ikincieltanoto.com Open in urlscan Pro
2606:4700:3035::ac43:cc26 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://ikincieltanoto.com/underworld-6-will-it-happen
Submission: On October 28 via manual (October 28th 2022, 2:08:16 am UTC) from TR — Scanned from DE

Summary HTTP 160 Redirects Links 1 Behaviour Indicators

Summary

This website contacted 35 IPs in 6 countries across 30 domains to perform 160 HTTP transactions. The main IP is 2606:4700:3035::ac43:cc26, located in United States and belongs to CLOUDFLARENET, US. The main domain is ikincieltanoto.com.
TLS certificate: Issued by E1 on September 23rd 2022. Valid for: 3 months.

This is the only time ikincieltanoto.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
22	2606:4700:303... 2606:4700:3035::ac43:cc26	13335 (CLOUDFLAR...) (CLOUDFLARENET)
11	2a00:1450:400... 2a00:1450:4001:801::2002	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:829::200a	15169 (GOOGLE) (GOOGLE)
1	185.177.92.30 185.177.92.30	39572 (ADVANCEDH...) (ADVANCEDHOSTERS-AS)
2	2600:9000:206... 2600:9000:206f:1000:11:a4de:2580:93a1	16509 (AMAZON-02) (AMAZON-02)
1 2	2a03:2880:f21... 2a03:2880:f21c:81e5:face:b00c:0:4420	32934 (FACEBOOK) (FACEBOOK)
7	2a00:1450:400... 2a00:1450:4001:82f::2003	15169 (GOOGLE) (GOOGLE)
9	2a00:1450:400... 2a00:1450:4001:806::200e	15169 (GOOGLE) (GOOGLE)
1 9	2a00:1450:400... 2a00:1450:4001:803::2002	15169 (GOOGLE) (GOOGLE)
12	2a00:1450:400... 2a00:1450:4001:829::2002	15169 (GOOGLE) (GOOGLE)
16	37.157.3.30 37.157.3.30	198622 (ADFORM) (ADFORM)
3	2606:4700::68... 2606:4700::6810:5714	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2606:4700:20:... 2606:4700:20::681a:9a9	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	147.75.85.234 147.75.85.234	54825 (PACKET) (PACKET)
2	37.252.172.123 37.252.172.123	29990 (ASN-APPNEX) (ASN-APPNEX)
2	185.184.8.90 185.184.8.90	204995 (RTB-HOUSE...) (RTB-HOUSE-AMS)
1	2a00:1450:400... 2a00:1450:4001:827::2002	15169 (GOOGLE) (GOOGLE)
6	2a00:1450:400... 2a00:1450:4001:82f::2002	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:802::2001	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:813::2006	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:806::200a	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:806::2004	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:800::2001	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:810::2016	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:82a::2003	15169 (GOOGLE) (GOOGLE)
1 11	2a00:1450:400... 2a00:1450:4001:82f::2001	15169 (GOOGLE) (GOOGLE)
6	37.157.6.234 37.157.6.234	198622 (ADFORM) (ADFORM)
1	2620:116:800d... 2620:116:800d:21:93ca:31d8:d86e:38f6	16509 (AMAZON-02) (AMAZON-02)
2 2	2.18.232.236 2.18.232.236	16625 (AKAMAI-AS) (AKAMAI-AS)
5	142.250.181.226 142.250.181.226	15169 (GOOGLE) (GOOGLE)
1	35.186.253.211 35.186.253.211	15169 (GOOGLE) (GOOGLE)
2 2	198.47.127.19 198.47.127.19	3257 (GTT-BACKB...) (GTT-BACKBONE GTT)
1 1	69.173.144.139 69.173.144.139	26667 (RUBICONPR...) (RUBICONPROJECT)
2 2	104.18.18.126 104.18.18.126	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	217.79.188.11 217.79.188.11	24961 (MYLOC-AS ...) (MYLOC-AS IP Backbone of myLoc managed IT AG)
4	217.79.188.54 217.79.188.54	24961 (MYLOC-AS ...) (MYLOC-AS IP Backbone of myLoc managed IT AG)
1 2	2a02:2638:1::13 2a02:2638:1::13	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
2	178.250.0.157 178.250.0.157	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
160	35

22 2606:4700:3035::ac43:cc26 (United States)

ASN13335 (CLOUDFLARENET, US)

ikincieltanoto.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 2a00:1450:4001:801::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:829::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.177.92.30 (Amsterdam, Netherlands)

ASN39572 (ADVANCEDHOSTERS-AS, NL)
PTR: ip-185-177-92-30.ah-server.com

dr6.biz	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:9000:206f:1000:11:a4de:2580:93a1 (United States)

ASN16509 (AMAZON-02, US)

get.optad360.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f21c:81e5:face:b00c:0:4420 (Frankfurt am Main, Germany) 1 redirects

ASN32934 (FACEBOOK, US)

www.instagram.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a00:1450:4001:82f::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2a00:1450:4001:806::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.youtube.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2a00:1450:4001:803::2002 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 2a00:1450:4001:829::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
partner.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

16 37.157.3.30 (Denmark)

ASN198622 (ADFORM, DK)

adx.adform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
track.adform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700::6810:5714 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.jsdelivr.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700:20::681a:9a9 (United States)

ASN13335 (CLOUDFLARENET, US)

script.4dex.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 147.75.85.234 (Schiphol, Netherlands)

ASN54825 (PACKET, US)

prebid.a-mo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 37.252.172.123 (Frankfurt am Main, Germany)

ASN29990 (ASN-APPNEX, US)
PTR: 868.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.184.8.90 (Amsterdam, Netherlands)

ASN204995 (RTB-HOUSE-AMS, PL)
PTR: ip-185-184-8-90.rtbhouse.net

prebid-eu.creativecdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:827::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:4001:82f::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:802::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

1bb2f5328295b63271f24b3569a005c0.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:813::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

static.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:806::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

jnn-pa.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:806::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:800::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

yt3.ggpht.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:810::2016 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

i.ytimg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:82a::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 2a00:1450:4001:82f::2001 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 37.157.6.234 (Denmark)

ASN198622 (ADFORM, DK)

s1.adform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:116:800d:21:93ca:31d8:d86e:38f6 (United States)

ASN16509 (AMAZON-02, US)

cms.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2.18.232.236 (Frankfurt am Main, Germany) 2 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-232-236.deploy.static.akamaitechnologies.com

e.dlx.addthis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 142.250.181.226 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s56-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.186.253.211 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 211.253.186.35.bc.googleusercontent.com

rtb.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 198.47.127.19 (United States) 2 redirects

ASN3257 (GTT-BACKBONE GTT, US)

image6.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 69.173.144.139 (Frankfurt am Main, Germany) 1 redirects

ASN26667 (RUBICONPROJECT, US)

pixel.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.18.18.126 (Shahr, Iran, Islamic Republic Of) 2 redirects

ASN13335 (CLOUDFLARENET, US)

ssum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 217.79.188.11 (Germany)

ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE)
PTR: imagesrv.adition.com

imagesrv.adition.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 217.79.188.54 (Germany)

ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE)
PTR: aa.adfarm1.adition.com

ad13.adfarm1.adition.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:2638:1::13 (France) 1 redirects

ASN44788 (ASN-CRITEO-EUROPE, FR)

gum.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 178.250.0.157 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

mug.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
25	googlesyndication.com 1 redirects pagead2.googlesyndication.com — Cisco Umbrella Rank: 98 1bb2f5328295b63271f24b3569a005c0.safeframe.googlesyndication.com tpc.googlesyndication.com — Cisco Umbrella Rank: 136	319 KB
24	doubleclick.net 1 redirects googleads.g.doubleclick.net — Cisco Umbrella Rank: 39 securepubads.g.doubleclick.net — Cisco Umbrella Rank: 180 static.doubleclick.net — Cisco Umbrella Rank: 304 cm.g.doubleclick.net — Cisco Umbrella Rank: 209	230 KB
22	adform.net adx.adform.net — Cisco Umbrella Rank: 4061 track.adform.net — Cisco Umbrella Rank: 3729 s1.adform.net — Cisco Umbrella Rank: 7967	129 KB
22	ikincieltanoto.com ikincieltanoto.com	836 KB
10	gstatic.com fonts.gstatic.com www.gstatic.com	177 KB
9	youtube.com www.youtube.com — Cisco Umbrella Rank: 92	792 KB
8	adition.com imagesrv.adition.com — Cisco Umbrella Rank: 18689 ad13.adfarm1.adition.com — Cisco Umbrella Rank: 58121	66 KB
6	google.com adservice.google.com — Cisco Umbrella Rank: 70 www.google.com — Cisco Umbrella Rank: 2	16 KB
6	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 40 jnn-pa.googleapis.com — Cisco Umbrella Rank: 257	32 KB
4	criteo.com 1 redirects gum.criteo.com — Cisco Umbrella Rank: 407 mug.criteo.com — Cisco Umbrella Rank: 3289	1 KB
3	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 189	141 KB
3	google.de adservice.google.de — Cisco Umbrella Rank: 9234	1 KB
3	jsdelivr.net cdn.jsdelivr.net — Cisco Umbrella Rank: 387	21 KB
2	casalemedia.com 2 redirects ssum-sec.casalemedia.com — Cisco Umbrella Rank: 419	1 KB
2	pubmatic.com 2 redirects image6.pubmatic.com — Cisco Umbrella Rank: 663	1 KB
2	addthis.com 2 redirects e.dlx.addthis.com — Cisco Umbrella Rank: 1435	1 KB
2	creativecdn.com prebid-eu.creativecdn.com — Cisco Umbrella Rank: 6244	360 B
2	adnxs.com ib.adnxs.com — Cisco Umbrella Rank: 214	1 KB
2	a-mo.net prebid.a-mo.net — Cisco Umbrella Rank: 921	408 B
2	4dex.io script.4dex.io — Cisco Umbrella Rank: 1945	24 KB
2	instagram.com 1 redirects www.instagram.com — Cisco Umbrella Rank: 1222	5 KB
2	optad360.io get.optad360.io — Cisco Umbrella Rank: 33475	558 KB
1	rubiconproject.com 1 redirects pixel.rubiconproject.com — Cisco Umbrella Rank: 339	457 B
1	openx.net rtb.openx.net — Cisco Umbrella Rank: 1372	351 B
1	quantserve.com cms.quantserve.com — Cisco Umbrella Rank: 640	464 B
1	ytimg.com i.ytimg.com — Cisco Umbrella Rank: 109	143 KB
1	ggpht.com yt3.ggpht.com — Cisco Umbrella Rank: 221	4 KB
1	googleadservices.com partner.googleadservices.com — Cisco Umbrella Rank: 863	472 B
1	dr6.biz dr6.biz — Cisco Umbrella Rank: 437611	15 KB
0	gemius.pl Failed googlecm.hit.gemius.pl Failed
160	30

	Domain	Requested by
22	ikincieltanoto.com	ikincieltanoto.com
11	tpc.googlesyndication.com	1 redirects 1bb2f5328295b63271f24b3569a005c0.safeframe.googlesyndication.com googleads.g.doubleclick.net pagead2.googlesyndication.com tpc.googlesyndication.com
11	securepubads.g.doubleclick.net	get.optad360.io securepubads.g.doubleclick.net 1bb2f5328295b63271f24b3569a005c0.safeframe.googlesyndication.com www.googletagservices.com
11	pagead2.googlesyndication.com	ikincieltanoto.com pagead2.googlesyndication.com googleads.g.doubleclick.net tpc.googlesyndication.com www.googletagservices.com
10	track.adform.net	cdn.jsdelivr.net s1.adform.net
9	www.youtube.com	ikincieltanoto.com www.youtube.com
7	googleads.g.doubleclick.net	1 redirects pagead2.googlesyndication.com www.youtube.com googleads.g.doubleclick.net
7	fonts.gstatic.com	fonts.googleapis.com www.youtube.com
6	s1.adform.net	cdn.jsdelivr.net track.adform.net s1.adform.net
6	adx.adform.net	get.optad360.io s1.adform.net
5	cm.g.doubleclick.net	ikincieltanoto.com googleads.g.doubleclick.net
4	ad13.adfarm1.adition.com	s1.adform.net ad13.adfarm1.adition.com
4	imagesrv.adition.com	s1.adform.net 1bb2f5328295b63271f24b3569a005c0.safeframe.googlesyndication.com ad13.adfarm1.adition.com
4	jnn-pa.googleapis.com	www.youtube.com
3	www.googletagservices.com	1bb2f5328295b63271f24b3569a005c0.safeframe.googlesyndication.com googleads.g.doubleclick.net
3	www.gstatic.com	www.youtube.com www.gstatic.com googleads.g.doubleclick.net
3	www.google.com	www.youtube.com googleads.g.doubleclick.net tpc.googlesyndication.com
3	1bb2f5328295b63271f24b3569a005c0.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
3	adservice.google.com	pagead2.googlesyndication.com securepubads.g.doubleclick.net
3	adservice.google.de	pagead2.googlesyndication.com securepubads.g.doubleclick.net
3	cdn.jsdelivr.net	get.optad360.io 1bb2f5328295b63271f24b3569a005c0.safeframe.googlesyndication.com
2	mug.criteo.com
2	gum.criteo.com	1 redirects
2	ssum-sec.casalemedia.com	2 redirects
2	image6.pubmatic.com	2 redirects
2	e.dlx.addthis.com	2 redirects
2	prebid-eu.creativecdn.com	get.optad360.io
2	ib.adnxs.com	get.optad360.io
2	prebid.a-mo.net	get.optad360.io
2	script.4dex.io	get.optad360.io script.4dex.io
2	www.instagram.com	1 redirects ikincieltanoto.com
2	get.optad360.io	ikincieltanoto.com get.optad360.io
2	fonts.googleapis.com	ikincieltanoto.com googleads.g.doubleclick.net
1	pixel.rubiconproject.com	1 redirects
1	rtb.openx.net	googleads.g.doubleclick.net
1	cms.quantserve.com	googleads.g.doubleclick.net
1	i.ytimg.com	www.youtube.com
1	yt3.ggpht.com	www.youtube.com
1	static.doubleclick.net	www.youtube.com
1	partner.googleadservices.com	pagead2.googlesyndication.com
1	dr6.biz	ikincieltanoto.com
0	googlecm.hit.gemius.pl Failed	googleads.g.doubleclick.net
160	42

This site contains links to these domains. Also see Links.

Domain
www.cbr.com

Subject Issuer	Validity	Valid
*.ikincieltanoto.com E1	`2022-09-23` - `2022-12-22`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2022-09-26` - `2022-12-19`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2022-09-26` - `2022-12-19`	3 months	crt.sh
0.mo11.biz R3	`2022-10-07` - `2023-01-05`	3 months	crt.sh
*.optad360.io Amazon	`2022-10-17` - `2023-11-15`	a year	crt.sh
*.gstatic.com GTS CA 1C3	`2022-09-26` - `2022-12-19`	3 months	crt.sh
*.google.com GTS CA 1C3	`2022-09-26` - `2022-12-19`	3 months	crt.sh
track.adform.net DigiCert TLS RSA SHA256 2020 CA1	`2022-09-20` - `2023-09-20`	a year	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2022-06-02` - `2023-06-01`	a year	crt.sh
*.a-mo.net R3	`2022-09-05` - `2022-12-04`	3 months	crt.sh
*.adnxs.com GeoTrust ECC CA 2018	`2022-02-11` - `2023-03-14`	a year	crt.sh
*.creativecdn.com RapidSSL TLS DV RSA Mixed SHA256 2020 CA-1	`2022-03-17` - `2023-04-12`	a year	crt.sh
*.google.de GTS CA 1C3	`2022-09-26` - `2022-12-19`	3 months	crt.sh
*.doubleclick.net GTS CA 1C3	`2022-09-26` - `2022-12-19`	3 months	crt.sh
www.google.com GTS CA 1C3	`2022-09-26` - `2022-12-19`	3 months	crt.sh
*.googleusercontent.com GTS CA 1C3	`2022-09-26` - `2022-12-19`	3 months	crt.sh
edgestatic.com GTS CA 1C3	`2022-09-26` - `2022-12-19`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2022-09-26` - `2022-12-19`	3 months	crt.sh
*.quantserve.com DigiCert TLS RSA SHA256 2020 CA1	`2022-08-09` - `2023-09-09`	a year	crt.sh
*.openx.net GeoTrust RSA CA 2018	`2022-07-21` - `2023-08-21`	a year	crt.sh
*.adition.com AlphaSSL CA - SHA256 - G2	`2022-04-26` - `2023-05-28`	a year	crt.sh
*.adfarm1.adition.com AlphaSSL CA - SHA256 - G2	`2022-06-01` - `2023-07-03`	a year	crt.sh
*.criteo.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-08-27` - `2022-11-22`	3 months	crt.sh

This page contains 15 frames:

Primary Page: https://ikincieltanoto.com/underworld-6-will-it-happen
Frame ID: 3A2E8067C21252F02FC7F2D3CE334492
Requests: 63 HTTP requests in this frame

Frame: https://www.youtube.com/embed/qv_ApCi4J8s?modestbranding=1
Frame ID: E107EE9186FE423055427EDA7ECD0DD4
Requests: 21 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20221026/r20190131/zrt_lookup.html
Frame ID: 666A7A9429D258B8C81F747C90DE15FE
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4062866992167421&output=html&adk=1812271804&adf=3025194257&lmt=1666922890&plat=2%3A16777216%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Fikincieltanoto.com%2Funderworld-6-will-it-happen&ea=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1666922889901&bpp=3&bdt=239&idt=243&shv=r20221026&mjsv=m202210170101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=2119938224332&frm=20&pv=2&ga_vid=130954958.1666922890&ga_sid=1666922890&ga_hid=1900210888&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C42531706%2C44773613%2C44770880%2C44775016&oid=2&pvsid=3905911433213624&tmod=1567112261&uas=0&nvt=1&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=261
Frame ID: 2BEA87071F876A1BEF31256157007BF1
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4062866992167421&output=html&h=280&slotname=7923526086&adk=18142780&adf=927658256&pi=t.ma~as.7923526086&w=750&fwrn=4&fwrnh=100&lmt=1666922890&rafmt=1&format=750x280&url=https%3A%2F%2Fikincieltanoto.com%2Funderworld-6-will-it-happen&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1666922889904&bpp=2&bdt=242&idt=264&shv=r20221026&mjsv=m202210170101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=2119938224332&frm=20&pv=1&ga_vid=130954958.1666922890&ga_sid=1666922890&ga_hid=1900210888&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=230&ady=1631&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C42531706%2C44773613%2C44770880%2C44775016&oid=2&pvsid=3905911433213624&tmod=1567112261&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&btvi=1&fsb=1&xpc=tLY4pMfNWV&p=https%3A//ikincieltanoto.com&dtd=269
Frame ID: E2A2109378B72C9C82D4980DD1654465
Requests: 1 HTTP requests in this frame

Frame: https://1bb2f5328295b63271f24b3569a005c0.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: F947276F3B4F1264FA8F9A0928FBF9E7
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4062866992167421&output=html&h=280&slotname=1608850437&adk=1362798866&adf=2364240886&pi=t.ma~as.1608850437&w=750&fwrn=4&fwrnh=100&lmt=1666922890&rafmt=1&format=750x280&url=https%3A%2F%2Fikincieltanoto.com%2Funderworld-6-will-it-happen&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1666922889906&bpp=1&bdt=244&idt=271&shv=r20221026&mjsv=m202210170101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D54aa1578375a89b1-2249ac64c7d700af%3AT%3D1666922890%3ART%3D1666922890%3AS%3DALNI_MY1IWibXey2YAY1Y98nLfzsjTBHfQ&gpic=UID%3D00000b7967f50d91%3AT%3D1666922890%3ART%3D1666922890%3AS%3DALNI_MYKKD-L1d1_bxseCmxNF-37pAKBXg&prev_fmts=0x0%2C750x280&nras=1&correlator=2119938224332&frm=20&pv=1&ga_vid=130954958.1666922890&ga_sid=1666922890&ga_hid=1900210888&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=230&ady=4556&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C42531706%2C44773613%2C44770880%2C44775016&oid=2&pvsid=3905911433213624&tmod=1567112261&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=KfGjmvZjkm&p=https%3A//ikincieltanoto.com&dtd=732
Frame ID: DA78A6E311355C71A94B42D4643A3F7B
Requests: 14 HTTP requests in this frame

Frame: https://1bb2f5328295b63271f24b3569a005c0.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 1F7B4DED248FAB45C3C4ACD265A7CE4E
Requests: 8 HTTP requests in this frame

Frame: https://track.adform.net/adfscript/?bn=58972845;rtbwp=C1PNzwr_S1MU8kKVt2esI6zboUFQG3yp0;rtbdata=8Is0-W0xFB8FCmELRWv0dJGw4oeJSJONP2JEOT2Wx05w9FpZNL6H_3WaVRBypdJhD-JxScJU-xS_RmYTCk-3bb4Ad9irgI73o0Iqd1QVWoC0CbIUaFpfzNSPEfDRBbsxsZ6dIBoZe8wk9htZkfSqzlxgqLGHCQJuXPDNeiXBeFxf4YKyIznUyWJKOMbX_0CE3wpZObMnWA_gMl0RTiqMM12F77T6YoiAMUg5w0HbVzac-NsRdi9VrSfReS3ZUfoQ47-E-dR6u28oyheO3m3cEdfgVGm6lW7i54nNAYP44fl5WUzKQK_wQpspGhvsamvkWRC72WFv0tSJCPtK3pRmpw1OiY7EkU-hd5jgXtI8UZjhQW6FXjSrzw2;csid=16383;adxcmd=QTwuOIuaMWxxWXp_eBE_5w2;adxvars=iHRnu2phscN42u1ywTJ-2qRuey6fwVqENsAj64Z3LesKLd-rcsKWO5G4dWAZeGGw3U8fA8oxS-Re5IyuuU9XsKZut4S2zc0b254nlOySZGZN1kQM0Y5fUtnltIzFqRTpfIKlvNabdZsqcxZWiY4YiP0J6LWxwVPkSY-zpcQNKrD5QamBx5nSPKTI35A1llyyHrxgA_jNeSk4vX9BSnshwOyP7S_GrBt9kqcgAIH_8co1;pui=2ShljixBLrber1pltXZUmg2;
Frame ID: 0B8809CA58B5C49CF7602FFC7C0091AF
Requests: 13 HTTP requests in this frame

Frame: https://1bb2f5328295b63271f24b3569a005c0.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: B497F24C43E00F6204F6970C48871A3C
Requests: 8 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: E586C624BD4DB47D1E5E0B69018F69CF
Requests: 9 HTTP requests in this frame

Frame: https://track.adform.net/adfscript/?bn=58972845;rtbwp=C1PNzwr_S1MU8kKVt2esI6zboUFQG3yp0;rtbdata=Bi119AxlmbCDRzKwEuMFB-qED51x65A_02OUv-a4DAyQL06EgLsFwhaX0-yMtyEf9lnj6T3CF0eV46XktEedLm30gM5bloL9Eb6dmA6kWAO0CbIUaFpfzNSPEfDRBbsxsZ6dIBoZe8wk9htZkfSqzlxgqLGHCQJuXPDNeiXBeFxf4YKyIznUyWJKOMbX_0CE3wpZObMnWA_gMl0RTiqMM12F77T6YoiAMUg5w0HbVzac-NsRdi9VrSfReS3ZUfoQ47-E-dR6u28oyheO3m3cEdfgVGm6lW7i54nNAYP44flrRSWip6vSlpspGhvsamvkWRC72WFv0tSJCPtK3pRmpw1OiY7EkU-hd5jgXtI8UZjhQW6FXjSrzw2;csid=16383;adxcmd=QTwuOIuaMWxxWXp_eBE_5w2;adxvars=GFNT8n5GN7F42u1ywTJ-2qRuey6fwVqENsAj64Z3LesKLd-rcsKWO5G4dWAZeGGw3U8fA8oxS-S8xY43J1hvFQHTA519G2m2N0kfN7UgTrCpOEW6ppG1hbcj-Vltbi_XB1SbSfX7kyndXcWSltRhOxAY6asYb3ukpBqtOQtSug75QamBx5nSPKTI35A1llyyHrxgA_jNeSk4vX9BSnshwCnmkopQwIuskqcgAIH_8co1;pui=2ShljixBLrber1pltXZUmg2;
Frame ID: 48A2785DF965F2DD6A1248BA1DAEE339
Requests: 13 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/HZrunHRjvTX5MIeL6Ibl7iJKqMmAAzHWmbkaKM7M3x0.js
Frame ID: 1EBBAF47BEE00E71853F4E3BD015A538
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 3FBDC460D76BC44F0C8DA7CE303196EA
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 475CB8946AEC86FBD0765888E9FFBE04
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

UNDERWORLD 6 GÜNCELLEMELERI: ÇIKIŞ TARIHI VE HIKAYE BILGILERI - KORKU

Detected technologies

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

DoubleClick Ad Exchange (AdX) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

tpc\.googlesyndication\.com/safeframe

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+(?:([\d.]+)/)?(?:css/)?font-awesome(?:\.min)?\.css
<link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

OpenX (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.openx\.net

Prebid (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.com/[^"]*(?:prebid|/pb\.js)

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jsDelivr (CDN) Expand

Overall confidence: 100%
Detected patterns

//cdn\.jsdelivr\.net/

Page Statistics

160
Requests

94 %
HTTPS

61 %
IPv6

30
Domains

42
Subdomains

35
IPs

6
Countries

3513 kB
Transfer

7818 kB
Size

32
Cookies

1 Outgoing links

These are links going to different origins than the main page.

