb.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 46.4.10.49 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.49.10.4.46.clients.your-server.de
Software: Apache /
Resource Hash: a7fc8a74450d2f5e542d74ae48ba20085d1faeec769e1e1a13761b6ba5c9e809

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://56591f2fb35485a454aea223b764c8fb.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Date: Fri, 01 Apr 2022 17:45:57 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 3954
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8

GET
DATA 200
OK truncated
/ Frame E620 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: d076632d711e72ced4d84eb2d42dad0f40751b3f9ecc459af1dfe61070483b97

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 1D4B 0
0 71ms
71ms Fetch
text/html 142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CBYuxVDpHYq7FOpOC3wOj74yAA8me0rFc1Z2R93DAjbcBEAEgAGCVgoCAoAeCARdjYS1wdWItNTQxMzMyOTU0NDA0MDk0N6AB1bbS6gPIAQmpAkw1b0v8h7I-4AIAqAMBqgTEAk_Q3OapdoNI0It23rNpgZoWyOv6egwUdTAziwABGCwEmeEE1yIByOMrXhBPtNmiaHfjONcwwV2D9XCQ3o-z-cG7F-j-NxD55XF7E0_aW36oxB1PZkDPESRuUp-XjsF_p3amdi6Byxaa1dU99zqvoQxGw4kjTOA2YLFqgz0bXo-piRvGVzJ9noEzBz9B8rAHW1fSqeT-3EiGRIFVOpS7eKdsO3Upups4UpJ4ty9QoHV1TlWHMQi3fH1oQWgX4iKtblb5nMYjT5NRceHGzQTBOqmlrd6ahFeRaORrTwsVDkbyvTygp3APzu9qrh7Y77PAH1YiFuG2TnK6OsPwUZYikg7Xtv9uoJ6mqD52VCLkspDKD3W-dE2LaKJZF1wt70a449XqXHC1e5S1mG8TklJlOUx9DZ4LgrWBLpKRErLAfSIM_Fdu7eAEAYAG1KCKy6SbqKNsoAYhqAeKmLECqAemvhuoB5bYG6gHqpuxAqgH35-xAtgHANIIBwiA4YAQEAGACgP6CwIIAYAMAdAVAYAXAbIXHAoaEhRwdWItNTQxMzMyOTU0NDA0MDk0NxjBjHQ&sigh=dnN45hiqUNg&uach_m=[UACH]&cid=CAQSPACNIrLMM6J0H_Q60qX4o5K0YFhrYnBmGDqAecjuQoPtEpAWDacJ5MpjWtR9z_j4ZTsgtOjpfp4PGBvOWhgB
Requested by: Host: nets4.com
URL: https://nets4.com/domain/1800victims.org
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 142.250.186.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra24s07-in-f2.1e100.net
Software: /
Resource Hash

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://05e677a25dfd6c4f47b6a28676ce2f35.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

GET
H2 200 notify
rtb.fr.eu.criteo.com/google/auction/ Frame 1D4B 0
0 82ms
16ms Fetch 2a02:2638::2
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://rtb.fr.eu.criteo.com/google/auction/notify?profile=14&payload=U-b8EMc1rAL6AZ2DYgICAAAAJudvb0EVCWRKrf7iTr1B7BBUOkdiJfZvIgmzKbNwG04AEg&wp=Ykc6VAAOoq4Kd8ETAAM3owWGC5823H1NIfeABA

Requested by

Host: nets4.com
URL: https://nets4.com/domain/1800victims.org

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::2 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://05e677a25dfd6c4f47b6a28676ce2f35.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Fri, 01 Apr 2022 17:45:57 GMT
server: Kestrel
server-processing-duration-in-ticks: 223257
content-length: 0
strict-transport-security: max-age=31536000; preload;

GET
H2 200 afr.php Show response
ads.eu.criteo.com/delivery/r/ Frame 1337 165 KB
52 KB 160ms
119ms Document
text/html 2a02:2638:1::4
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://ads.eu.criteo.com/delivery/r/afr.php?z=Ykc6VAAOoq4Kd8ETAAM3owWGC5823H1NIfeABA&u=%7C8ptA%2B%2FJQAJAtpNjYAfWsuh9hmk5J7hH6AYv%2Bf4bdGJg%3D%7C&c1=JrbohDAzizBCiLKN5O6jHUI-6dJ9lV_AM8iEE4GHx4VBZk7o6r4u2Tz-b9i3H_G-X5MXpmH_vXDDH0SawykmzfKm9HhYbZW_Win2tHjUrTNILpc-Z_S6hr1hgU9-4xr_zvm8vjOxyB51O4CsD9wRbVQhKlcGRYJPnYXFqzm_3k13oFKn8jrJEk-Dop0O1fC6V3stBh5yxdI63kphaJ_mPLODgisFbmHw9r3XVWiUv8fUq5RKnGDtMXlLbN_G5CxfquJn1ePBNB272qB7-m0IZtq14lipAeDTzEuEu8sFflQJZfYJ-w4lHgU-WLRCxF2b4yKNAyQM_n8AJ46sDgQb28ugejzp_dZj6lHzq06m3c2oN6rhh-wQwJ116DJAHnCFewsDnBeuGAx5WJJGF_r1Bag8qYGk9xA5KFuneXptj_Z54bGtweA3lwZfFQYg86tVRzSSHmnWvPn_5M9LZfZpf372QFxof3uhVTW79xIjfGA&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCLq8VVDpHYq7FOpOC3wOj74yAA8me0rFc1Z2R93DAjbcBEAEgAGCVgoCAoAeCARdjYS1wdWItNTQxMzMyOTU0NDA0MDk0N6AB1bbS6gPIAQmpAkw1b0v8h7I-4AIAqAMBqgTHAk_Q3OapdoNI0It23rNpgZoWyOv6egwUdTAziwABGCwEmeEE1yIByOMrXhBPtNmiaHfjONcwwV2D9XCQ3o-z-cG7F-j-NxD55XF7E0_aW36oxB1PZkDPESRuUp-XjsF_p3amdi6Byxaa1dU99zqvoQxGw4kjTOA2YLFqgz0bXo-piRvGVzJ9noEzBz9B8rAHW1fSqeT-3EiGRIFVOpS7eKdsO3Upups4UpJ4ty9QoHV1TlWHMQi3fH1oQWgX4iKtblb5nMYjT5NRceHGzQTBOqmlrd6ahFeRaORrTwsVDkbyvTygp3APzu9qrh7Y77PAH1YiFuG2TnK6OsPwUZYikg7Xtv9uoJ6mqD52VCLkspDKD3W-dE2LaKJZF1wt70b64fR42_8paCspjMzDr_SdMFh3u5Qlmjc15q834A3eUTqJVtN9UjqK8-AEAYAG1KCKy6SbqKNsoAYhqAeKmLECqAemvhuoB5bYG6gHqpuxAqgH35-xAtgHANIIBwiA4YAQEAH6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_3RIJrPvxQncNT4VXLTp2-mKXHsmQ%26client%3Dca-pub-5413329544040947%26adurl%3D

Requested by

Host: 05e677a25dfd6c4f47b6a28676ce2f35.safeframe.googlesyndication.com
URL: https://05e677a25dfd6c4f47b6a28676ce2f35.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::4 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

9a71e6fd66ed1288d7b29d4ca6aa5f3718a4167302a0441cc0b90371fd149b79

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://05e677a25dfd6c4f47b6a28676ce2f35.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
access-control-max-age: 1000
cache-control: private, max-age=0, no-cache
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
date: Fri, 01 Apr 2022 17:45:57 GMT
expires: Mon, 26 Jul 1997 05:00:00 GMT
link: <pix.eu.criteo.net>; rel=preconnect; crossorigin, <static.criteo.net>; rel=preconnect; crossorigin
p3p: CP='CUR ADM OUR NOR STA NID'
pragma: no-cache
report-to: {"endpoints":[{"url":"https://csm.eu.criteo.net/heavyad?cppv=3&cpp=nXQKQ4fd74J0fvjyu8NXHyQ-3uYLe4j0qEZM0Q33zaIJyaqky-lO8jKAOTBzEmICDt8PkodPy9CjTfVau3-_Qs0NdxVK-CnPqFoJ7T1ls3_QogNZNeS6Zp7DeysnKZed0cmCqph2_Q40WtQog1Hp31SUdyaUzS-j7VN2CQAF2j0qV3E6z_HOBg4jObQGmy52mgXgZR2GEZ0Gc1oa0L-Nf8CZduBT48Rx5y06ImEmMnjcD_tMRMuqEeJr2-1kPoWWYCdF6A"}], "max_age": 86400}
server: Kestrel
server-processing-duration-in-ticks: 103062843
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding

GET
H3 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220330/r20110914/client/ Frame 1D4B 2 KB
1 KB 52ms
52ms Script
text/javascript 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220330/r20110914/client/window_focus_fy2019.js

Requested by

Host: 05e677a25dfd6c4f47b6a28676ce2f35.safeframe.googlesyndication.com
URL: https://05e677a25dfd6c4f47b6a28676ce2f35.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

68026f99511fbc5c2275b7068b5fac19797d638977ffb9db12c5c1523614c18f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://05e677a25dfd6c4f47b6a28676ce2f35.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Fri, 01 Apr 2022 17:27:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1112
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1233
x-xss-protection: 0
server: cafe
etag: 16517525077337815633
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 15 Apr 2022 17:27:25 GMT

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 2AE1 1 KB
749 B 55ms
54ms Document
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: 05e677a25dfd6c4f47b6a28676ce2f35.safeframe.googlesyndication.com
URL: https://05e677a25dfd6c4f47b6a28676ce2f35.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://05e677a25dfd6c4f47b6a28676ce2f35.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

age: 15585
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=86400
content-encoding: gzip
content-length: 724
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 01 Apr 2022 13:26:12 GMT
etag: 48472445140208031
expires: Sat, 02 Apr 2022 13:26:12 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 1D4B 119 KB
36 KB 121ms
70ms Script
text/javascript 2a00:1450:4014:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 05e677a25dfd6c4f47b6a28676ce2f35.safeframe.googlesyndication.com
URL: https://05e677a25dfd6c4f47b6a28676ce2f35.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4014:80e::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d593fdf64289375adaa96b87ebf4c4beec2995d730e3601254e0a226808bfe57

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://05e677a25dfd6c4f47b6a28676ce2f35.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Fri, 01 Apr 2022 17:45:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36916
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1648640521462251"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Fri, 01 Apr 2022 17:45:57 GMT

GET
H3 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220330/r20110914/client/ Frame 1D4B 15 KB
6 KB 54ms
53ms Script
text/javascript 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220330/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: 05e677a25dfd6c4f47b6a28676ce2f35.safeframe.googlesyndication.com
URL: https://05e677a25dfd6c4f47b6a28676ce2f35.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ecc2e585ea072abb205881f3aad6f36e92d556537e7100a8a128ddbc75edb436

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://05e677a25dfd6c4f47b6a28676ce2f35.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Fri, 01 Apr 2022 17:43:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 140
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6407
x-xss-protection: 0
server: cafe
etag: 6055885685211612390
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 15 Apr 2022 17:43:37 GMT

GET
H3 200 ext.js Show response
tpc.googlesyndication.com/safeframe/1-0-38/js/ Frame 1D4B 22 KB
7 KB 54ms
54ms Script
text/javascript 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/safeframe/1-0-38/js/ext.js

Requested by

Host: 05e677a25dfd6c4f47b6a28676ce2f35.safeframe.googlesyndication.com
URL: https://05e677a25dfd6c4f47b6a28676ce2f35.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0bcac89d72d5f0b2bef20f815406384ff05489e4294acee57409060c2eccffc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://05e677a25dfd6c4f47b6a28676ce2f35.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Wed, 30 Mar 2022 13:41:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 187495
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7022
x-xss-protection: 0
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Thu, 30 Mar 2023 13:41:02 GMT

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 8B33 13 KB
5 KB 53ms
52ms Document
text/html 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

accept-ranges: bytes
age: 3189
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Fri, 01 Apr 2022 16:52:48 GMT
expires: Sat, 01 Apr 2023 16:52:48 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 1E4D 783 B
536 B 70ms
70ms Document
text/html 2a00:1450:4001:830::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

576fbfaa2a430184b92d6beb95728a7383186791941aa20dc09c482d95f7b605

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-fx8HQ5jYNcc831Fg3RBd6g' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private, max-age=300
content-encoding: gzip
content-length: 514
content-security-policy: script-src 'report-sample' 'nonce-fx8HQ5jYNcc831Fg3RBd6g' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Fri, 01 Apr 2022 17:45:57 GMT
expires: Fri, 01 Apr 2022 17:45:57 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H2 204 current
dclk-match.dotomi.com/match/bounce/ Frame 9627 0
104 B 137ms
67ms Image
text/plain 2a02:fa8:8806:13::1400
VCLK-EU-SE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dclk-match.dotomi.com/match/bounce/current?networkId=14000&version=1&google_gid=CAESELfQ8Rc5D6bj2EDGfVbxHKQ&google_cver=1&google_push=AYg5qPLXWV9x9StsibNKUih924eAzpfKbe2HNEBN7WTGubQB5jogXySfJS8TGxrURLEc0-BUi-6q4qGOEl5uDarx_21d79_PTbc
Requested by: Host: e1f9c77bf5a35643b4bd056e089e3ef5.safeframe.googlesyndication.com
URL: https://e1f9c77bf5a35643b4bd056e089e3ef5.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2a02:fa8:8806:13::1400 , Singapore, ASN41041 (VCLK-EU-SE, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 01 Apr 2022 17:45:57 GMT
cache-control: no-cache, private, max-age=0, no-store
server: nginx
expires: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 9627
Redirect Chain

https://dsp.adfarm1.adition.com/cookie/?ssp=2&google_gid=CAESEGmAfXAmAdvGtj5hBXBgxPo&google_cver=1&google_push=AYg5qPKmr8F2XLL6sXjUsG04LqsYHAOPkjvskSx0QhqBbaWClIFGnxdYkBAi7hSdkOGlsvFid0Ivf1WQEh5bDY...
https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=NzA4MTY5MzA3NTgyNDUwNzAyMA%3D%3D&google_push=AYg5qPKmr8F2XLL6sXjUsG04LqsYHAOPkjvskSx0QhqBbaWClIFGnxdYkBAi7hSdkOGlsvFid0Ivf1WQEh5bDY1KK3...

170 B
188 B

47ms
47ms

Image
image/png

172.217.23.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=NzA4MTY5MzA3NTgyNDUwNzAyMA%3D%3D&google_push=AYg5qPKmr8F2XLL6sXjUsG04LqsYHAOPkjvskSx0QhqBbaWClIFGnxdYkBAi7hSdkOGlsvFid0Ivf1WQEh5bDY1KK3R2ynkQa1g

Requested by

Host: e1f9c77bf5a35643b4bd056e089e3ef5.safeframe.googlesyndication.com
URL: https://e1f9c77bf5a35643b4bd056e089e3ef5.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Server

172.217.23.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s45-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 01 Apr 2022 17:45:57 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=NzA4MTY5MzA3NTgyNDUwNzAyMA%3D%3D&google_push=AYg5qPKmr8F2XLL6sXjUsG04LqsYHAOPkjvskSx0QhqBbaWClIFGnxdYkBAi7hSdkOGlsvFid0Ivf1WQEh5bDY1KK3R2ynkQa1g
Date: Fri, 01 Apr 2022 17:45:57 GMT
Server: nginx
Connection: keep-alive
Transfer-Encoding: chunked
p3p: policyref="http://imagesrv.adition.com/w3c/p3p.xml",CP="NON DSP ADM DEV PSD IVDo OTPi OUR IND STP PHY PRE NAV UNI"

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 9627
Redirect Chain

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESELlC1ExmiUmM5X60KHvbpN0&google_cver=1&google_push=AYg5qPJXKaq2MY1cdOnooRaXIGjqp9g9XeRu6TMwVsbMKkeoZy4UMvbsAoum5TttX4BJIhBbPry...
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDFHUFZQWUEtQy1IUVBB&google_push=AYg5qPJXKaq2MY1cdOnooRaXIGjqp9g9XeRu6TMwVsbMKkeoZy4UMvbsAoum5TttX4BJIhBbPryld9FxzYJpuuCKFy1djCOStQ

170 B
188 B

50ms
49ms

Image
image/png

172.217.23.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDFHUFZQWUEtQy1IUVBB&google_push=AYg5qPJXKaq2MY1cdOnooRaXIGjqp9g9XeRu6TMwVsbMKkeoZy4UMvbsAoum5TttX4BJIhBbPryld9FxzYJpuuCKFy1djCOStQ

Requested by

Host: e1f9c77bf5a35643b4bd056e089e3ef5.safeframe.googlesyndication.com
URL: https://e1f9c77bf5a35643b4bd056e089e3ef5.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Server

172.217.23.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s45-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 01 Apr 2022 17:45:57 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location: https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDFHUFZQWUEtQy1IUVBB&google_push=AYg5qPJXKaq2MY1cdOnooRaXIGjqp9g9XeRu6TMwVsbMKkeoZy4UMvbsAoum5TttX4BJIhBbPryld9FxzYJpuuCKFy1djCOStQ
Cache-Control: no-cache,no-store,must-revalidate
Content-Type: text/html
content-length: 0
X-RPHost: de8527bfa1ccfd6c1590da0d3b6cff52
Expires: 0