URL: https://www.cbr.com/why-kate-beckinsale-passed-wonder-woman/
Title: Kate Beckinsale

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 23

https://www.instagram.com/embed.js HTTP 302
https://www.instagram.com/static/bundles/es6/EmbedSDK.js/ab12745d93c5.js

Request Chain 69

https://googleads.g.doubleclick.net/pagead/id HTTP 302
https://googleads.g.doubleclick.net/pagead/id?slf_rd=1

Request Chain 101

https://tpc.googlesyndication.com/pageadimg/imgad?id=CICAgKD7vty0FBCsAhisAjIICIwGNoKTdTk HTTP 301
https://tpc.googlesyndication.com/simgad/15009675341483630711

Request Chain 115

https://e.dlx.addthis.com/e/a-1189/s-3614?redirect_provider_id=3614&ru=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Ddatalogix_dmp%26google_hm%3D%3CNA_ID%3E%26google_push%3DAZmPxg9t-_Hfa2V_QW4bnIamYQzMXKUA6nzlsCCVMNrvOcR7FVy6EkUyUs1XgOrCLS8j8BJyZFS1TdyaFOY9RQnI-P_5RUo-E3FH&google_gid=CAESEBH6qOT41CKydcTjRz71r88&google_cver=1 HTTP 302
https://e.dlx.addthis.com/e/a-1189/s-3614?redirect_provider_id=3614&ru=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Ddatalogix_dmp%26google_hm%3D%3CNA_ID%3E%26google_push%3DAZmPxg9t-_Hfa2V_QW4bnIamYQzMXKUA6nzlsCCVMNrvOcR7FVy6EkUyUs1XgOrCLS8j8BJyZFS1TdyaFOY9RQnI-P_5RUo-E3FH&google_gid=CAESEBH6qOT41CKydcTjRz71r88&google_cver=1&rd=Y HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=datalogix_dmp&google_hm=MjAyMjEwMjgwMjA4MTEwMDAxMjk0NjI4NDM0OQ%3D%3D&google_push=AZmPxg9t-_Hfa2V_QW4bnIamYQzMXKUA6nzlsCCVMNrvOcR7FVy6EkUyUs1XgOrCLS8j8BJyZFS1TdyaFOY9RQnI-P_5RUo-E3FH

Request Chain 117

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEIjL6y8gJ5gBVXxlVW7e7kY&google_cver=1&google_push=AZmPxg8AsXRJeb0d0cfdDZrKMyDZkSrxMVVFjtrYGWPLpxNMknB1bvWP8ga35wk7V_ceOyyuTiBY1pEbCJPiuBmYrNSNKhBw1vc HTTP 302
https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEIjL6y8gJ5gBVXxlVW7e7kY&google_cver=1&google_push=AZmPxg8AsXRJeb0d0cfdDZrKMyDZkSrxMVVFjtrYGWPLpxNMknB1bvWP8ga35wk7V_ceOyyuTiBY1pEbCJPiuBmYrNSNKhBw1vc&rdf=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=r7FzEGhJSq2W37eEM5nkXA%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AZmPxg8AsXRJeb0d0cfdDZrKMyDZkSrxMVVFjtrYGWPLpxNMknB1bvWP8ga35wk7V_ceOyyuTiBY1pEbCJPiuBmYrNSNKhBw1vc

Request Chain 118

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEKiBI9AdzjRUpXA5nuo40-g&google_cver=1&google_push=AZmPxg9Y4ZYJeb_s7NIU76w5Ui8ErD11OFNrP0i51FDgc3vW9rFz7gdkfDyUs-eRHB_zk0RHUVq4qBQpWEsKXkhCPtEOS1tSD05i HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDlSVVVNUVEtWS1KMkM0&google_push=AZmPxg9Y4ZYJeb_s7NIU76w5Ui8ErD11OFNrP0i51FDgc3vW9rFz7gdkfDyUs-eRHB_zk0RHUVq4qBQpWEsKXkhCPtEOS1tSD05i

Request Chain 119

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEFG0y_8PoNXIkI2VOm2hZTo&google_cver=1&google_push=AZmPxg_0bldLLTQ4EXTkxxuIO_Itv9oVjULS2KnwJ69QuakMIqarOn0iVuLRYwZ5Pq4KXHn3CpN2oBOrDP6XgHrqJWvPF9B-SW_R HTTP 302
https://ssum-sec.casalemedia.com/usermatchredir?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_cver=1&google_gid=CAESEFG0y_8PoNXIkI2VOm2hZTo&google_push=AZmPxg_0bldLLTQ4EXTkxxuIO_Itv9oVjULS2KnwJ69QuakMIqarOn0iVuLRYwZ5Pq4KXHn3CpN2oBOrDP6XgHrqJWvPF9B-SW_R&s=184023&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_cver=1&google_gid=CAESEFG0y_8PoNXIkI2VOm2hZTo&google_hm=Y1s5ixDhSD4tU38iTzE4PQAAFCcAAAIB&google_nid=index&google_push=AZmPxg_0bldLLTQ4EXTkxxuIO_Itv9oVjULS2KnwJ69QuakMIqarOn0iVuLRYwZ5Pq4KXHn3CpN2oBOrDP6XgHrqJWvPF9B-SW_R

Request Chain 161

https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fikincieltanoto.com%2F&domain=ikincieltanoto.com&cw=1&lsw=1 HTTP 302
https://mug.criteo.com/sid?cpp=L12xIHw0dTdYa3BUTk93cHE4Q0hBbm8relZNRU9oQUxKRm1zclJKMmU1a0p2emtWRk1rZUR3ekhmejJ3ckNKVHNUR2dMR1JCREZvYWlvMkxXZHNDNVFvM3J0VG1SdkFPQkUxUTlraURPY2NaWkhWOTNJR2l2YTN5NlFHZUJ2VHRQbHY4eDZDa0QyTGlmNE4yNnUwRmFhZWZwcDk3b1lSanR3ejVJQm5TRUFaUzlLNnd3UlVTajRBZDM1WXBtZHpzM1gvUFZMb3JTTUFZS1FwLzJyc1BLTDJoUnlFd3J3YjNqbkUzUFhnRHA1cXorZ2FpSkl5SjNPYVhoK2llSHdhdzR1NlpzfA&cppv=2

160 HTTP transactions
5 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request underworld-6-will-it-happen Show response
ikincieltanoto.com/ 21 KB
7 KB 197ms
66ms Document
text/html 2606:4700:3035::ac43:cc26
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ikincieltanoto.com/underworld-6-will-it-happen
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3035::ac43:cc26 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 09090be0e6b984fda9a9a5f2b8abf888c217e0f4babd19c8da346736f2522a6b

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.68 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 76101f3bffa892a7-FRA
content-encoding: br
content-type: text/html; charset=UTF-8
date: Fri, 28 Oct 2022 02:08:09 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8G2G5YB160Ti4bukYb2OviAbZR3XzDBTRtp%2Bh49qWsDOAL25Ezvi%2B2KzvQ1m7Wm%2FsG3eHvXkuRETxdB1pAWPvd5fhKz%2FZYgtDw73K5nxtPLm4sn9kw7c3RHt9Bry3sXzEurySuWHln8je8k5DYSAGRI%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 167 KB
55 KB 167ms
63ms Script
text/javascript 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-4062866992167421

Requested by

Host: ikincieltanoto.com
URL: https://ikincieltanoto.com/underworld-6-will-it-happen

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

24bd212c6a353bd91d062e4a24b28e7c1e604b4fdc2a9e1d631cd4887a6b11c7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ikincieltanoto.com/
Origin: https://ikincieltanoto.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.68 Safari/537.36

Response headers

date: Fri, 28 Oct 2022 02:08:09 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 55293
x-xss-protection: 0
server: cafe
etag: 4160689838434531655
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Fri, 28 Oct 2022 02:08:09 GMT

GET
H2 200 css
fonts.googleapis.com/ 5 KB
1 KB 127ms
47ms Stylesheet
text/css 2a00:1450:4001:829::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Nunito+Sans:700%7CNunito:300,600

Requested by

Host: ikincieltanoto.com
URL: https://ikincieltanoto.com/underworld-6-will-it-happen

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

36d8646a0113bb1c559fb31b51e781641d6f284ab6dceea368c8edeac862ed7c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ikincieltanoto.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.68 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Fri, 28 Oct 2022 02:08:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Fri, 28 Oct 2022 02:08:09 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Fri, 28 Oct 2022 02:08:09 GMT

GET
H2 200 bootstrap.min.css
ikincieltanoto.com/template/css/ 118 KB
20 KB 31ms
30ms Stylesheet
text/css 2606:4700:3035::ac43:cc26
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ikincieltanoto.com/template/css/bootstrap.min.css
Requested by: Host: ikincieltanoto.com
URL: https://ikincieltanoto.com/underworld-6-will-it-happen
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3035::ac43:cc26 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f75e846cc83bd11432f4b1e21a45f31bc85283d11d372f7b19accd1bf6a2635c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ikincieltanoto.com/underworld-6-will-it-happen
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.68 Safari/537.36

Response headers

date: Fri, 28 Oct 2022 02:08:09 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 59217
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Mon, 25 Jul 2016 12:53:28 GMT
server: cloudflare
etag: W/"57960bc8-1d970"
vary: Accept-Encoding
access-control-allow-methods: *
content-type: text/css
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=iOTmOsObNkPwpDXPzwKYQcleOMC4i%2BMyZ7PrsBl6IShe00CvekjAHbOcrwakKp%2BOFAw3z41YFeFGckHODdXOsLsiQE4TTJs6e8YcAvn6aggFoHFfTENltngsLKtL67KcwAcqY3ZRExGGxw4oUPIfZJs%3D"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=2592000
cf-ray: 76101f3c683692a7-FRA
expires: Sat, 26 Nov 2022 09:41:12 GMT

GET
H2 200 font-awesome.min.css
ikincieltanoto.com/template/css/ 30 KB
7 KB 32ms
31ms Stylesheet
text/css 2606:4700:3035::ac43:cc26
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ikincieltanoto.com/template/css/font-awesome.min.css
Requested by: Host: ikincieltanoto.com
URL: https://ikincieltanoto.com/underworld-6-will-it-happen
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3035::ac43:cc26 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ikincieltanoto.com/underworld-6-will-it-happen
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.68 Safari/537.36

Response headers

date: Fri, 28 Oct 2022 02:08:09 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 534115
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Thu, 22 Dec 2016 12:50:34 GMT
server: cloudflare
etag: W/"585bcc1a-7918"
vary: Accept-Encoding
access-control-allow-methods: *
content-type: text/css
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NJrcDoETxuUVzdZYhPId9zt%2FJqyhrW1ad1qwf44%2FKRG5b878J5GIwvLFX28%2BG4rxBXWUms%2BJniG5vUVhEw3Q0Aoo0tu3iiIobaOfKkJYVwVF2NTGa47C7b3D8DCRsFmhEKvbmiKkzf859SM4FFcjb58%3D"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=2592000
cf-ray: 76101f3c683a92a7-FRA
expires: Sun, 20 Nov 2022 21:46:14 GMT

GET
H2 200 style.css
ikincieltanoto.com/template/css/ 14 KB
3 KB 31ms
31ms Stylesheet
text/css 2606:4700:3035::ac43:cc26
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ikincieltanoto.com/template/css/style.css
Requested by: Host: ikincieltanoto.com
URL: https://ikincieltanoto.com/underworld-6-will-it-happen
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3035::ac43:cc26 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 529907ad6e2a3c17ef780a13d550a2fae51b89bd95c8d40b98bda94c054ceb6a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ikincieltanoto.com/underworld-6-will-it-happen
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.68 Safari/537.36

Response headers

date: Fri, 28 Oct 2022 02:08:09 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 534115
cf-polished: origSize=22084
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-bgj: minify
last-modified: Tue, 05 Oct 2021 14:56:43 GMT
server: cloudflare
etag: W/"615c67ab-5644"
vary: Accept-Encoding
access-control-allow-methods: *
content-type: text/css
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DwcwQdLfcXyx6XSl9NofHT9fDSfanhZAAQYWQA3kdqqT54BKpJ1aI2m5vkAHVqJ79xtxS6eT7ajSySODjDmsGPvfzaiYiV6pFRw%2BWt1O%2Bvo9R%2Fb76qzx8SEwB4kA3zKkVQbGWpF4hHV%2FAj8tMuOgp4c%3D"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=2592000
cf-ray: 76101f3c683d92a7-FRA
expires: Sun, 20 Nov 2022 21:46:14 GMT

GET
H2 200 / Show response
dr6.biz/ 14 KB
15 KB 65ms
21ms Script
application/javascript 185.177.92.30
ADVANCEDHOSTERS-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://dr6.biz/?te=he4tgmrwmm5ha3ddf42tamzz

Requested by

Host: ikincieltanoto.com
URL: https://ikincieltanoto.com/underworld-6-will-it-happen

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

185.177.92.30 Amsterdam, Netherlands, ASN39572 (ADVANCEDHOSTERS-AS, NL),

Reverse DNS

ip-185-177-92-30.ah-server.com

Software

nginx /

Resource Hash

14a94b80df7e34f355cd2a8458025cee298be841611de184fbe463ca70b9dda8

Security Headers

Name	Value
Content-Security-Policy	img-src https: data:; upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ikincieltanoto.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.68 Safari/537.36

Response headers

access-control-allow-origin: *
date: Fri, 28 Oct 2022 02:08:09 GMT
strict-transport-security: max-age=31536000
content-security-policy: img-src https: data:; upgrade-insecure-requests
server: nginx
content-type: application/javascript; charset=UTF-8

GET
H2 200 plugin.min.js Show response
get.optad360.io/sf/e0f4023d-1f54-4786-94e7-bff2e058d23f/ 395 KB
97 KB 60ms
9ms Script
application/javascript 2600:9000:206f:1000:11:a4de:2580:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://get.optad360.io/sf/e0f4023d-1f54-4786-94e7-bff2e058d23f/plugin.min.js
Requested by: Host: ikincieltanoto.com
URL: https://ikincieltanoto.com/underworld-6-will-it-happen
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:206f:1000:11:a4de:2580:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: ebf7b463e2889acb14a10275820b649cd94854066e8a29dc2cbdccba50c7add7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ikincieltanoto.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.68 Safari/537.36

Response headers

date: Fri, 28 Oct 2022 01:23:38 GMT
content-encoding: gzip
via: 1.1 c2b4a332b09677da722930ae336c8bfc.cloudfront.net (CloudFront)
last-modified: Wed, 21 Sep 2022 14:33:05 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-C1
age: 2672
etag: W/"b8fbab6bd585d83e0bdd53d43c8aa0aa"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: public, max-age=3600
x-amz-cf-id: v07FVsIzWMHGXsZ-HKrQIzH5EGqk4f--UCjXYJQu42SDi_ie01r1Mg==

GET
H2 200 logo.png
ikincieltanoto.com/template/img/ 6 KB
6 KB 32ms
29ms Image
image/png 2606:4700:3035::ac43:cc26
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ikincieltanoto.com/template/img/logo.png
Requested by: Host: ikincieltanoto.com
URL: https://ikincieltanoto.com/underworld-6-will-it-happen
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3035::ac43:cc26 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e7eee0a1246a87e4ee7bda1b4b818b60e24e4b8fbc22d99cffba1124830020e9

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ikincieltanoto.com/underworld-6-will-it-happen
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.68 Safari/537.36

Response headers

date: Fri, 28 Oct 2022 02:08:09 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1576491
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 5907
last-modified: Fri, 01 Oct 2021 18:08:23 GMT
server: cloudflare
etag: "61574e97-1713"
vary: Accept-Encoding
access-control-allow-methods: *
content-type: image/png
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gbqlNgdDhmFKxsufxxl8W68jo3qT8bYvWq13%2FwDiFDcjzGYyCJFuygvwVgYw%2FhPHvZrDc4fnfGBOuU3eHsK0p1kHa6cH%2F5aBL8YlFVNmrAH%2Bt4oncdtcrEtNVnd23%2FzwIC9SpTEt592K58O24JM93xg%3D"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=2592000
accept-ranges: bytes
cf-ray: 76101f3c886c92a7-FRA
expires: Tue, 08 Nov 2022 20:13:18 GMT

GET
H2 200 nicole-kidman-reacts-her-viral-amc-advertisements-popularity.jpg
ikincieltanoto.com/img/movie-news/03/ 29 KB
30 KB 49ms
46ms Image
image/jpeg 2606:4700:3035::ac43:cc26
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ikincieltanoto.com/img/movie-news/03/nicole-kidman-reacts-her-viral-amc-advertisements-popularity.jpg
Requested by: Host: ikincieltanoto.com
URL: https://ikincieltanoto.com/underworld-6-will-it-happen
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3035::ac43:cc26 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 34f1b90656ebc5d7b516c949af959b7d23a32c8e5b30124eb45dea8f8008fe30

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ikincieltanoto.com/underworld-6-will-it-happen
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.68 Safari/537.36

Response headers

date: Fri, 28 Oct 2022 02:08:09 GMT
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 29851
last-modified: Fri, 29 Jul 2022 09:01:26 GMT
server: cloudflare
etag: "62e3a1e6-749b"
vary: Accept-Encoding
access-control-allow-methods: *
content-type: image/jpeg
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xqMHs1e9iBm2BrBN%2F415Wcx99YGmXaStyawxr2weEyFavUxzOFYmmeWCFxlwVpBq2V1dp5c14atooPzq%2F7nOukTPylHuYSwfLdQ3u5Y%2FiEuwN5lIxSZunJR4AJCzBUfaGDoadWxSK7NSgx1dmDmd8Bo%3D"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=2592000
accept-ranges: bytes
cf-ray: 76101f3c886e92a7-FRA
expires: Sun, 27 Nov 2022 02:08:09 GMT

GET
H2 200 all-spirits-thirteen-ghosts.jpg
ikincieltanoto.com/img/sr-originals/16/ 96 KB
96 KB 85ms
83ms Image
image/jpeg 2606:4700:3035::ac43:cc26
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ikincieltanoto.com/img/sr-originals/16/all-spirits-thirteen-ghosts.jpg
Requested by: Host: ikincieltanoto.com
URL: https://ikincieltanoto.com/underworld-6-will-it-happen
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3035::ac43:cc26 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 425a83873e83e72e8dc653478c3eff037f6e0a321c37c7f92ae46509cfcc8811

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ikincieltanoto.com/underworld-6-will-it-happen
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.68 Safari/537.36

Response headers

date: Fri, 28 Oct 2022 02:08:09 GMT
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 98129
last-modified: Thu, 28 Jul 2022 21:01:00 GMT
server: cloudflare
etag: "62e2f90c-17f51"
vary: Accept-Encoding
access-control-allow-methods: *
content-type: image/jpeg
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hbTYn%2Bk6jo2jA6EJg3e%2BUqecVGQAzkqsxCIeWHysIEs43FW9WViIxtOEx%2BtYC0RrLm4VkzhkajcBjvHmdS8VnAxy6Y7yZqoZOW%2FCBCppgTPpbMjCLaw7BiWGvXBMntpaHoTHqGYpH5tsZM35fRw8qFs%3D"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=2592000
accept-ranges: bytes
cf-ray: 76101f3c886f92a7-FRA
expires: Sun, 27 Nov 2022 02:08:09 GMT

GET
H2 200 10-best-movies-2017.jpg
ikincieltanoto.com/img/lists/27/ 55 KB
55 KB 58ms
56ms Image
image/jpeg 2606:4700:3035::ac43:cc26
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ikincieltanoto.com/img/lists/27/10-best-movies-2017.jpg
Requested by: Host: ikincieltanoto.com
URL: https://ikincieltanoto.com/underworld-6-will-it-happen
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3035::ac43:cc26 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a35ab5b5f364043f65cdffe2fd54a8821cde714f4f2c948e2b27d68bd60cfbc4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ikincieltanoto.com/underworld-6-will-it-happen
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.68 Safari/537.36

Response headers

date: Fri, 28 Oct 2022 02:08:09 GMT
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 55846
last-modified: Fri, 29 Jul 2022 18:13:36 GMT
server: cloudflare
etag: "62e42350-da26"
vary: Accept-Encoding
access-control-allow-methods: *
content-type: image/jpeg
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9VesXnxITO6eHhChkC1hyrmzRHWIK%2B4OYqyxUA6DD91Pk%2BThyy4VdPnnLg0gYAD1fGzGyCjqYLEXtVps7E3WqDqB5epaVPQBqBo90Wl7KsIiyIbYd45ijuho7nthwTdGmr9O7HkXbma6kTGnNzlYa7Y%3D"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=2592000
accept-ranges: bytes
cf-ray: 76101f3c887092a7-FRA
expires: Sun, 27 Nov 2022 02:08:09 GMT

GET
H2 200 underworld-6-will-it-happen.jpg
ikincieltanoto.com/img//horror/50/ 42 KB
43 KB 57ms
54ms Image
image/jpeg 2606:4700:3035::ac43:cc26
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ikincieltanoto.com/img//horror/50/underworld-6-will-it-happen.jpg
Requested by: Host: ikincieltanoto.com
URL: https://ikincieltanoto.com/underworld-6-will-it-happen
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3035::ac43:cc26 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d68f4f6e5cc51e2d536b511b45009d80afa4c8160cfd3690c2a7f67ece53e52c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ikincieltanoto.com/underworld-6-will-it-happen
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.68 Safari/537.36

Response headers

date: Fri, 28 Oct 2022 02:08:09 GMT
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 43440
last-modified: Fri, 29 Jul 2022 09:48:30 GMT
server: cloudflare
etag: "62e3acee-a9b0"
vary: Accept-Encoding
access-control-allow-methods: *
content-type: image/jpeg
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xup%2FwVDcklJCSWVchHJToOZlfolPm1LySWV9XXmwrh%2FNhR4QzwInNnGM728colyoQDR2xiHlH%2BLcBkSUaIQKPrQ59GqPGG8%2BjxZQk4%2BB8DJzkFQmuMdw9NSNCpRtAFZpMf%2F9QbF5Q4udVIi8sN%2FKEnU%3D"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=2592000
accept-ranges: bytes
cf-ray: 76101f3c887192a7-FRA
expires: Sun, 27 Nov 2022 02:08:09 GMT