GET

pixel
cm.g.doubleclick.net/ Frame 9627
Redirect Chain

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEN78aTTefshPupouBqMYAOw&google_cver=1&googl...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Ykc6VcjD6AygT2j5hLzZygAABHAAAAIB&google_cver=1&google_gid=CAESEN78aTTefshPupouBqMYAOw&google_push=AYg5qPIHnoURpFdo5sS-1Msa0dNgqGDuogdXy...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Ykc6VcjD6AygT2j5hLzZygAABHAAAAIB&google_cver=1&google_gid=CAESEN78aTTefshPupouBqMYAOw&google_push=AYg5qPIHnoURpFdo5sS-1Msa0dNgqGDuogdXy...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Ykc6VcjD6AygT2j5hLzZygAABHAAAAIB&google_cver=1&google_gid=CAESEN78aTTefshPupouBqMYAOw&google_push=AYg5qPIHnoURpFdo5sS-1Msa0dNgqGDuogdXy...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Ykc6VcjD6AygT2j5hLzZygAABHAAAAIB&google_cver=1&google_gid=CAESEN78aTTefshPupouBqMYAOw&google_push=AYg5qPIHnoURpFdo5sS-1Msa0dNgqGDuogdXy...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Ykc6VcjD6AygT2j5hLzZygAABHAAAAIB&google_cver=1&google_gid=CAESEN78aTTefshPupouBqMYAOw&google_push=AYg5qPIHnoURpFdo5sS-1Msa0dNgqGDuogdXy...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Ykc6VcjD6AygT2j5hLzZygAABHAAAAIB&google_cver=1&google_gid=CAESEN78aTTefshPupouBqMYAOw&google_push=AYg5qPIHnoURpFdo5sS-1Msa0dNgqGDuogdXy...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Ykc6VcjD6AygT2j5hLzZygAABHAAAAIB&google_cver=1&google_gid=CAESEN78aTTefshPupouBqMYAOw&google_push=AYg5qPIHnoURpFdo5sS-1Msa0dNgqGDuogdXy...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Ykc6VcjD6AygT2j5hLzZygAABHAAAAIB&google_cver=1&google_gid=CAESEN78aTTefshPupouBqMYAOw&google_push=AYg5qPIHnoURpFdo5sS-1Msa0dNgqGDuogdXy...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Ykc6VcjD6AygT2j5hLzZygAABHAAAAIB&google_cver=1&google_gid=CAESEN78aTTefshPupouBqMYAOw&google_push=AYg5qPIHnoURpFdo5sS-1Msa0dNgqGDuogdXy...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Ykc6VcjD6AygT2j5hLzZygAABHAAAAIB&google_cver=1&google_gid=CAESEN78aTTefshPupouBqMYAOw&google_push=AYg5qPIHnoURpFdo5sS-1Msa0dNgqGDuogdXy...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Ykc6VcjD6AygT2j5hLzZygAABHAAAAIB&google_cver=1&google_gid=CAESEN78aTTefshPupouBqMYAOw&google_push=AYg5qPIHnoURpFdo5sS-1Msa0dNgqGDuogdXy...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Ykc6VcjD6AygT2j5hLzZygAABHAAAAIB&google_cver=1&google_gid=CAESEN78aTTefshPupouBqMYAOw&google_push=AYg5qPIHnoURpFdo5sS-1Msa0dNgqGDuogdXy...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Ykc6VcjD6AygT2j5hLzZygAABHAAAAIB&google_cver=1&google_gid=CAESEN78aTTefshPupouBqMYAOw&google_push=AYg5qPIHnoURpFdo5sS-1Msa0dNgqGDuogdXy...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Ykc6VcjD6AygT2j5hLzZygAABHAAAAIB&google_cver=1&google_gid=CAESEN78aTTefshPupouBqMYAOw&google_push=AYg5qPIHnoURpFdo5sS-1Msa0dNgqGDuogdXy...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Ykc6VcjD6AygT2j5hLzZygAABHAAAAIB&google_cver=1&google_gid=CAESEN78aTTefshPupouBqMYAOw&google_push=AYg5qPIHnoURpFdo5sS-1Msa0dNgqGDuogdXy...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Ykc6VcjD6AygT2j5hLzZygAABHAAAAIB&google_cver=1&google_gid=CAESEN78aTTefshPupouBqMYAOw&google_push=AYg5qPIHnoURpFdo5sS-1Msa0dNgqGDuogdXy...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Ykc6VcjD6AygT2j5hLzZygAABHAAAAIB&google_cver=1&google_gid=CAESEN78aTTefshPupouBqMYAOw&google_push=AYg5qPIHnoURpFdo5sS-1Msa0dNgqGDuogdXy...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Ykc6VcjD6AygT2j5hLzZygAABHAAAAIB&google_cver=1&google_gid=CAESEN78aTTefshPupouBqMYAOw&google_push=AYg5qPIHnoURpFdo5sS-1Msa0dNgqGDuogdXy...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Ykc6VcjD6AygT2j5hLzZygAABHAAAAIB&google_cver=1&google_gid=CAESEN78aTTefshPupouBqMYAOw&google_push=AYg5qPIHnoURpFdo5sS-1Msa0dNgqGDuogdXy...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Ykc6VcjD6AygT2j5hLzZygAABHAAAAIB&google_cver=1&google_gid=CAESEN78aTTefshPupouBqMYAOw&google_push=AYg5qPIHnoURpFdo5sS-1Msa0dNgqGDuogdXy...

0
0

GET

pixel
cm.g.doubleclick.net/ Frame 9627
Redirect Chain

https://match.360yield.com/match/ebda?google_gid=CAESEID5fC7PMbNGZehouq9o_Q4&google_cver=1&google_push=AYg5qPKbCVBmluU4afOOyYDI1qzZ_5J8Y4LIc_h_8VSLyjFympD99kOS0zGM6qPB8HFQEM1D_invuOxgrgoXVZfNOFJNRc...
https://match.360yield.com/ul_cb/match/ebda?google_gid=CAESEID5fC7PMbNGZehouq9o_Q4&google_cver=1&google_push=AYg5qPKbCVBmluU4afOOyYDI1qzZ_5J8Y4LIc_h_8VSLyjFympD99kOS0zGM6qPB8HFQEM1D_invuOxgrgoXVZfN...
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=aAWKgpxFQUSmgMzr3Zucbw&google_push=AYg5qPKbCVBmluU4afOOyYDI1qzZ_5J8Y4LIc_h_8VSLyjFympD99kOS0zGM6qPB8HFQEM1D_invuOxgrgoXVZf...
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=aAWKgpxFQUSmgMzr3Zucbw&google_push=AYg5qPKbCVBmluU4afOOyYDI1qzZ_5J8Y4LIc_h_8VSLyjFympD99kOS0zGM6qPB8HFQEM1D_invuOxgrgoXVZf...
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=aAWKgpxFQUSmgMzr3Zucbw&google_push=AYg5qPKbCVBmluU4afOOyYDI1qzZ_5J8Y4LIc_h_8VSLyjFympD99kOS0zGM6qPB8HFQEM1D_invuOxgrgoXVZf...
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=aAWKgpxFQUSmgMzr3Zucbw&google_push=AYg5qPKbCVBmluU4afOOyYDI1qzZ_5J8Y4LIc_h_8VSLyjFympD99kOS0zGM6qPB8HFQEM1D_invuOxgrgoXVZf...
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=aAWKgpxFQUSmgMzr3Zucbw&google_push=AYg5qPKbCVBmluU4afOOyYDI1qzZ_5J8Y4LIc_h_8VSLyjFympD99kOS0zGM6qPB8HFQEM1D_invuOxgrgoXVZf...
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=aAWKgpxFQUSmgMzr3Zucbw&google_push=AYg5qPKbCVBmluU4afOOyYDI1qzZ_5J8Y4LIc_h_8VSLyjFympD99kOS0zGM6qPB8HFQEM1D_invuOxgrgoXVZf...
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=aAWKgpxFQUSmgMzr3Zucbw&google_push=AYg5qPKbCVBmluU4afOOyYDI1qzZ_5J8Y4LIc_h_8VSLyjFympD99kOS0zGM6qPB8HFQEM1D_invuOxgrgoXVZf...
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=aAWKgpxFQUSmgMzr3Zucbw&google_push=AYg5qPKbCVBmluU4afOOyYDI1qzZ_5J8Y4LIc_h_8VSLyjFympD99kOS0zGM6qPB8HFQEM1D_invuOxgrgoXVZf...
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=aAWKgpxFQUSmgMzr3Zucbw&google_push=AYg5qPKbCVBmluU4afOOyYDI1qzZ_5J8Y4LIc_h_8VSLyjFympD99kOS0zGM6qPB8HFQEM1D_invuOxgrgoXVZf...
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=aAWKgpxFQUSmgMzr3Zucbw&google_push=AYg5qPKbCVBmluU4afOOyYDI1qzZ_5J8Y4LIc_h_8VSLyjFympD99kOS0zGM6qPB8HFQEM1D_invuOxgrgoXVZf...
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=aAWKgpxFQUSmgMzr3Zucbw&google_push=AYg5qPKbCVBmluU4afOOyYDI1qzZ_5J8Y4LIc_h_8VSLyjFympD99kOS0zGM6qPB8HFQEM1D_invuOxgrgoXVZf...
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=aAWKgpxFQUSmgMzr3Zucbw&google_push=AYg5qPKbCVBmluU4afOOyYDI1qzZ_5J8Y4LIc_h_8VSLyjFympD99kOS0zGM6qPB8HFQEM1D_invuOxgrgoXVZf...
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=aAWKgpxFQUSmgMzr3Zucbw&google_push=AYg5qPKbCVBmluU4afOOyYDI1qzZ_5J8Y4LIc_h_8VSLyjFympD99kOS0zGM6qPB8HFQEM1D_invuOxgrgoXVZf...
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=aAWKgpxFQUSmgMzr3Zucbw&google_push=AYg5qPKbCVBmluU4afOOyYDI1qzZ_5J8Y4LIc_h_8VSLyjFympD99kOS0zGM6qPB8HFQEM1D_invuOxgrgoXVZf...
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=aAWKgpxFQUSmgMzr3Zucbw&google_push=AYg5qPKbCVBmluU4afOOyYDI1qzZ_5J8Y4LIc_h_8VSLyjFympD99kOS0zGM6qPB8HFQEM1D_invuOxgrgoXVZf...
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=aAWKgpxFQUSmgMzr3Zucbw&google_push=AYg5qPKbCVBmluU4afOOyYDI1qzZ_5J8Y4LIc_h_8VSLyjFympD99kOS0zGM6qPB8HFQEM1D_invuOxgrgoXVZf...
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=aAWKgpxFQUSmgMzr3Zucbw&google_push=AYg5qPKbCVBmluU4afOOyYDI1qzZ_5J8Y4LIc_h_8VSLyjFympD99kOS0zGM6qPB8HFQEM1D_invuOxgrgoXVZf...
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=aAWKgpxFQUSmgMzr3Zucbw&google_push=AYg5qPKbCVBmluU4afOOyYDI1qzZ_5J8Y4LIc_h_8VSLyjFympD99kOS0zGM6qPB8HFQEM1D_invuOxgrgoXVZf...
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=aAWKgpxFQUSmgMzr3Zucbw&google_push=AYg5qPKbCVBmluU4afOOyYDI1qzZ_5J8Y4LIc_h_8VSLyjFympD99kOS0zGM6qPB8HFQEM1D_invuOxgrgoXVZf...

0
0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 9627
Redirect Chain

https://sync.1rx.io/usersync2/rmpssp?sub=google&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dr1%26google_push%3D%5BRX_SPD%5D%26google_hm%3D%5BRX_UUID_B64_BIN%5D&google_gid=CAESEK...
https://sync.1rx.io/usersync2/rmpssp?sub=google&zcc=1&google_push=AYg5qPJiIfBAdJDxl9gKtNLLgk-Wal8ZMF7QC06RSuaSe__Q79J3PF1MjbvotIYF7aUUVf49Kez7nnG0l8IPlX2mkKHrAvdXuA&redir=https%3A%2F%2Fcm.g.doublec...
https://cm.g.doubleclick.net/pixel?google_nid=r1&google_push=AYg5qPJiIfBAdJDxl9gKtNLLgk-Wal8ZMF7QC06RSuaSe__Q79J3PF1MjbvotIYF7aUUVf49Kez7nnG0l8IPlX2mkKHrAvdXuA&google_hm=

170 B
188 B

49ms
48ms

Image
image/png

172.217.23.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=r1&google_push=AYg5qPJiIfBAdJDxl9gKtNLLgk-Wal8ZMF7QC06RSuaSe__Q79J3PF1MjbvotIYF7aUUVf49Kez7nnG0l8IPlX2mkKHrAvdXuA&google_hm=

Protocol

Server

172.217.23.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s45-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 01 Apr 2022 17:45:59 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Fri, 01 Apr 2022 17:45:58 GMT
server: Tengine
etag: OPTOUT
content-type: text/html
location: https://cm.g.doubleclick.net/pixel?google_nid=r1&google_push=AYg5qPJiIfBAdJDxl9gKtNLLgk-Wal8ZMF7QC06RSuaSe__Q79J3PF1MjbvotIYF7aUUVf49Kez7nnG0l8IPlX2mkKHrAvdXuA&google_hm=
cache-control: no-store, no-cache, must-revalidate
expires: 0

GET
H3 200 dot.gif
s0.2mdn.net/ Frame 9627 43 B
65 B 124ms
61ms Image
image/gif 2a00:1450:4001:827::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/dot.gif?google_gid=CAESEJfqNAIpeiN-7tePbXAu_U0&google_cver=1&google_push=AYg5qPJs0YTHMewG1jmD71SwIw2MlopRgbpiJ6kRtfkxR4jOtdhVrt-CrKOngGpapZ_bbrddL3zoppMLfpp9KJkRpFBbYDhKwTs

Requested by

Host: e1f9c77bf5a35643b4bd056e089e3ef5.safeframe.googlesyndication.com
URL: https://e1f9c77bf5a35643b4bd056e089e3ef5.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Fri, 01 Apr 2022 17:45:57 GMT
x-content-type-options: nosniff
last-modified: Sun, 01 Feb 2009 08:00:00 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/gif
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 43
x-xss-protection: 0
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 02 Apr 2022 17:45:57 GMT

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame 9627 0
12 B 91ms
45ms Image
text/html 172.217.23.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13LI__GgtvB17FZbUEdoP2e4E_IHN8tjY4bNGOLC3Op6HIcke8yqtH55CXPlD0o8w8KILFNrxA

Requested by

Host: e1f9c77bf5a35643b4bd056e089e3ef5.safeframe.googlesyndication.com
URL: https://e1f9c77bf5a35643b4bd056e089e3ef5.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.23.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s45-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Fri, 01 Apr 2022 17:45:57 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 7FE7 22 KB
8 KB 53ms
52ms Document
text/html 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://56591f2fb35485a454aea223b764c8fb.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

accept-ranges: bytes
age: 125589
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Thu, 31 Mar 2022 06:52:48 GMT
expires: Fri, 31 Mar 2023 06:52:48 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H/1.1

200
OK

request.php Show response
hal900023.redintelligence.net/ Frame C04D
Redirect Chain

https://hal900023.redintelligence.net/request.php?zone=g72h7lz2c4az&nw=20&renderingType=javascript&namespace=fb947f86d4&subid=&uid=be6a56783d1d96ca&screenSize=1600x1200&screenSizeAvail=1600x1200&cl...
https://hal900023.redintelligence.net/request.php?zone=g72h7lz2c4az&nw=20&renderingType=javascript&namespace=fb947f86d4&subid=&uid=be6a56783d1d96ca&screenSize=1600x1200&screenSizeAvail=1600x1200&cl...

2 KB
1 KB

90ms
67ms

Script
application/x-javascript

78.46.23.46
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900023.redintelligence.net/request.php?zone=g72h7lz2c4az&nw=20&renderingType=javascript&namespace=fb947f86d4&subid=&uid=be6a56783d1d96ca&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCzVaYVDpHYtvpHYGgrATskb1opuW9oGmFlZynyQ_wLhABIPLTuXtgleKQgqAHyAEJqQJMNW9L_IeyPqgDAaoE4QFP0M2L4lglhxxWX4lW7aH9WVxrroH6QJqMlzQ31urZBtl9mGx7CZm_Gbavc2SkyLH4fHrMIghjKt-9xWUNGq-yN7wgkM1AHOSTCgsQZ0tzNVL83dcfUIvMdv7haq52lV3zECvz2o6W88dHdegWLUuEMJC-5sLzI3oaFAD0NtBJeuxR2sA2qTQGQ0JeZDRX84j-2e8f6cc7Mzs9gZlxOVmwS6apSX5S9Sl_1LtAUIDtwbK8JzwoYlCtOuMywim_lyeb1EoqSWOTp49R-yqvyJsMBtZ80XUK3iaXVGa9_95OKtHABOuP_I73A-AEA5AGAaAGTYAHrK31nwOoB47OG6gHk9gbqAfulrECqAf-nrECqAeko7ECqAfVyRuoB6a-G6gH89EbqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAkIiOGAEBABGB2ACgOYCwHICwGADAGwE4-10Q7QEwDYEwPYFAHQFQH4FgGAFwE%26ae%3D1%26num%3D1%26cid%3DCAASKORoshToJaNsu0PR_Dr7HgI2SvV6B0fg5LVs1fnYPQgv1xvYVNmoAEQ%26sig%3DAOD64_22tUbQruY9KaUkJq_qIvXjAeBqMA%26client%3Dca-pub-5413329544040947%26dbm_c%3DAKAmf-CJO5L8t2iGp7jnNPrcaQj497uxe_WoUaYkbwkaBwO4_ClsGY02GjcqrjZ4jXeem2xuLVBFJreXNPmt_t7CQm7JGfU_F4UIwajqH6p9Rqux7niik6bSyLMLPyaJzQUHLdY5g8kj-26HF8ZBmk53zanH2po3fg%26cry%3D1%26dbm_d%3DAKAmf-D1aHWHFStn6NP8G-cAjOuS_5flFCd6-9NMk7Ddyp87_xTcbVeYNJkhdbv779L9dVD0y7vjLfvl2mpmiYntHpS9vPl54RWK1f2t2px3a5RTwxE4XK9pvYfWeeT3NUnyN7gjGNZWvyp_FWImxN4RAJhWXmlDxs71JUVfUj8hxWHv7orRuJ6iGFSR2IZVqMNSo-p_7WyguZ-Y1VDNCL1XVOdfan6GEyvNM6Dlg4yT9NKr7CcvXvN_Eo6u3ZphsdzRPmLrkLZYtYBtrmjw9VwfAOHbhKAUjyxbmzhmuKB5Yl9L4KzaaFe_n4fVk9-F3_wL3CHDJpW4d1HEdyMxrRwCeuJbHtXWthM92UCZj0kF0VKBA7xKSJnZnXObLz83pggnXZ5G0bQQO1xrNKDJ6hsGP5VhYij6ovZCLd7K9sghM3cQG9uOFbu5wYKhdFy3ML0bfGVDdRuuo2fv0k0ql34_A-1DosH9-KECNJedK7pPaloaskcV088%26adurl%3D&documentReferer=https%3A%2F%2Fnets4.com%2F&ancestorOrigins=https%3A%2F%2Fnets4.com%2Chttps%3A%2F%2Fnets4.com&random=3004329418280&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1
Requested by: Host: 56591f2fb35485a454aea223b764c8fb.safeframe.googlesyndication.com
URL: https://56591f2fb35485a454aea223b764c8fb.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Protocol: HTTP/1.1
Server: 78.46.23.46 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.46.23.46.78.clients.your-server.de
Software: Apache /
Resource Hash: 0246092139f51ffcc5939b6aa6e01c8f7de825965fa39a8e04a255cefdb7916f

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://56591f2fb35485a454aea223b764c8fb.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 01 Apr 2022 17:45:57 GMT
Content-Encoding: gzip
Server: Apache
Vary: Accept-Encoding
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
X-NEORY-SubId: 55647300209773804444550011916023
Connection: close
Content-Type: application/x-javascript; charset=utf-8
Content-Length: 861
Expires: Fri, 01 Apr 2022 18:45:57 +0200

Redirect headers

Pragma: no-cache
Date: Fri, 01 Apr 2022 17:45:57 GMT
Server: Apache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Location: request.php?zone=g72h7lz2c4az&nw=20&renderingType=javascript&namespace=fb947f86d4&subid=&uid=be6a56783d1d96ca&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCzVaYVDpHYtvpHYGgrATskb1opuW9oGmFlZynyQ_wLhABIPLTuXtgleKQgqAHyAEJqQJMNW9L_IeyPqgDAaoE4QFP0M2L4lglhxxWX4lW7aH9WVxrroH6QJqMlzQ31urZBtl9mGx7CZm_Gbavc2SkyLH4fHrMIghjKt-9xWUNGq-yN7wgkM1AHOSTCgsQZ0tzNVL83dcfUIvMdv7haq52lV3zECvz2o6W88dHdegWLUuEMJC-5sLzI3oaFAD0NtBJeuxR2sA2qTQGQ0JeZDRX84j-2e8f6cc7Mzs9gZlxOVmwS6apSX5S9Sl_1LtAUIDtwbK8JzwoYlCtOuMywim_lyeb1EoqSWOTp49R-yqvyJsMBtZ80XUK3iaXVGa9_95OKtHABOuP_I73A-AEA5AGAaAGTYAHrK31nwOoB47OG6gHk9gbqAfulrECqAf-nrECqAeko7ECqAfVyRuoB6a-G6gH89EbqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAkIiOGAEBABGB2ACgOYCwHICwGADAGwE4-10Q7QEwDYEwPYFAHQFQH4FgGAFwE%26ae%3D1%26num%3D1%26cid%3DCAASKORoshToJaNsu0PR_Dr7HgI2SvV6B0fg5LVs1fnYPQgv1xvYVNmoAEQ%26sig%3DAOD64_22tUbQruY9KaUkJq_qIvXjAeBqMA%26client%3Dca-pub-5413329544040947%26dbm_c%3DAKAmf-CJO5L8t2iGp7jnNPrcaQj497uxe_WoUaYkbwkaBwO4_ClsGY02GjcqrjZ4jXeem2xuLVBFJreXNPmt_t7CQm7JGfU_F4UIwajqH6p9Rqux7niik6bSyLMLPyaJzQUHLdY5g8kj-26HF8ZBmk53zanH2po3fg%26cry%3D1%26dbm_d%3DAKAmf-D1aHWHFStn6NP8G-cAjOuS_5flFCd6-9NMk7Ddyp87_xTcbVeYNJkhdbv779L9dVD0y7vjLfvl2mpmiYntHpS9vPl54RWK1f2t2px3a5RTwxE4XK9pvYfWeeT3NUnyN7gjGNZWvyp_FWImxN4RAJhWXmlDxs71JUVfUj8hxWHv7orRuJ6iGFSR2IZVqMNSo-p_7WyguZ-Y1VDNCL1XVOdfan6GEyvNM6Dlg4yT9NKr7CcvXvN_Eo6u3ZphsdzRPmLrkLZYtYBtrmjw9VwfAOHbhKAUjyxbmzhmuKB5Yl9L4KzaaFe_n4fVk9-F3_wL3CHDJpW4d1HEdyMxrRwCeuJbHtXWthM92UCZj0kF0VKBA7xKSJnZnXObLz83pggnXZ5G0bQQO1xrNKDJ6hsGP5VhYij6ovZCLd7K9sghM3cQG9uOFbu5wYKhdFy3ML0bfGVDdRuuo2fv0k0ql34_A-1DosH9-KECNJedK7pPaloaskcV088%26adurl%3D&documentReferer=https%3A%2F%2Fnets4.com%2F&ancestorOrigins=https%3A%2F%2Fnets4.com%2Chttps%3A%2F%2Fnets4.com&random=3004329418280&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 0
Expires: Fri, 01 Apr 2022 18:45:57 +0200

GET
H3 200 3b8ZtKHcFUSYKihZpywKVICyDtFsaoLwoCuDyEZifyk.js Show response
pagead2.googlesyndication.com/bg/ Frame 54EB 35 KB
13 KB 53ms
53ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/3b8ZtKHcFUSYKihZpywKVICyDtFsaoLwoCuDyEZifyk.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ddbf19b4a1dc1544982a2859a72c0a5480b20ed16c6a82f0a02b83c846627f29

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Fri, 01 Apr 2022 16:49:37 GMT
content-encoding: br
x-content-type-options: nosniff
age: 3380
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13770
x-xss-protection: 0
last-modified: Mon, 28 Mar 2022 10:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 01 Apr 2023 16:49:37 GMT

POST
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame E620 0
26 B 103ms
65ms Ping
image/gif 142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: nets4.com
URL: https://nets4.com/domain/1800victims.org

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://e1f9c77bf5a35643b4bd056e089e3ef5.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 01 Apr 2022 17:45:57 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H2

200

i.match
s.tribalfusion.com/z/ Frame 2AE1
Redirect Chain

https://a.tribalfusion.com/i.match?p=b6&u=CAESEHqiVvrmscUXc2OeQMkvBok&google_cver=1&google_push=AYg5qPJGcckxbl8oRypUDjyb7E05QXjCzipFSY3mX0hUhE_wtBnwSQmu3GF307Ra3Zv05gPTnUKf-2XPtkzhUdzaNP2rPCB_O8Ab&...
https://s.tribalfusion.com/z/i.match?p=b6&u=CAESEHqiVvrmscUXc2OeQMkvBok&google_cver=1&google_push=AYg5qPJGcckxbl8oRypUDjyb7E05QXjCzipFSY3mX0hUhE_wtBnwSQmu3GF307Ra3Zv05gPTnUKf-2XPtkzhUdzaNP2rPCB_O8A...

43 B
436 B

185ms
176ms

Image
image/gif

2606:4700::6812:c05
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s.tribalfusion.com/z/i.match?p=b6&u=CAESEHqiVvrmscUXc2OeQMkvBok&google_cver=1&google_push=AYg5qPJGcckxbl8oRypUDjyb7E05QXjCzipFSY3mX0hUhE_wtBnwSQmu3GF307Ra3Zv05gPTnUKf-2XPtkzhUdzaNP2rPCB_O8Ab&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAYg5qPJGcckxbl8oRypUDjyb7E05QXjCzipFSY3mX0hUhE_wtBnwSQmu3GF307Ra3Zv05gPTnUKf-2XPtkzhUdzaNP2rPCB_O8Ab%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24
Requested by: Host: 05e677a25dfd6c4f47b6a28676ce2f35.safeframe.googlesyndication.com
URL: https://05e677a25dfd6c4f47b6a28676ce2f35.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Protocol: H2
Server: 2606:4700::6812:c05 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 01 Apr 2022 17:45:58 GMT
cf-cache-status: DYNAMIC
x-function: 302
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
cf-ray: 6f532438c8c991dd-FRA
p3p: CP="NOI DEVo TAIa OUR BUS"
cache-control: no-cache, private
content-type: image/gif; charset=utf-8
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 43
expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Fri, 01 Apr 2022 17:45:57 GMT
cf-cache-status: DYNAMIC
x-function: 206
server: cloudflare
x-reuse-index: 59438
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
cf-ray: 6f5324375dd291dd-FRA
p3p: CP="NOI DEVo TAIa OUR BUS"
location: https://s.tribalfusion.com/z/i.match?p=b6&u=CAESEHqiVvrmscUXc2OeQMkvBok&google_cver=1&google_push=AYg5qPJGcckxbl8oRypUDjyb7E05QXjCzipFSY3mX0hUhE_wtBnwSQmu3GF307Ra3Zv05gPTnUKf-2XPtkzhUdzaNP2rPCB_O8Ab&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAYg5qPJGcckxbl8oRypUDjyb7E05QXjCzipFSY3mX0hUhE_wtBnwSQmu3GF307Ra3Zv05gPTnUKf-2XPtkzhUdzaNP2rPCB_O8Ab%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24
cache-control: no-cache, private
content-type: text/html
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 2AE1
Redirect Chain

https://um.simpli.fi/gp_match?google_gid=CAESELsTFJ3Z8fLHOW08WF1-KrU&google_cver=1&google_push=AYg5qPJIASv9pUBH57xemHO83yRU4C5WFjQImCC-yzyMAltT1-mF7xJjMCaLzWaIDLALON8BGWyNHX5gMZH_GeE59jkH82YVA9U_
https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=1C61582BE2764616972C109DAF982F13&google_push=AYg5qPJIASv9pUBH57xemHO83yRU4C5WFjQImCC-yzyMAltT1-mF7xJjMCaLzWaIDLALON8BGWyNHX5gMZH_GeE...

170 B
188 B

49ms
49ms

Image
image/png

172.217.23.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=1C61582BE2764616972C109DAF982F13&google_push=AYg5qPJIASv9pUBH57xemHO83yRU4C5WFjQImCC-yzyMAltT1-mF7xJjMCaLzWaIDLALON8BGWyNHX5gMZH_GeE59jkH82YVA9U_

Requested by

Host: 05e677a25dfd6c4f47b6a28676ce2f35.safeframe.googlesyndication.com
URL: https://05e677a25dfd6c4f47b6a28676ce2f35.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Server

172.217.23.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s45-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 01 Apr 2022 17:45:57 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Fri, 01 Apr 2022 17:45:57 GMT
x-content-type-options: nosniff
server: nginx
location: https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=1C61582BE2764616972C109DAF982F13&google_push=AYg5qPJIASv9pUBH57xemHO83yRU4C5WFjQImCC-yzyMAltT1-mF7xJjMCaLzWaIDLALON8BGWyNHX5gMZH_GeE59jkH82YVA9U_
strict-transport-security: max-age=63072000; includeSubdomains; preload
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/html
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length: 138
expires: Thu, 31 Mar 2022 17:45:57 GMT

GET
H2 204 pixelSync
pixel-sync.sitescout.com/dmp/ Frame 2AE1 0
191 B 62ms
21ms Image
text/plain 66.155.71.149
COGECO-PEER1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel-sync.sitescout.com/dmp/pixelSync?nid=8&google_gid=CAESEHuv-Fcj9phFbnyirlqDmuA&google_cver=1&google_push=AYg5qPISGl6BGy7xwdDsDfslt49yn4aC5oU8jxvIdVztXSRQKS8on71OS3ftl795xkGt2ohlc0l2qhiyqVWXTTEXL3cFjTH3VUes
Requested by: Host: 05e677a25dfd6c4f47b6a28676ce2f35.safeframe.googlesyndication.com
URL: https://05e677a25dfd6c4f47b6a28676ce2f35.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 66.155.71.149 Portsmouth, United Kingdom, ASN13768 (COGECO-PEER1, CA),
Reverse DNS
Software: AC1.1 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 01 Apr 2022 17:45:57 GMT
cache-control: max-age=0,no-cache,no-store
server: AC1.1
p3p: CP="NON DEVa PSAa PSDa OUR NOR NAV",policyref="/w3c/p3p.xml"
expires: Tue, 11 Oct 1977 12:34:56 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 2AE1
Redirect Chain

https://x.bidswitch.net/sync?ssp=google&google_gid=CAESEOiHsTL00QDzqLRyAaMr05E&google_cver=1&google_push=AYg5qPIa1vUSaWt1IXlLXF6CseVSxqs8a8Wy8j5TNcmUK69bZnyKp451ngvR8L7Pbvqgg-mi5p-ygRPOwMJ73xtUN_9J...
https://x.bidswitch.net/ul_cb/sync?ssp=google&google_gid=CAESEOiHsTL00QDzqLRyAaMr05E&google_cver=1&google_push=AYg5qPIa1vUSaWt1IXlLXF6CseVSxqs8a8Wy8j5TNcmUK69bZnyKp451ngvR8L7Pbvqgg-mi5p-ygRPOwMJ73x...
https://pool.admedo.com/sync?ssp=bidswitch&bidswitch_ssp_id=google&bsw_custom_parameter=e75e67cc-9573-48cc-998a-b036165251fd
https://pool.admedo.com/ul_cb/sync?ssp=bidswitch&bidswitch_ssp_id=google&bsw_custom_parameter=e75e67cc-9573-48cc-998a-b036165251fd
https://x.bidswitch.net/sync?dsp_id=23&expires=14&user_id=4be4a0f6-db11-4591-9f9e-b3348011002e&user_group=1&ssp=google&bsw_param=e75e67cc-9573-48cc-998a-b036165251fd
https://cm.g.doubleclick.net/pixel?google_nid=bdsw&google_push=AYg5qPIa1vUSaWt1IXlLXF6CseVSxqs8a8Wy8j5TNcmUK69bZnyKp451ngvR8L7Pbvqgg-mi5p-ygRPOwMJ73xtUN_9JB1Z_sSg&google_hm=515nzJVzSMyZirA2FlJR_Q==

170 B
188 B

48ms
47ms

Image
image/png

172.217.23.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=bdsw&google_push=AYg5qPIa1vUSaWt1IXlLXF6CseVSxqs8a8Wy8j5TNcmUK69bZnyKp451ngvR8L7Pbvqgg-mi5p-ygRPOwMJ73xtUN_9JB1Z_sSg&google_hm=515nzJVzSMyZirA2FlJR_Q==

Protocol

Server

172.217.23.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s45-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 01 Apr 2022 17:45:59 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: //cm.g.doubleclick.net/pixel?google_nid=bdsw&google_push=AYg5qPIa1vUSaWt1IXlLXF6CseVSxqs8a8Wy8j5TNcmUK69bZnyKp451ngvR8L7Pbvqgg-mi5p-ygRPOwMJ73xtUN_9JB1Z_sSg&google_hm=515nzJVzSMyZirA2FlJR_Q==
Date: Fri, 01 Apr 2022 17:45:59 GMT
Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
Content-Length: 0

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame 2AE1 0
12 B 45ms
45ms Image
text/html 172.217.23.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13JKQ9-bizfz0pe7W6vPAviqarUi-gwtDGVM-rAPehHXy827b-Nb

Requested by

Host: 05e677a25dfd6c4f47b6a28676ce2f35.safeframe.googlesyndication.com
URL: https://05e677a25dfd6c4f47b6a28676ce2f35.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.23.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s45-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Fri, 01 Apr 2022 17:45:57 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H2 200 privacy_small.svg
static.criteo.net/flash/icon/ Frame 1337 2 KB
1 KB 63ms
16ms Image
image/svg+xml 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/privacy_small.svg

Requested by

Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=Ykc6VAAOoq4Kd8ETAAM3owWGC5823H1NIfeABA&u=%7C8ptA%2B%2FJQAJAtpNjYAfWsuh9hmk5J7hH6AYv%2Bf4bdGJg%3D%7C&c1=JrbohDAzizBCiLKN5O6jHUI-6dJ9lV_AM8iEE4GHx4VBZk7o6r4u2Tz-b9i3H_G-X5MXpmH_vXDDH0SawykmzfKm9HhYbZW_Win2tHjUrTNILpc-Z_S6hr1hgU9-4xr_zvm8vjOxyB51O4CsD9wRbVQhKlcGRYJPnYXFqzm_3k13oFKn8jrJEk-Dop0O1fC6V3stBh5yxdI63kphaJ_mPLODgisFbmHw9r3XVWiUv8fUq5RKnGDtMXlLbN_G5CxfquJn1ePBNB272qB7-m0IZtq14lipAeDTzEuEu8sFflQJZfYJ-w4lHgU-WLRCxF2b4yKNAyQM_n8AJ46sDgQb28ugejzp_dZj6lHzq06m3c2oN6rhh-wQwJ116DJAHnCFewsDnBeuGAx5WJJGF_r1Bag8qYGk9xA5KFuneXptj_Z54bGtweA3lwZfFQYg86tVRzSSHmnWvPn_5M9LZfZpf372QFxof3uhVTW79xIjfGA&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCLq8VVDpHYq7FOpOC3wOj74yAA8me0rFc1Z2R93DAjbcBEAEgAGCVgoCAoAeCARdjYS1wdWItNTQxMzMyOTU0NDA0MDk0N6AB1bbS6gPIAQmpAkw1b0v8h7I-4AIAqAMBqgTHAk_Q3OapdoNI0It23rNpgZoWyOv6egwUdTAziwABGCwEmeEE1yIByOMrXhBPtNmiaHfjONcwwV2D9XCQ3o-z-cG7F-j-NxD55XF7E0_aW36oxB1PZkDPESRuUp-XjsF_p3amdi6Byxaa1dU99zqvoQxGw4kjTOA2YLFqgz0bXo-piRvGVzJ9noEzBz9B8rAHW1fSqeT-3EiGRIFVOpS7eKdsO3Upups4UpJ4ty9QoHV1TlWHMQi3fH1oQWgX4iKtblb5nMYjT5NRceHGzQTBOqmlrd6ahFeRaORrTwsVDkbyvTygp3APzu9qrh7Y77PAH1YiFuG2TnK6OsPwUZYikg7Xtv9uoJ6mqD52VCLkspDKD3W-dE2LaKJZF1wt70b64fR42_8paCspjMzDr_SdMFh3u5Qlmjc15q834A3eUTqJVtN9UjqK8-AEAYAG1KCKy6SbqKNsoAYhqAeKmLECqAemvhuoB5bYG6gHqpuxAqgH35-xAtgHANIIBwiA4YAQEAH6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_3RIJrPvxQncNT4VXLTp2-mKXHsmQ%26client%3Dca-pub-5413329544040947%26adurl%3D