GET
H2 200 underworld-6-will-it-happen-2.jpg
ikincieltanoto.com/img//horror/50/ 58 KB
59 KB 65ms
63ms Image
image/jpeg 2606:4700:3035::ac43:cc26
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ikincieltanoto.com/img//horror/50/underworld-6-will-it-happen-2.jpg
Requested by: Host: ikincieltanoto.com
URL: https://ikincieltanoto.com/underworld-6-will-it-happen
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3035::ac43:cc26 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 375e44f78ea18060feee23bbc2780464de6879cc7ff8fa46c76bc3fe77e95c4a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ikincieltanoto.com/underworld-6-will-it-happen
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.68 Safari/537.36

Response headers

date: Fri, 28 Oct 2022 02:08:09 GMT
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 59697
last-modified: Fri, 29 Jul 2022 09:48:30 GMT
server: cloudflare
etag: "62e3acee-e931"
vary: Accept-Encoding
access-control-allow-methods: *
content-type: image/jpeg
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=66LnyjeYHPHOvgRpyABaVOBldKlKWwIm8gV5eCMJngjBPZLUWg0WDj%2B7JlZBuFe5UHS3lIhKW2kry1eyGda%2FvuClgmkMSdz4xThzfRDrwcPA315UI6k%2FdvLfaVZibnPA0KK1WaVeuqYOHpSrTRwUKPo%3D"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=2592000
accept-ranges: bytes
cf-ray: 76101f3c887392a7-FRA
expires: Sun, 27 Nov 2022 02:08:09 GMT

GET
H2 200 underworld-6-will-it-happen-3.jpg
ikincieltanoto.com/img//horror/50/ 56 KB
56 KB 65ms
63ms Image
image/jpeg 2606:4700:3035::ac43:cc26
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ikincieltanoto.com/img//horror/50/underworld-6-will-it-happen-3.jpg
Requested by: Host: ikincieltanoto.com
URL: https://ikincieltanoto.com/underworld-6-will-it-happen
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3035::ac43:cc26 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2199788167cb7ebb99af4e01a99551201baaa05492a9e31d5a03ffea292db2a4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ikincieltanoto.com/underworld-6-will-it-happen
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.68 Safari/537.36

Response headers

date: Fri, 28 Oct 2022 02:08:09 GMT
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 57225
last-modified: Fri, 29 Jul 2022 09:48:30 GMT
server: cloudflare
etag: "62e3acee-df89"
vary: Accept-Encoding
access-control-allow-methods: *
content-type: image/jpeg
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=c3SLtxYdGIZWvHbkZ73pUgZneBdydjKe0WYedrVKZyH5%2F2XlNfBtzUTtxzTG9ThbOFrXyk7h5UbcgJqIsoZ5xe3cQLRrhi3pg5%2BShQ%2Bbq3AFht2UwhCF1IyUx76WP4hVkq92hJYEvJFYCAddlnodrQY%3D"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=2592000
accept-ranges: bytes
cf-ray: 76101f3c887592a7-FRA
expires: Sun, 27 Nov 2022 02:08:09 GMT

GET
H2 200 hiccup-is-one-year-older-how-train-your-dragon.jpg
ikincieltanoto.com/img/sr-originals/20/ 42 KB
42 KB 89ms
87ms Image
image/jpeg 2606:4700:3035::ac43:cc26
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ikincieltanoto.com/img/sr-originals/20/hiccup-is-one-year-older-how-train-your-dragon.jpg
Requested by: Host: ikincieltanoto.com
URL: https://ikincieltanoto.com/underworld-6-will-it-happen
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3035::ac43:cc26 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 84a85c1ce63f1e17e3982561d6613e9052de76819c1b2d72010597ef75fbe3bf

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ikincieltanoto.com/underworld-6-will-it-happen
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.68 Safari/537.36

Response headers

date: Fri, 28 Oct 2022 02:08:09 GMT
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 42903
last-modified: Thu, 28 Jul 2022 22:21:28 GMT
server: cloudflare
etag: "62e30be8-a797"
vary: Accept-Encoding
access-control-allow-methods: *
content-type: image/jpeg
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Ka7UFNShYpWmrplnHuvOKinYiEosvp%2BvK48wo2a6NaWZ38OcZvs3a5iPK%2BoN4LV%2FABr0JAxVwdR%2BUwn9m2OXeSngOfNIjP%2BJcFgH6q16buty9tPytW0%2BJcwq8Z%2FEhggnRvT5lfijvH5iMsEOPNie7Vk%3D"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=2592000
accept-ranges: bytes
cf-ray: 76101f3c988192a7-FRA
expires: Sun, 27 Nov 2022 02:08:09 GMT

GET
H2 200 25-crazy-details-behind-making-sleepy-hollow.jpg
ikincieltanoto.com/img/lists/84/ 57 KB
57 KB 81ms
79ms Image
image/jpeg 2606:4700:3035::ac43:cc26
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ikincieltanoto.com/img/lists/84/25-crazy-details-behind-making-sleepy-hollow.jpg
Requested by: Host: ikincieltanoto.com
URL: https://ikincieltanoto.com/underworld-6-will-it-happen
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3035::ac43:cc26 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 68b6a889d67a3c06eab386055a129f6f585fbcfd9ef1ec7383eb9fe3b55e3bbc

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ikincieltanoto.com/underworld-6-will-it-happen
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.68 Safari/537.36

Response headers

date: Fri, 28 Oct 2022 02:08:09 GMT
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 58373
last-modified: Fri, 29 Jul 2022 19:40:30 GMT
server: cloudflare
etag: "62e437ae-e405"
vary: Accept-Encoding
access-control-allow-methods: *
content-type: image/jpeg
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nJcar5X3lqX1yj1mw0tbSh00HrkqXJYKyUMIGIcCVbg0dFT9YOr3TkhYRha6pKFAeXPLOX0enyCLSAAfBmtpZmAq%2BgMPOGq795LAWb%2FfaTQY6tHQf4CKEDPspUJHunBu0%2BjjQAIAvA6U13bxiJP4pMU%3D"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=2592000
accept-ranges: bytes
cf-ray: 76101f3c988492a7-FRA
expires: Sun, 27 Nov 2022 02:08:09 GMT

GET
H2 200 best-d-d-ranger-subclasses.jpg
ikincieltanoto.com/img/game-features/06/ 52 KB
52 KB 85ms
83ms Image
image/jpeg 2606:4700:3035::ac43:cc26
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ikincieltanoto.com/img/game-features/06/best-d-d-ranger-subclasses.jpg
Requested by: Host: ikincieltanoto.com
URL: https://ikincieltanoto.com/underworld-6-will-it-happen
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3035::ac43:cc26 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7a1265329bae20f5eeac1827256ff2a6d4e7198f89f945776e78957fc6d0fa01

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ikincieltanoto.com/underworld-6-will-it-happen
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.68 Safari/537.36

Response headers

date: Fri, 28 Oct 2022 02:08:09 GMT
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 52881
last-modified: Sat, 30 Jul 2022 07:05:26 GMT
server: cloudflare
etag: "62e4d836-ce91"
vary: Accept-Encoding
access-control-allow-methods: *
content-type: image/jpeg
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7dAYwrCJP7%2Fc4N5LP%2FVf2jeTkJUsWQcg2H5f4trhBtj51%2BZYTg2z3qkOl8purvuXCN5r%2FLCrOXw0qgD9iTPnx9qyq8CxcTlFRY6EpF%2FZQTMSL0K8kKsNZP%2FxmwcCQCPAkXgPp6Savw3dTx8py%2FB%2Bblc%3D"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=2592000
accept-ranges: bytes
cf-ray: 76101f3c988892a7-FRA
expires: Sun, 27 Nov 2022 02:08:09 GMT

GET
H2 200 fallout-4-far-harbor-complete-guide-best-left-forgotten.jpg
ikincieltanoto.com/img/lists/91/ 40 KB
40 KB 65ms
64ms Image
image/jpeg 2606:4700:3035::ac43:cc26
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ikincieltanoto.com/img/lists/91/fallout-4-far-harbor-complete-guide-best-left-forgotten.jpg
Requested by: Host: ikincieltanoto.com
URL: https://ikincieltanoto.com/underworld-6-will-it-happen
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3035::ac43:cc26 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6daf6dde869847e8df9c39234c8bab02fcffac9d4bfc9558df13bda9b151ecc1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ikincieltanoto.com/underworld-6-will-it-happen
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.68 Safari/537.36

Response headers

date: Fri, 28 Oct 2022 02:08:09 GMT
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 40525
last-modified: Fri, 29 Jul 2022 20:34:18 GMT
server: cloudflare
etag: "62e4444a-9e4d"
vary: Accept-Encoding
access-control-allow-methods: *
content-type: image/jpeg
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9KJHF3oYmxBOnXOOI%2BzvGUAJgcNtX%2FPlR7bp9T5bGiEZHbG3lUbHqPOGgs%2BB7GBO%2FJ2xg7C5mOAyVKYHq0vLdGoUeAa72qb35fjw%2Fy42i1r4iYpM7V4uVf0aEP0xe6BeKLg9HiFgvKpy1mlpBAjbFh4%3D"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=2592000
accept-ranges: bytes
cf-ray: 76101f3c988a92a7-FRA
expires: Sun, 27 Nov 2022 02:08:09 GMT

GET
H2 200 watch-first-10-minutes-spider-man.jpg
ikincieltanoto.com/img/movie-news/21/ 27 KB
27 KB 72ms
70ms Image
image/jpeg 2606:4700:3035::ac43:cc26
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ikincieltanoto.com/img/movie-news/21/watch-first-10-minutes-spider-man.jpg
Requested by: Host: ikincieltanoto.com
URL: https://ikincieltanoto.com/underworld-6-will-it-happen
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3035::ac43:cc26 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 35dbd6dbf241d5d40c606464098ab9159235be5deef1fa4421f7d584412c7c57

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ikincieltanoto.com/underworld-6-will-it-happen
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.68 Safari/537.36

Response headers

date: Fri, 28 Oct 2022 02:08:09 GMT
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 27489
last-modified: Fri, 29 Jul 2022 09:09:16 GMT
server: cloudflare
etag: "62e3a3bc-6b61"
vary: Accept-Encoding
access-control-allow-methods: *
content-type: image/jpeg
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wLIZzz6i9GABoNFBV7VqLSpjzbqt3%2F%2FgMssiIfTHswcqVLmvL4r%2FiLqN2LOu%2FPVTOLx%2BsybmaOVyQJnQ2U3V5DATE5xYJsM8W1poWsHfXuU5u2xynAHJxApVOxmfXRRELJP%2Bs8dyAN3yC2fBL90ZqTA%3D"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=2592000
accept-ranges: bytes
cf-ray: 76101f3c988d92a7-FRA
expires: Sun, 27 Nov 2022 02:08:09 GMT

GET
H2 200 15-greatest-power-rangers-rip-offs.jpg
ikincieltanoto.com/img/lists/35/ 74 KB
74 KB 72ms
71ms Image
image/jpeg 2606:4700:3035::ac43:cc26
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ikincieltanoto.com/img/lists/35/15-greatest-power-rangers-rip-offs.jpg
Requested by: Host: ikincieltanoto.com
URL: https://ikincieltanoto.com/underworld-6-will-it-happen
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3035::ac43:cc26 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: bf53b175405b4d81a5dbdd41dfa3811a86d504adee53fefeb3d4bf9eafbb1e5f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ikincieltanoto.com/underworld-6-will-it-happen
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.68 Safari/537.36

Response headers

date: Fri, 28 Oct 2022 02:08:09 GMT
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 75363
last-modified: Fri, 29 Jul 2022 19:07:36 GMT
server: cloudflare
etag: "62e42ff8-12663"
vary: Accept-Encoding
access-control-allow-methods: *
content-type: image/jpeg
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UVvRlqjSystKb6njyOY6xKJIuRGNsHBoJMI%2B3g7kLJnur7Hn6tIvh%2BR9r5lc%2BdiDHJnNviOYFD96YWLaFtux3ZLZ6ii2LJ45tc1%2Fwe%2FciLzI9H4tit5In%2B5CuJdwErMexeNAIlSiEbKJWXoWimaIv4o%3D"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=2592000
accept-ranges: bytes
cf-ray: 76101f3c988f92a7-FRA
expires: Sun, 27 Nov 2022 02:08:09 GMT

GET
H2 200 jquery.min.js Show response
ikincieltanoto.com/template/js/ 84 KB
31 KB 44ms
40ms Script
application/javascript 2606:4700:3035::ac43:cc26
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ikincieltanoto.com/template/js/jquery.min.js
Requested by: Host: ikincieltanoto.com
URL: https://ikincieltanoto.com/underworld-6-will-it-happen
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3035::ac43:cc26 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b409c14a10b4caad6b54844aa63a5faf748b83eecc2dd0d4fb1d913f8de55365

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ikincieltanoto.com/underworld-6-will-it-happen
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.68 Safari/537.36

Response headers

date: Fri, 28 Oct 2022 02:08:09 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 59217
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Tue, 17 Jan 2017 12:41:56 GMT
server: cloudflare
etag: W/"587e1114-14e4e"
vary: Accept-Encoding
access-control-allow-methods: *
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jRJlnRQ9Wp9ajJWowtf7qSvba3Ks5B6LJKfUJywbIrHK%2B9wJXNPCtkB6LQnXpjPCwCgwtuVYgWm%2BUzNrXwG3ldZzKNpJzb8takZ%2FiaP2AiI1BmKYwhxfgC47XGNrn3JOrXalEfFscgaiW4O0Ob62lpU%3D"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=2592000
cf-ray: 76101f3c886492a7-FRA
expires: Sat, 26 Nov 2022 09:41:12 GMT

GET
H2 200 bootstrap.min.js Show response
ikincieltanoto.com/template/js/ 36 KB
10 KB 35ms
31ms Script
application/javascript 2606:4700:3035::ac43:cc26
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ikincieltanoto.com/template/js/bootstrap.min.js
Requested by: Host: ikincieltanoto.com
URL: https://ikincieltanoto.com/underworld-6-will-it-happen
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3035::ac43:cc26 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 53964478a7c634e8dad34ecc303dd8048d00dce4993906de1bacf67f663486ef

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ikincieltanoto.com/underworld-6-will-it-happen
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.68 Safari/537.36

Response headers

date: Fri, 28 Oct 2022 02:08:09 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 59217
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Mon, 25 Jul 2016 12:53:30 GMT
server: cloudflare
etag: W/"57960bca-90b5"
vary: Accept-Encoding
access-control-allow-methods: *
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lkesrfq1F%2BdfcdkCG17Yu4FZBiqNJrc9Sd8JdM2m06K6guwZIeVotPYVQ2T690IRJuGJmQQCnHvC8tRE6z5SVEulOM%2FeTKsJIKNO37p0fIqHeTSYzs7gz7DfJ18A%2Fu%2Faaw492I07ImINS6Gy4JXxTDY%3D"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=2592000
cf-ray: 76101f3c886792a7-FRA
expires: Sat, 26 Nov 2022 09:41:12 GMT

GET
H2 200 main.js Show response
ikincieltanoto.com/template/js/ 2 KB
970 B 26ms
23ms Script
application/javascript 2606:4700:3035::ac43:cc26
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ikincieltanoto.com/template/js/main.js
Requested by: Host: ikincieltanoto.com
URL: https://ikincieltanoto.com/underworld-6-will-it-happen
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3035::ac43:cc26 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 577da1c6310d12414245f85829a25f193a56aa6a83033a235dfdfddfe5f2d15a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ikincieltanoto.com/underworld-6-will-it-happen
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.68 Safari/537.36

Response headers

date: Fri, 28 Oct 2022 02:08:09 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 59217
cf-polished: origSize=2427
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-bgj: minify
last-modified: Sat, 14 Apr 2018 15:11:30 GMT
server: cloudflare
etag: W/"5ad21a22-97b"
vary: Accept-Encoding
access-control-allow-methods: *
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZpxrC68%2F3u0cwX6FSzkWlewT%2BMtq1irY%2FmhJp9%2BgS66jfNvfDeoebkXaRkYnS5mbW4cXOhdxxGSQBIkamzuTkdrtBDTausEej5cjdhLaAogzB74JJ9scSSdfORSeeVWXDnnK7bMa5psF8jNjWYoblpc%3D"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=2592000
cf-ray: 76101f3c886892a7-FRA
expires: Sat, 26 Nov 2022 09:41:12 GMT

GET
H3

200

ab12745d93c5.js Show response
www.instagram.com/static/bundles/es6/EmbedSDK.js/
Redirect Chain

https://www.instagram.com/embed.js
https://www.instagram.com/static/bundles/es6/EmbedSDK.js/ab12745d93c5.js

15 KB
5 KB

21ms
10ms

Script
text/javascript

2a03:2880:f21c:81e5:face:b00c:0:4420
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL: https://www.instagram.com/static/bundles/es6/EmbedSDK.js/ab12745d93c5.js
Requested by: Host: ikincieltanoto.com
URL: https://ikincieltanoto.com/underworld-6-will-it-happen
Protocol: H3
Server: 2a03:2880:f21c:81e5:face:b00c:0:4420 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software: /
Resource Hash: 2a04fa46b4ebc4bb2c93126695f45b0acf711870e1f169bb95247592c28c24a8

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ikincieltanoto.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.68 Safari/537.36

Response headers

date: Wed, 26 Oct 2022 22:57:10 GMT
content-encoding: br
etag: "ab12745d93c5"
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
edge-control: max-age=1209600, no-transform
cache-control: public,max-age=31536000,immutable
cross-origin-resource-policy: cross-origin
content-length: 4843
priority: u=3,i

Redirect headers

date: Fri, 28 Oct 2022 02:08:09 GMT
x-fb-trip-id: 1679558926
x-ig-origin-region: odn
content-type: text/html; charset=utf-8
location: https://www.instagram.com/static/bundles/es6/EmbedSDK.js/ab12745d93c5.js
cache-control: max-age=21600
alt-svc: h3=":443"; ma=86400
content-length: 0

GET
H3 200 underworld-6-will-it-happen.jpg
ikincieltanoto.com/img/horror/50/ 42 KB
43 KB 62ms
61ms Image
image/jpeg 2606:4700:3035::ac43:cc26
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ikincieltanoto.com/img/horror/50/underworld-6-will-it-happen.jpg
Requested by: Host: ikincieltanoto.com
URL: https://ikincieltanoto.com/underworld-6-will-it-happen
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3035::ac43:cc26 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d68f4f6e5cc51e2d536b511b45009d80afa4c8160cfd3690c2a7f67ece53e52c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ikincieltanoto.com/underworld-6-will-it-happen
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.68 Safari/537.36

Response headers

date: Fri, 28 Oct 2022 02:08:09 GMT
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 43440
last-modified: Fri, 29 Jul 2022 09:48:30 GMT
server: cloudflare
etag: "62e3acee-a9b0"
vary: Accept-Encoding
access-control-allow-methods: *
content-type: image/jpeg
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jk%2F81H74bJ%2FpMHIcnU7YUYbdbpy1HjH0dYDl5prtzmj1d%2BvK655sLwfG%2BKdbFEKzF4NRNkIkBzf8cPi1oxWnHjTFP2SWVzFs1OwsJAeyapPYu1Q5h4rUx7nJF99z2zyGfoC8e8oT%2FOU37btAAUkchxo%3D"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=2592000
accept-ranges: bytes
cf-ray: 76101f3d48b98fdd-FRA
expires: Sun, 27 Nov 2022 02:08:09 GMT

GET
H2 200 XRXV3I6Li01BKofINeaB.woff2
fonts.gstatic.com/s/nunito/v25/ 35 KB
35 KB 241ms
105ms Font
font/woff2 2a00:1450:4001:82f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/nunito/v25/XRXV3I6Li01BKofINeaB.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Nunito+Sans:700%7CNunito:300,600

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

96217f1d27fb909f92b4a6b35a0d3d6775f2f0b4d136d27aee88547d3ed87357

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://ikincieltanoto.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.68 Safari/537.36

Response headers

date: Mon, 24 Oct 2022 21:06:31 GMT
x-content-type-options: nosniff
age: 277298
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35904
x-xss-protection: 0
last-modified: Mon, 18 Jul 2022 19:34:47 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 24 Oct 2023 21:06:31 GMT

GET
H3 200 fontawesome-webfont.woff2
ikincieltanoto.com/template/fonts/ 75 KB
76 KB 46ms
45ms Font
application/octet-stream 2606:4700:3035::ac43:cc26
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ikincieltanoto.com/template/fonts/fontawesome-webfont.woff2?v=4.7.0
Requested by: Host: ikincieltanoto.com
URL: https://ikincieltanoto.com/template/css/font-awesome.min.css
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3035::ac43:cc26 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe

Request headers

Referer: https://ikincieltanoto.com/template/css/font-awesome.min.css
Origin: https://ikincieltanoto.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.68 Safari/537.36

Response headers

date: Fri, 28 Oct 2022 02:08:09 GMT
cf-cache-status: REVALIDATED
last-modified: Thu, 22 Dec 2016 12:50:34 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: "585bcc1a-12d68"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=plVy0IHqWbrm4Xd219Pv%2BoA%2B018bDbV0WN4NW0ORD2wPfmhLgL9gggUPiPDk8gZwq5CcX3si1nZyJcph3231GuWCajFIyZD%2BdF0DZsSh8h4ds%2BauAOY%2Boyl5T6dbka2hsy45u%2F08WgIOMdWWP4oT1L0%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/octet-stream
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 76101f3d48bd8fdd-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 77160

GET
H2 200 pe03MImSLYBIv1o4X1M8cc8GBs5tU1E.woff2
fonts.gstatic.com/s/nunitosans/v12/ 17 KB
17 KB 172ms
36ms Font
font/woff2 2a00:1450:4001:82f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/nunitosans/v12/pe03MImSLYBIv1o4X1M8cc8GBs5tU1E.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Nunito+Sans:700%7CNunito:300,600

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

280aaa8929329764ac3213ca093c63505cfcc665347939c79905c426d33867c5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://ikincieltanoto.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.68 Safari/537.36

Response headers

date: Mon, 24 Oct 2022 15:04:57 GMT
x-content-type-options: nosniff
age: 298992
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 17116
x-xss-protection: 0
last-modified: Mon, 09 May 2022 18:31:19 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 24 Oct 2023 15:04:57 GMT

GET
H2 200 XRXV3I6Li01BKofIO-aBXso.woff2
fonts.gstatic.com/s/nunito/v25/ 32 KB
32 KB 176ms
47ms Font
font/woff2 2a00:1450:4001:82f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/nunito/v25/XRXV3I6Li01BKofIO-aBXso.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Nunito+Sans:700%7CNunito:300,600

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

89def7428656f40331c1430ee1dc1846ed1e30d7001707b548f9f816d27264a5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://ikincieltanoto.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.68 Safari/537.36

Response headers

date: Thu, 27 Oct 2022 00:12:33 GMT
x-content-type-options: nosniff
age: 93336
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 32720
x-xss-protection: 0
last-modified: Mon, 18 Jul 2022 19:31:31 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 27 Oct 2023 00:12:33 GMT

GET
H2 200 pe03MImSLYBIv1o4X1M8cc8GBs5jU1EQVg.woff2
fonts.gstatic.com/s/nunitosans/v12/ 16 KB
16 KB 212ms
90ms Font
font/woff2 2a00:1450:4001:82f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/nunitosans/v12/pe03MImSLYBIv1o4X1M8cc8GBs5jU1EQVg.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Nunito+Sans:700%7CNunito:300,600