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a71fdb2af0679f36edbf63eb7944dc2403c85572d9de916cfcb12bf6277c5c37

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Fri, 01 Apr 2022 17:45:57 GMT
content-encoding: gzip
last-modified: Tue, 11 Feb 2020 14:30:28 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e42ba84-6aa"
strict-transport-security: max-age=31536000; preload;
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Mon, 27 Mar 2023 17:45:57 GMT

GET
H2 200 adchoices_de.svg
static.criteo.net/flash/icon/ Frame 1337 2 KB
1 KB 65ms
18ms Image
image/svg+xml 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/adchoices_de.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

f5ac04f16be2eb0fbb4477e9e100a88674bda296ce7acf2419ec2898858b37f1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Fri, 01 Apr 2022 17:45:57 GMT
content-encoding: gzip
last-modified: Tue, 11 Feb 2020 14:27:58 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e42b9ee-763"
strict-transport-security: max-age=31536000; preload;
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Mon, 27 Mar 2023 17:45:57 GMT

GET
H2 200 close_button.svg
static.criteo.net/flash/icon/ Frame 1337 308 B
636 B 37ms
19ms Image
image/svg+xml 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/close_button.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

8ec89605fe3d580e9539c7b858e8f69ba4e26fe06377ebe04585397de23a7395

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Fri, 01 Apr 2022 17:45:57 GMT
last-modified: Fri, 14 Feb 2020 13:51:32 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "5e46a5e4-134"
strict-transport-security: max-age=31536000; preload;
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 308
expires: Mon, 27 Mar 2023 17:45:57 GMT

GET
H2 200 back_button.svg
static.criteo.net/flash/icon/ Frame 1337 507 B
835 B 41ms
23ms Image
image/svg+xml 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/back_button.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

8f9a7962cf58f27b89c0627d094ee1b631ec118675f9eae1dc06031353360422

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Fri, 01 Apr 2022 17:45:57 GMT
last-modified: Thu, 01 Apr 2021 14:03:13 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "6065d2a1-1fb"
strict-transport-security: max-age=31536000; preload;
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 507
expires: Mon, 27 Mar 2023 17:45:57 GMT

GET
H2 200 m
secure-gl.imrworldwide.com/cgi-bin/ Frame 1337 0
688 B 171ms
110ms Image
text/plain 2600:9000:206f:6600:1e:a43d:b640:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://secure-gl.imrworldwide.com/cgi-bin/m?ca=nlsn184820&cr=crtve&ce=criteo&pc=criteo_plc0001&ci=nlsnci162&am=3&at=view&rt=banner&st=image&r=1648835157
Requested by: Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=Ykc6VAAOoq4Kd8ETAAM3owWGC5823H1NIfeABA&u=%7C8ptA%2B%2FJQAJAtpNjYAfWsuh9hmk5J7hH6AYv%2Bf4bdGJg%3D%7C&c1=JrbohDAzizBCiLKN5O6jHUI-6dJ9lV_AM8iEE4GHx4VBZk7o6r4u2Tz-b9i3H_G-X5MXpmH_vXDDH0SawykmzfKm9HhYbZW_Win2tHjUrTNILpc-Z_S6hr1hgU9-4xr_zvm8vjOxyB51O4CsD9wRbVQhKlcGRYJPnYXFqzm_3k13oFKn8jrJEk-Dop0O1fC6V3stBh5yxdI63kphaJ_mPLODgisFbmHw9r3XVWiUv8fUq5RKnGDtMXlLbN_G5CxfquJn1ePBNB272qB7-m0IZtq14lipAeDTzEuEu8sFflQJZfYJ-w4lHgU-WLRCxF2b4yKNAyQM_n8AJ46sDgQb28ugejzp_dZj6lHzq06m3c2oN6rhh-wQwJ116DJAHnCFewsDnBeuGAx5WJJGF_r1Bag8qYGk9xA5KFuneXptj_Z54bGtweA3lwZfFQYg86tVRzSSHmnWvPn_5M9LZfZpf372QFxof3uhVTW79xIjfGA&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCLq8VVDpHYq7FOpOC3wOj74yAA8me0rFc1Z2R93DAjbcBEAEgAGCVgoCAoAeCARdjYS1wdWItNTQxMzMyOTU0NDA0MDk0N6AB1bbS6gPIAQmpAkw1b0v8h7I-4AIAqAMBqgTHAk_Q3OapdoNI0It23rNpgZoWyOv6egwUdTAziwABGCwEmeEE1yIByOMrXhBPtNmiaHfjONcwwV2D9XCQ3o-z-cG7F-j-NxD55XF7E0_aW36oxB1PZkDPESRuUp-XjsF_p3amdi6Byxaa1dU99zqvoQxGw4kjTOA2YLFqgz0bXo-piRvGVzJ9noEzBz9B8rAHW1fSqeT-3EiGRIFVOpS7eKdsO3Upups4UpJ4ty9QoHV1TlWHMQi3fH1oQWgX4iKtblb5nMYjT5NRceHGzQTBOqmlrd6ahFeRaORrTwsVDkbyvTygp3APzu9qrh7Y77PAH1YiFuG2TnK6OsPwUZYikg7Xtv9uoJ6mqD52VCLkspDKD3W-dE2LaKJZF1wt70b64fR42_8paCspjMzDr_SdMFh3u5Qlmjc15q834A3eUTqJVtN9UjqK8-AEAYAG1KCKy6SbqKNsoAYhqAeKmLECqAemvhuoB5bYG6gHqpuxAqgH35-xAtgHANIIBwiA4YAQEAH6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_3RIJrPvxQncNT4VXLTp2-mKXHsmQ%26client%3Dca-pub-5413329544040947%26adurl%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:206f:6600:1e:a43d:b640:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 01 Apr 2022 17:45:57 GMT
via: 1.1 547a50460a0cda7ae3dafb1c0b6d0e1a.cloudfront.net (CloudFront)
server: nginx
x-amz-cf-pop: FRA56-C1
access-control-allow-methods: POST, OPTIONS
p3p: P3P policyref="http://secure-gl.imrworldwide.com/w3c/p3p.xml", CP="NOI DSP COR NID PSA ADM OUR IND UNI NAV COM"
access-control-allow-origin: *
cache-control: no-cache
cross-origin-resource-policy: cross-origin
x-cache: Miss from cloudfront
accept-ch: Sec-CH-Save-Data, Sec-CH-DPR, Sec-CH-Width, Sec-CH-Viewport-Width, Sec-CH-Viewport-Height, Sec-CH-Device-Memory, Sec-CH-RTT, Sec-CH-Downlink, Sec-CH-ECT, Sec-CH-Prefers-Color-Scheme, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
content-length: 0
x-amz-cf-id: 3SzxQ8s2JQj17ZzDcE_yQ-3jtBezz4NnFTE_lRA9bw75eZP8SGd3xg==
expires: Thu, 01 Dec 1994 16:00:00 GMT

GET
H2 200 lg.php
cat.nl.eu.criteo.com/m/delivery/ Frame 1337 43 B
348 B 76ms
17ms Image
image/gif 178.250.2.148
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cat.nl.eu.criteo.com/m/delivery/lg.php?cppv=3&cpp=PMYb-0GEYIJjSSRV2tkyQhnrUj6ZPaZQ21xNVlnkRp65IxUBWQj1HXZtr3zPWE3ZGqhtpfESIS6s3bWum4RPBFqcom9WGH7emSktP9_SgL9wVwK7U4-xxignnPyoshUA9gXFcpQXg2Zmke8Stj9K9NM6GbQBH__S_QjXo00N_IyEeJ_NNrgjWfTnVA8LllLQgemjjZdbGqdB_TJnRdKxM-Ca3H6-RpuaJn8N00h7R8zJT5FpZAnNV2jqXZ4bzm1aDYpdAkeTDAvmiNju2NMEX6Yqv-VYxg1JiFdYMfhefjQuvBMMF8xmvNAMt0tY_20d6nr38E__xgXYT4-rb5JYwqHdFQXKmde5YWDC40Rc-z-HvB9oASQuoJxlEPTXx9Zk-aMd2VU-5TetPLBm2PZGPOvfPPi5z4CieN_8O57gHXu8W5wLB8FjLIrq-dlIGH6bjjGj1Q

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.2.148 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 01 Apr 2022 17:45:57 GMT
server: Kestrel
strict-transport-security: max-age=31536000; preload;
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
cache-control: no-cache
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 2844968
content-type: image/gif
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
DATA 200
OK truncated
/ Frame 1D4B 215 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 7d194153ab6bc6294989ab0355fdd45889e9f95e94220bf5df5fd43fd11ac7c1

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Content-Type: image/png

POST
H2 204 collect Show response
d.clarity.ms/ 0
48 B 187ms
186ms XHR
text/plain 40.76.174.66
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://d.clarity.ms/collect
Requested by: Host: d.clarity.ms
URL: https://d.clarity.ms/s/0.6.34/clarity.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 40.76.174.66 Tappahannock, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/x-clarity-gzip
Referer: https://nets4.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

access-control-allow-origin: https://nets4.com
date: Fri, 01 Apr 2022 17:45:57 GMT
access-control-allow-credentials: true
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
request-context: appId=cid-v1:238681e8-7d6b-453a-acb6-7dcad74f3111

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 1E4D 0
0 101ms
100ms Image
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_2022032106&jk=3527874828063311&rc=null
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

GET
H3 200 xnyDcLTJFFqRrOSh_tGs93TmBGWOIlQl9rUvBjKFBOc.js Show response
pagead2.googlesyndication.com/bg/ Frame 7FE7 35 KB
13 KB 53ms
53ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/xnyDcLTJFFqRrOSh_tGs93TmBGWOIlQl9rUvBjKFBOc.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c67c8370b4c9145a91ace4a1fed1acf774e604658e225425f6b52f06328504e7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Fri, 01 Apr 2022 05:20:46 GMT
content-encoding: br
x-content-type-options: nosniff
age: 44711
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13781
x-xss-protection: 0
last-modified: Mon, 28 Mar 2022 10:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 01 Apr 2023 05:20:46 GMT

GET
H3 200 xnyDcLTJFFqRrOSh_tGs93TmBGWOIlQl9rUvBjKFBOc.js Show response
pagead2.googlesyndication.com/bg/ Frame 8B33 35 KB
13 KB 53ms
53ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/xnyDcLTJFFqRrOSh_tGs93TmBGWOIlQl9rUvBjKFBOc.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c67c8370b4c9145a91ace4a1fed1acf774e604658e225425f6b52f06328504e7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Fri, 01 Apr 2022 05:20:46 GMT
content-encoding: br
x-content-type-options: nosniff
age: 44711
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13781
x-xss-protection: 0
last-modified: Mon, 28 Mar 2022 10:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 01 Apr 2023 05:20:46 GMT

GET
H2 200 animejs.js Show response
static.criteo.net/animejs/ Frame 1337 12 KB
6 KB 14ms
14ms Script
text/javascript 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/animejs/animejs.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a2e14a498cfcc1b6920f069a9d657ad3c6fbbe217dd26dbfe54815db5107fed6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Fri, 01 Apr 2022 17:45:57 GMT
content-encoding: gzip
last-modified: Tue, 26 Mar 2019 17:44:11 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5c9a64eb-3181"
strict-transport-security: max-age=31536000; preload;
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Mon, 27 Mar 2023 17:45:57 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame 1337 11 KB
11 KB 70ms
18ms Image
image/png 178.250.0.139
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.eu.criteo.net/img/img?h=76&m=0&partner=2861&q=80&r=0&u=http%3A%2F%2Fstatic.nl.eu.criteo.net%2Fdesign%2Fdt%2F2861%2F190124%2F8d6bc06124f044d4973e0db21c495799_logo.png&v=3&w=596&s=y9MaZ2kysatRTgIoZYWcMJ4C

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.0.139 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

pix.par.vip.prod.criteo.com

Software

Finatra /

Resource Hash

093da471f5256cc2c4143fef0a012c247888761f0d398659582dc56da5769a16

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Fri, 01 Apr 2022 17:45:57 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/png
cache-control: public, max-age=30461244
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
timing-allow-origin: *
content-length: 10911
expires: Mon, 20 Mar 2023 07:13:22 GMT

POST
H2 200 all
csm.eu.criteo.net/ Frame 1337 0
128 B 57ms
18ms Ping
text/plain 178.250.0.162
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://csm.eu.criteo.net/all?cppv=3&cpp=nXQKQ4fd74J0fvjyu8NXHyQ-3uYLe4j0qEZM0Q33zaIJyaqky-lO8jKAOTBzEmICDt8PkodPy9CjTfVau3-_Qs0NdxVK-CnPqFoJ7T1ls3_QogNZNeS6Zp7DeysnKZed0cmCqph2_Q40WtQog1Hp31SUdyaUzS-j7VN2CQAF2j0qV3E6z_HOBg4jObQGmy52mgXgZR2GEZ0Gc1oa0L-Nf8CZduBT48Rx5y06ImEmMnjcD_tMRMuqEeJr2-1kPoWWYCdF6A&sds=2&rev=80956&sendBeacon=true

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.0.162 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Finatra /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://ads.eu.criteo.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Fri, 01 Apr 2022 17:45:57 GMT
cross-origin-resource-policy: cross-origin
server: Finatra
content-length: 0
strict-transport-security: max-age=31536000; preload;

GET
H2 200 criteo_logo_2021.svg
static.criteo.net/flash/icon/ Frame 1337 2 KB
1 KB 18ms
18ms Image
image/svg+xml 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/criteo_logo_2021.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a0e62ca4a82bef79bbe9dc2aba6c0782a7d8eca046bb1baa30ee91ec37931553

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Fri, 01 Apr 2022 17:45:57 GMT
content-encoding: gzip
last-modified: Thu, 27 May 2021 13:21:59 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"60af9cf7-891"
strict-transport-security: max-age=31536000; preload;
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Mon, 27 Mar 2023 17:45:57 GMT

GET
H2 200 privacy.svg
static.criteo.net/flash/icon/ Frame 1337 2 KB
1 KB 24ms
24ms Image
image/svg+xml 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/privacy.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

095c997695f6a290fdba58b778eb0a0fdcdd9c108669e41265527a262223f1e6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Fri, 01 Apr 2022 17:45:57 GMT
content-encoding: gzip
last-modified: Wed, 19 Feb 2020 10:57:21 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e4d1491-646"
strict-transport-security: max-age=31536000; preload;
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Mon, 27 Mar 2023 17:45:57 GMT

GET
H2

200

view.aspx Show response
pb.media01.eu/ Frame E0DB
Redirect Chain

https://pv.medialead.de/trck/epv/e99aace94e6e5873830a7df8deda4aa6?subid=55647300209773804444550011916023&t=htlp
https://pb.media01.eu/view.aspx?trackid=529D4F146E3238B0FD87AE72E1190AD4&dt_subid1=52180&dt_subid2=55647300209773804444550011916023&actionid=981741&produktid=&dt_url=

0
629 B

137ms
99ms

Document
text/html

88.198.250.30
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://pb.media01.eu/view.aspx?trackid=529D4F146E3238B0FD87AE72E1190AD4&dt_subid1=52180&dt_subid2=55647300209773804444550011916023&actionid=981741&produktid=&dt_url=

Requested by

Host: hal900023.redintelligence.net
URL: https://hal900023.redintelligence.net/request.php?zone=g72h7lz2c4az&nw=20&renderingType=javascript&namespace=fb947f86d4&subid=&uid=be6a56783d1d96ca&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCzVaYVDpHYtvpHYGgrATskb1opuW9oGmFlZynyQ_wLhABIPLTuXtgleKQgqAHyAEJqQJMNW9L_IeyPqgDAaoE4QFP0M2L4lglhxxWX4lW7aH9WVxrroH6QJqMlzQ31urZBtl9mGx7CZm_Gbavc2SkyLH4fHrMIghjKt-9xWUNGq-yN7wgkM1AHOSTCgsQZ0tzNVL83dcfUIvMdv7haq52lV3zECvz2o6W88dHdegWLUuEMJC-5sLzI3oaFAD0NtBJeuxR2sA2qTQGQ0JeZDRX84j-2e8f6cc7Mzs9gZlxOVmwS6apSX5S9Sl_1LtAUIDtwbK8JzwoYlCtOuMywim_lyeb1EoqSWOTp49R-yqvyJsMBtZ80XUK3iaXVGa9_95OKtHABOuP_I73A-AEA5AGAaAGTYAHrK31nwOoB47OG6gHk9gbqAfulrECqAf-nrECqAeko7ECqAfVyRuoB6a-G6gH89EbqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAkIiOGAEBABGB2ACgOYCwHICwGADAGwE4-10Q7QEwDYEwPYFAHQFQH4FgGAFwE%26ae%3D1%26num%3D1%26cid%3DCAASKORoshToJaNsu0PR_Dr7HgI2SvV6B0fg5LVs1fnYPQgv1xvYVNmoAEQ%26sig%3DAOD64_22tUbQruY9KaUkJq_qIvXjAeBqMA%26client%3Dca-pub-5413329544040947%26dbm_c%3DAKAmf-CJO5L8t2iGp7jnNPrcaQj497uxe_WoUaYkbwkaBwO4_ClsGY02GjcqrjZ4jXeem2xuLVBFJreXNPmt_t7CQm7JGfU_F4UIwajqH6p9Rqux7niik6bSyLMLPyaJzQUHLdY5g8kj-26HF8ZBmk53zanH2po3fg%26cry%3D1%26dbm_d%3DAKAmf-D1aHWHFStn6NP8G-cAjOuS_5flFCd6-9NMk7Ddyp87_xTcbVeYNJkhdbv779L9dVD0y7vjLfvl2mpmiYntHpS9vPl54RWK1f2t2px3a5RTwxE4XK9pvYfWeeT3NUnyN7gjGNZWvyp_FWImxN4RAJhWXmlDxs71JUVfUj8hxWHv7orRuJ6iGFSR2IZVqMNSo-p_7WyguZ-Y1VDNCL1XVOdfan6GEyvNM6Dlg4yT9NKr7CcvXvN_Eo6u3ZphsdzRPmLrkLZYtYBtrmjw9VwfAOHbhKAUjyxbmzhmuKB5Yl9L4KzaaFe_n4fVk9-F3_wL3CHDJpW4d1HEdyMxrRwCeuJbHtXWthM92UCZj0kF0VKBA7xKSJnZnXObLz83pggnXZ5G0bQQO1xrNKDJ6hsGP5VhYij6ovZCLd7K9sghM3cQG9uOFbu5wYKhdFy3ML0bfGVDdRuuo2fv0k0ql34_A-1DosH9-KECNJedK7pPaloaskcV088%26adurl%3D&documentReferer=https%3A%2F%2Fnets4.com%2F&ancestorOrigins=https%3A%2F%2Fnets4.com%2Chttps%3A%2F%2Fnets4.com&random=3004329418280&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

88.198.250.30 Hamburg, Germany, ASN24940 (HETZNER-AS, DE),

Reverse DNS

static.88-198-250-30.clients.your-server.de

Software

Microsoft-IIS/10.0 / ASP.NET

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://56591f2fb35485a454aea223b764c8fb.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Content-Range, Content-Disposition, Content-Description, X-XSRF-TOKEN, X-Location
access-control-allow-methods: GET,POST
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
content-length: 0
content-type: text/html; charset=UTF-8
date: Fri, 01 Apr 2022 17:45:57 GMT
expires: Mon, 26 Jul 1997 05:00:00 GMT
last-modified: Fri, 01 Apr 2022 07:45:57 GMT
p3p: policyref="https://pb.media01.eu/pb.media01.eu/p3p.xml", CP="NOI NID PSA OUR BUS NAV STA"
pragma: no-cache
server: Microsoft-IIS/10.0
x-aspnet-version: 4.0.30319
x-powered-by: ASP.NET
x-xss-protection: 1; mode=block

Redirect headers

Content-Length: 0
Content-Type: application/javascript
Date: Fri, 01 Apr 2022 17:45:57 GMT
Host: pv.medialead.de
Keep-Alive: timeout=20
Location: https://pb.media01.eu/view.aspx?trackid=529D4F146E3238B0FD87AE72E1190AD4&dt_subid1=52180&dt_subid2=55647300209773804444550011916023&actionid=981741&produktid=&dt_url=
Proxy-Host: pv.medialead.de
Server: nginx/1.17.5
Strict-Transport-Security: max-age=15768000
X-IPLB-Instance: 40027
X-IPLB-Request-ID: B9D59BA5:BC2C_91EFC182:01BB_62473A55_1704AB76:F723

GET
H2

200

index2.html Show response
singles.parship.de/lp/v00/6/U/htlp/ Frame 7092
Redirect Chain

https://www.awin1.com/cshow.php?s=2661283&v=11524&q=391598&r=296283&pref1=55647300209773804444550011916023&pv=1
https://trf.greatviews.de/cl?m315=c&q=nyVlHJ2acuRY7q9fsD728kyQ
https://singles.parship.de/lp/v00/6/U/htlp/index2.html?pscode=01_100_60078_1026_0001_0001_empty_AF00ID_GV1648835157.5503284.965323d8-b1e3-11ec-92b4-00155d255900ID

914 B
1 KB

107ms
53ms

Document
text/html

2606:4700::6813:ba79
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://singles.parship.de/lp/v00/6/U/htlp/index2.html?pscode=01_100_60078_1026_0001_0001_empty_AF00ID_GV1648835157.5503284.965323d8-b1e3-11ec-92b4-00155d255900ID

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:ba79 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a0eefaac4e8ab160d79687a64c9f34122d350439b483809bec8ad1c0eab25529

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://56591f2fb35485a454aea223b764c8fb.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

cf-cache-status: DYNAMIC
cf-ray: 6f5324398d139b82-FRA
content-encoding: br
content-type: text/html
date: Fri, 01 Apr 2022 17:45:58 GMT
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
last-modified: Mon, 28 Mar 2022 07:48:34 GMT
p3p: CP="ALL CUR OUR STP UNI PUR"
referrer-policy: no-referrer-when-downgrade
server: cloudflare
strict-transport-security: max-age=15552000
vary: Accept-Encoding,User-Agent
x-content-type-options: nosniff

Redirect headers

access-control-allow-origin: *
content-type: text/html; charset=UTF-8
date: Fri, 01 Apr 2022 17:45:57 GMT
location: https://singles.parship.de/lp/v00/6/U/htlp/index2.html?pscode=01_100_60078_1026_0001_0001_empty_AF00ID_GV1648835157.5503284.965323d8-b1e3-11ec-92b4-00155d255900ID
p3p: policyref="/w3c/p3p.xml", CP="DSP COR NID OUR IND COM NAV INT"
server: nginx
server-id: 12
x-robots-tag: noindex, nofollow

GET
H/1.1 200
OK request_content.php Show response
hal900023.redintelligence.net/ Frame 1AC3 7 KB
2 KB 36ms
12ms Document
text/html 78.46.23.46
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900023.redintelligence.net/request_content.php?s=55647300209773804444550011916023&a=f1ad237d
Requested by: Host: hal900023.redintelligence.net
URL: https://hal900023.redintelligence.net/request.php?zone=g72h7lz2c4az&nw=20&renderingType=javascript&namespace=fb947f86d4&subid=&uid=be6a56783d1d96ca&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCzVaYVDpHYtvpHYGgrATskb1opuW9oGmFlZynyQ_wLhABIPLTuXtgleKQgqAHyAEJqQJMNW9L_IeyPqgDAaoE4QFP0M2L4lglhxxWX4lW7aH9WVxrroH6QJqMlzQ31urZBtl9mGx7CZm_Gbavc2SkyLH4fHrMIghjKt-9xWUNGq-yN7wgkM1AHOSTCgsQZ0tzNVL83dcfUIvMdv7haq52lV3zECvz2o6W88dHdegWLUuEMJC-5sLzI3oaFAD0NtBJeuxR2sA2qTQGQ0JeZDRX84j-2e8f6cc7Mzs9gZlxOVmwS6apSX5S9Sl_1LtAUIDtwbK8JzwoYlCtOuMywim_lyeb1EoqSWOTp49R-yqvyJsMBtZ80XUK3iaXVGa9_95OKtHABOuP_I73A-AEA5AGAaAGTYAHrK31nwOoB47OG6gHk9gbqAfulrECqAf-nrECqAeko7ECqAfVyRuoB6a-G6gH89EbqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAkIiOGAEBABGB2ACgOYCwHICwGADAGwE4-10Q7QEwDYEwPYFAHQFQH4FgGAFwE%26ae%3D1%26num%3D1%26cid%3DCAASKORoshToJaNsu0PR_Dr7HgI2SvV6B0fg5LVs1fnYPQgv1xvYVNmoAEQ%26sig%3DAOD64_22tUbQruY9KaUkJq_qIvXjAeBqMA%26client%3Dca-pub-5413329544040947%26dbm_c%3DAKAmf-CJO5L8t2iGp7jnNPrcaQj497uxe_WoUaYkbwkaBwO4_ClsGY02GjcqrjZ4jXeem2xuLVBFJreXNPmt_t7CQm7JGfU_F4UIwajqH6p9Rqux7niik6bSyLMLPyaJzQUHLdY5g8kj-26HF8ZBmk53zanH2po3fg%26cry%3D1%26dbm_d%3DAKAmf-D1aHWHFStn6NP8G-cAjOuS_5flFCd6-9NMk7Ddyp87_xTcbVeYNJkhdbv779L9dVD0y7vjLfvl2mpmiYntHpS9vPl54RWK1f2t2px3a5RTwxE4XK9pvYfWeeT3NUnyN7gjGNZWvyp_FWImxN4RAJhWXmlDxs71JUVfUj8hxWHv7orRuJ6iGFSR2IZVqMNSo-p_7WyguZ-Y1VDNCL1XVOdfan6GEyvNM6Dlg4yT9NKr7CcvXvN_Eo6u3ZphsdzRPmLrkLZYtYBtrmjw9VwfAOHbhKAUjyxbmzhmuKB5Yl9L4KzaaFe_n4fVk9-F3_wL3CHDJpW4d1HEdyMxrRwCeuJbHtXWthM92UCZj0kF0VKBA7xKSJnZnXObLz83pggnXZ5G0bQQO1xrNKDJ6hsGP5VhYij6ovZCLd7K9sghM3cQG9uOFbu5wYKhdFy3ML0bfGVDdRuuo2fv0k0ql34_A-1DosH9-KECNJedK7pPaloaskcV088%26adurl%3D&documentReferer=https%3A%2F%2Fnets4.com%2F&ancestorOrigins=https%3A%2F%2Fnets4.com%2Chttps%3A%2F%2Fnets4.com&random=3004329418280&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 78.46.23.46 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.46.23.46.78.clients.your-server.de
Software: Apache /
Resource Hash: 65aae4cf0f232b05cceb06ef0748139a0f38a3236e5316c3c88e26baa502d305

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://56591f2fb35485a454aea223b764c8fb.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Connection: close
Content-Encoding: gzip
Content-Length: 2118
Content-Type: text/html; charset=utf-8
Date: Fri, 01 Apr 2022 17:45:57 GMT
Expires: Fri, 01 Apr 2022 18:45:57 +0200
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Pragma: no-cache
Server: Apache
Vary: Accept-Encoding

GET
H/1.1

200
OK

native.png
ad-server.eu/wm/pb/ Frame C04D
Redirect Chain

https://pv.medialead.de/trck/eview/e99aace94e6e5873830a7df8deda4aa6?subid=55647300209773804444550011916023
https://ad-server.eu/wm/pb/native.png

68 B
312 B

140ms
26ms

Image
image/png

54.76.176.197
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ad-server.eu/wm/pb/native.png
Requested by: Host: 56591f2fb35485a454aea223b764c8fb.safeframe.googlesyndication.com
URL: https://56591f2fb35485a454aea223b764c8fb.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Protocol: HTTP/1.1
Server: 54.76.176.197 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-76-176-197.eu-west-1.compute.amazonaws.com
Software: nginx/1.4.6 (Ubuntu) /
Resource Hash: 93ae7d494fad0fb30cbf3ae746a39c4bc7a0f8bbf87fbb587a3f3c01f3c5ce20

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://56591f2fb35485a454aea223b764c8fb.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Date: Fri, 01 Apr 2022 17:51:23 GMT
Last-Modified: Sat, 21 Dec 2019 23:06:59 GMT
Server: nginx/1.4.6 (Ubuntu)
ETag: "5dfea593-44"
Content-Type: image/png
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 68

Redirect headers

Date: Fri, 01 Apr 2022 17:45:57 GMT
Server: nginx/1.17.5
Host: pv.medialead.de
X-IPLB-Request-ID: B9D59BA5:BC2E_91EFC182:01BB_62473A55_1708CA95:F724
X-IPLB-Instance: 40027
Strict-Transport-Security: max-age=15768000
Content-Type: application/go
Location: https://ad-server.eu/wm/pb/native.png
Keep-Alive: timeout=20
Content-Length: 0
Proxy-Host: pv.medialead.de

GET
H/1.1 200
OK cshow.php
www.awin1.com/ Frame C04D 43 B
702 B 61ms
33ms Image
image/gif 104.92.94.3
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.awin1.com/cshow.php?s=2519595&v=14098&q=379097&r=296283&pref1=55647300209773804444550011916023&pv=1

Requested by

Host: 56591f2fb35485a454aea223b764c8fb.safeframe.googlesyndication.com
URL: https://56591f2fb35485a454aea223b764c8fb.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

104.92.94.3 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-92-94-3.deploy.static.akamaitechnologies.com

Software

Resource Hash

2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://56591f2fb35485a454aea223b764c8fb.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 01 Apr 2022 17:45:57 GMT
Strict-Transport-Security: max-age=86400
P3P: policyref="http://www.awin1.com/w3c/p3p.xml", CP="NOI NID CURa ADMa PSAa HISa OUR IND UNI PUR COM NAV"
Cache-Control: no-store, no-cache, max-age=0, must-revalidate
Awin-Akamai-Rule-Set: default
Node: Helix
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: 0

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame 7912 0
9 B 52ms
52ms Image
text/plain 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?F1MMfQ
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Fri, 01 Apr 2022 17:45:57 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0

GET
DATA 200
OK truncated
/ Frame C04D 215 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b013d22be6d8a2b28be8b79491ccd683cdb7957c2089315134e43358d8a4f4a0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame 0889 0
9 B 52ms
52ms Image
text/plain 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?2hfoPA
Requested by: Host: nets4.com
URL: https://nets4.com/domain/1800victims.org
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Fri, 01 Apr 2022 17:45:57 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0

GET
H3 200 css
fonts.googleapis.com/ Frame 1AC3 1 KB
419 B 123ms
62ms Stylesheet
text/css 2a00:1450:4001:810::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Titillium+Web:400,700

Requested by

Host: hal900023.redintelligence.net
URL: https://hal900023.redintelligence.net/request_content.php?s=55647300209773804444550011916023&a=f1ad237d

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

ea795a298e37c1cd48937e8d9b242162d213ebaa07c997769a6bfe4b4d8ec411

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal900023.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Fri, 01 Apr 2022 15:46:03 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Fri, 01 Apr 2022 17:45:58 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Fri, 01 Apr 2022 17:45:58 GMT

GET
H/1.1 200
OK /
hal9000.redintelligence.net/scale/ Frame 1AC3 16 KB
16 KB 33ms
12ms Image
image/png 46.4.10.49
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hal9000.redintelligence.net/scale/?nw=20&mode=bb&width=120&height=60&url=https://cdn.contentspread.net/24i/advertiser/6383/creativesup/pb_goldschmied_1200x627.jpg
Requested by: Host: hal900023.redintelligence.net
URL: https://hal900023.redintelligence.net/request_content.php?s=55647300209773804444550011916023&a=f1ad237d
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 46.4.10.49 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.49.10.4.46.clients.your-server.de
Software: Apache /
Resource Hash: cd118ca4cfc0876fbba8e8b8287392c8b1347e2f3736e9040b47770ac2f31e4b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal900023.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Date: Fri, 01 Apr 2022 17:45:57 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 16465
Vary: Accept-Encoding
Content-Type: image/png

GET
H/1.1 200
OK /
hal9000.redintelligence.net/scale/ Frame 1AC3 7 KB
7 KB 102ms
78ms Image
image/png 46.4.10.49
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hal9000.redintelligence.net/scale/?nw=20&mode=bb&width=120&height=60&url=https://cdn.contentspread.net/24i/advertiser/51649/creativesup/PS_Herbstkampagne2019_Inga1_OnlineMarketing_Display_Yahoo_1200x627.jpg
Requested by: Host: hal900023.redintelligence.net
URL: https://hal900023.redintelligence.net/request_content.php?s=55647300209773804444550011916023&a=f1ad237d
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 46.4.10.49 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.49.10.4.46.clients.your-server.de
Software: Apache /
Resource Hash: 2da7487e0e9f0d4e5b3bb5d1e497c5b6be3f323b93b150637ba979ed648bc43e

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal900023.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Date: Fri, 01 Apr 2022 17:45:58 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 7156
Vary: Accept-Encoding
Content-Type: image/png

GET
H/1.1 200
OK /
hal9000.redintelligence.net/scale/ Frame 1AC3 17 KB
17 KB 34ms
12ms Image
image/png 46.4.10.49
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hal9000.redintelligence.net/scale/?nw=20&mode=bb&width=120&height=60&url=https://cdn.contentspread.net/24i/advertiser/3839/creativesup/father_daughter_1200x627.jpg
Requested by: Host: hal900023.redintelligence.net
URL: https://hal900023.redintelligence.net/request_content.php?s=55647300209773804444550011916023&a=f1ad237d
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 46.4.10.49 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.49.10.4.46.clients.your-server.de
Software: Apache /
Resource Hash: be19ea8234abcd03eedc5bb4f75af3a683df6153db9e92c3477683b32a967636

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal900023.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Date: Fri, 01 Apr 2022 17:45:58 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 16857
Vary: Accept-Encoding
Content-Type: image/png

GET
H2 200 peg_logger.js Show response
singles.parship.de/static_cms/parship/static/peg_utils/peg_logger/ Frame 7092 12 KB
4 KB 23ms
23ms Script
application/x-javascript 2606:4700::6813:ba79
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://singles.parship.de/static_cms/parship/static/peg_utils/peg_logger/peg_logger.js

Requested by

Host: singles.parship.de
URL: https://singles.parship.de/lp/v00/6/U/htlp/index2.html?pscode=01_100_60078_1026_0001_0001_empty_AF00ID_GV1648835157.5503284.965323d8-b1e3-11ec-92b4-00155d255900ID

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:ba79 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f3404d30f1b9956025fd6221078b56ab9f3301a4af97ddaeb3ef8cc4a8bb88de