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e7021c8b706ce1e983eb3ed989326f1213698229b555b851d1134d14022ebab0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://ikincieltanoto.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.68 Safari/537.36

Response headers

date: Mon, 24 Oct 2022 16:38:45 GMT
x-content-type-options: nosniff
age: 293364
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16244
x-xss-protection: 0
last-modified: Mon, 09 May 2022 18:31:22 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 24 Oct 2023 16:38:45 GMT

GET
H2 200 qv_ApCi4J8s Show response
www.youtube.com/embed/ Frame E107 69 KB
29 KB 190ms
101ms Document
text/html 2a00:1450:4001:806::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/embed/qv_ApCi4J8s?modestbranding=1

Requested by

Host: ikincieltanoto.com
URL: https://ikincieltanoto.com/underworld-6-will-it-happen

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

955568f35d7cf03a9ebc781f30932f01a7ebfe30c2e61689b4d82679a14b2348

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ikincieltanoto.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.68 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-encoding: br
content-type: text/html; charset=utf-8
cross-origin-opener-policy-report-only: same-origin; report-to="youtube_main"
date: Fri, 28 Oct 2022 02:08:10 GMT
expires: Mon, 01 Jan 1990 00:00:00 GMT
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=de for more info."
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
pragma: no-cache
report-to: {"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
server: ESF
strict-transport-security: max-age=31536000
vary: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 show_ads_impl_with_ama_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202210170101/ 353 KB
116 KB 140ms
67ms Script
text/javascript 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202210170101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-4062866992167421&plah=ikincieltanoto.com

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-4062866992167421

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

cba742853cd1aef8a27ddac9041733e212c07e9dcfbf8ab9da7c22f97972d1c6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ikincieltanoto.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.68 Safari/537.36

Response headers

date: Fri, 28 Oct 2022 02:08:09 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 118751
x-xss-protection: 0
server: cafe
etag: 693764673414340462
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Fri, 28 Oct 2022 02:08:09 GMT

GET
H2 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20221026/r20190131/ Frame 666A 10 KB
5 KB 123ms
35ms Document
text/html 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20221026/r20190131/zrt_lookup.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-4062866992167421

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f7408c25067cd0a9d9fe835cb4c05e394a50751d3fcde0c461db19a309abb02a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ikincieltanoto.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.68 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 26985
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4270
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 27 Oct 2022 18:38:25 GMT
etag: 9671129459699598864
expires: Thu, 10 Nov 2022 18:38:25 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ 80 KB
27 KB 135ms
49ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: get.optad360.io
URL: https://get.optad360.io/sf/e0f4023d-1f54-4786-94e7-bff2e058d23f/plugin.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7b3ff9ffea119f693e24c728fa98623a8dfbe58a338b3b2d6b2e7391a93aa40a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ikincieltanoto.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.68 Safari/537.36

Response headers

date: Fri, 28 Oct 2022 02:08:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27416
x-xss-protection: 0
server: sffe
etag: "1376 / 784 of 1000 / last-modified: 1666908445"
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Fri, 28 Oct 2022 02:08:10 GMT

GET
H2 200 prebid5.14.0.js Show response
get.optad360.io/sf/ 460 KB
461 KB 11ms
11ms Script
application/javascript 2600:9000:206f:1000:11:a4de:2580:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://get.optad360.io/sf/prebid5.14.0.js
Requested by: Host: get.optad360.io
URL: https://get.optad360.io/sf/e0f4023d-1f54-4786-94e7-bff2e058d23f/plugin.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:206f:1000:11:a4de:2580:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 7109518959a6958168f639860050324f4f063fd1697f32677cf9d0180ab02453

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ikincieltanoto.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.68 Safari/537.36

Response headers

date: Tue, 29 Mar 2022 00:35:49 GMT
via: 1.1 c2b4a332b09677da722930ae336c8bfc.cloudfront.net (CloudFront)
last-modified: Thu, 23 Sep 2021 07:59:54 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-C1
age: 18408741
etag: "6dd0a13bde35d2daa452bba998871016"
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: public, max-age=360000000
accept-ranges: bytes
content-length: 471445
x-amz-cf-id: -vrxktsdJrWHErsCPv1gqJLbYMQ5o9aaIeLyLUg3-nNSvr5Sfe27pw==

OPTIONS
H2 200 openrtb
adx.adform.net/adx/ Frame 0
0 104ms
26ms Preflight 37.157.3.30
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://adx.adform.net/adx/openrtb

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.3.30 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://ikincieltanoto.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.68 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
access-control-allow-methods: POST,OPTIONS
access-control-allow-origin: https://ikincieltanoto.com
access-control-max-age: 86400
allow: POST,OPTIONS
cache-control: no-cache, no-store, must-revalidate, no-transform
date: Fri, 28 Oct 2022 02:08:10 GMT
expires: -1
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
pragma: no-cache
server: nginx
strict-transport-security: max-age=31536000; includeSubDomains

OPTIONS
H2 200 openrtb
adx.adform.net/adx/ Frame 0
0 91ms
25ms Preflight 37.157.3.30
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://adx.adform.net/adx/openrtb

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.3.30 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://ikincieltanoto.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.68 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
access-control-allow-methods: POST,OPTIONS
access-control-allow-origin: https://ikincieltanoto.com
access-control-max-age: 86400
allow: POST,OPTIONS
cache-control: no-cache, no-store, must-revalidate, no-transform
date: Fri, 28 Oct 2022 02:08:10 GMT
expires: -1
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
pragma: no-cache
server: nginx
strict-transport-security: max-age=31536000; includeSubDomains

GET
H2 200 latest.json Show response
cdn.jsdelivr.net/gh/prebid/currency-file@1/ 2 KB
1 KB 56ms
23ms XHR
application/json 2606:4700::6810:5714
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/gh/prebid/currency-file@1/latest.json?date=20221028

Requested by

Host: get.optad360.io
URL: https://get.optad360.io/sf/prebid5.14.0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:5714 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7e667c6605e929d7ea78be2628f5bab68b49068479bfb0c60660be3a7b3d3dd2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://ikincieltanoto.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.68 Safari/537.36
Content-Type: text/plain

Response headers

date: Fri, 28 Oct 2022 02:08:10 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
age: 40032
x-jsd-version: 1.0.1506
x-cache: HIT, HIT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-served-by: cache-fra19153-FRA, cache-yyz4554-YYZ
x-jsd-version-type: version
server: cloudflare
etag: W/"664-Pvt1QvLtt88LPBfvGhSf5O3mvrk"
vary: Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=604800, s-maxage=43200
timing-allow-origin: *
cf-ray: 76101f3ea8debc04-FRA

GET
H2 200 localstore.js Show response
script.4dex.io/ 483 B
867 B 83ms
42ms Script
application/javascript 2606:4700:20::681a:9a9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://script.4dex.io/localstore.js
Requested by: Host: get.optad360.io
URL: https://get.optad360.io/sf/prebid5.14.0.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:9a9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e8fe64429e5900c16c7f8dd7861704e2f4d38e00cbb16bc18820b46d92461389

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ikincieltanoto.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.68 Safari/537.36

Response headers

date: Fri, 28 Oct 2022 02:08:10 GMT
x-amz-version-id: 1666365882701197
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-request-id: tx36ec54edbeb74121a0ef5-006352b9e9
age: 556961
x-amz-id-2: tx36ec54edbeb74121a0ef5-006352b9e9
last-modified: Fri, 21 Oct 2022 15:24:42 GMT
server: cloudflare
etag: W/"922cffdd75f7192f75231d92684885aa"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9EGMerLJkxFzNA22h2qVlQr9v086%2BRMF%2FfSsOIWrmJpZ%2FCFvwLXptn181xtgfS%2FlY3rv7lg8irn211luITuFw8FwoMr6iNUzV0W3UUDU9K32WOTLcSfPuD6vSRcRvee3z8Egm9gziVLMSSB5"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=1800
cf-ray: 76101f3ebda692a2-FRA

POST
H2 204 c Show response
prebid.a-mo.net/a/ 0
132 B 63ms
19ms XHR
text/plain 147.75.85.234
PACKET

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid.a-mo.net/a/c
Requested by: Host: get.optad360.io
URL: https://get.optad360.io/sf/prebid5.14.0.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 147.75.85.234 Schiphol, Netherlands, ASN54825 (PACKET, US),
Reverse DNS
Software: envoy /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://ikincieltanoto.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.68 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://ikincieltanoto.com
date: Fri, 28 Oct 2022 02:08:09 GMT
cache-control: max-age=0, private, must-revalidate
access-control-allow-credentials: true
x-envoy-upstream-service-time: 5
server: envoy
vary: origin, Accept-Encoding

POST
H2 200 openrtb Show response
adx.adform.net/adx/ 2 KB
2 KB 136ms
84ms XHR
application/json 37.157.3.30
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://adx.adform.net/adx/openrtb

Requested by

Host: get.optad360.io
URL: https://get.optad360.io/sf/prebid5.14.0.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.3.30 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

edf3124737205468d655adb7e78609ca0fe6bf163c44cbefb5d1f29ff2cdd37c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://ikincieltanoto.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.68 Safari/537.36
Content-Type: application/json

Response headers

pragma: no-cache
date: Fri, 28 Oct 2022 02:08:10 GMT
strict-transport-security: max-age=31536000; includeSubDomains
content-encoding: gzip
server: nginx
vary: Accept-Encoding
access-control-allow-methods: POST,OPTIONS
content-type: application/json
access-control-allow-origin: https://ikincieltanoto.com
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-max-age: 86400
access-control-allow-credentials: true
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
expires: -1

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ 48 B
745 B 33ms
7ms XHR
application/json 37.252.172.123
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: get.optad360.io
URL: https://get.optad360.io/sf/prebid5.14.0.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.172.123 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

868.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

983775b438c242df7cb0ceb87bd2582f96ff0d4e8043f822adf3a3e93261b9a8

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://ikincieltanoto.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.68 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Fri, 28 Oct 2022 02:08:10 GMT
AN-X-Request-Uuid: 5662d12a-0df6-45a0-8dfa-800354353c0c
Server: nginx/1.21.3
Content-Type: application/json; charset=utf-8
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://ikincieltanoto.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
X-Proxy-Origin: 185.213.155.162; 185.213.155.162; 868.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
Content-Length: 48
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H2 204 bids Show response
prebid-eu.creativecdn.com/bidder/prebid/ 0
180 B 59ms
17ms XHR
text/plain 185.184.8.90
RTB-HOUSE-AMS

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid-eu.creativecdn.com/bidder/prebid/bids
Requested by: Host: get.optad360.io
URL: https://get.optad360.io/sf/prebid5.14.0.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.184.8.90 Amsterdam, Netherlands, ASN204995 (RTB-HOUSE-AMS, PL),
Reverse DNS: ip-185-184-8-90.rtbhouse.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://ikincieltanoto.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.68 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://ikincieltanoto.com
date: Fri, 28 Oct 2022 02:08:10 GMT
access-control-allow-credentials: true
vary: Origin
access-control-max-age: 3600
access-control-allow-methods: POST

POST
H2 204 c Show response
prebid.a-mo.net/a/ 0
276 B 47ms
16ms XHR
text/plain 147.75.85.234
PACKET

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid.a-mo.net/a/c
Requested by: Host: get.optad360.io
URL: https://get.optad360.io/sf/prebid5.14.0.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 147.75.85.234 Schiphol, Netherlands, ASN54825 (PACKET, US),
Reverse DNS
Software: envoy /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://ikincieltanoto.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.68 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://ikincieltanoto.com
date: Fri, 28 Oct 2022 02:08:09 GMT
cache-control: max-age=0, private, must-revalidate
access-control-allow-credentials: true
x-envoy-upstream-service-time: 2
server: envoy
vary: origin, Accept-Encoding

POST
H2 204 bids Show response
prebid-eu.creativecdn.com/bidder/prebid/ 0
180 B 51ms
17ms XHR
text/plain 185.184.8.90
RTB-HOUSE-AMS

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid-eu.creativecdn.com/bidder/prebid/bids
Requested by: Host: get.optad360.io
URL: https://get.optad360.io/sf/prebid5.14.0.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.184.8.90 Amsterdam, Netherlands, ASN204995 (RTB-HOUSE-AMS, PL),
Reverse DNS: ip-185-184-8-90.rtbhouse.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://ikincieltanoto.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.68 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://ikincieltanoto.com
date: Fri, 28 Oct 2022 02:08:10 GMT
access-control-allow-credentials: true
vary: Origin
access-control-max-age: 3600
access-control-allow-methods: POST

POST
H2 200 openrtb Show response
adx.adform.net/adx/ 2 KB
2 KB 128ms
76ms XHR
application/json 37.157.3.30
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://adx.adform.net/adx/openrtb

Requested by

Host: get.optad360.io
URL: https://get.optad360.io/sf/prebid5.14.0.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.3.30 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

8af9b9a15f8b3bf89384d4b9852e69b6f3155c765c7844ea61ad2fa39a05b1e0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://ikincieltanoto.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.68 Safari/537.36
Content-Type: application/json

Response headers

pragma: no-cache
date: Fri, 28 Oct 2022 02:08:10 GMT
strict-transport-security: max-age=31536000; includeSubDomains
content-encoding: gzip
server: nginx
vary: Accept-Encoding
access-control-allow-methods: POST,OPTIONS
content-type: application/json
access-control-allow-origin: https://ikincieltanoto.com
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-max-age: 86400
access-control-allow-credentials: true
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
expires: -1

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ 48 B
745 B 20ms
7ms XHR
application/json 37.252.172.123
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: get.optad360.io
URL: https://get.optad360.io/sf/prebid5.14.0.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.172.123 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

868.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

983775b438c242df7cb0ceb87bd2582f96ff0d4e8043f822adf3a3e93261b9a8

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://ikincieltanoto.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.68 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Fri, 28 Oct 2022 02:08:10 GMT
AN-X-Request-Uuid: 560aa81c-0d9a-4485-967c-a5fd35a0f510
Server: nginx/1.21.3
Content-Type: application/json; charset=utf-8
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://ikincieltanoto.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
X-Proxy-Origin: 185.213.155.162; 185.213.155.162; 868.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
Content-Length: 48
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 adagio.js Show response
script.4dex.io/ 74 KB
23 KB 64ms
31ms Fetch
application/javascript 2606:4700:20::681a:9a9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://script.4dex.io/adagio.js
Requested by: Host: script.4dex.io
URL: https://script.4dex.io/localstore.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:9a9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ed87a83a9df154b61d76e8b9b53bb9d23db3eea194e66bca6b575e3e4f7a57bf

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ikincieltanoto.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.68 Safari/537.36

Response headers

date: Fri, 28 Oct 2022 02:08:10 GMT
x-amz-version-id: 1666365881812584
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-request-id: tx2dfb93ea88714f4885e76-006352ba46
age: 556868
x-amz-id-2: tx2dfb93ea88714f4885e76-006352ba46
last-modified: Fri, 21 Oct 2022 15:24:42 GMT
server: cloudflare
etag: W/"c56b6332dacf72f135afcd153ae22448"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lso49l1l5WHFuPW3wdPBvuKnVwt7Py3kUmZd%2F50OfTFCwSOSuuLlpqJT00iFEFgOt23JIbBvwdW%2FKpWFyVBTnkCsazxDMkFd8yhsFjmuTGRQ3KiC2fY9IA%2BfeXLh3kQX0ZB4aVPM2weX9kFs"}],"group":"cf-nel","max_age":604800}
cache-control: public, max-age=1800
access-control-allow-credentials: true
vary: Accept-Encoding
cf-ray: 76101f3f4c03bbd9-FRA
access-control-allow-headers: Authorization

GET
H3 200 pubads_impl_2022102501.js Show response
securepubads.g.doubleclick.net/gpt/ 378 KB
128 KB 118ms
39ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022102501.js?cb=31070592

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6e140393a5c564a0373f5af25fb31419454e956674534b4acee7822a5d1586b9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ikincieltanoto.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.68 Safari/537.36

Response headers

date: Thu, 27 Oct 2022 14:18:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 42588
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 130606
x-xss-protection: 0
last-modified: Tue, 25 Oct 2022 08:35:11 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Fri, 27 Oct 2023 14:18:22 GMT

GET
H3 200 ppub_config Show response
securepubads.g.doubleclick.net/pagead/ 81 B
100 B 126ms
47ms XHR
application/json 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/ppub_config?ippd=ikincieltanoto.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36e3553982da0c1e1e1982e81e9ed5fcfc19e0c3c355996c3a6a318afafa26bd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ikincieltanoto.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.68 Safari/537.36

Response headers

date: Fri, 28 Oct 2022 02:08:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private, max-age=3600, stale-while-revalidate=3600
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 75
x-xss-protection: 0
expires: Fri, 28 Oct 2022 02:08:10 GMT

GET
H3 200 www-player.css
www.youtube.com/s/player/19fc75cf/ Frame E107 359 KB
49 KB 110ms
37ms Stylesheet
text/css 2a00:1450:4001:806::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/19fc75cf/www-player.css

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/qv_ApCi4J8s?modestbranding=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

edbcd66789533fa7b2997c4b5c03a4df3042683b35384b0199fef3ad78554d2d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.youtube.com/embed/qv_ApCi4J8s?modestbranding=1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.68 Safari/537.36

Response headers

date: Thu, 27 Oct 2022 15:52:13 GMT
content-encoding: br
x-content-type-options: nosniff
age: 36957
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 49792
x-xss-protection: 0
last-modified: Thu, 27 Oct 2022 00:15:50 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: text/css
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Fri, 27 Oct 2023 15:52:13 GMT

GET
H2 200 cookie.js Show response
partner.googleadservices.com/gampad/ 403 B
472 B 47ms
47ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://partner.googleadservices.com/gampad/cookie.js?domain=ikincieltanoto.com&callback=_gfp_s_&client=ca-pub-4062866992167421&gpid_exp=1

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202210170101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-4062866992167421&plah=ikincieltanoto.com

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

19f3afc89be947784c0d016e41fd9d23b372564382315df1bbf07fda6ecc504e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ikincieltanoto.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.68 Safari/537.36

Response headers

date: Fri, 28 Oct 2022 02:08:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: text/javascript; charset=UTF-8
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 256
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
792 B 154ms
45ms Script
application/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=ikincieltanoto.com

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ikincieltanoto.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.68 Safari/537.36

Response headers

date: Fri, 28 Oct 2022 02:08:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
549 B 138ms
44ms Script
application/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=ikincieltanoto.com

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ikincieltanoto.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.68 Safari/537.36

Response headers

date: Fri, 28 Oct 2022 02:08:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
20 B 70ms
70ms Image
image/gif 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=ach_evt&url=https%3A%2F%2Fikincieltanoto.com%2Funderworld-6-will-it-happen&tn=DIV&id=nav-fixed&ign=false&pw=1600&ph=1200&x=0&y=0

Requested by

Host: ikincieltanoto.com
URL: https://ikincieltanoto.com/underworld-6-will-it-happen

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ikincieltanoto.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.68 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 28 Oct 2022 02:08:10 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 2BEA 0
19 B 175ms
97ms Document
text/html 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4062866992167421&output=html&adk=1812271804&adf=3025194257&lmt=1666922890&plat=2%3A16777216%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Fikincieltanoto.com%2Funderworld-6-will-it-happen&ea=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1666922889901&bpp=3&bdt=239&idt=243&shv=r20221026&mjsv=m202210170101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=2119938224332&frm=20&pv=2&ga_vid=130954958.1666922890&ga_sid=1666922890&ga_hid=1900210888&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C42531706%2C44773613%2C44770880%2C44775016&oid=2&pvsid=3905911433213624&tmod=1567112261&uas=0&nvt=1&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=261

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ikincieltanoto.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.68 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 28 Oct 2022 02:08:10 GMT
expires: Fri, 28 Oct 2022 02:08:10 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v18/ Frame E107 15 KB
15 KB 117ms
39ms Font
font/woff2 2a00:1450:4001:82f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/qv_ApCi4J8s?modestbranding=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.youtube.com/
Origin: https://www.youtube.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.68 Safari/537.36

Response headers

date: Tue, 25 Oct 2022 11:18:05 GMT
x-content-type-options: nosniff
age: 226205
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15344
x-xss-protection: 0
last-modified: Mon, 16 Oct 2017 17:32:55 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Wed, 25 Oct 2023 11:18:05 GMT

GET
H3 200 KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v18/ Frame E107 15 KB
15 KB 116ms
39ms Font
font/woff2 2a00:1450:4001:82f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/qv_ApCi4J8s?modestbranding=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.youtube.com/
Origin: https://www.youtube.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.68 Safari/537.36

Response headers

date: Tue, 25 Oct 2022 18:59:48 GMT
x-content-type-options: nosniff
age: 198502
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15552
x-xss-protection: 0
last-modified: Mon, 16 Oct 2017 17:33:02 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Wed, 25 Oct 2023 18:59:48 GMT

GET
H3 200 www-embed-player.js Show response
www.youtube.com/s/player/19fc75cf/www-embed-player.vflset/ Frame E107 306 KB
95 KB 131ms
90ms Script
text/javascript 2a00:1450:4001:806::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/19fc75cf/www-embed-player.vflset/www-embed-player.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/qv_ApCi4J8s?modestbranding=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

de0e3e13ac455201d77e111b8c417ddae1ea4689e4406203baaa78d0ff9532bf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.youtube.com/embed/qv_ApCi4J8s?modestbranding=1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.68 Safari/537.36

Response headers

date: Thu, 27 Oct 2022 15:52:13 GMT
content-encoding: br
x-content-type-options: nosniff
age: 36957
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 97474
x-xss-protection: 0
last-modified: Thu, 27 Oct 2022 00:15:50 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Fri, 27 Oct 2023 15:52:13 GMT

GET
H3 200 base.js Show response
www.youtube.com/s/player/19fc75cf/player_ias.vflset/de_DE/ Frame E107 2 MB
572 KB 117ms
76ms Script
text/javascript 2a00:1450:4001:806::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/19fc75cf/player_ias.vflset/de_DE/base.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/qv_ApCi4J8s?modestbranding=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f907e6f1bca25770d3ed520388aca640ae04c640a323f77e0e87c7c32cd3f024

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.youtube.com/embed/qv_ApCi4J8s?modestbranding=1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.68 Safari/537.36

Response headers

date: Thu, 27 Oct 2022 15:53:51 GMT
content-encoding: br
x-content-type-options: nosniff
age: 36859
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 586029
x-xss-protection: 0
last-modified: Thu, 27 Oct 2022 00:15:50 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Fri, 27 Oct 2023 15:53:51 GMT

GET
H3 200 fetch-polyfill.js Show response
www.youtube.com/s/player/19fc75cf/fetch-polyfill.vflset/ Frame E107 9 KB
3 KB 77ms
36ms Script
text/javascript 2a00:1450:4001:806::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/19fc75cf/fetch-polyfill.vflset/fetch-polyfill.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/qv_ApCi4J8s?modestbranding=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

498b3f2a0357fbd50a80eb18b23ab4b461b791d640e5560b799f08ed960748a9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.youtube.com/embed/qv_ApCi4J8s?modestbranding=1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.68 Safari/537.36

Response headers

date: Thu, 27 Oct 2022 15:52:13 GMT
content-encoding: br
x-content-type-options: nosniff
age: 36957
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2786
x-xss-protection: 0
last-modified: Thu, 27 Oct 2022 00:15:50 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Fri, 27 Oct 2023 15:52:13 GMT