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://singles.parship.de/lp/v00/6/U/htlp/index2.html?pscode=01_100_60078_1026_0001_0001_empty_AF00ID_GV1648835157.5503284.965323d8-b1e3-11ec-92b4-00155d255900ID
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Fri, 01 Apr 2022 17:45:58 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 4435
strict-transport-security: max-age=15552000
referrer-policy: no-referrer-when-downgrade
last-modified: Tue, 22 Mar 2022 10:03:55 GMT
server: cloudflare
etag: W/"62399f0b-2ea6"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: max-age=86400
cf-ray: 6f53243a2e7b9b82-FRA
expires: Sat, 02 Apr 2022 16:15:56 GMT

GET
H2 200 pegtracking_combined.js Show response
singles.parship.de/static_cms/parship/static/peg_utils/tracking/ Frame 7092 30 KB
9 KB 30ms
30ms Script
application/x-javascript 2606:4700::6813:ba79
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://singles.parship.de/static_cms/parship/static/peg_utils/tracking/pegtracking_combined.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:ba79 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9007a72d0fa0a45bdb1ba8527cdfe7122636a3ae014d75d32ece4de4efea45b4

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://singles.parship.de/lp/v00/6/U/htlp/index2.html?pscode=01_100_60078_1026_0001_0001_empty_AF00ID_GV1648835157.5503284.965323d8-b1e3-11ec-92b4-00155d255900ID
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Fri, 01 Apr 2022 17:45:58 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 4435
strict-transport-security: max-age=15552000
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 04 Feb 2022 09:22:00 GMT
server: cloudflare
etag: W/"61fcf038-7633"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: max-age=86400
cf-ray: 6f53243a2e7d9b82-FRA
expires: Sat, 02 Apr 2022 16:08:43 GMT

GET
H2 200 v652eace1692a40cfa3763df669d7439c1639079717194 Show response
static.cloudflareinsights.com/beacon.min.js/ Frame 7092 14 KB
5 KB 42ms
42ms Script
text/javascript 2606:4700:440e::6812:2fe6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://static.cloudflareinsights.com/beacon.min.js/v652eace1692a40cfa3763df669d7439c1639079717194
Requested by: Host: singles.parship.de
URL: https://singles.parship.de/lp/v00/6/U/htlp/index2.html?pscode=01_100_60078_1026_0001_0001_empty_AF00ID_GV1648835157.5503284.965323d8-b1e3-11ec-92b4-00155d255900ID
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:440e::6812:2fe6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: fd0a1ac929c11b08e819fe4b0a18c5574012c44f09de8987c6be99a0f055a505

Request headers

Referer: https://singles.parship.de/lp/v00/6/U/htlp/index2.html?pscode=01_100_60078_1026_0001_0001_empty_AF00ID_GV1648835157.5503284.965323d8-b1e3-11ec-92b4-00155d255900ID
Origin: https://singles.parship.de
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Fri, 01 Apr 2022 17:45:58 GMT
content-encoding: gzip
last-modified: Thu, 09 Dec 2021 19:55:17 GMT
server: cloudflare
etag: W/2021.12.0
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
cf-ray: 6f53243a4a289232-FRA

GET
H/1.1 200
OK viewability Show response
hal900023.redintelligence.net/ Frame 1AC3 0
150 B 35ms
13ms Script
text/html 78.46.23.46
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900023.redintelligence.net/viewability?s=55647300209773804444550011916023&a=7d5fd49b&vb=m
Requested by: Host: hal900023.redintelligence.net
URL: https://hal900023.redintelligence.net/request_content.php?s=55647300209773804444550011916023&a=f1ad237d
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 78.46.23.46 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.46.23.46.78.clients.your-server.de
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal900023.redintelligence.net/request_content.php?s=55647300209773804444550011916023&a=f1ad237d
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Date: Fri, 01 Apr 2022 17:45:58 GMT
Server: Apache
Connection: close
Content-Length: 0
Content-Type: text/html; charset=UTF-8

GET
H2 200 eum.min.js Show response
eum.instana.io/ Frame 7092 24 KB
10 KB 83ms
33ms Script
application/javascript 2606:4700::6810:cc16
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://eum.instana.io/eum.min.js
Requested by: Host: singles.parship.de
URL: https://singles.parship.de/static_cms/parship/static/peg_utils/peg_logger/peg_logger.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6810:cc16 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: dfe658be8d8e54a34181f699d2ca4237d959467b1a7c0da9519290f8df62c5d6

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://singles.parship.de/lp/v00/6/U/htlp/index2.html?pscode=01_100_60078_1026_0001_0001_empty_AF00ID_GV1648835157.5503284.965323d8-b1e3-11ec-92b4-00155d255900ID
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 01 Apr 2022 17:45:58 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Tue, 22 Mar 2022 09:52:02 GMT
server: cloudflare
age: 373449
etag: 768077806--gzip
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript;charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=604800, stale-while-revalidate=2678400, stale-if-error=2678400
cf-ray: 6f53243b1fd06939-FRA
via: 1.1 google

GET
H2 200 nvi Show response
singles.parship.de/nocache/ Frame 7092 15 B
383 B 45ms
45ms XHR
application/json 2606:4700::6813:ba79
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://singles.parship.de/nocache/nvi?url_path=%2Flp%2Fv00%2F6%2FU%2Fhtlp%2Findex2.html&pscode=01_100_60078_1026_0001_0001_empty_AF00ID_GV1648835157.5503284.965323d8-b1e3-11ec-92b4-00155d255900ID&ref=https%3A%2F%2F56591f2fb35485a454aea223b764c8fb.safeframe.googlesyndication.com%2F

Requested by

Host: singles.parship.de
URL: https://singles.parship.de/static_cms/parship/static/peg_utils/tracking/pegtracking_combined.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:ba79 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

92f75b3d52eb22fd4d5af5352dc0bb43e5d0bc979f274783e7cd17884221b72e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://singles.parship.de/lp/v00/6/U/htlp/index2.html?pscode=01_100_60078_1026_0001_0001_empty_AF00ID_GV1648835157.5503284.965323d8-b1e3-11ec-92b4-00155d255900ID
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Fri, 01 Apr 2022 17:45:58 GMT
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000
content-type: application/json
cf-ray: 6f53243ad8159b82-FRA
content-length: 15

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame 8B33 0
9 B 52ms
52ms Image
text/plain 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?-3FZng
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Fri, 01 Apr 2022 17:45:58 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 54EB 0
20 B 88ms
88ms Image
image/gif 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=Blw3SVDpHYpPZI9aHrAT3xquoCAAAAAA4AeAEAg&bg=!ERKlElbNAAZku-1yRLs7ACkAdvg8WiGrAvtuLfMF3sMNZKTan898-feA_QYt0_2fXPFa2sYm6fWTIwIAAAHoUgAAAAJoAQeZAzqFRazxEHYmBmmgQVhvbNclfuROG75eF3GbZMBCkZH3h-3XK2zIrD4dvG-C4X7mtdoZJe489xlxb7neBqUa7IdeGYkZxzsVs-N-JYlKFekiAqizWvoh8WPGApELfGzk0UUTOFR4a7632ZYR0_KxCTpqVUQDyCHtKk2PJmPO0ks5_RFLKgYkbcTm8QDqT6cAxl7NqEcDK50lf5G_-Q3ASMlB9LQHmUp9cM6aDETnsGG8k75PM6-k9LdExApk5CHpP3MYxmVz2TTbHR8bG7zb0nAggcg7s6CN25ZaQc6x6-sfsPm41uGkNdxIOE627DuKHR01Yw9X9hgwFHQoENLjuFyKogFX7nvFlIhLio72q0HDKc1KTDM4DLd42QshbUATU5T2F68QpwdtF-whr8l_yTgLIqoDXWYOtUN8OvRBPBCO5uQHj-rav8ZZcyNwnvthN4J8KRKesnwZ0HrZsWl7V53J7BPyerF8HDPxvnSt6sHrj-vYLzMuF9h1qWjhdFLJtjaP_ZIOlCoYVdYINi4D2lytkC_JBau2JSCFAXZUV799oovZOTLM9SqVpn_6lX0NhQFrPiHZ8iagfROiX1Aj-gULiNXZC9wioB6pvaJoeM_UPA391IZe8zAv4niURrADWEoe-LH2bWI0FedCmb1GTV_ccRF0HIkb2uWzDngevERW8pkB2NemMr5SA2Mb1Rzt2Fs30sIxDMaYnjZsdSwBh23JDX_AmmUDS6yewy-cHFkP4wl4bfaClGsU5PGyFNcwS2bfZgElrymNWZTk3ACWJWh1W6eviToRbVcl0C7xMuUQvjYHkqQlMIjh80EiYJYCu3L4GFjlZFiWZV0gaKQs8B57YS6L_YcvChscfSli6edtjvjvfMyg_8rd4o3cQVuiEMW_0B619GwuKE6QqdNSwyz5nbNAduBKVpuqqFW0pyvQnSwk52-6ZtvJ7Q_VjzvRjzKO6qaieKNGmnSXp0KpN6wQGPaXEkRjOlqrYkHCI2kbHYmeatBDzUgk3oEfy3IfZCdJwXxtf46geU-ejiuZRLvH0a_1L7X9YgbBgoRalLWIud2gZpo5RZiEf2MQ6sbD98Itub3-sT7M6ywm

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 01 Apr 2022 17:45:58 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 7FE7 0
20 B 89ms
88ms Image
image/gif 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BqGQDVTpHYvSsDq6E7_UPtfKkuA0AAAAAOAHgBAI&bg=!9_Sl9LDNAAZku-1yRLs7ACkAdvg8WrjCiiK2IThZznj1OYUGC9SZjoN8-5BdrYXlFqnjigfC58ECfQIAAAFSUgAAAARoAQeZAzN6M9Qxe4EXWMiAg20pk7Fqo5HBc7CRsjdkWX4JaZFEqZpKcU805nPlBRY9SWVYLI4IxsSbpUzBNmDeOHLOnOAtDno3SJV8gAK-1N-DifTQx6WtLqyo3IEMoVCm-rzJN1XOu0TUdNnZ-klVGEVMmp9_IulrpwmVOCJb1oVqS9L8CrivrIHNkc0wCun1qFbUycRpp2NyNtCmgTmD9H5frtHvioJEAWV6SNbMhNhkuXrBo9WhFqnKD1CWgaIwSavO7Ne4WBl8ywdLEwP_pv6bKSvGp4sKkkw_UrmC1Jy9ri-Z5Zl7IBpv41NfsRh6-xmD0ovfEKnAN-u_1E74dyUZ9YCgWB-g8_C2f1K4Ks3T5H7uFNlaPE0V4GTZnPWap0BmCEX7eCvp6hbHj4tlyVeJUODedK-0NH9Vyf7fEVqcyZMOk3BD2_AWZHXRniiOji-0iQ_WvuFwSr_pcjF76z89YndmGT4iTUVHV5roCErFxVmLHn_Bpfce2Wg3z6pmTlsVpouoq3n62XsH1onYi4_QClu1hJeAe0MsXv_HJq6JmyB_trqYP5bOte_bmkcF3Os7nUuCzn-OKFYyN5cniul5nU4L7kjBIFdW3OLf9afkBUPgU_ER_JY8gwx5Z2R4_sAwsiv4QPwCb9ZtbSbUUuQ6ZqLsYQNsJLqI0arxCXzNd6N2Ejs3p2WZI-SiYXjOkygjYhX5--N9nAt90Iw94DJuiKQ9Sd1Vuld50zWlJpV7hEpdPSLCcoJfjjj6M99-42wScGioeM_hd-G3SR-sUR_Y2JpKqAN4aEAmaBytObVRYWqd-WiXZlm7UC_f6cowgQxZPfhQuc70KkNRQmy63JQWb2ZEpVdYWD-ICvBN5MYGoFeUrzUB8mCBjMHX5zieMumJbN8tVRRb-3Vt1pCmT6ch7YBhwt8ijh9OtFa_4Oo9aLOBLxNsWfjzqTqzr5Hx-kUugWmdx2JZKJGtQgSojAECoxMnBDKH1Yrxli3j9ERi3Id70BilD5Atdpy6fFim6Oa4awlAccwvd43sfiFz5UV5wkfid91nu2-buxWzVZ9r38h261dAlHyLqUwBgbmrQZViB0G-dRk

Requested by

Host: 56591f2fb35485a454aea223b764c8fb.safeframe.googlesyndication.com
URL: https://56591f2fb35485a454aea223b764c8fb.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 01 Apr 2022 17:45:58 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 rum Show response
singles.parship.de/cdn-cgi/ Frame 7092 0
213 B 19ms
19ms XHR
text/plain 2606:4700::6813:ba79
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://singles.parship.de/cdn-cgi/rum?

Requested by

Host: eum.instana.io
URL: https://eum.instana.io/eum.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:ba79 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

X-INSTANA-T: 4ace8ade8978002
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36
Referer: https://singles.parship.de/lp/v00/6/U/htlp/index2.html?pscode=01_100_60078_1026_0001_0001_empty_AF00ID_GV1648835157.5503284.965323d8-b1e3-11ec-92b4-00155d255900ID
X-INSTANA-S: 4ace8ade8978002
Accept-Language: de-DE,de;q=0.9
X-INSTANA-L: 1,correlationType=web;correlationId=4ace8ade8978002
content-type: application/json

Response headers

date: Fri, 01 Apr 2022 17:45:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cloudflare
x-frame-options: DENY
access-control-allow-methods: POST,OPTIONS
content-type: text/plain
access-control-allow-origin: https://singles.parship.de
access-control-max-age: 86400
access-control-allow-credentials: true
cf-ray: 6f53243b698a9b82-FRA
vary: Origin

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 777C 0
20 B 90ms
89ms Image
image/gif 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=225&t=2&li=gpt_2022032909&jk=1845302572803266&bg=!Z2SlZCDNAAZku-1yRLs7ACkAdvg8WkYHvWDcPPFaYjiOL1ogVHIXH3z1mIlbCalTZG6TDXBuvH5qLQIAAAH0UgAAAB5oAQeZAvdihjaC8H69ENGulIzKRLyMf_ztjR1w2xytUZ538BVbjB5mAnrvr95eFxO3MYWH2wtuZ6-BmHLBPX70Ri5BB-QkkLOwuepZT9gjgK-WUTjiIBdJRW2A26OKqw8zigJ-KsbYVG5o9qRgZL4grmG9KoR4-llkVniwpB2NDYov5jNVmpbnXlNxnkSWi3MQdrvLINACIBlQP-ONLfsoK5UXcVbUN0sB2uS5yniU0wJcNUTvnqNsMTegyh1RTv_QwCoYaI6c6juW0yKG3y5Z9sNNHdUNIGhSG0MXX41J2YecoYFVDIh-NHeGfUWKibkr7OxSbdX1sNTil-H5oFPsVqsIvw2yl8zhAidlBPlCbGw0M0wNrKkurPLF9qogmTDtBnLV3CFG0RaJ-qAFrUz6aFaqLySyyOFNnHLqa3yjdri3quAGsCedxnloZq58y5Se89aNA9fTyZrt4SJl8jEmkKJQOYanoBgqdv7lIVSNKibSC1TVWT_PtcSOZi54M3Gsq-UWHglOdT2VQ1luT63ZBcYTnauKOC9DyHWXDUZA9GUlUYhSFXBllWoi-KHsdhqyyfqmZFDBb6J4_2xhYXUX3rW6-5wmV6rMFl2SX0RSa1ue2iNvMxG7yTdcXm5tvNz2rdaR7Tx5PxwIVkCLOi_zMFosiEI_rea6KuAnUS-yWYE3j74EmQHNxlnQdV-zPgu0VXDCZSxJvRh0iKdKQ8JTtwxyFZFLn4tX6WEcWcJBJcwcF66mXaOfzJrVwIMOxh9t0LgC148cFMP0lH7MTdp8aQrCq16L6L48RToH80Jp4TB_lLeb_YR1WPaWI0Jfs3IhGQrs7u1wez91SIip3n13sOZGOJjMSkKOuUQPPdjEXvXVkm7E-M2ZGxerxqve_OZG6-Eoy1eYch9eTnpZ0a3NOSDM-pqRjQDENThFwGZtd1rgROiD-WPc8l-8S-2lIz6CfSNjvKz5TQKVSzORYv6VqTqMNGi7YN2IoxOfyGPO60Ex2KbB7CUfCvdTYiE

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 01 Apr 2022 17:45:58 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 17FF 0
20 B 88ms
87ms Image
image/gif 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=225&t=2&li=gpt_2022032106&jk=1126484343955818&bg=!CgmlCU3NAAZku-1yRLs7ACkAdvg8Wmz4rZ6opv2OCHiWrwlcEDNcX_4YxCHdfMCWU0aa25g-17xtRgIAAAIzUgAAABdoAQeZAuXAPnqKrbLhgIcuin5i_dPtoiRZhOAqUtr3iQbtCFOoOnUiXQW98Kkr1W00I-Oxkshlo8o0k43ldoQ34nO6795N1KwhUsSAauLYBZg4rq9ywlh4edqGicTiQ8Xzy2BrN2SJ3Gl6X3nv5xIer2F0Q6o6ZgjE25weDS_QRaY53cyJwrl2OaGj_4965RZ9CKHkyH3Qth0MLcruoDtsHOdQGEIPGi-odvUK9FHOdNCOOGhr0PIBZRcVUUv4irVzubjCTD62x366KqsWuyBim2dd7oVYNh9YoyoUDW__yGEOeyAO65D-PKfHJC7CbxCKpvuE8TRfnNtDlXBJti04XS7DRbI_-LPZc-sJ06O33gvqoUO4Og4d2DXXe6Q3tBSjSMi23E0Q6Bvc25DF3VUQEw0RA34L34kM0Uveifqq6nfk8LQrlcKNtmhcPPLMbbcQMlR2IJDMeyskl40wHApjP-HYnXWSC5m53PuNqhgnNfWE8Hv-BgDoO8_8NpegBPlJTnTDFq-tRM16bb8jpW1ZrMku76EAkrK6by-NhHOl5uug5kmjV0FXYOeLaN2-u7JxQ6mRP3aVNI9RQtgsrpks1f6e0F-P-MSWqIOdmtT5bazgyHi55o8DC50x9spXds1Hs0kFnIQPTmEUQyPxCfHNcyoiaj0TKOBZtV2bIwod0LiT1yQwd8M1tJOJxVsQPsYHksUIwYXk5ZaqX6T0dDbRVl7ADKRTRp-a9XTm6gBg7ofOLFQFioEoWdw4BcPJm0Z-eID0r_EuMq7KArGn0beuDYcMnuU7xYLwxKAdw6Dq9tTGcSrKdWtLf5EzenL8nP2Szz9Qlvd4r12Gh9F4zQE3mhcpPp6puIsuT_LucyyEQpPAl-c6GpEmsnbEIon-xVCv70MkDcGICHB9769cV2_1vssNVffWNxed6qn1tymFEK6s02FeLD32jI1ykN7ucwlqrj1KyId99rpKPSbHiObewaWrclQxcfy_IuI

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 01 Apr 2022 17:45:58 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 1D4B 42 B
64 B 87ms
86ms Fetch
image/gif 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsv4YHfPwB_dHkpgrjFl1gWLLWzdla7Lo8QUVbuOwOAIxul2SkgO0I91fyrXp_OzNfz5ZhBeAFW8wEhyH7hNP0zn&sig=Cg0ArKJSzHUw_tYwMI6yEAE&cid=CAASF-Ro5HQVtxUmJov6rgWwboWP11fw4kPO&id=lidar2&mcvt=1000&p=939,1289,1189,1589&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20220330&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=882885121&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0%3D&vs=4&r=v&rst=1648835156568&rpt=372&isd=0&lsd=0&met=ie&wmsd=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://05e677a25dfd6c4f47b6a28676ce2f35.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 01 Apr 2022 17:45:58 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame A796 0
20 B 89ms
89ms Image
image/gif 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=225&t=2&li=gpt_2022032106&jk=3527874828063311&bg=!pKelp-PNAAZku-1yRLs7ACkAdvg8Wv3yoSPMivDJGpwswq9gU1loQEIux8lokL2VD4idBtXYllSh4gIAAAFFUgAAAB5oAQcKAGOuJMSrHl1vD_A3OOuouMO9mm4oEdDClBheQKn08EoBxxO23MCChLP22pMdahfYqZNnqOLjjt99xPYLR_wz_uQx9SyaG_oXeVhvBTtAKTfAFKH7UKDAhxZocRCdMbYSnQYgXwyZAv_ch01XkmsWwvTpZg293hQUf9ew2MDziQ2_iWgJ8Sch_Urz4xqBFyzk6vE0ISO6mKIWb7hkQhi0lh-_D7f9qhlNunEgZS8aHg_OmeMjms2n077wPbDPobQvebudYs_gNybIQWGiJ9XLsZqrdyyQ8eOSJtWmTMgVSKKx0S-mVKRcMpFdRa-VLMTeD9dW4RySEzod0vVI_HHhQBVU_FiU1bQz9KpbXpWLXAbHbGYPeF_5x1VVqO94N5T6f2WQWFeerZGUyjSyrih1Bcc9bRBr4MfBZQH8weM280OjBsa9_os1etoqBWRZjEt4ByQXHeym1cMFLAau1qOcLHvfuFTgjRrgSSumR_pxrh63mNvBrycb-GnI57xIhlVqOU1sT-NcHSk2JDUfKtnLPn6YX8MjGr2xxtVRvv55teNRH2Vl5evGdhQP9IKbajPEG07Q63NRYzV_3RF0d-RsedsiKVry0x1RF2k3RDRYBV33H7BuYmxr4QmACRXhBD6rmWvOFwOJ92aq2pZJYNN2FGCuQdsqOI6LaK9_c7IQF0LX5gZOPJYxQovrVSvL64Ft-TR8efBD_3In8nCyTqeDUzyGgspLeE5Ak5CkgYpwqa4TbLcUHG50aOXT105L1moum-UBYhuV1g52dOJBBfw_ZVvxntqBZSdXEnbNysqkzdc9nHfqBCePs_oBa0mhpwgu-51wQeMDZ88Vou3qA3uE9ltum22Zv3vABXLV6zDS2hOtpuLXBZvanWzB_GR7mBj7yrgx6RBQYD1pV3ptCzCDLDwIOnr4TWkI11kWhBa6Nq-_loOtnWqPWqOJdiwyx-NEmtdd7wqDAq6XaICC1QCrKIvx9LAEaHrpREoq70Hb6P8xA61duTsvKE_htx_fL518jmORLN2dkJ2345AB9GtLGSmprqCwxl_iaeuDf0ZotQiNq5V1ewuC11uXaePFeHwpUS1L0niudnZS0alXoUZT9ll-IWq8cW7cwysqzRlbCAJbbQ67nmUENmFV76DSavE6VMQLbeLZbw

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 01 Apr 2022 17:45:58 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 all
csm.eu.criteo.net/ Frame 1337 0
127 B 16ms
15ms Ping
text/plain 178.250.0.162
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.0.162 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Finatra /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://ads.eu.criteo.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Fri, 01 Apr 2022 17:45:58 GMT
cross-origin-resource-policy: cross-origin
server: Finatra
content-length: 0
strict-transport-security: max-age=31536000; preload;

POST
H/1.1 200
OK /
eum-eu-west-1.instana.io/ Frame 7092 0
190 B 115ms
27ms Ping
text/plain 108.128.44.193
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://eum-eu-west-1.instana.io/
Requested by: Host: eum.instana.io
URL: https://eum.instana.io/eum.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 108.128.44.193 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-108-128-44-193.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://singles.parship.de/lp/v00/6/U/htlp/index2.html?pscode=01_100_60078_1026_0001_0001_empty_AF00ID_GV1648835157.5503284.965323d8-b1e3-11ec-92b4-00155d255900ID
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: *
Date: Fri, 01 Apr 2022 17:46:00 GMT
Cache-Control: no-cache, no-store
Connection: keep-alive
timing-allow-origin: *
Content-Length: 0

POST
H2 204 collect Show response
d.clarity.ms/ 0
48 B 183ms
183ms XHR
text/plain 40.76.174.66
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://d.clarity.ms/collect
Requested by: Host: d.clarity.ms
URL: https://d.clarity.ms/s/0.6.34/clarity.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 40.76.174.66 Tappahannock, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/x-clarity-gzip
Referer: https://nets4.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

access-control-allow-origin: https://nets4.com
date: Fri, 01 Apr 2022 17:46:00 GMT
access-control-allow-credentials: true
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
request-context: appId=cid-v1:238681e8-7d6b-453a-acb6-7dcad74f3111

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_2022032909&jk=4431418652372190&rc=null

Domain: cm.g.doubleclick.net
URL: https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Ykc6VcjD6AygT2j5hLzZygAABHAAAAIB&google_cver=1&google_gid=CAESEN78aTTefshPupouBqMYAOw&google_push=AYg5qPIHnoURpFdo5sS-1Msa0dNgqGDuogdXykmQwuoandjxnxFt9ZX3rZ68d1754X6Yue8C09c1qpQoQQ5uWDFs72sL03xbbow

Domain: cm.g.doubleclick.net
URL: https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=aAWKgpxFQUSmgMzr3Zucbw&google_push=AYg5qPKbCVBmluU4afOOyYDI1qzZ_5J8Y4LIc_h_8VSLyjFympD99kOS0zGM6qPB8HFQEM1D_invuOxgrgoXVZfNOFJNRcAQEuw

Verdicts & Comments Add Verdict or Comment

67 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

45 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.nets4.com/	1970-01-20 19:31:47	Name: _ga Value: GA1.2.466562161.1648835154
.nets4.com/	1970-01-20 02:02:01	Name: _gid Value: GA1.2.1551955203.1648835154
.nets4.com/	1970-01-20 02:00:35	Name: _gat Value: 1
www.clarity.ms/	1970-01-20 10:46:11	Name: CLID Value: e4ad0d673114429eaca8d883efac4a87.20220401.20230401
.nets4.com/	1970-01-20 10:46:11	Name: _clck Value: 1m4gay4\|1\|f09\|0
.nets4.com/	1970-01-20 02:02:01	Name: _clsk Value: 1hebb7s\|1648835154850\|1\|1\|d.clarity.ms/collect
.c.bing.com/	1970-01-20 11:22:11	Name: SRM_B Value: 3A49F951769367E82E8EE82877F8661F
.c.clarity.ms/	1969-12-31 23:59:59	Name: SM Value: C
.clarity.ms/	1970-01-20 11:22:11	Name: MUID Value: 3A49F951769367E82E8EE82877F8661F
.c.clarity.ms/	1970-01-20 02:00:35	Name: ANONCHK Value: 0
.nets4.com/	1970-01-20 02:00:36	Name: __cf_bm Value: 6.MOe6DiM1dB.U__4_5UTLyUUKB_MAJAVLzmUvWL6j4-1648835155-0-AQTzjwjFHgoAyflY4gg3tXCOWohFI9TCEJnofoEX6Nqh+jdZKg5+UdETTdPjdrOBfvHprzvc5DlydcPaA1lz4w9w1FvOMI/yy1gAuNy1bAMSROhgBwiSFmg0FiC8TjNwbg==
.doubleclick.net/	1970-01-20 11:22:11	Name: IDE Value: AHWqTUnBlCVsnkZrpBh0vG-RazfnRelG-6HvLoFRR_svU2HedttyFy5m8yXgskXf7Dc
.nets4.com/	1970-01-20 11:22:11	Name: __gads Value: ID=adb2c4bf19f473fa:T=1648835156:S=ALNI_MbB0_Kd2-zAGV8ybp8WUFDCaPpgxQ
.adnxs.com/	1970-01-20 04:10:11	Name: uuid2 Value: 216155332267564915
.casalemedia.com/	1970-01-20 04:10:11	Name: CMPS Value: 3270
.casalemedia.com/	1970-01-20 10:46:11	Name: CMID Value: Ykc6VcjD6AygT2j5hLzZygAA
.casalemedia.com/	1970-01-20 04:10:11	Name: CMPRO Value: 1136
.casalemedia.com/	1970-01-20 02:02:01	Name: CMST Value: Ykc6VWJHOlUA
.adnxs.com/	1970-01-20 04:10:11	Name: anj Value: dTM7k!M41.D>6NRF']wIg2GVQoo$2:!]tbPl1M>e)ZlrFUfJ+tGXxpCb<tl>:dZk4:cCu6TCII[<tjC2b#qnPJ!j1e3If)y3KL9D3I?+=:Qb(-
.adfarm1.adition.com/	1970-01-20 04:10:11	Name: UserID1 Value: 7081693075824507020
.casalemedia.com/	1970-01-20 10:46:11	Name: CMRUM3 Value: 2d62473a552760CAESEG65ho3wu-MPYcfikJnkqHU
.redintelligence.net/	1970-01-20 04:10:11	Name: 8lcfmzhxc8d6_uid Value: 10a44a956200f688
.360yield.com/	1970-01-20 04:10:11	Name: tuuid Value: 68058a82-9c45-4144-a680-ccebdd9b9c6f
.360yield.com/	1970-01-20 04:10:11	Name: tuuid_lu Value: 1648835157
.simpli.fi/	1970-01-20 10:47:37	Name: suid Value: 1C61582BE2764616972C109DAF982F13
.awin1.com/	1970-01-20 02:10:39	Name: awpv14098 Value: 296283\|1648835157\|964b1bc1-b1e3-11ec-956f-22655f6734d7
.awin1.com/	1970-01-20 02:02:01	Name: awpv11524 Value: 296283\|1648835157\|964b90f0-b1e3-11ec-ba92-2231672bdcd1
.awin1.com/	1969-12-31 23:59:59	Name: AWSESS Value: 391598:2661283
trf.greatviews.de/	1969-12-31 23:59:59	Name: ads_si Value: a%3A3%3A%7Bs%3A2%3A%22si%22%3Bs%3A36%3A%2296532504-b1e3-11ec-92b4-00155d255900%22%3Bs%3A3%3A%22sit%22%3Bi%3A1648921557%3Bs%3A6%3A%22expire%22%3Bi%3A0%3B%7D
trf.greatviews.de/	1970-01-20 19:31:47	Name: cjcookie Value: a%3A2%3A%7Bs%3A2%3A%22id%22%3Bs%3A38%3A%22cj96534052-b1e3-11ec-92b4-00155d255900%22%3Bs%3A6%3A%22expire%22%3Bi%3A1711907157%3B%7D
trf.greatviews.de/	1970-01-20 06:19:47	Name: mcookie Value: a%3A3%3A%7Bs%3A4%3A%22m316%22%3Bs%3A36%3A%2296532496-b1e3-11ec-92b4-00155d255900%22%3Bs%3A11%3A%22click_12771%22%3Bs%3A57%3A%221648835157%25%255503284%25%25965323d8-b1e3-11ec-92b4-00155d255900%22%3Bs%3A6%3A%22expire%22%3Bi%3A1664387157%3B%7D
trf.greatviews.de/	1970-01-20 02:10:39	Name: ads_pu Value: a%3A2%3A%7Bs%3A4%3A%22seen%22%3Bi%3A1%3Bs%3A6%3A%22expire%22%3Bi%3A1649439957%3B%7D
trf.greatviews.de/	1969-12-31 23:59:59	Name: ads_ps Value: a%3A2%3A%7Bs%3A4%3A%22seen%22%3Bi%3A1%3Bs%3A6%3A%22expire%22%3Bi%3A0%3B%7D
.tribalfusion.com/	1970-01-20 04:10:11	Name: ANON_ID Value: asnseFxZduB7RApTrruF6M0DGUqXNRMO1rjQSfhUG0j1KjjWGY1ErGh8jofrJErUeu6DYfe2y7L5rYGUqUwye
.singles.parship.de/	1970-01-20 02:00:36	Name: __cf_bm Value: i15TNxlyzYqr0xYSnuRcc9u4Bxhwf9l0TUq5AxPHp9g-1648835158-0-AQjomZy8mHEv0k94QM1TpRxgq005Ikl8HOPepMISia4R9eefWJdQdEqjN9gVKFyZDMnsPydc1wTFMjTR4WrFuNU=
pb.media01.eu/	1969-12-31 23:59:59	Name: ASP.NET_SessionId Value: ch4lgr04c0tbht0cbeqtend4
pb.media01.eu/	1970-01-20 19:33:13	Name: DTU Value: 9EF3E5AFB93C40FE670BEC8200AE5F5C
.parship.de/	1970-01-20 02:10:39	Name: NVI_LC2 Value: 01_100_60078_1026_0001_0001_empty_AF00ID_GV1648835157.5503284.965323d8-b1e3-11ec-92b4-00155d255900ID_TS%3A1648835158
.parship.de/	1970-01-21 03:55:47	Name: NVI_FC Value: 01_100_60078_1026_0001_0001_empty_AF00ID_GV1648835157.5503284.965323d8-b1e3-11ec-92b4-00155d255900ID_TS%3A1648835158
.bidswitch.net/	1970-01-20 10:46:11	Name: tuuid Value: e75e67cc-9573-48cc-998a-b036165251fd
.bidswitch.net/	1970-01-20 10:46:11	Name: c Value: 1648835158
.bidswitch.net/	1970-01-20 10:46:11	Name: tuuid_lu Value: 1648835158
pool.admedo.com/	1970-01-20 10:46:11	Name: tuuid Value: 4be4a0f6-db11-4591-9f9e-b3348011002e
pool.admedo.com/	1970-01-20 10:46:11	Name: c Value: 1648835159
pool.admedo.com/	1970-01-20 10:46:11	Name: tuuid_lu Value: 1648835159

10 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
javascript	warning	URL: https://nets4.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/jquery.min.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	URL: https://nets4.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/jquery.min.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	URL: https://nets4.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://cdnjs.cloudflare.com/ajax/libs/popper.js/2.10.0/umd/popper.min.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	URL: https://nets4.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://cdnjs.cloudflare.com/ajax/libs/popper.js/2.10.0/umd/popper.min.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	URL: https://nets4.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://cdnjs.cloudflare.com/ajax/libs/bootstrap/4.5.3/js/bootstrap.min.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	URL: https://nets4.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://cdnjs.cloudflare.com/ajax/libs/bootstrap/4.5.3/js/bootstrap.min.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	URL: https://nets4.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://cdn.purpleads.io/load.js?publisherId=344ad2e45bc351c4ada152793585a015:8aed5d81ec539e8e6c45776fc6ee38d0aa92f5aeb356bf9114996f6476591916247996f56f76a9fe14770cd4806b54edb29d6938615ba1769d3b435fb1fcd83b, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	URL: https://nets4.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://cdn.purpleads.io/load.js?publisherId=344ad2e45bc351c4ada152793585a015:8aed5d81ec539e8e6c45776fc6ee38d0aa92f5aeb356bf9114996f6476591916247996f56f76a9fe14770cd4806b54edb29d6938615ba1769d3b435fb1fcd83b, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
network	error	URL: https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Ykc6VcjD6AygT2j5hLzZygAABHAAAAIB&google_cver=1&google_gid=CAESEN78aTTefshPupouBqMYAOw&google_push=AYg5qPIHnoURpFdo5sS-1Msa0dNgqGDuogdXykmQwuoandjxnxFt9ZX3rZ68d1754X6Yue8C09c1qpQoQQ5uWDFs72sL03xbbow Message: Failed to load resource: net::ERR_TOO_MANY_REDIRECTS
network	error	URL: https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=aAWKgpxFQUSmgMzr3Zucbw&google_push=AYg5qPKbCVBmluU4afOOyYDI1qzZ_5J8Y4LIc_h_8VSLyjFympD99kOS0zGM6qPB8HFQEM1D_invuOxgrgoXVZfNOFJNRcAQEuw Message: Failed to load resource: net::ERR_TOO_MANY_REDIRECTS