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame E2A2 430 B
230 B 433ms
365ms Document
text/html 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4062866992167421&output=html&h=280&slotname=7923526086&adk=18142780&adf=927658256&pi=t.ma~as.7923526086&w=750&fwrn=4&fwrnh=100&lmt=1666922890&rafmt=1&format=750x280&url=https%3A%2F%2Fikincieltanoto.com%2Funderworld-6-will-it-happen&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1666922889904&bpp=2&bdt=242&idt=264&shv=r20221026&mjsv=m202210170101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=2119938224332&frm=20&pv=1&ga_vid=130954958.1666922890&ga_sid=1666922890&ga_hid=1900210888&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=230&ady=1631&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C42531706%2C44773613%2C44770880%2C44775016&oid=2&pvsid=3905911433213624&tmod=1567112261&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&btvi=1&fsb=1&xpc=tLY4pMfNWV&p=https%3A//ikincieltanoto.com&dtd=269

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

721a50808fd3fbf877a230a2154d325e313dbf7b54820f7811a50227f26430aa

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ikincieltanoto.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.68 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-encoding: br
content-length: 207
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 28 Oct 2022 02:08:10 GMT
expires: Fri, 28 Oct 2022 02:08:10 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
122 B 126ms
48ms Script
application/javascript 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=ikincieltanoto.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022102501.js?cb=31070592

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ikincieltanoto.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.68 Safari/537.36

Response headers

date: Fri, 28 Oct 2022 02:08:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
122 B 127ms
49ms Script
application/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=ikincieltanoto.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022102501.js?cb=31070592

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ikincieltanoto.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.68 Safari/537.36

Response headers

date: Fri, 28 Oct 2022 02:08:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 998 B
569 B 652ms
652ms XHR
text/plain 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=3905911433213624&correlator=3276826221906340&eid=31070592&output=ldjh&gdfp_req=1&vrg=2022102501&ptt=17&impl=fif&iu_parts=121764058%3A22528037647%2Ccelebs-networth.com%2Ccelebs-networth.com_Interstitial&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=1x1&ifi=4&adks=3132106321&sfv=1-0-38&ists=1&fas=8&sc=1&cookie=ID%3D54aa1578375a89b1-2249ac64c7d700af%3AT%3D1666922890%3ART%3D1666922890%3AS%3DALNI_MY1IWibXey2YAY1Y98nLfzsjTBHfQ&gpic=UID%3D00000b7967f50d91%3AT%3D1666922890%3ART%3D1666922890%3AS%3DALNI_MYKKD-L1d1_bxseCmxNF-37pAKBXg&abxe=1&dt=1666922890367&lmt=1666922890&dlt=1666922889662&idt=673&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=-1&ucis=1&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&nvt=1&url=https%3A%2F%2Fikincieltanoto.com%2Funderworld-6-will-it-happen&frm=20&vis=1&psz=0x-1&msz=0x-1&fws=2&ohw=0&ga_vid=130954958.1666922890&ga_sid=1666922890&ga_hid=1900210888&ga_fc=false

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022102501.js?cb=31070592

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f9667c4deaf7d165f552d0a67d4f607272022f5a50fa4c81187b6acbe1c2ae96

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ikincieltanoto.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.68 Safari/537.36

Response headers

date: Fri, 28 Oct 2022 02:08:10 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 538
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://ikincieltanoto.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 21 KB
9 KB 895ms
894ms XHR
text/plain 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=3905911433213624&correlator=3276826221906340&eid=31070592&output=ldjh&gdfp_req=1&vrg=2022102501&ptt=17&impl=fif&iu_parts=121764058%3A22528037647%2Ccelebs-networth.com%2Ccelebs-networth.com_stat_S3&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=728x90%7C750x100%7C750x200%7C750x300&ifi=5&adks=2559231325&sfv=1-0-38&prev_scp=hb_format_adform%3Dbanner%26hb_size_adform%3D728x90%26hb_pb_adform%3D1.86%26hb_adid_adform%3D1725f1b456dc2d8%26hb_bidder_adform%3Dadform%26hb_format%3Dbanner%26hb_size%3D728x90%26hb_pb%3D1.86%26hb_adid%3D1725f1b456dc2d8%26hb_bidder%3Dadform&sc=1&cookie=ID%3D54aa1578375a89b1-2249ac64c7d700af%3AT%3D1666922890%3ART%3D1666922890%3AS%3DALNI_MY1IWibXey2YAY1Y98nLfzsjTBHfQ&gpic=UID%3D00000b7967f50d91%3AT%3D1666922890%3ART%3D1666922890%3AS%3DALNI_MYKKD-L1d1_bxseCmxNF-37pAKBXg&abxe=1&dt=1666922890371&lmt=1666922890&dlt=1666922889662&idt=673&adxs=241&adys=539&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0&ucis=2&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&nvt=1&url=https%3A%2F%2Fikincieltanoto.com%2Funderworld-6-will-it-happen&frm=20&vis=1&psz=0x0&msz=728x0&fws=644&ohw=1600&ga_vid=130954958.1666922890&ga_sid=1666922890&ga_hid=1900210888&ga_fc=false

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022102501.js?cb=31070592

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0be0a63bf8203f2221fabbb360bf07a150a3a84bd85d7774838ba10a4f5eb93c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ikincieltanoto.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.68 Safari/537.36

Response headers

date: Fri, 28 Oct 2022 02:08:11 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9551
x-xss-protection: 0
google-lineitem-id: 5748829857
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138358150555
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://ikincieltanoto.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 21 KB
9 KB 452ms
451ms XHR
text/plain 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=3905911433213624&correlator=3276826221906340&eid=31070592&output=ldjh&gdfp_req=1&vrg=2022102501&ptt=17&impl=fif&iu_parts=121764058%3A22528037647%2Ccelebs-networth.com%2Ccelebs-networth.com_SF2&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=728x90%7C750x100%7C970x90&ifi=6&adks=3996140887&sfv=1-0-38&prev_scp=hb_format_adform%3Dbanner%26hb_size_adform%3D728x90%26hb_pb_adform%3D1.86%26hb_adid_adform%3D181cbaa595b1b44%26hb_bidder_adform%3Dadform%26hb_format%3Dbanner%26hb_size%3D728x90%26hb_pb%3D1.86%26hb_adid%3D181cbaa595b1b44%26hb_bidder%3Dadform&sc=1&cookie=ID%3D54aa1578375a89b1-2249ac64c7d700af%3AT%3D1666922890%3ART%3D1666922890%3AS%3DALNI_MY1IWibXey2YAY1Y98nLfzsjTBHfQ&gpic=UID%3D00000b7967f50d91%3AT%3D1666922890%3ART%3D1666922890%3AS%3DALNI_MYKKD-L1d1_bxseCmxNF-37pAKBXg&abxe=1&dt=1666922890376&lmt=1666922890&dlt=1666922889662&idt=673&adxs=436&adys=1200&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=1&ucis=3&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&nvt=1&url=https%3A%2F%2Fikincieltanoto.com%2Funderworld-6-will-it-happen&frm=20&vis=1&psz=0x-1&msz=728x-1&fws=644&ohw=1600&ga_vid=130954958.1666922890&ga_sid=1666922890&ga_hid=1900210888&ga_fc=false

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022102501.js?cb=31070592

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8ea32c322ddba38331755ae30da47ad5d528d971a00eb402e82695c335acb1e5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ikincieltanoto.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.68 Safari/537.36

Response headers

date: Fri, 28 Oct 2022 02:08:10 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9535
x-xss-protection: 0
google-lineitem-id: 5834680938
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138371336018
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://ikincieltanoto.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
1bb2f5328295b63271f24b3569a005c0.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame F947 6 KB
4 KB 163ms
44ms Document
text/html 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://1bb2f5328295b63271f24b3569a005c0.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022102501.js?cb=31070592

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ikincieltanoto.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.68 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, immutable, max-age=31536000
content-encoding: gzip
content-length: 3108
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Fri, 28 Oct 2022 02:08:10 GMT
expires: Sat, 28 Oct 2023 02:08:10 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 pubads_impl_page_level_ads_2022102501.js Show response
securepubads.g.doubleclick.net/gpt/ 37 KB
14 KB 40ms
39ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_page_level_ads_2022102501.js?cb=31070592

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022102501.js?cb=31070592

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bd1840830231dbf9f45eefefacfdf0b6e30cf9df60c8715ea9c296010006ae15

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ikincieltanoto.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.68 Safari/537.36

Response headers

date: Wed, 26 Oct 2022 11:26:17 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 139313
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13944
x-xss-protection: 0
last-modified: Tue, 25 Oct 2022 08:35:11 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Thu, 26 Oct 2023 11:26:17 GMT

GET
H3

200

id Show response
googleads.g.doubleclick.net/pagead/ Frame E107
Redirect Chain

https://googleads.g.doubleclick.net/pagead/id
https://googleads.g.doubleclick.net/pagead/id?slf_rd=1

100 B
146 B

46ms
46ms

XHR
application/json

2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/id?slf_rd=1

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/qv_ApCi4J8s?modestbranding=1

Protocol

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

dd5a8aa00e081b02567b17fd49c69b563e2cb9eed3cfeab802ebc4688e76318a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.68 Safari/537.36

Response headers

date: Fri, 28 Oct 2022 02:08:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 120
x-xss-protection: 0
pragma: no-cache
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: https://www.youtube.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Fri, 28 Oct 2022 02:08:10 GMT
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
pragma: no-cache
server: cafe
content-type: text/html; charset=UTF-8
location: https://googleads.g.doubleclick.net/pagead/id?slf_rd=1
access-control-allow-origin: https://www.youtube.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ad_status.js Show response
static.doubleclick.net/instream/ Frame E107 29 B
588 B 122ms
38ms Script
text/javascript 2a00:1450:4001:813::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.doubleclick.net/instream/ad_status.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/19fc75cf/www-embed-player.vflset/www-embed-player.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

eed0dc1fdb5d97ed188ae16fd5e1024a5bb744af47340346be2146300a6c54b9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.68 Safari/537.36

Response headers

date: Fri, 28 Oct 2022 01:54:12 GMT
x-content-type-options: nosniff
age: 838
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 29
x-xss-protection: 0
last-modified: Thu, 12 Dec 2013 23:40:16 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 28 Oct 2022 02:09:12 GMT

OPTIONS
H2 200 Create
jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/ Frame 0
0 145ms
46ms Preflight
text/html 2a00:1450:4001:806::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: content-type,x-goog-api-key,x-user-agent
Access-Control-Request-Method: POST
Origin: https://www.youtube.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.68 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: content-type,x-goog-api-key,x-user-agent
access-control-allow-methods: DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT
access-control-allow-origin: https://www.youtube.com
access-control-max-age: 3600
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
content-type: text/html
date: Fri, 28 Oct 2022 02:08:10 GMT
server: ESF
vary: origin referer x-origin
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 0

POST
H3 200 Create Show response
jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/ Frame E107 65 KB
30 KB 131ms
53ms XHR
application/json+protobuf 2a00:1450:4001:806::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/19fc75cf/player_ias.vflset/de_DE/base.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

1a90b972248dd9891e9b4a4a3fb2550f451cd6f436a817e306a7109d8b51e2e9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

X-User-Agent: grpc-web-javascript/0.1
Referer: https://www.youtube.com/
X-Goog-Api-Key: AIzaSyDyT5W0Jh49F30Pqqtyfdf7pDLFKLJoAnw
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.68 Safari/537.36
Content-Type: application/json+protobuf

Response headers

date: Fri, 28 Oct 2022 02:08:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: ESF
vary: Origin, X-Origin, Referer
x-frame-options: SAMEORIGIN
content-type: application/json+protobuf; charset=UTF-8
access-control-allow-origin: https://www.youtube.com
access-control-expose-headers: vary,vary,vary,content-encoding,date,server,content-length
cache-control: private
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 30687
x-xss-protection: 0

GET
H3 200 remote.js Show response
www.youtube.com/s/player/19fc75cf/player_ias.vflset/de_DE/ Frame E107 118 KB
36 KB 37ms
36ms Script
text/javascript 2a00:1450:4001:806::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/19fc75cf/player_ias.vflset/de_DE/remote.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/19fc75cf/player_ias.vflset/de_DE/base.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

092adfd68fdc4159d986e270ee6caf32d50dea0db2a9fdfd0d400216b81d1b8c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.youtube.com/embed/qv_ApCi4J8s?modestbranding=1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.68 Safari/537.36

Response headers

date: Thu, 27 Oct 2022 15:53:51 GMT
content-encoding: br
x-content-type-options: nosniff
age: 36859
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37165
x-xss-protection: 0
last-modified: Thu, 27 Oct 2022 00:15:50 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Fri, 27 Oct 2023 15:53:51 GMT

GET
H2 200 PJkulU-G08v7JckZMeNSZvqVIBPCjlLmLXUvorg-pEg.js Show response
www.google.com/js/th/ Frame E107 36 KB
14 KB 117ms
36ms Script
text/javascript 2a00:1450:4001:806::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/js/th/PJkulU-G08v7JckZMeNSZvqVIBPCjlLmLXUvorg-pEg.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/19fc75cf/player_ias.vflset/de_DE/base.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3c992e954f86d3cbfb25c91931e35266fa952013c28e52e62d752fa2b83ea448

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.68 Safari/537.36

Response headers

date: Wed, 26 Oct 2022 05:03:13 GMT
content-encoding: br
x-content-type-options: nosniff
age: 162297
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14182
x-xss-protection: 0
last-modified: Tue, 11 Oct 2022 09:30:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 26 Oct 2023 05:03:13 GMT

GET
H3 200 embed.js Show response
www.youtube.com/s/player/19fc75cf/player_ias.vflset/de_DE/ Frame E107 26 KB
8 KB 36ms
35ms Script
text/javascript 2a00:1450:4001:806::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/19fc75cf/player_ias.vflset/de_DE/embed.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/19fc75cf/player_ias.vflset/de_DE/base.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

aa5ef17f578ea5d863bb5309a30b2804c11eb6a506086818d77e6168eedec3f4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.youtube.com/embed/qv_ApCi4J8s?modestbranding=1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.68 Safari/537.36

Response headers

date: Thu, 27 Oct 2022 15:54:26 GMT
content-encoding: br
x-content-type-options: nosniff
age: 36824
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8262
x-xss-protection: 0
last-modified: Thu, 27 Oct 2022 00:15:50 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Fri, 27 Oct 2023 15:54:26 GMT

GET
DATA 200
OK truncated
/ Frame E107 175 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 67ea46bc3d15351067faccb3613bd833dd3f15137a4b4a09f2e873fd41d024d2

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.68 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 AMLnZu_PgxRdZ3xNGMGiwEgBQIvkoraUzesP9yvWy22q=s68-c-k-c0x00ffffff-no-rj
yt3.ggpht.com/ytc/ Frame E107 3 KB
4 KB 116ms
36ms Image
image/jpeg 2a00:1450:4001:800::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://yt3.ggpht.com/ytc/AMLnZu_PgxRdZ3xNGMGiwEgBQIvkoraUzesP9yvWy22q=s68-c-k-c0x00ffffff-no-rj

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/qv_ApCi4J8s?modestbranding=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

ff84803d37b50a114731aa1e6878409085d8283ca761525eac3f1a96f4efdb21

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.68 Safari/537.36

Response headers

date: Thu, 27 Oct 2022 22:49:23 GMT
x-content-type-options: nosniff
age: 11927
content-disposition: inline;filename="unnamed.jpg"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3197
x-xss-protection: 0
server: fife
etag: "v7"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Fri, 29 Jul 2022 20:42:30 GMT

GET
H2 200 maxresdefault.jpg
i.ytimg.com/vi/qv_ApCi4J8s/ Frame E107 143 KB
143 KB 185ms
105ms Image
image/jpeg 2a00:1450:4001:810::2016
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i.ytimg.com/vi/qv_ApCi4J8s/maxresdefault.jpg

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/qv_ApCi4J8s?modestbranding=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2016 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d911ee203c42e815733abb1f9f6f396ad746cadfb7e3a15c34d0152b925b73ba

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.68 Safari/537.36

Response headers

date: Fri, 28 Oct 2022 02:08:10 GMT
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 146189
x-xss-protection: 0
server: sffe
etag: "1623692128"
vary: Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: image/jpeg
cache-control: public, max-age=7200
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Fri, 28 Oct 2022 04:08:10 GMT

GET
H3 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
122 B 49ms
49ms Script
application/javascript 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=ikincieltanoto.com

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ikincieltanoto.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.68 Safari/537.36

Response headers

date: Fri, 28 Oct 2022 02:08:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
122 B 60ms
59ms Script
application/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=ikincieltanoto.com

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ikincieltanoto.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.68 Safari/537.36

Response headers

date: Fri, 28 Oct 2022 02:08:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame DA78 111 KB
35 KB 476ms
475ms Document
text/html 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4062866992167421&output=html&h=280&slotname=1608850437&adk=1362798866&adf=2364240886&pi=t.ma~as.1608850437&w=750&fwrn=4&fwrnh=100&lmt=1666922890&rafmt=1&format=750x280&url=https%3A%2F%2Fikincieltanoto.com%2Funderworld-6-will-it-happen&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1666922889906&bpp=1&bdt=244&idt=271&shv=r20221026&mjsv=m202210170101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D54aa1578375a89b1-2249ac64c7d700af%3AT%3D1666922890%3ART%3D1666922890%3AS%3DALNI_MY1IWibXey2YAY1Y98nLfzsjTBHfQ&gpic=UID%3D00000b7967f50d91%3AT%3D1666922890%3ART%3D1666922890%3AS%3DALNI_MYKKD-L1d1_bxseCmxNF-37pAKBXg&prev_fmts=0x0%2C750x280&nras=1&correlator=2119938224332&frm=20&pv=1&ga_vid=130954958.1666922890&ga_sid=1666922890&ga_hid=1900210888&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=230&ady=4556&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C42531706%2C44773613%2C44770880%2C44775016&oid=2&pvsid=3905911433213624&tmod=1567112261&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=KfGjmvZjkm&p=https%3A//ikincieltanoto.com&dtd=732

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8ed5540fa753385cbe0c8b8256f6163a67bcedb1de16cfa3991c622467f52e48

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ikincieltanoto.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.68 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-encoding: br
content-length: 36097
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 28 Oct 2022 02:08:11 GMT
expires: Fri, 28 Oct 2022 02:08:11 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 cast_sender.js Show response
www.gstatic.com/cv/js/sender/v1/ Frame E107 4 KB
3 KB 142ms
59ms Script
text/javascript 2a00:1450:4001:82a::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/cv/js/sender/v1/cast_sender.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/19fc75cf/player_ias.vflset/de_DE/base.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ee147e859ad0f09aa50367974e38ab53e7c7054c4a51d400a7f45b0eb251454f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.68 Safari/537.36

Response headers

date: Fri, 28 Oct 2022 02:08:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cloudview
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2007
x-xss-protection: 0
last-modified: Tue, 16 Feb 2021 23:57:06 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="cloudview"
vary: Accept-Encoding
report-to: {"group":"cloudview","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/cloudview"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Fri, 28 Oct 2022 02:08:10 GMT

GET
H3 204 generate_204
www.youtube.com/ Frame E107 0
10 B 35ms
35ms Image
text/plain 2a00:1450:4001:806::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.youtube.com/generate_204?VDFYdQ
Requested by: Host: www.youtube.com
URL: https://www.youtube.com/embed/qv_ApCi4J8s?modestbranding=1
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:806::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.youtube.com/embed/qv_ApCi4J8s?modestbranding=1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.68 Safari/537.36

Response headers

date: Fri, 28 Oct 2022 02:08:10 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0

GET
H3 200 cast_sender.js Show response
www.gstatic.com/eureka/clank/107/ Frame E107 52 KB
15 KB 109ms
36ms Script
text/javascript 2a00:1450:4001:82a::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/eureka/clank/107/cast_sender.js

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/cv/js/sender/v1/cast_sender.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c12337c132fc5b05766adf8806c16a2950c0591708c0c45263bc1496979c1870

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.68 Safari/537.36

Response headers

date: Thu, 27 Oct 2022 15:13:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 39306
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cloudview-release
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15116
x-xss-protection: 0
last-modified: Mon, 05 Sep 2022 15:03:58 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="cloudview-release"
vary: Accept-Encoding
report-to: {"group":"cloudview-release","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/cloudview-release"}]}
content-type: text/javascript
cache-control: public, max-age=86400
accept-ranges: bytes
expires: Fri, 28 Oct 2022 15:13:04 GMT

GET
H3 200 container.html Show response
1bb2f5328295b63271f24b3569a005c0.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 1F7B 6 KB
3 KB 119ms
39ms Document
text/html 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://1bb2f5328295b63271f24b3569a005c0.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022102501.js?cb=31070592

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ikincieltanoto.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.68 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, immutable, max-age=31536000
content-encoding: gzip
content-length: 3108
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Fri, 28 Oct 2022 02:08:10 GMT
expires: Sat, 28 Oct 2023 02:08:10 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

POST
H3 200 GenerateIT Show response
jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/ Frame E107 90 B
134 B 49ms
49ms XHR
application/json+protobuf 2a00:1450:4001:806::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/GenerateIT

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/19fc75cf/player_ias.vflset/de_DE/base.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

752e6964d63cb2677d4cc6cdb6234f37170c2fa4aac435179507321d8ceff023

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

X-User-Agent: grpc-web-javascript/0.1
Referer: https://www.youtube.com/
X-Goog-Api-Key: AIzaSyDyT5W0Jh49F30Pqqtyfdf7pDLFKLJoAnw
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.68 Safari/537.36
Content-Type: application/json+protobuf

Response headers

date: Fri, 28 Oct 2022 02:08:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: ESF
vary: Origin, X-Origin, Referer
x-frame-options: SAMEORIGIN
content-type: application/json+protobuf; charset=UTF-8
access-control-allow-origin: https://www.youtube.com
access-control-expose-headers: vary,vary,vary,content-encoding,date,server,content-length
cache-control: private
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 110
x-xss-protection: 0

OPTIONS
H3 200 GenerateIT
jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/ Frame 0
0 46ms
45ms Preflight
text/html 2a00:1450:4001:806::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/GenerateIT

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: content-type,x-goog-api-key,x-user-agent
Access-Control-Request-Method: POST
Origin: https://www.youtube.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.68 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: content-type,x-goog-api-key,x-user-agent
access-control-allow-methods: DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT
access-control-allow-origin: https://www.youtube.com
access-control-max-age: 3600
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
content-type: text/html
date: Fri, 28 Oct 2022 02:08:10 GMT
server: ESF
vary: origin referer x-origin
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 0

GET
H2 200 ext.js Show response
tpc.googlesyndication.com/safeframe/1-0-38/js/ Frame 1F7B 22 KB
7 KB 138ms
40ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/safeframe/1-0-38/js/ext.js

Requested by

Host: 1bb2f5328295b63271f24b3569a005c0.safeframe.googlesyndication.com
URL: https://1bb2f5328295b63271f24b3569a005c0.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0bcac89d72d5f0b2bef20f815406384ff05489e4294acee57409060c2eccffc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://1bb2f5328295b63271f24b3569a005c0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.68 Safari/537.36

Response headers

date: Wed, 26 Oct 2022 16:31:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 121030
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7022
x-xss-protection: 0
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Thu, 26 Oct 2023 16:31:01 GMT

GET
H3 200 creative.js Show response
cdn.jsdelivr.net/npm/prebid-universal-creative@latest/dist/ Frame 1F7B 27 KB
10 KB 48ms
24ms Script
application/javascript 2606:4700::6810:5714
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/prebid-universal-creative@latest/dist/creative.js

Requested by

Host: 1bb2f5328295b63271f24b3569a005c0.safeframe.googlesyndication.com
URL: https://1bb2f5328295b63271f24b3569a005c0.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6810:5714 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d2a76a7ff51b1eb5f1ea0e715070bb3a31274b2a7059597dd9effe100a74a926

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://1bb2f5328295b63271f24b3569a005c0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.68 Safari/537.36