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

05e677a25dfd6c4f47b6a28676ce2f35.safeframe.googlesyndication.com
56591f2fb35485a454aea223b764c8fb.safeframe.googlesyndication.com
a.tile.openstreetmap.org
a.tribalfusion.com
ad-server.eu
ads.eu.criteo.com
adservice.google.com
adservice.google.de
api.purpleads.io
b.tile.openstreetmap.org
c.adskeeper.com
c.bing.com
c.clarity.ms
c.tile.openstreetmap.org
cat.nl.eu.criteo.com
cdn.purpleads.io
cdnjs.cloudflare.com
cloudflareinsights.com
cm.g.doubleclick.net
csm.eu.criteo.net
d.clarity.ms
dclk-match.dotomi.com
deed42aff4ff1675ae0a2ca3fb3a7eb8.safeframe.googlesyndication.com
dsp.adfarm1.adition.com
dsum-sec.casalemedia.com
e1f9c77bf5a35643b4bd056e089e3ef5.safeframe.googlesyndication.com
eum-eu-west-1.instana.io
eum.instana.io
fonts.googleapis.com
fonts.gstatic.com
googleads.g.doubleclick.net
googleads4.g.doubleclick.net
hal9000.redintelligence.net
hal900023.redintelligence.net
ib.adnxs.com
images.outbrainimg.com
img.nets4.com
log.outbrainimg.com
nets4.com
pagead2.googlesyndication.com
pb.media01.eu
pix.eu.criteo.net
pixel-sync.sitescout.com
pixel.rubiconproject.com
pool.admedo.com
pv.medialead.de
rtb.fr.eu.criteo.com
s-img.adskeeper.com
s.tribalfusion.com
s0.2mdn.net
s0.nets4.com
secure-gl.imrworldwide.com
securepubads.g.doubleclick.net
singles.parship.de
static.addtoany.com
static.cloudflareinsights.com
static.criteo.net
sync.1rx.io
tpc.googlesyndication.com
trf.greatviews.de
um.simpli.fi
www.awin1.com
www.clarity.ms
www.google-analytics.com
www.google.com
www.googletagservices.com
www.gstatic.com
x.bidswitch.net
cm.g.doubleclick.net
pagead2.googlesyndication.com
104.102.29.65
104.18.17.65
104.92.94.3
108.128.44.193
142.250.185.194
142.250.186.130
145.239.193.130
169.50.137.184
172.217.23.98
178.250.0.139
178.250.0.162
178.250.2.148
18.185.246.45
2.22.34.3
213.19.147.45
2600:9000:206f:6600:1e:a43d:b640:93a1
2606:4700:10::6816:46c5
2606:4700:440e::6812:2fe6
2606:4700:440e::ac40:9c1a
2606:4700::6810:125e
2606:4700::6810:cc16
2606:4700::6812:c05
2606:4700::6813:ba79
2620:1ec:27::cafe:1377
2620:1ec:c11::200
2a00:1450:4001:803::2003
2a00:1450:4001:808::2001
2a00:1450:4001:80e::2002
2a00:1450:4001:80f::2002
2a00:1450:4001:810::200a
2a00:1450:4001:827::2001
2a00:1450:4001:827::2002
2a00:1450:4001:827::2006
2a00:1450:4001:828::2002
2a00:1450:4001:829::2003
2a00:1450:4001:830::2004
2a00:1450:4001:830::200e
2a00:1450:4014:80e::2002
2a02:2638:1::3
2a02:2638:1::4
2a02:2638::2
2a02:fa8:8806:13::1400
2a04:4e42:600::649
2a04:4e42::649
2a06:98c1:3121::7
34.227.128.233
35.210.53.219
37.252.172.36
40.76.174.66
46.4.10.49
52.142.114.2
54.76.176.197
64.202.112.159
66.155.71.149
69.173.144.139
78.46.23.46
85.114.159.93
85.239.105.10
88.198.250.30
99.86.7.102
0246092139f51ffcc5939b6aa6e01c8f7de825965fa39a8e04a255cefdb7916f
061a44d5b966e21229ea3df4730c26673edeada2a3da5da55062e7d720f378b1
07fffee6209a2423e9530bebcc84330a0b5996a731d0aa5ee2b590e83442d70e
08c423d83d7e3c09954f177c0cb476cbec9c8060e801c3ffb4014524381bfc22
093da471f5256cc2c4143fef0a012c247888761f0d398659582dc56da5769a16
095c997695f6a290fdba58b778eb0a0fdcdd9c108669e41265527a262223f1e6
0b018b59ae027f2a210a4569be94b95b0b8ce46d92fcf57de6732630c48f2f8d
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0bcac89d72d5f0b2bef20f815406384ff05489e4294acee57409060c2eccffc5
0f5e83b3ea655834bc4bc6a3aef6b19b60bb70f6cab551b8126f81edec2c0a9d
105111ff674325446601ffdb61187b7885250d40e8bfc3c467dc004933a2e170
11992f506398f0ce551a82f7591c0448de7de4b0a84a1fdef72131fd756710ff
123fd85b583d1b5491a997e0d3432f3a311b5d7316a1b03dfd13dafeff234eba
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
132f4a7e361a25df26eb807e53b9ebbabab17a992b71679c5e0e98241a5429c7
15a0f2e01339d14bd886be9bc6720c65cb1cb734611ee3e89e4d7eafe48e74f7
17a97981604a1fe56f8804e77655010e70cbfbbac2c66e03a303e876dfd72640
1be3f8db7331dbe20847830fe8f0cd134175676ccd9d3db4ae6a00e21b7fb541
1bebe07e837fb33f10c63429c52aba83e53af281cdebd8687b3ca740d0703829
1e5723f9c4473fe3863a7c925a5ff32399d1e8380db0a48da53641a2e89a7a12
1e85ec81b9800b4c443d39caca0d0926089a3ac201120db1ceb45b93789480b8
21af66f64bb18b1159ee363a933d5630e27419c83915d4d5ef42d8154f3921da
2255ec4c3254a41b448889224b2cc5c32f8d6f8a6165d3c58aa6523f86c0957c
230f27646f2460a7e13106d06ec50cb822acf254ae08fba4058aa06ca57b9dab
23cc8f32949c8b6960b1a4ca216ccaff2db4b769f6565bef2ee1fa954e072029
257873d0a56ea7ea8a95ca51c079fac4d608c734a5cf1edc24c53a081d7fb03b
2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8
264f5c640339f042dd729062cfc04c17f8ea0f29882b538e3848ed8f10edb4da
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df
2a1c95046cc88352b5d5a4d406fc66cf81f61fcb150baf2036e0543cfc6b5a02
2d0744b54be7eab148245653f8fad2e4a0e8875b886bcacbb2c70741872eda55
2da7487e0e9f0d4e5b3bb5d1e497c5b6be3f323b93b150637ba979ed648bc43e
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
37d3f50086814ea11d6878c51457cb3322445bb4a7d66d75309a4613525fccb3
3994414fcb97c20d59cd17f6c622ccf06df62cbeb9adcf94e1b7b819d80f9a17
4a456bdc98d8c25b11782b44b87ef09c99294eb99f1b29039213bc64687856fb
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
4fef239ebd936e96f316dee1aca599952e7adaaba26fab72b45328871855ac4b
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
50fb88e3a2d413c5c0a0294b71e0da34829b2ec9444ba55af7e1d6935a4029a3
51540e98209e949f0a7f01c1332f6bf5dfe526adeaabe2705f42184d721f90b1
52e3a5353bc3da9c5420821a883d70deb2e3ad8627f50f499cf5a71aac4c1144
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
574c3a5cca85f4114085b6841596d62f00d7c892c7b03f28cbfa301deb1dc437
576fbfaa2a430184b92d6beb95728a7383186791941aa20dc09c482d95f7b605
587259314084a04755f0dfb2d0f0e9f07bdf03a575352e366e308d2e19cfc70a
5fd85c44def85de21ac325bb49df1610611fb7311f4e8b1aceae495fd4b35771
613603afe8c5203c59d7f9df1cbac87109df7ffdf245fd20becfa6bd95b92155
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
65aae4cf0f232b05cceb06ef0748139a0f38a3236e5316c3c88e26baa502d305
66a8216773209cfb80f182bc2df47c23170cf0384d2463e1c81b00bfd89d6974
68026f99511fbc5c2275b7068b5fac19797d638977ffb9db12c5c1523614c18f
691d4bd7b9b31f9ab1b1837e7d956e0e3041ef63c1ee0edee8ca6208a4234efd
6ad584690f7fa3e788ea1df9a6a567211be5d9d627908e9339e84e99efe70126
6b9b24a7525939cbd27d3837aad9311e58043c6243b77b06d9058cb4baf24702
6da6acdca488e1b114974972985582b4ba64d706536b9f38062c30799d3d28f8
704f6f54ae77cd5ea0a0bf47ebb70727a9bd76a311d7e54788ad3dc79b366739
722c5b95144aaf980dafacd36b1df0a3a0cff78962e8eee8f56e40c423f00b6f
7596910afe4e770f36a213491b9b17187556d579c8e8180455e59f1ec6a57ffe
7b92bc9a37aa1320f7b759297adc5d7a3a92b34511d06b5d4790ca6eff83b59e
7d194153ab6bc6294989ab0355fdd45889e9f95e94220bf5df5fd43fd11ac7c1
80a9466f65cf07ab855fe6f5e53a504d0a8f9110052eda1fecbec4f2ec0ab1bf
887263858c72124c8199482e63ae5b56a1c5714d7ec28e8da0b068293036fb77
8da979458600536726a4bfca5e105c96a405e0740c16e55a7d6cc59108706417
8ec89605fe3d580e9539c7b858e8f69ba4e26fe06377ebe04585397de23a7395
8f52ae059ebd18fcb45ca5d2f81ab410ade2b54e096aa1284fd4b2b97bf3ddc9
8f9a7962cf58f27b89c0627d094ee1b631ec118675f9eae1dc06031353360422
9007a72d0fa0a45bdb1ba8527cdfe7122636a3ae014d75d32ece4de4efea45b4
901df05a01f17cfd29e09df3934bf0f9360e7848d4c7f18fdbd2e4588656c032
918b7dc3e2e2d015c16ce08b57bcb64d2253bafc1707658f361e72865498e537
919493007387137186f9f926c00992060d64567cfbf6643fb27375bcd71279e5
92f75b3d52eb22fd4d5af5352dc0bb43e5d0bc979f274783e7cd17884221b72e
93ae7d494fad0fb30cbf3ae746a39c4bc7a0f8bbf87fbb587a3f3c01f3c5ce20
9681c0a0a13d8581f202bfaf62e53563ea6d0d6bd8e542b35b6d7c09b0e7b41b
98cf8668637d23f3f77c3f3d2374239e67b7f263d7202f0ca7c636e056f0afdd
99464ceb71bc9bbdcc72275faefe44f98eb5cbb6b5d8ee665b87b35376f1a96e
99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12
9a5bea7686257a22c5575321d9a30ff3d5da5d6289ff2f391c749e70a17044b4
9a71e6fd66ed1288d7b29d4ca6aa5f3718a4167302a0441cc0b90371fd149b79
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
9e11f4927e481cfd9b5d306bd524d016f8ca8d6a1dccdc9e195ae0665e400495
9ef83788b64bf27b0e6d3fad7e50f42d9680eab4a676a23f4a6daf97d22002bd
9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120
a048e640908046be06e00eab37742b5d5ff80964af58cfd22f7cb2de4dfe375f
a0e62ca4a82bef79bbe9dc2aba6c0782a7d8eca046bb1baa30ee91ec37931553
a0eefaac4e8ab160d79687a64c9f34122d350439b483809bec8ad1c0eab25529
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
a2e14a498cfcc1b6920f069a9d657ad3c6fbbe217dd26dbfe54815db5107fed6
a40d4bb1fce8297264703173c0bd6e2c6832b75966706e3a63d3df8917137033
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a71fdb2af0679f36edbf63eb7944dc2403c85572d9de916cfcb12bf6277c5c37
a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb
a7fc8a74450d2f5e542d74ae48ba20085d1faeec769e1e1a13761b6ba5c9e809
a83f80598d727c5285825719cade774c09bf9f613c79f36c87d719ed27630313
b013d22be6d8a2b28be8b79491ccd683cdb7957c2089315134e43358d8a4f4a0
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b6672ae1cd80a130201626cdafa7bc36f5c975d59a8969a6ad3b4099a3924c56
b82df1888c44a2e876a3d51380488521ed43bfb5cdb258b7a353e6ac6ae814eb
bbbd0d76b4eb1b3faa278c9737e75817c677a64e1651881d2f1686e26fe27279
be19ea8234abcd03eedc5bb4f75af3a683df6153db9e92c3477683b32a967636
c2f3d37ddd19bb717a63bbfebc82365d58dbed51be816d254015d4809f0c9fd2
c65b234a2f2e7d864ae86ddac0b622528b8dcb7c96b6943840dae9e2bd493dcf
c67c8370b4c9145a91ace4a1fed1acf774e604658e225425f6b52f06328504e7
c837347a297c1a35852aa375392cc74950a2b868214e8b1909c4637b8b63ee24
ca63193ce799e4e00c9106349365981dc6e26cb77632ebf5df23dffba2aaccfa
ca9f66e70b6831bdc1e064836f9ff385121c1f850149b2c7687a0f71f4eff7aa
cc7ae6d2adda002373af6727cef758e644804161d28124a89a5d725aa09fe9c1
ccf00d1923b0131a10e0c6d26f95e5dee6ebf8621a27e83c5a2f68a2e0093142
cd118ca4cfc0876fbba8e8b8287392c8b1347e2f3736e9040b47770ac2f31e4b
cf2a80527ac2bd9fd995cb71ec064af285edcd8941b76bebde969f201727bbb2
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
d072a09604e6a1fea8ef42203503771aa36b63a3c91fd1059966e26e6f5812b3
d076632d711e72ced4d84eb2d42dad0f40751b3f9ecc459af1dfe61070483b97
d412d30f453a8fb532e64ba8a4fbfe1192c2f1befb941ad9f967c01a6d41fa5f
d42f0da740d00666c43a825cfa803e742c57786a8fd895ed0603c9d9cb55a686
d4648625a5fae7230decf8abcad29c8ebee03c7a1b2a96a855b59afa3d79c72f
d49a4a82817ac644181b779f918cab6e7431028a1d17222512bba3e08cc068c4
d4c31bffd84b08af53773d19ecbd18fc8c053b9cb11d04e9a408cc0143f645dc
d593fdf64289375adaa96b87ebf4c4beec2995d730e3601254e0a226808bfe57
d81da1c2333ea18b9649d21dd0dbb2a09141d43d18ef3e2eea1157f3e56d6277
d8968086f7509df34c3278563dab87399da4f9dcdfb419818e3a309eedc70b88
d9395b4ee73c4b08fb63ed6fa26adc4ebfc369976b3246e9956543db5e788051
dc88d6faff8bbfca85ef5ca8ee215f619dad33e213687418e3661319d5fb9b1d
dd221bed3247e6cc3e15c8ad655907635e043f09d6fca25ebc5f0dbf3a0f1a4f
ddbf19b4a1dc1544982a2859a72c0a5480b20ed16c6a82f0a02b83c846627f29
de9ad4639361cb38d4a8c55ac93a37069ea59315db11279439023d96fd2a8888
dfe658be8d8e54a34181f699d2ca4237d959467b1a7c0da9519290f8df62c5d6
dff2681d8f5f16b61b464b599d7c62f61efe496b54a77044145495bc8cad36d0
e09f7b1ddd74acb002ff33d9a41c22f2c29565d5fe344c17f426eb1aa6d48471
e1afac4f639ccfd2a3176184d598ee162e4c2f66e56900e5897e9d821553f169
e30f848c353b8ab801c18d2109527cb32a27f145262dccb3cd4db9f309cc53bb
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e
ea795a298e37c1cd48937e8d9b242162d213ebaa07c997769a6bfe4b4d8ec411
eaec9b33c005d28580d90a4e4a84316f5d253ed0d9b9bea1dad36c4ae86b97f5
ecc0126939365128723cb4cc4f2eafa55f76c455511a43c06e6c5aaa7bb76504
ecc2e585ea072abb205881f3aad6f36e92d556537e7100a8a128ddbc75edb436
eef64f7a397e400b8f553622d72e44cfcfb2630f74b958fb561f0392a13ba48d
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f0f382f3320ade05dd14f969ff7dd9d894c6a6571165ab6d7fcdade2f4836dfc
f10c3630cdf1ccac952efa7481570ba460c8402189c7c93a4ab34a9ebce737e3
f3404d30f1b9956025fd6221078b56ab9f3301a4af97ddaeb3ef8cc4a8bb88de
f44009daeb4affe4373934e4fbd79560ac05718af528b371354c0cc2e4c3b86f
f5ac04f16be2eb0fbb4477e9e100a88674bda296ce7acf2419ec2898858b37f1
f6d032132eed5aa1a417456f07864c51fe631858b190224cf7d1a50116d15f48
f7033098048a7a133c0e33194abf05a77129784b9f51e55b116c60bac51217be
f70751d4b3f5d5c9f208ea16e8cbcac3c6abf1bda80357da3fcd21dde4333449
f77c0d1739b618edc4a01ca3f6b2990b01a3009030af49ee8cf68e83052df194
fd0a1ac929c11b08e819fe4b0a18c5574012c44f09de8987c6be99a0f055a505
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

nets4.com Open in urlscan Pro 2a06:98c1:3121::7 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

254 Requests

91 %HTTPS

50 %IPv6

41 Domains

68 Subdomains

52 IPs

10 Countries

2598 kBTransfer

6077 kBSize

45 Cookies

15 Outgoing links

Redirected requests

254 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 5 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

nets4.com Open in urlscan Pro
2a06:98c1:3121::7 Public Scan

Screenshot
Live screenshot

Full Image

254
Requests

91 %
HTTPS

50 %
IPv6

41
Domains

68
Subdomains

52
IPs

10
Countries

2598 kB
Transfer

6077 kB
Size

45
Cookies

254 HTTP transactions
5 data transactions