Response headers

date: Fri, 28 Oct 2022 02:08:11 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
age: 13685
x-jsd-version: 1.14.0
x-cache: HIT, HIT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-served-by: cache-fra19167-FRA, cache-yyz4569-YYZ
x-jsd-version-type: version
server: cloudflare
etag: W/"6c5a-B7CcN0WmU38aLrErV7huhShFoTM"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=604800, s-maxage=43200
timing-allow-origin: *
cf-ray: 76101f44cdc8bc04-FRA

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 1F7B 153 KB
48 KB 135ms
51ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 1bb2f5328295b63271f24b3569a005c0.safeframe.googlesyndication.com
URL: https://1bb2f5328295b63271f24b3569a005c0.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0c03682256f0ddbfa031d5ee3c2bbb80eea99dab4ffa12622c551dea01359656

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://1bb2f5328295b63271f24b3569a005c0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.68 Safari/537.36

Response headers

date: Fri, 28 Oct 2022 02:08:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 47996
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1666856053429787"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Fri, 28 Oct 2022 02:08:11 GMT

GET
H3 200 css
fonts.googleapis.com/ Frame DA78 4 KB
621 B 127ms
49ms Stylesheet
text/css 2a00:1450:4001:829::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto%3A400%2C500

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4062866992167421&output=html&h=280&slotname=1608850437&adk=1362798866&adf=2364240886&pi=t.ma~as.1608850437&w=750&fwrn=4&fwrnh=100&lmt=1666922890&rafmt=1&format=750x280&url=https%3A%2F%2Fikincieltanoto.com%2Funderworld-6-will-it-happen&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1666922889906&bpp=1&bdt=244&idt=271&shv=r20221026&mjsv=m202210170101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D54aa1578375a89b1-2249ac64c7d700af%3AT%3D1666922890%3ART%3D1666922890%3AS%3DALNI_MY1IWibXey2YAY1Y98nLfzsjTBHfQ&gpic=UID%3D00000b7967f50d91%3AT%3D1666922890%3ART%3D1666922890%3AS%3DALNI_MYKKD-L1d1_bxseCmxNF-37pAKBXg&prev_fmts=0x0%2C750x280&nras=1&correlator=2119938224332&frm=20&pv=1&ga_vid=130954958.1666922890&ga_sid=1666922890&ga_hid=1900210888&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=230&ady=4556&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C42531706%2C44773613%2C44770880%2C44775016&oid=2&pvsid=3905911433213624&tmod=1567112261&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=KfGjmvZjkm&p=https%3A//ikincieltanoto.com&dtd=732

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

46d1791d45e9e6840842ef90f192c2c6f1f4247baa7c1f32f2da75d3a05c0de2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.68 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Fri, 28 Oct 2022 02:08:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Fri, 28 Oct 2022 00:59:39 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Fri, 28 Oct 2022 02:08:11 GMT

GET
H3 200 load_preloaded_resource_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221026/r20110914/client/ Frame DA78 2 KB
765 B 124ms
50ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221026/r20110914/client/load_preloaded_resource_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

981c0bff12cb03203363a70e8ffe9b7fdf4af3b0b10c7a02a639eb13327574c0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.68 Safari/537.36

Response headers

date: Thu, 27 Oct 2022 18:48:07 GMT
content-encoding: br
x-content-type-options: nosniff
age: 26404
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 738
x-xss-protection: 0
server: cafe
etag: 16974406330603315520
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 10 Nov 2022 18:48:07 GMT

GET
H3 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221026/r20110914/ Frame DA78 23 KB
9 KB 115ms
40ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221026/r20110914/abg_lite_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

15b192d13c1d029346a73cb1b2eb3a1b8905dfe8df1aaf9ced37356de9380e32

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.68 Safari/537.36

Response headers

date: Thu, 27 Oct 2022 18:23:47 GMT
content-encoding: br
x-content-type-options: nosniff
age: 27864
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9268
x-xss-protection: 0
server: cafe
etag: 17746901142539384344
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 10 Nov 2022 18:23:47 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221026/r20110914/client/ Frame DA78 3 KB
1 KB 108ms
49ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221026/r20110914/client/window_focus_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.68 Safari/537.36

Response headers

date: Fri, 28 Oct 2022 01:58:16 GMT
content-encoding: br
x-content-type-options: nosniff
age: 595
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1238
x-xss-protection: 0
server: cafe
etag: 1484984001845508991
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 11 Nov 2022 01:58:16 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221026/r20110914/client/ Frame DA78 17 KB
7 KB 109ms
36ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221026/r20110914/client/qs_click_protection_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d99f77a187454fecc18b59b2f520b1598b246d01e142bfdc4de56eb7221a9330

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.68 Safari/537.36

Response headers

date: Thu, 27 Oct 2022 18:25:59 GMT
content-encoding: br
x-content-type-options: nosniff
age: 27732
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7367
x-xss-protection: 0
server: cafe
etag: 4759548068123418343
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 10 Nov 2022 18:25:59 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame DA78 0
0 126ms
46ms Image
text/html 2a00:1450:4001:806::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaSotFewm2Lrcy-y_GA8UTlFLzSEf8U96kB-5niBXk26sApM_LQhi8RA0Awe1eR_WtikK86NpCF917MaKG21A7FHE3m-og
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4062866992167421&output=html&h=280&slotname=1608850437&adk=1362798866&adf=2364240886&pi=t.ma~as.1608850437&w=750&fwrn=4&fwrnh=100&lmt=1666922890&rafmt=1&format=750x280&url=https%3A%2F%2Fikincieltanoto.com%2Funderworld-6-will-it-happen&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1666922889906&bpp=1&bdt=244&idt=271&shv=r20221026&mjsv=m202210170101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D54aa1578375a89b1-2249ac64c7d700af%3AT%3D1666922890%3ART%3D1666922890%3AS%3DALNI_MY1IWibXey2YAY1Y98nLfzsjTBHfQ&gpic=UID%3D00000b7967f50d91%3AT%3D1666922890%3ART%3D1666922890%3AS%3DALNI_MYKKD-L1d1_bxseCmxNF-37pAKBXg&prev_fmts=0x0%2C750x280&nras=1&correlator=2119938224332&frm=20&pv=1&ga_vid=130954958.1666922890&ga_sid=1666922890&ga_hid=1900210888&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=230&ady=4556&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C42531706%2C44773613%2C44770880%2C44775016&oid=2&pvsid=3905911433213624&tmod=1567112261&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=KfGjmvZjkm&p=https%3A//ikincieltanoto.com&dtd=732
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:806::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.68 Safari/537.36

Response headers

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame DA78 153 KB
47 KB 116ms
44ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0c03682256f0ddbfa031d5ee3c2bbb80eea99dab4ffa12622c551dea01359656

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.68 Safari/537.36

Response headers

date: Fri, 28 Oct 2022 02:08:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 47996
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1666856053429787"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Fri, 28 Oct 2022 02:08:11 GMT

GET
H3 200 6d06f43d9219529f87f676616f1c0e3b.js Show response
www.gstatic.com/mysidia/ Frame DA78 33 KB
14 KB 37ms
36ms Script
text/javascript 2a00:1450:4001:82a::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/6d06f43d9219529f87f676616f1c0e3b.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

19d9403b8b5963aaeae98991373ef1f4ec9ed98d649be55e657db8e1302578bc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.68 Safari/537.36

Response headers

date: Wed, 26 Oct 2022 12:01:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 137219
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13940
x-xss-protection: 0
last-modified: Mon, 24 Oct 2022 21:55:59 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Tue, 24 Jan 2023 12:01:12 GMT

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame DA78 0
0 85ms
84ms Fetch
text/html 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=Cfq-aijlbY-O0KMifgAe29JDIC_CLsPZq_fvz1J4Pvqqtp7wNEAEg-pzIMGCV4pCCoAegAfnczPADyAEJqQIO39tLv_qBPqgDAcgDywSqBPQBT9BjzLqf8ZBt3j_xbEt9PMrVOpmUs-IBLxi0M05Szpgv7Cl3iziiT1uczYuGnyzE2CKuB4AmKIhofm8hG-hCe_ulpMBGB1MfaQ3jXQmTiWDQ-ssuA7YzucStI6IEQ9Ghdx1DP5jSje2UkErhWWFggh51QMLiwIQjwEdJQs6byx4aFv6mhr499FoyIgrGJcDkI_ZCp6_77n2NOncDG79hDgbDlM94rYl08nAvkuVshzAFaHYKP_7gn7YtLhA3JllkNyOesTwQ1u4PL4FiEE_tAKWYdqakH-4B5dieabo7RtgjCY263urXtMPIeaBu6cBD0QAbE8AEoa7ilPQDkgUECAQYAZIFBAgFGASSBQQIBRgYkgUFCAUYqAGgBi6AB9e4_zKoB47OG6gHk9gbqAfulrECqAf-nrECqAeko7ECqAemvhvYBwDyBwQQpY4B0ggRCIDhgBAQARgfMgKqAjoCgECACgHICwHYEwzQFQGAFwGyFxwKGggAEhRwdWItNDA2Mjg2Njk5MjE2NzQyMRgA&sigh=00kYxmp1r4k&uach_m=[UACH]&template_id=494

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4062866992167421&output=html&h=280&slotname=1608850437&adk=1362798866&adf=2364240886&pi=t.ma~as.1608850437&w=750&fwrn=4&fwrnh=100&lmt=1666922890&rafmt=1&format=750x280&url=https%3A%2F%2Fikincieltanoto.com%2Funderworld-6-will-it-happen&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1666922889906&bpp=1&bdt=244&idt=271&shv=r20221026&mjsv=m202210170101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D54aa1578375a89b1-2249ac64c7d700af%3AT%3D1666922890%3ART%3D1666922890%3AS%3DALNI_MY1IWibXey2YAY1Y98nLfzsjTBHfQ&gpic=UID%3D00000b7967f50d91%3AT%3D1666922890%3ART%3D1666922890%3AS%3DALNI_MYKKD-L1d1_bxseCmxNF-37pAKBXg&prev_fmts=0x0%2C750x280&nras=1&correlator=2119938224332&frm=20&pv=1&ga_vid=130954958.1666922890&ga_sid=1666922890&ga_hid=1900210888&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=230&ady=4556&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C42531706%2C44773613%2C44770880%2C44775016&oid=2&pvsid=3905911433213624&tmod=1567112261&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=KfGjmvZjkm&p=https%3A//ikincieltanoto.com&dtd=732
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.68 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Fri, 28 Oct 2022 02:08:11 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame DA78 287 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 605b14697226eeb0be6b2c11db8206b70f4c8681c3f921e4ceca4793ce1a95ce

Request headers

Referer
Origin: https://googleads.g.doubleclick.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.68 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H3

200

15009675341483630711
tpc.googlesyndication.com/simgad/ Frame DA78
Redirect Chain

https://tpc.googlesyndication.com/pageadimg/imgad?id=CICAgKD7vty0FBCsAhisAjIICIwGNoKTdTk
https://tpc.googlesyndication.com/simgad/15009675341483630711

52 KB
52 KB

37ms
36ms

Image
image/png

2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/15009675341483630711

Requested by

Protocol

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b6a25ff6ea2c8c87be58e3086ef6a3369d000aa507db56571097d5ec55ec730f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.68 Safari/537.36

Response headers

date: Tue, 25 Oct 2022 11:09:55 GMT
x-content-type-options: nosniff
age: 226696
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 52897
x-xss-protection: 0
last-modified: Tue, 09 Apr 2019 07:07:55 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Wed, 25 Oct 2023 11:09:55 GMT

Redirect headers

date: Thu, 27 Oct 2022 16:56:43 GMT
x-content-type-options: nosniff
server: cafe
age: 33088
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
location: https://tpc.googlesyndication.com/simgad/15009675341483630711
content-type: text/html; charset=UTF-8
cache-control: public, max-age=2592000
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Sat, 26 Nov 2022 16:56:43 GMT

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 1F7B 0
0 78ms
77ms Fetch
image/gif 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsuMtwHKvxny67dgooAjVUd2yzpF3MBHUcM7zZTvW-5Q71Wo0cs3vrCyZmNgy8cXSGfKcMMFQYq3Pkq5zqUCAo3BbxrQLfx4nmp2nIBuHkBXXxcn0C2c_q8mxgYH2e01J_WjdNn7M0KTOLC2vX1f89YgTQVyFyET_1DR-P2r7dgh9wPkUaNyzyf6MOadpRW4KWTdj_naxp1wON9gJcOce_31BGp8tPufnYvHWOIN3j0D1FHPP9RpvZLPmgKwg_TFt_iC5uiSX8EdMoWJ5ZBYtbjGrXpBMtcaArDuK0oypWpXb1LyfXLBip_untmc0gOiVzoOhGjL2chyZtEukEN0mvcRJcVT6H0qZ4_37j5pAyAmltweURXwug&sai=AMfl-YQr0OrPiYR6YDlwJVWKQpggU2Q3ZpWvYQ__fqmZdZPshv4TngAbGDJ1Vro_URELOlDGUt7YTv3AMzlRlLA4y_0ckY6DmLIQXzJMuroqxsJMlmZsa4bZKWZQh1mMdmRs&sig=Cg0ArKJSzD9udQMb1_R2EAE&uach_m=[UACH]&urlfix=1&adurl=

Requested by

Host: 1bb2f5328295b63271f24b3569a005c0.safeframe.googlesyndication.com
URL: https://1bb2f5328295b63271f24b3569a005c0.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://1bb2f5328295b63271f24b3569a005c0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.68 Safari/537.36

Response headers

date: Fri, 28 Oct 2022 02:08:11 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame 1F7B 213 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a164367c841f1482d41dd01ac5792444100ada5cea02ee12850f288ac4aa5da5

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.68 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 1F7B 0
0 75ms
74ms Fetch
image/gif 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsuSjU6uBd9uTQ92gsJiRXg8WXMycoHuW6q3g3SgjZpigs8nVje-mKI-sagswoHgJLgnCWm3I7HDZ4Upl6fmTxvFFt9URjIO1FFvolVIzkxfQsLXb0oY-YzJBR25XLxBeDkWkSg_hozTIOxBrIVxm94yPnHp329WRMNmujk7Mzz5VzJb6ePl0_Hh3qK6WWw7spm2mUPNnBFl8zjcOpPejKtLwgnXS0AmHgON4DGOgVYF_quRfn4dbwjAHHDMvzXWgq_8k_0ENrYIDwgMg_11v3G0rWSN6-k7a0e3p9aQgfwyVqbsFRzVn05gdblpaI-Fdan0XDEIkXI9VZbYjQ9kqOQN-25I62q6k_uoHfX-LpwiPhENSdf-qE2O&sai=AMfl-YRj612QTpEWQ9bmMIa4Kj7y83XUQeqUv10Cp4ieP7nQt2io0zymGN1I7fQwxT6ifhckgzWBuAO66g0VpyvPxD61VMWaKu_huEFikkP5s8adD1spdh7hQCrabbBFOrE3&sig=Cg0ArKJSzCeXSyIiMNWuEAE&uach_m=[UACH]&urlfix=1&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://1bb2f5328295b63271f24b3569a005c0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.68 Safari/537.36

Response headers

date: Fri, 28 Oct 2022 02:08:11 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 28 Oct 2022 02:08:11 GMT

GET
H2 200 / Show response
track.adform.net/adfscript/ Frame 0B88 1 KB
2 KB 58ms
26ms Script
text/javascript 37.157.3.30
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://track.adform.net/adfscript/?bn=58972845;rtbwp=C1PNzwr_S1MU8kKVt2esI6zboUFQG3yp0;rtbdata=8Is0-W0xFB8FCmELRWv0dJGw4oeJSJONP2JEOT2Wx05w9FpZNL6H_3WaVRBypdJhD-JxScJU-xS_RmYTCk-3bb4Ad9irgI73o0Iqd1QVWoC0CbIUaFpfzNSPEfDRBbsxsZ6dIBoZe8wk9htZkfSqzlxgqLGHCQJuXPDNeiXBeFxf4YKyIznUyWJKOMbX_0CE3wpZObMnWA_gMl0RTiqMM12F77T6YoiAMUg5w0HbVzac-NsRdi9VrSfReS3ZUfoQ47-E-dR6u28oyheO3m3cEdfgVGm6lW7i54nNAYP44fl5WUzKQK_wQpspGhvsamvkWRC72WFv0tSJCPtK3pRmpw1OiY7EkU-hd5jgXtI8UZjhQW6FXjSrzw2;csid=16383;adxcmd=QTwuOIuaMWxxWXp_eBE_5w2;adxvars=iHRnu2phscN42u1ywTJ-2qRuey6fwVqENsAj64Z3LesKLd-rcsKWO5G4dWAZeGGw3U8fA8oxS-Re5IyuuU9XsKZut4S2zc0b254nlOySZGZN1kQM0Y5fUtnltIzFqRTpfIKlvNabdZsqcxZWiY4YiP0J6LWxwVPkSY-zpcQNKrD5QamBx5nSPKTI35A1llyyHrxgA_jNeSk4vX9BSnshwOyP7S_GrBt9kqcgAIH_8co1;pui=2ShljixBLrber1pltXZUmg2;

Requested by

Host: cdn.jsdelivr.net
URL: https://cdn.jsdelivr.net/npm/prebid-universal-creative@latest/dist/creative.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.3.30 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

9fde8097b110c6b32df834cf82a2eefe32921220b889c244cc1c8208af9bc63d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://1bb2f5328295b63271f24b3569a005c0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.68 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 28 Oct 2022 02:08:11 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
vary: Accept-Encoding
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
cache-control: no-cache, no-store, must-revalidate, no-transform
content-length: 1341
expires: -1

GET
H2 200 adx.js Show response
s1.adform.net/banners/scripts/ Frame 0B88 58 KB
25 KB 99ms
20ms Script
application/javascript 37.157.6.234
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL: https://s1.adform.net/banners/scripts/adx.js
Requested by: Host: cdn.jsdelivr.net
URL: https://cdn.jsdelivr.net/npm/prebid-universal-creative@latest/dist/creative.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.157.6.234 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software: nginx /
Resource Hash: 199fb21b3ebc707aa9045279d3f380910ebe9194b8f4afc54d85ba28e1ee715e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://1bb2f5328295b63271f24b3569a005c0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.68 Safari/537.36

Response headers

date: Fri, 28 Oct 2022 02:08:11 GMT
content-encoding: gzip
last-modified: Wed, 29 Jun 2022 08:28:54 GMT
server: nginx
x-amz-request-id: tx0000004a41012cba66341-00635b33f8-3293868f-default
etag: W/"c3a9d4f9b6981f579551b9a46e32d64a"
x-cache-status: HIT
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-rgw-object-type: Normal
cache-control: public, max-age=604800

GET
H3 200 container.html Show response
1bb2f5328295b63271f24b3569a005c0.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame B497 6 KB
3 KB 39ms
38ms Document
text/html 2a00:1450:4001:802::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://1bb2f5328295b63271f24b3569a005c0.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022102501.js?cb=31070592

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ikincieltanoto.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.68 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, immutable, max-age=31536000
content-encoding: gzip
content-length: 3108
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Fri, 28 Oct 2022 02:08:10 GMT
expires: Sat, 28 Oct 2023 02:08:10 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame E586 1 KB
643 B 36ms
35ms Document
text/html 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.68 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 53059
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 27 Oct 2022 11:23:52 GMT
etag: 48472445140208031
expires: Fri, 28 Oct 2022 11:23:52 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 bootstrap.js Show response
s1.adform.net/stoat/626/s1.adform.net/ Frame 0B88 34 KB
16 KB 67ms
50ms Script
text/javascript 37.157.6.234
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL: https://s1.adform.net/stoat/626/s1.adform.net/bootstrap.js
Requested by: Host: track.adform.net
URL: https://track.adform.net/adfscript/?bn=58972845;rtbwp=C1PNzwr_S1MU8kKVt2esI6zboUFQG3yp0;rtbdata=8Is0-W0xFB8FCmELRWv0dJGw4oeJSJONP2JEOT2Wx05w9FpZNL6H_3WaVRBypdJhD-JxScJU-xS_RmYTCk-3bb4Ad9irgI73o0Iqd1QVWoC0CbIUaFpfzNSPEfDRBbsxsZ6dIBoZe8wk9htZkfSqzlxgqLGHCQJuXPDNeiXBeFxf4YKyIznUyWJKOMbX_0CE3wpZObMnWA_gMl0RTiqMM12F77T6YoiAMUg5w0HbVzac-NsRdi9VrSfReS3ZUfoQ47-E-dR6u28oyheO3m3cEdfgVGm6lW7i54nNAYP44fl5WUzKQK_wQpspGhvsamvkWRC72WFv0tSJCPtK3pRmpw1OiY7EkU-hd5jgXtI8UZjhQW6FXjSrzw2;csid=16383;adxcmd=QTwuOIuaMWxxWXp_eBE_5w2;adxvars=iHRnu2phscN42u1ywTJ-2qRuey6fwVqENsAj64Z3LesKLd-rcsKWO5G4dWAZeGGw3U8fA8oxS-Re5IyuuU9XsKZut4S2zc0b254nlOySZGZN1kQM0Y5fUtnltIzFqRTpfIKlvNabdZsqcxZWiY4YiP0J6LWxwVPkSY-zpcQNKrD5QamBx5nSPKTI35A1llyyHrxgA_jNeSk4vX9BSnshwOyP7S_GrBt9kqcgAIH_8co1;pui=2ShljixBLrber1pltXZUmg2;
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.157.6.234 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software: nginx /
Resource Hash: 2bc342ab9f4dea0eb0b244afb0e55862e8f8eadf462e36b16c3bdf6b33c0f87d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://1bb2f5328295b63271f24b3569a005c0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.68 Safari/537.36

Response headers

date: Fri, 28 Oct 2022 02:08:11 GMT
content-encoding: gzip
last-modified: Tue, 04 Oct 2022 07:27:56 GMT
server: nginx
x-cache-status: HIT
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=100000
expires: Sat, 29 Oct 2022 05:31:22 GMT

GET
DATA 200
OK truncated
/ Frame DA78 215 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 839170f0a42a46cd77b4532c0e52bd1d022031f576e13a1a9b42013d195afa79

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.68 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 ext.js Show response
tpc.googlesyndication.com/safeframe/1-0-38/js/ Frame B497 22 KB
7 KB 35ms
35ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/safeframe/1-0-38/js/ext.js

Requested by

Host: 1bb2f5328295b63271f24b3569a005c0.safeframe.googlesyndication.com
URL: https://1bb2f5328295b63271f24b3569a005c0.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0bcac89d72d5f0b2bef20f815406384ff05489e4294acee57409060c2eccffc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://1bb2f5328295b63271f24b3569a005c0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.68 Safari/537.36

Response headers

date: Wed, 26 Oct 2022 16:31:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 121030
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7022
x-xss-protection: 0
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Thu, 26 Oct 2023 16:31:01 GMT

GET
H3 200 creative.js Show response
cdn.jsdelivr.net/npm/prebid-universal-creative@latest/dist/ Frame B497 27 KB
10 KB 23ms
23ms Script
application/javascript 2606:4700::6810:5714
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/prebid-universal-creative@latest/dist/creative.js

Requested by

Host: 1bb2f5328295b63271f24b3569a005c0.safeframe.googlesyndication.com
URL: https://1bb2f5328295b63271f24b3569a005c0.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6810:5714 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d2a76a7ff51b1eb5f1ea0e715070bb3a31274b2a7059597dd9effe100a74a926

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://1bb2f5328295b63271f24b3569a005c0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.68 Safari/537.36

Response headers

date: Fri, 28 Oct 2022 02:08:11 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
age: 13685
x-jsd-version: 1.14.0
x-cache: HIT, HIT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-served-by: cache-fra19167-FRA, cache-yyz4569-YYZ
x-jsd-version-type: version
server: cloudflare
etag: W/"6c5a-B7CcN0WmU38aLrErV7huhShFoTM"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=604800, s-maxage=43200
timing-allow-origin: *
cf-ray: 76101f46ead9bc04-FRA

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame B497 153 KB
47 KB 44ms
44ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 1bb2f5328295b63271f24b3569a005c0.safeframe.googlesyndication.com
URL: https://1bb2f5328295b63271f24b3569a005c0.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0c03682256f0ddbfa031d5ee3c2bbb80eea99dab4ffa12622c551dea01359656

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://1bb2f5328295b63271f24b3569a005c0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.68 Safari/537.36

Response headers

date: Fri, 28 Oct 2022 02:08:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 47996
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1666856053429787"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Fri, 28 Oct 2022 02:08:11 GMT

GET
H2 200 dpixel
cms.quantserve.com/ Frame E586 35 B
464 B 34ms
8ms Image
image/gif 2620:116:800d:21:93ca:31d8:d86e:38f6
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESEG_isGnfNAfTJOdfrzt1UaQ&google_cver=1&google_push=AZmPxg-eyGthzutNpXynVztwvdUmyker6BBz-fmaycqDWQg5v3146EwKuscU3LyJ0SU1NE4V6KiUJs1iYFrfrtUN1F-xuHwHvOUZ

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:116:800d:21:93ca:31d8:d86e:38f6 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.68 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 28 Oct 2022 02:08:11 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
content-type: image/gif
cache-control: private, no-cache, no-store, proxy-revalidate
content-length: 35
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame E586
Redirect Chain

https://e.dlx.addthis.com/e/a-1189/s-3614?redirect_provider_id=3614&ru=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Ddatalogix_dmp%26google_hm%3D%3CNA_ID%3E%26google_push%3DAZmPxg9t-_Hf...
https://e.dlx.addthis.com/e/a-1189/s-3614?redirect_provider_id=3614&ru=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Ddatalogix_dmp%26google_hm%3D%3CNA_ID%3E%26google_push%3DAZmPxg9t-_Hf...
https://cm.g.doubleclick.net/pixel?google_nid=datalogix_dmp&google_hm=MjAyMjEwMjgwMjA4MTEwMDAxMjk0NjI4NDM0OQ%3D%3D&google_push=AZmPxg9t-_Hfa2V_QW4bnIamYQzMXKUA6nzlsCCVMNrvOcR7FVy6EkUyUs1XgOrCLS8j8B...

170 B
188 B

42ms
41ms

Image
image/png

142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=datalogix_dmp&google_hm=MjAyMjEwMjgwMjA4MTEwMDAxMjk0NjI4NDM0OQ%3D%3D&google_push=AZmPxg9t-_Hfa2V_QW4bnIamYQzMXKUA6nzlsCCVMNrvOcR7FVy6EkUyUs1XgOrCLS8j8BJyZFS1TdyaFOY9RQnI-P_5RUo-E3FH

Protocol

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.68 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 28 Oct 2022 02:08:11 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=datalogix_dmp&google_hm=MjAyMjEwMjgwMjA4MTEwMDAxMjk0NjI4NDM0OQ%3D%3D&google_push=AZmPxg9t-_Hfa2V_QW4bnIamYQzMXKUA6nzlsCCVMNrvOcR7FVy6EkUyUs1XgOrCLS8j8BJyZFS1TdyaFOY9RQnI-P_5RUo-E3FH
pragma: no-cache
date: Fri, 28 Oct 2022 02:08:11 GMT
cache-control: max-age=0, no-cache, no-store
strict-transport-security: max-age=2628000
content-length: 0
expires: Fri, 28 Oct 2022 02:08:11 GMT

GET
H2 200 dds
rtb.openx.net/sync/ Frame E586 43 B
351 B 60ms
22ms Image
image/gif 35.186.253.211
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.openx.net/sync/dds?google_gid=CAESEKRjOrbtk0q4XgBhi962Ouw&google_cver=1&google_push=AZmPxg80_6dwndQ_xuxn5OEqXiwGPBTifoHoY5f8SGYZX8pP0yOs1-XnVQUrxl3BYi4r8IJ41xtcYS5Q_d0L1KOU1n6H9j2grehg
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4062866992167421&output=html&h=280&slotname=1608850437&adk=1362798866&adf=2364240886&pi=t.ma~as.1608850437&w=750&fwrn=4&fwrnh=100&lmt=1666922890&rafmt=1&format=750x280&url=https%3A%2F%2Fikincieltanoto.com%2Funderworld-6-will-it-happen&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1666922889906&bpp=1&bdt=244&idt=271&shv=r20221026&mjsv=m202210170101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D54aa1578375a89b1-2249ac64c7d700af%3AT%3D1666922890%3ART%3D1666922890%3AS%3DALNI_MY1IWibXey2YAY1Y98nLfzsjTBHfQ&gpic=UID%3D00000b7967f50d91%3AT%3D1666922890%3ART%3D1666922890%3AS%3DALNI_MYKKD-L1d1_bxseCmxNF-37pAKBXg&prev_fmts=0x0%2C750x280&nras=1&correlator=2119938224332&frm=20&pv=1&ga_vid=130954958.1666922890&ga_sid=1666922890&ga_hid=1900210888&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=230&ady=4556&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C42531706%2C44773613%2C44770880%2C44775016&oid=2&pvsid=3905911433213624&tmod=1567112261&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=KfGjmvZjkm&p=https%3A//ikincieltanoto.com&dtd=732
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.186.253.211 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 211.253.186.35.bc.googleusercontent.com
Software: Cowboy /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.68 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 28 Oct 2022 02:08:11 GMT
via: 1.1 google
server: Cowboy
vary: Origin
p3p: CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin: null
access-control-expose-headers
cache-control: private, max-age=0, no-cache, must-revalidate
access-control-allow-credentials: true
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
x-request-id: sjkse4r7962lhlh1om833jhatf3g5ejs

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame E586
Redirect Chain

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=r7FzEGhJSq2W37eEM5nkXA%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mp...

170 B
329 B

45ms
42ms

Image
image/png

142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=r7FzEGhJSq2W37eEM5nkXA%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AZmPxg8AsXRJeb0d0cfdDZrKMyDZkSrxMVVFjtrYGWPLpxNMknB1bvWP8ga35wk7V_ceOyyuTiBY1pEbCJPiuBmYrNSNKhBw1vc

Requested by

Host: ikincieltanoto.com
URL: https://ikincieltanoto.com/underworld-6-will-it-happen

Protocol

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.68 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 28 Oct 2022 02:08:11 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=r7FzEGhJSq2W37eEM5nkXA%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AZmPxg8AsXRJeb0d0cfdDZrKMyDZkSrxMVVFjtrYGWPLpxNMknB1bvWP8ga35wk7V_ceOyyuTiBY1pEbCJPiuBmYrNSNKhBw1vc
date: Fri, 28 Oct 2022 02:08:10 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 0
content-type: text/html; charset=UTF-8

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame E586
Redirect Chain

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEKiBI9AdzjRUpXA5nuo40-g&google_cver=1&google_push=AZmPxg9Y4ZYJeb_s7NIU76w5Ui8ErD11OFNrP0i51FDgc3vW9rFz7gdkfDyUs-eRHB_zk0RHUVq...
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDlSVVVNUVEtWS1KMkM0&google_push=AZmPxg9Y4ZYJeb_s7NIU76w5Ui8ErD11OFNrP0i51FDgc3vW9rFz7gdkfDyUs-eRHB_zk0RHUVq4qBQpWEsKXkhCPtEOS1tSD05i

170 B
232 B

54ms
43ms

Image
image/png

142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDlSVVVNUVEtWS1KMkM0&google_push=AZmPxg9Y4ZYJeb_s7NIU76w5Ui8ErD11OFNrP0i51FDgc3vW9rFz7gdkfDyUs-eRHB_zk0RHUVq4qBQpWEsKXkhCPtEOS1tSD05i

Requested by

Host: ikincieltanoto.com
URL: https://ikincieltanoto.com/underworld-6-will-it-happen

Protocol

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.68 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 28 Oct 2022 02:08:11 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Content-Type: text/html
Location: https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDlSVVVNUVEtWS1KMkM0&google_push=AZmPxg9Y4ZYJeb_s7NIU76w5Ui8ErD11OFNrP0i51FDgc3vW9rFz7gdkfDyUs-eRHB_zk0RHUVq4qBQpWEsKXkhCPtEOS1tSD05i
Cache-Control: no-cache,no-store,must-revalidate
content-length: 0
X-RPHost: 4b510f0cc5fcbc9800016ef543086418
Expires: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame E586
Redirect Chain

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEFG0y_8PoNXIkI2VOm2hZTo&google_cver=1&googl...
https://ssum-sec.casalemedia.com/usermatchredir?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_cver=1&google_gid=CAESEFG0y_8PoNXIkI2VOm2hZTo&google_push=AZ...
https://cm.g.doubleclick.net/pixel?google_cver=1&google_gid=CAESEFG0y_8PoNXIkI2VOm2hZTo&google_hm=Y1s5ixDhSD4tU38iTzE4PQAAFCcAAAIB&google_nid=index&google_push=AZmPxg_0bldLLTQ4EXTkxxuIO_Itv9oVjULS2...

170 B
188 B

105ms
42ms

Image
image/png

142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_cver=1&google_gid=CAESEFG0y_8PoNXIkI2VOm2hZTo&google_hm=Y1s5ixDhSD4tU38iTzE4PQAAFCcAAAIB&google_nid=index&google_push=AZmPxg_0bldLLTQ4EXTkxxuIO_Itv9oVjULS2KnwJ69QuakMIqarOn0iVuLRYwZ5Pq4KXHn3CpN2oBOrDP6XgHrqJWvPF9B-SW_R

Requested by

Host: ikincieltanoto.com
URL: https://ikincieltanoto.com/underworld-6-will-it-happen

Protocol

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.68 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 28 Oct 2022 02:08:11 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Fri, 28 Oct 2022 02:08:11 GMT
cf-cache-status: DYNAMIC
server: cloudflare
vary: Accept-Encoding
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
location: https://cm.g.doubleclick.net/pixel?google_cver=1&google_gid=CAESEFG0y_8PoNXIkI2VOm2hZTo&google_hm=Y1s5ixDhSD4tU38iTzE4PQAAFCcAAAIB&google_nid=index&google_push=AZmPxg_0bldLLTQ4EXTkxxuIO_Itv9oVjULS2KnwJ69QuakMIqarOn0iVuLRYwZ5Pq4KXHn3CpN2oBOrDP6XgHrqJWvPF9B-SW_R
cache-control: no-cache
cf-ray: 76101f479c4e905b-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 0
expires: 0

GET googleredir
googlecm.hit.gemius.pl/ Frame E586 0
0

GET
H2 204 attr
cm.g.doubleclick.net/pixel/ Frame E586 0
223 B 124ms
39ms Image
text/html 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13JwIgkUienTYN64F6mmYdMBmR2O03JuXzEmuOyCyWvOth__9hbTXsn70hfwDZuY4d9Ai-0_zQ

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.68 Safari/537.36

Response headers

date: Fri, 28 Oct 2022 02:08:11 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3 200 KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ Frame DA78 16 KB
16 KB 39ms
38ms Font
font/woff2 2a00:1450:4001:82f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A400%2C500

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.68 Safari/537.36

Response headers

date: Wed, 26 Oct 2022 20:10:25 GMT
x-content-type-options: nosniff
age: 107866
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15920
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:45 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 26 Oct 2023 20:10:25 GMT

GET
H2 200 / Show response
track.adform.net/adfserve/ Frame 0B88 9 KB
4 KB 28ms
27ms Script
text/javascript 37.157.3.30
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://track.adform.net/adfserve/?CC=1&bn=58972845;rtbwp=C1PNzwr_S1MU8kKVt2esI6zboUFQG3yp0;rtbdata=8Is0-W0xFB8FCmELRWv0dJGw4oeJSJONP2JEOT2Wx05w9FpZNL6H_3WaVRBypdJhD-JxScJU-xS_RmYTCk-3bb4Ad9irgI73o0Iqd1QVWoC0CbIUaFpfzNSPEfDRBbsxsZ6dIBoZe8wk9htZkfSqzlxgqLGHCQJuXPDNeiXBeFxf4YKyIznUyWJKOMbX_0CE3wpZObMnWA_gMl0RTiqMM12F77T6YoiAMUg5w0HbVzac-NsRdi9VrSfReS3ZUfoQ47-E-dR6u28oyheO3m3cEdfgVGm6lW7i54nNAYP44fl5WUzKQK_wQpspGhvsamvkWRC72WFv0tSJCPtK3pRmpw1OiY7EkU-hd5jgXtI8UZjhQW6FXjSrzw2;csid=16383;adxcmd=QTwuOIuaMWxxWXp_eBE_5w2;adxvars=iHRnu2phscN42u1ywTJ-2qRuey6fwVqENsAj64Z3LesKLd-rcsKWO5G4dWAZeGGw3U8fA8oxS-Re5IyuuU9XsKZut4S2zc0b254nlOySZGZN1kQM0Y5fUtnltIzFqRTpfIKlvNabdZsqcxZWiY4YiP0J6LWxwVPkSY-zpcQNKrD5QamBx5nSPKTI35A1llyyHrxgA_jNeSk4vX9BSnshwOyP7S_GrBt9kqcgAIH_8co1;pui=2ShljixBLrber1pltXZUmg2;;js=1;adfxid=1x;352;set=en-US|en-US|1600X1200|0|750|100|24|8|3|7|1|;fd=0|0&CREFURL=https%3A%2F%2Fikincieltanoto.com

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/bootstrap.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.3.30 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

d7d2ac09154ae76e0b661b5126bdaaa7d1863c9bfb86883dd732eaf37b1d0390

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://1bb2f5328295b63271f24b3569a005c0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.68 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 28 Oct 2022 02:08:11 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
vary: Accept-Encoding
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
cache-control: no-cache, no-store, must-revalidate, no-transform
content-length: 3518
expires: -1

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame B497 0
0 77ms
76ms Fetch
image/gif 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsuB5vn-qT9CZn-xcxDaCeShuLvdNOl2-Kp2c_WOwz31InW8K1HL8zskBxS63-Q5jc-6_YL9xSUbiQhcSC9Z9Pd5HrG5Sk5FEnuOPOs5IfIdN0EZ7VfEycYW2_ian3Jj_7Ti9JCNSFjVYhG0ZCpKm1-jdPApMG37cGbfqZmGk4lqZnWMVWTOybiw9fJE2g1MhdP-cxM3Ni4Ua8GfkidFooppetxgFzsH5vg4zI6zscd74iKKnmQZI7QEuxRNw77LEMtbpaXV52YPce0P90-gwjZ1cXcwyx60mDKDdLKKpjxkMyns4U_ONZFhgRz-JeXFb7Gw1WD2uusVtb_A0bDY8_qtLZH2bsg_daz4L1hlXz9A_9IkqiguNUEFdto&sai=AMfl-YSivtXZ34nnZO9aKUfHvw_p1nFiZOIJqoTvgQtVhgvFvZTj4j9SXxILZ1vAWr935xzvxTOJ1li4DLruvDBNEIRhV2AWBMSuWIOkxWOSNuQ2ibTG8JL-yhgzdSTXnl1G&sig=Cg0ArKJSzIQEfcxeHFDOEAE&uach_m=[UACH]&urlfix=1&adurl=

Requested by

Host: 1bb2f5328295b63271f24b3569a005c0.safeframe.googlesyndication.com
URL: https://1bb2f5328295b63271f24b3569a005c0.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://1bb2f5328295b63271f24b3569a005c0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.68 Safari/537.36

Response headers

date: Fri, 28 Oct 2022 02:08:11 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H2 200 / Show response
track.adform.net/adfscript/ Frame 48A2 1 KB
2 KB 27ms
26ms Script
text/javascript 37.157.3.30
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://track.adform.net/adfscript/?bn=58972845;rtbwp=C1PNzwr_S1MU8kKVt2esI6zboUFQG3yp0;rtbdata=Bi119AxlmbCDRzKwEuMFB-qED51x65A_02OUv-a4DAyQL06EgLsFwhaX0-yMtyEf9lnj6T3CF0eV46XktEedLm30gM5bloL9Eb6dmA6kWAO0CbIUaFpfzNSPEfDRBbsxsZ6dIBoZe8wk9htZkfSqzlxgqLGHCQJuXPDNeiXBeFxf4YKyIznUyWJKOMbX_0CE3wpZObMnWA_gMl0RTiqMM12F77T6YoiAMUg5w0HbVzac-NsRdi9VrSfReS3ZUfoQ47-E-dR6u28oyheO3m3cEdfgVGm6lW7i54nNAYP44flrRSWip6vSlpspGhvsamvkWRC72WFv0tSJCPtK3pRmpw1OiY7EkU-hd5jgXtI8UZjhQW6FXjSrzw2;csid=16383;adxcmd=QTwuOIuaMWxxWXp_eBE_5w2;adxvars=GFNT8n5GN7F42u1ywTJ-2qRuey6fwVqENsAj64Z3LesKLd-rcsKWO5G4dWAZeGGw3U8fA8oxS-S8xY43J1hvFQHTA519G2m2N0kfN7UgTrCpOEW6ppG1hbcj-Vltbi_XB1SbSfX7kyndXcWSltRhOxAY6asYb3ukpBqtOQtSug75QamBx5nSPKTI35A1llyyHrxgA_jNeSk4vX9BSnshwCnmkopQwIuskqcgAIH_8co1;pui=2ShljixBLrber1pltXZUmg2;

Requested by

Host: cdn.jsdelivr.net
URL: https://cdn.jsdelivr.net/npm/prebid-universal-creative@latest/dist/creative.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.3.30 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

020e991157e30325c4022ba4bda3426cb3c7efe490f94ca76184bb8baa7fbbb9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://1bb2f5328295b63271f24b3569a005c0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.68 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 28 Oct 2022 02:08:11 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
vary: Accept-Encoding
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
cache-control: no-cache, no-store, must-revalidate, no-transform
content-length: 1325
expires: -1

GET
H2 200 adx.js Show response
s1.adform.net/banners/scripts/ Frame 48A2 58 KB
25 KB 30ms
28ms Script
application/javascript 37.157.6.234
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL: https://s1.adform.net/banners/scripts/adx.js
Requested by: Host: cdn.jsdelivr.net
URL: https://cdn.jsdelivr.net/npm/prebid-universal-creative@latest/dist/creative.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.157.6.234 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software: nginx /
Resource Hash: 199fb21b3ebc707aa9045279d3f380910ebe9194b8f4afc54d85ba28e1ee715e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://1bb2f5328295b63271f24b3569a005c0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.68 Safari/537.36

Response headers

date: Fri, 28 Oct 2022 02:08:11 GMT
content-encoding: gzip
last-modified: Wed, 29 Jun 2022 08:28:54 GMT
server: nginx
x-amz-request-id: tx0000004a41012cba66341-00635b33f8-3293868f-default
etag: W/"c3a9d4f9b6981f579551b9a46e32d64a"
x-cache-status: HIT
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-rgw-object-type: Normal
cache-control: public, max-age=604800

GET
H2 200 adition.js Show response
imagesrv.adition.com/js/ Frame 0B88 32 KB
8 KB 37ms
9ms Script
application/javascript 217.79.188.11
MYLOC-AS IP Backb...

General

Check archive.org

Show headers Download Go to

Full URL: https://imagesrv.adition.com/js/adition.js
Requested by: Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/bootstrap.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 217.79.188.11 , Germany, ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE),
Reverse DNS: imagesrv.adition.com
Software: /
Resource Hash: 70e0a3b2c82384039a2e4b31c305c9ef1f72a59b585acad421c54a6101a25237

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://1bb2f5328295b63271f24b3569a005c0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.68 Safari/537.36

Response headers

date: Fri, 28 Oct 2022 02:08:11 GMT
content-encoding: br
last-modified: Thu, 21 Oct 2021 06:32:42 GMT
etag: "4043560335-br"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
accept-ranges: bytes
content-length: 8355

GET
H2 200 js Show response
ad13.adfarm1.adition.com/ Frame 0B88 2 KB
2 KB 42ms
12ms Script
application/x-javascript 217.79.188.54
MYLOC-AS IP Backb...

General

Check archive.org

Show headers Download Go to

Full URL: https://ad13.adfarm1.adition.com/js?wp_id=4712998&gdpr=0&gdpr_consent=&kid=4971351&clickurl=https://track.adform.net/C/?bn=58972845;crtbwp=C1PNzwr_S1MU8kKVt2esI6zboUFQG3yp0;crtbdata=8Is0-W0xFB8FCmELRWv0dJGw4oeJSJONP2JEOT2Wx05w9FpZNL6H_3WaVRBypdJhD-JxScJU-xS_RmYTCk-3bb4Ad9irgI73o0Iqd1QVWoC0CbIUaFpfzNSPEfDRBbsxsZ6dIBoZe8wk9htZkfSqzlxgqLGHCQJuXPDNeiXBeFxf4YKyIznUyWJKOMbX_0CE3wpZObMnWA_gMl0RTiqMM12F77T6YoiAMUg5w0HbVzac-NsRdi9VrSfReS3ZUfoQ47-E-dR6u28oyheO3m3cEdfgVGm6lW7i54nNAYP44fl5WUzKQK_wQpspGhvsamvkWRC72WFv0tSJCPtK3pRmpw1OiY7EkU-hd5jgXtI8UZjhQW6FXjSrzw2;ccsid=16383;adfibeg=0;cdata=8ZOziiAZRzdcYTFkDm1R8gZYIQ1ZJNSGUZq9q0XbC7KLYHbczF61HFsTkdkcJOPg5doVMEcrF91fv3ebkdFtxixB46zJAdm_FtHx1UaMb8S9u9ZTqalY0mxm7XPISLeG6HpPWdUiltrUBtmyS1-mwSBJyOOdpi0-dz45U3LUWsg96NTR3ZsxYd9cO8WoHmXrTDg-lsHtEgAAOXig8tTTnj14Pts0YCTmnxjyCm1nTovvoHYVxqcndotjDhqkeMTjmVE44Ug_lxsd_Vcz9Jb4PbyWsPsyfYvsvRMFfJOYXGFZMX02NmRFSimTx4bQcKRmVwcFWzKwPg5AKwVVbEeREZV_7RbRwQIHxt1X7KDvrsbHFupyiWvTqzHAlFTLL1rNuA8SzxJOmVxPuDAuPMtxzA2;;CREFURL=https%3a%2f%2fikincieltanoto.com;C=1;cpdir=
Requested by: Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/bootstrap.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 217.79.188.54 , Germany, ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE),
Reverse DNS: aa.adfarm1.adition.com
Software: ADITIONSERVER v1.0 /
Resource Hash: 0462437a9dbdb8c498d866d56dfb4d7e48fc9bfe8cd1f3b1cb5dfadb302a6a10

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://1bb2f5328295b63271f24b3569a005c0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.68 Safari/537.36

Response headers

p3p: policyref="https://imagesrv.adition.com/w3c/p3p-ssl.xml",CP="NON DSP ADM DEV PSD IVDo OTPi OUR IND STP PHY PRE NAV UNI"
date: Fri, 28 Oct 2022 04:08:11 +0200
cache-control: max-age=600
content-encoding: gzip
content-type: application/x-javascript
server: ADITIONSERVER v1.0
expires: Sat, 01 Jan 2000 00:00:00 GMT

POST
H2 200 /
track.adform.net/csimpr/ Frame 0B88 35 B
503 B 26ms
26ms Ping
image/gif 37.157.3.30
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://track.adform.net/csimpr/?bn=58972845&csi=X-aRwrDD9g7NvJXPTlqOmEuBTtdTixdKkNHM3EeSHmfrygPkIxxfk89m4HveC4quvgBeuhtcDTm_Jpmn1dIn0mQBbo50IEXs0

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/bootstrap.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.3.30 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://1bb2f5328295b63271f24b3569a005c0.safeframe.googlesyndication.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.68 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Fri, 28 Oct 2022 02:08:11 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
access-control-max-age: 86400
access-control-allow-methods: GET, POST
content-type: image/gif
access-control-allow-origin: https://1bb2f5328295b63271f24b3569a005c0.safeframe.googlesyndication.com
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Cache-Control, Accept-Encoding, X-Requested-With
expires: -1

GET
DATA 200
OK truncated
/ Frame B497 209 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 6f8605346751f4f574c8796bae4fde809a42762df5d643cf930652420b1a09fc

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.68 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 HZrunHRjvTX5MIeL6Ibl7iJKqMmAAzHWmbkaKM7M3x0.js Show response
pagead2.googlesyndication.com/bg/ Frame 1EBB 36 KB
16 KB 36ms
36ms Script
text/javascript 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/HZrunHRjvTX5MIeL6Ibl7iJKqMmAAzHWmbkaKM7M3x0.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1d9aee9c7463bd35f930878be886e5ee224aa8c9800331d699b91a28ceccdf1d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.68 Safari/537.36

Response headers

date: Wed, 26 Oct 2022 18:00:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 115686
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16118
x-xss-protection: 0
last-modified: Thu, 20 Oct 2022 10:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 26 Oct 2023 18:00:05 GMT

GET
H2 200 bootstrap.js Show response
s1.adform.net/stoat/626/s1.adform.net/ Frame 48A2 34 KB
16 KB 26ms
26ms Script
text/javascript 37.157.6.234
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL: https://s1.adform.net/stoat/626/s1.adform.net/bootstrap.js
Requested by: Host: track.adform.net
URL: https://track.adform.net/adfscript/?bn=58972845;rtbwp=C1PNzwr_S1MU8kKVt2esI6zboUFQG3yp0;rtbdata=Bi119AxlmbCDRzKwEuMFB-qED51x65A_02OUv-a4DAyQL06EgLsFwhaX0-yMtyEf9lnj6T3CF0eV46XktEedLm30gM5bloL9Eb6dmA6kWAO0CbIUaFpfzNSPEfDRBbsxsZ6dIBoZe8wk9htZkfSqzlxgqLGHCQJuXPDNeiXBeFxf4YKyIznUyWJKOMbX_0CE3wpZObMnWA_gMl0RTiqMM12F77T6YoiAMUg5w0HbVzac-NsRdi9VrSfReS3ZUfoQ47-E-dR6u28oyheO3m3cEdfgVGm6lW7i54nNAYP44flrRSWip6vSlpspGhvsamvkWRC72WFv0tSJCPtK3pRmpw1OiY7EkU-hd5jgXtI8UZjhQW6FXjSrzw2;csid=16383;adxcmd=QTwuOIuaMWxxWXp_eBE_5w2;adxvars=GFNT8n5GN7F42u1ywTJ-2qRuey6fwVqENsAj64Z3LesKLd-rcsKWO5G4dWAZeGGw3U8fA8oxS-S8xY43J1hvFQHTA519G2m2N0kfN7UgTrCpOEW6ppG1hbcj-Vltbi_XB1SbSfX7kyndXcWSltRhOxAY6asYb3ukpBqtOQtSug75QamBx5nSPKTI35A1llyyHrxgA_jNeSk4vX9BSnshwCnmkopQwIuskqcgAIH_8co1;pui=2ShljixBLrber1pltXZUmg2;
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.157.6.234 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software: nginx /
Resource Hash: 2bc342ab9f4dea0eb0b244afb0e55862e8f8eadf462e36b16c3bdf6b33c0f87d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://1bb2f5328295b63271f24b3569a005c0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.68 Safari/537.36

Response headers

date: Fri, 28 Oct 2022 02:08:11 GMT
content-encoding: gzip
last-modified: Tue, 04 Oct 2022 07:27:56 GMT
server: nginx
x-cache-status: HIT
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=100000
expires: Sat, 29 Oct 2022 05:31:22 GMT

GET
H2 200 banner Show response
ad13.adfarm1.adition.com/ Frame 0B88 3 KB
2 KB 13ms
13ms Script
text/javascript 217.79.188.54
MYLOC-AS IP Backb...

General

Check archive.org

Show headers Download Go to

Full URL: https://ad13.adfarm1.adition.com/banner?sid=4712998&adjsver=3&fvers=&iframe=1&ref=https%3A//1bb2f5328295b63271f24b3569a005c0.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html&ro=https%3A//1bb2f5328295b63271f24b3569a005c0.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html&uao=Mozilla/5.0%20%28Windows%20NT%2010.0%3B%20Win64%3B%20x64%29%20AppleWebKit/537.36%20%28KHTML%2C%20like%20Gecko%29%20Chrome/107.0.5304.68%20Safari/537.36&os=17&browser=11&userid=0&kid=4971351&gdpr=0&screen_res=6&wpt=J&clickurl=https%3A%2F%2Ftrack.adform.net%2FC%2F%3Fbn%3D58972845%3Bcrtbwp%3DC1PNzwr%5FS1MU8kKVt2esI6zboUFQG3yp0%3Bcrtbdata%3D8Is0%2DW0xFB8FCmELRWv0dJGw4oeJSJONP2JEOT2Wx05w9FpZNL6H%5F3WaVRBypdJhD%2DJxScJU%2DxS%5FRmYTCk%2D3bb4Ad9irgI73o0Iqd1QVWoC0CbIUaFpfzNSPEfDRBbsxsZ6dIBoZe8wk9htZkfSqzlxgqLGHCQJuXPDNeiXBeFxf4YKyIznUyWJKOMbX%5F0CE3wpZObMnWA%5FgMl0RTiqMM12F77T6YoiAMUg5w0HbVzac%2DNsRdi9VrSfReS3ZUfoQ47%2DE%2DdR6u28oyheO3m3cEdfgVGm6lW7i54nNAYP44fl5WUzKQK%5FwQpspGhvsamvkWRC72WFv0tSJCPtK3pRmpw1OiY7EkU%2Dhd5jgXtI8UZjhQW6FXjSrzw2%3Bccsid%3D16383%3Badfibeg%3D0%3Bcdata%3D8ZOziiAZRzdcYTFkDm1R8gZYIQ1ZJNSGUZq9q0XbC7KLYHbczF61HFsTkdkcJOPg5doVMEcrF91fv3ebkdFtxixB46zJAdm%5FFtHx1UaMb8S9u9ZTqalY0mxm7XPISLeG6HpPWdUiltrUBtmyS1%2DmwSBJyOOdpi0%2Ddz45U3LUWsg96NTR3ZsxYd9cO8WoHmXrTDg%2DlsHtEgAAOXig8tTTnj14Pts0YCTmnxjyCm1nTovvoHYVxqcndotjDhqkeMTjmVE44Ug%5Flxsd%5FVcz9Jb4PbyWsPsyfYvsvRMFfJOYXGFZMX02NmRFSimTx4bQcKRmVwcFWzKwPg5AKwVVbEeREZV%5F7RbRwQIHxt1X7KDvrsbHFupyiWvTqzHAlFTLL1rNuA8SzxJOmVxPuDAuPMtxzA2%3B%3BCREFURL%3Dhttps%3A%2F%2Fikincieltanoto.com%3BC%3D1%3Bcpdir%3D
Requested by: Host: ad13.adfarm1.adition.com
URL: https://ad13.adfarm1.adition.com/js?wp_id=4712998&gdpr=0&gdpr_consent=&kid=4971351&clickurl=https://track.adform.net/C/?bn=58972845;crtbwp=C1PNzwr_S1MU8kKVt2esI6zboUFQG3yp0;crtbdata=8Is0-W0xFB8FCmELRWv0dJGw4oeJSJONP2JEOT2Wx05w9FpZNL6H_3WaVRBypdJhD-JxScJU-xS_RmYTCk-3bb4Ad9irgI73o0Iqd1QVWoC0CbIUaFpfzNSPEfDRBbsxsZ6dIBoZe8wk9htZkfSqzlxgqLGHCQJuXPDNeiXBeFxf4YKyIznUyWJKOMbX_0CE3wpZObMnWA_gMl0RTiqMM12F77T6YoiAMUg5w0HbVzac-NsRdi9VrSfReS3ZUfoQ47-E-dR6u28oyheO3m3cEdfgVGm6lW7i54nNAYP44fl5WUzKQK_wQpspGhvsamvkWRC72WFv0tSJCPtK3pRmpw1OiY7EkU-hd5jgXtI8UZjhQW6FXjSrzw2;ccsid=16383;adfibeg=0;cdata=8ZOziiAZRzdcYTFkDm1R8gZYIQ1ZJNSGUZq9q0XbC7KLYHbczF61HFsTkdkcJOPg5doVMEcrF91fv3ebkdFtxixB46zJAdm_FtHx1UaMb8S9u9ZTqalY0mxm7XPISLeG6HpPWdUiltrUBtmyS1-mwSBJyOOdpi0-dz45U3LUWsg96NTR3ZsxYd9cO8WoHmXrTDg-lsHtEgAAOXig8tTTnj14Pts0YCTmnxjyCm1nTovvoHYVxqcndotjDhqkeMTjmVE44Ug_lxsd_Vcz9Jb4PbyWsPsyfYvsvRMFfJOYXGFZMX02NmRFSimTx4bQcKRmVwcFWzKwPg5AKwVVbEeREZV_7RbRwQIHxt1X7KDvrsbHFupyiWvTqzHAlFTLL1rNuA8SzxJOmVxPuDAuPMtxzA2;;CREFURL=https%3a%2f%2fikincieltanoto.com;C=1;cpdir=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 217.79.188.54 , Germany, ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE),
Reverse DNS: aa.adfarm1.adition.com
Software: ADITIONSERVER v1.0 /
Resource Hash: 2cff9f468086f8a9f70b5d34dc8fac360485cf757b2df47fe40d89ea4e7fec4c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://1bb2f5328295b63271f24b3569a005c0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.68 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 28 Oct 2022 04:08:11 +0200
content-encoding: gzip
server: ADITIONSERVER v1.0
p3p: policyref="https://imagesrv.adition.com/w3c/p3p-ssl.xml",CP="NON DSP ADM DEV PSD IVDo OTPi OUR IND STP PHY PRE NAV UNI"
content-type: text/javascript
cache-control: no-cache
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 000002425013.jpg
imagesrv.adition.com/banners/3137/files/00/25/00/b5/ Frame 0B88 21 KB
21 KB 10ms
9ms Image
image/jpeg 217.79.188.11
MYLOC-AS IP Backb...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://imagesrv.adition.com/banners/3137/files/00/25/00/b5/000002425013.jpg
Requested by: Host: 1bb2f5328295b63271f24b3569a005c0.safeframe.googlesyndication.com
URL: https://1bb2f5328295b63271f24b3569a005c0.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 217.79.188.11 , Germany, ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE),
Reverse DNS: imagesrv.adition.com
Software: /
Resource Hash: e4eca01d34370cdae740cd74538733cb56346ff162ed65e5cf0c97ee0fff5c73

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://1bb2f5328295b63271f24b3569a005c0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.68 Safari/537.36

Response headers

access-control-allow-origin: *
date: Fri, 28 Oct 2022 02:08:11 GMT
last-modified: Wed, 07 Sep 2022 13:06:31 GMT
accept-ranges: bytes
etag: "1949703084"
content-length: 21238
content-type: image/jpeg

GET
H2 200 ThirdParty Show response
s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.223/e/2gSBggDQ/i/vCAv.IAAAAAUAA/r:types/ Frame 0B88 34 KB
15 KB 25ms
24ms Script
text/javascript 37.157.6.234
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.223/e/2gSBggDQ/i/vCAv.IAAAAAUAA/r:types/ThirdParty
Requested by: Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/bootstrap.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.157.6.234 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software: nginx /
Resource Hash: 41452b2139640ecd9af6b57092cfa4c8564df9ca2f64c952667c1b8f0eea9b8e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://1bb2f5328295b63271f24b3569a005c0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.68 Safari/537.36

Response headers

date: Fri, 28 Oct 2022 02:08:11 GMT
content-encoding: gzip
last-modified: Tue, 04 Oct 2022 07:27:56 GMT
server: nginx
x-cache-status: HIT
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=100000
expires: Sat, 29 Oct 2022 05:32:06 GMT

GET
H2 200 / Show response
track.adform.net/adfserve/ Frame 48A2 9 KB
4 KB 30ms
29ms Script
text/javascript 37.157.3.30
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://track.adform.net/adfserve/?bn=58972845;rtbwp=C1PNzwr_S1MU8kKVt2esI6zboUFQG3yp0;rtbdata=Bi119AxlmbCDRzKwEuMFB-qED51x65A_02OUv-a4DAyQL06EgLsFwhaX0-yMtyEf9lnj6T3CF0eV46XktEedLm30gM5bloL9Eb6dmA6kWAO0CbIUaFpfzNSPEfDRBbsxsZ6dIBoZe8wk9htZkfSqzlxgqLGHCQJuXPDNeiXBeFxf4YKyIznUyWJKOMbX_0CE3wpZObMnWA_gMl0RTiqMM12F77T6YoiAMUg5w0HbVzac-NsRdi9VrSfReS3ZUfoQ47-E-dR6u28oyheO3m3cEdfgVGm6lW7i54nNAYP44flrRSWip6vSlpspGhvsamvkWRC72WFv0tSJCPtK3pRmpw1OiY7EkU-hd5jgXtI8UZjhQW6FXjSrzw2;csid=16383;adxcmd=QTwuOIuaMWxxWXp_eBE_5w2;adxvars=GFNT8n5GN7F42u1ywTJ-2qRuey6fwVqENsAj64Z3LesKLd-rcsKWO5G4dWAZeGGw3U8fA8oxS-S8xY43J1hvFQHTA519G2m2N0kfN7UgTrCpOEW6ppG1hbcj-Vltbi_XB1SbSfX7kyndXcWSltRhOxAY6asYb3ukpBqtOQtSug75QamBx5nSPKTI35A1llyyHrxgA_jNeSk4vX9BSnshwCnmkopQwIuskqcgAIH_8co1;pui=2ShljixBLrber1pltXZUmg2;;js=1;adfxid=2x;10454;set=en-US|en-US|1600X1200|0|750|100|24|8|3|7|1|;fd=0|0&CREFURL=https%3A%2F%2Fikincieltanoto.com

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/bootstrap.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.3.30 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

989085ac4d7b8c5f37fc8ed34d64bd9ae5cdcd28dd488e7d6ef94de40eeea266

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://1bb2f5328295b63271f24b3569a005c0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.68 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 28 Oct 2022 02:08:11 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
vary: Accept-Encoding
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
cache-control: no-cache, no-store, must-revalidate, no-transform
content-length: 3499
expires: -1

GET
H2 200 adition.js Show response
imagesrv.adition.com/js/ Frame 48A2 32 KB
8 KB 10ms
9ms Script
application/javascript 217.79.188.11
MYLOC-AS IP Backb...

General

Check archive.org

Show headers Download Go to

Full URL: https://imagesrv.adition.com/js/adition.js
Requested by: Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/bootstrap.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 217.79.188.11 , Germany, ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE),
Reverse DNS: imagesrv.adition.com
Software: /
Resource Hash: 70e0a3b2c82384039a2e4b31c305c9ef1f72a59b585acad421c54a6101a25237

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://1bb2f5328295b63271f24b3569a005c0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.68 Safari/537.36

Response headers

date: Fri, 28 Oct 2022 02:08:11 GMT
content-encoding: br
last-modified: Thu, 21 Oct 2021 06:32:42 GMT
etag: "4043560335-br"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
accept-ranges: bytes
content-length: 8355

GET
H2 200 js Show response
ad13.adfarm1.adition.com/ Frame 48A2 2 KB
2 KB 12ms
11ms Script
application/x-javascript 217.79.188.54
MYLOC-AS IP Backb...

General

Check archive.org

Show headers Download Go to

Full URL: https://ad13.adfarm1.adition.com/js?wp_id=4712998&gdpr=0&gdpr_consent=&kid=4971351&clickurl=https://track.adform.net/C/?bn=58972845;crtbwp=C1PNzwr_S1MU8kKVt2esI6zboUFQG3yp0;crtbdata=Bi119AxlmbCDRzKwEuMFB-qED51x65A_02OUv-a4DAyQL06EgLsFwhaX0-yMtyEf9lnj6T3CF0eV46XktEedLm30gM5bloL9Eb6dmA6kWAO0CbIUaFpfzNSPEfDRBbsxsZ6dIBoZe8wk9htZkfSqzlxgqLGHCQJuXPDNeiXBeFxf4YKyIznUyWJKOMbX_0CE3wpZObMnWA_gMl0RTiqMM12F77T6YoiAMUg5w0HbVzac-NsRdi9VrSfReS3ZUfoQ47-E-dR6u28oyheO3m3cEdfgVGm6lW7i54nNAYP44flrRSWip6vSlpspGhvsamvkWRC72WFv0tSJCPtK3pRmpw1OiY7EkU-hd5jgXtI8UZjhQW6FXjSrzw2;ccsid=16383;adfibeg=0;cdata=8ZOziiAZRzdcYTFkDm1R8gZYIQ1ZJNSGSGRIgroSyVhPEaS8z2B_6U6pr8t8dA545doVMEcrF91fv3ebkdFtxmFaBeYOX0lCXnDTgG6Nk4y9u9ZTqalY0mxm7XPISLeG6HpPWdUiltrUBtmyS1-mwSBJyOOdpi0-nEI0JE_C2yN6rYjFhPPbI9i-sqLrQPamBJBsfxFWumfA6V9ZYS2CGoORwfIlPeIlW_5lB3K1ALtxSEYA1bWZ5uDg3TNTpkt3JuOi5hVrbG0d_Vcz9Jb4PbyWsPsyfYvsvRMFfJOYXGHhbWv98xjZDHSdY8gRConBVwcFWzKwPg5AKwVVbEeREZV_7RbRwQIHDDcvwQ-r80bHFupyiWvTq2HagJQ1JeQ4uA8SzxJOmVxPuDAuPMtxzA2;;CREFURL=https%3a%2f%2fikincieltanoto.com;C=1;cpdir=
Requested by: Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/bootstrap.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 217.79.188.54 , Germany, ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE),
Reverse DNS: aa.adfarm1.adition.com
Software: ADITIONSERVER v1.0 /
Resource Hash: 8931cca3e363781b45e18c1a6d55a5fd620d881f65f54a54e063cf8c386057af

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://1bb2f5328295b63271f24b3569a005c0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.68 Safari/537.36

Response headers

p3p: policyref="https://imagesrv.adition.com/w3c/p3p-ssl.xml",CP="NON DSP ADM DEV PSD IVDo OTPi OUR IND STP PHY PRE NAV UNI"
date: Fri, 28 Oct 2022 04:08:11 +0200
cache-control: max-age=600
content-encoding: gzip
content-type: application/x-javascript
server: ADITIONSERVER v1.0
expires: Sat, 01 Jan 2000 00:00:00 GMT

POST
H2 200 /
track.adform.net/csimpr/ Frame 48A2 35 B
503 B 26ms
26ms Ping
image/gif 37.157.3.30
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://track.adform.net/csimpr/?bn=58972845&csi=8GwNI-HYXYIC5d_HrtaUbKchnf0F1XfmkNHM3EeSHmcJDwKV3Zer3M9m4HveC4quaRP6eWoF-063st3nkP688mQBbo50IEXs0

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/bootstrap.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.3.30 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://1bb2f5328295b63271f24b3569a005c0.safeframe.googlesyndication.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.68 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Fri, 28 Oct 2022 02:08:11 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
access-control-max-age: 86400
access-control-allow-methods: GET, POST
content-type: image/gif
access-control-allow-origin: https://1bb2f5328295b63271f24b3569a005c0.safeframe.googlesyndication.com
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Cache-Control, Accept-Encoding, X-Requested-With
expires: -1

GET
H2 200 banner Show response
ad13.adfarm1.adition.com/ Frame 48A2 3 KB
2 KB 12ms
12ms Script
text/javascript 217.79.188.54
MYLOC-AS IP Backb...

General

Check archive.org

Show headers Download Go to

Full URL: https://ad13.adfarm1.adition.com/banner?sid=4712998&adjsver=3&fvers=&iframe=1&ref=https%3A//1bb2f5328295b63271f24b3569a005c0.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html&ro=https%3A//1bb2f5328295b63271f24b3569a005c0.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html&uao=Mozilla/5.0%20%28Windows%20NT%2010.0%3B%20Win64%3B%20x64%29%20AppleWebKit/537.36%20%28KHTML%2C%20like%20Gecko%29%20Chrome/107.0.5304.68%20Safari/537.36&os=17&browser=11&userid=7159379301801198821&kid=4971351&gdpr=0&screen_res=6&wpt=J&clickurl=https%3A%2F%2Ftrack.adform.net%2FC%2F%3Fbn%3D58972845%3Bcrtbwp%3DC1PNzwr%5FS1MU8kKVt2esI6zboUFQG3yp0%3Bcrtbdata%3DBi119AxlmbCDRzKwEuMFB%2DqED51x65A%5F02OUv%2Da4DAyQL06EgLsFwhaX0%2DyMtyEf9lnj6T3CF0eV46XktEedLm30gM5bloL9Eb6dmA6kWAO0CbIUaFpfzNSPEfDRBbsxsZ6dIBoZe8wk9htZkfSqzlxgqLGHCQJuXPDNeiXBeFxf4YKyIznUyWJKOMbX%5F0CE3wpZObMnWA%5FgMl0RTiqMM12F77T6YoiAMUg5w0HbVzac%2DNsRdi9VrSfReS3ZUfoQ47%2DE%2DdR6u28oyheO3m3cEdfgVGm6lW7i54nNAYP44flrRSWip6vSlpspGhvsamvkWRC72WFv0tSJCPtK3pRmpw1OiY7EkU%2Dhd5jgXtI8UZjhQW6FXjSrzw2%3Bccsid%3D16383%3Badfibeg%3D0%3Bcdata%3D8ZOziiAZRzdcYTFkDm1R8gZYIQ1ZJNSGSGRIgroSyVhPEaS8z2B%5F6U6pr8t8dA545doVMEcrF91fv3ebkdFtxmFaBeYOX0lCXnDTgG6Nk4y9u9ZTqalY0mxm7XPISLeG6HpPWdUiltrUBtmyS1%2DmwSBJyOOdpi0%2DnEI0JE%5FC2yN6rYjFhPPbI9i%2DsqLrQPamBJBsfxFWumfA6V9ZYS2CGoORwfIlPeIlW%5F5lB3K1ALtxSEYA1bWZ5uDg3TNTpkt3JuOi5hVrbG0d%5FVcz9Jb4PbyWsPsyfYvsvRMFfJOYXGHhbWv98xjZDHSdY8gRConBVwcFWzKwPg5AKwVVbEeREZV%5F7RbRwQIHDDcvwQ%2Dr80bHFupyiWvTq2HagJQ1JeQ4uA8SzxJOmVxPuDAuPMtxzA2%3B%3BCREFURL%3Dhttps%3A%2F%2Fikincieltanoto.com%3BC%3D1%3Bcpdir%3D
Requested by: Host: ad13.adfarm1.adition.com
URL: https://ad13.adfarm1.adition.com/js?wp_id=4712998&gdpr=0&gdpr_consent=&kid=4971351&clickurl=https://track.adform.net/C/?bn=58972845;crtbwp=C1PNzwr_S1MU8kKVt2esI6zboUFQG3yp0;crtbdata=Bi119AxlmbCDRzKwEuMFB-qED51x65A_02OUv-a4DAyQL06EgLsFwhaX0-yMtyEf9lnj6T3CF0eV46XktEedLm30gM5bloL9Eb6dmA6kWAO0CbIUaFpfzNSPEfDRBbsxsZ6dIBoZe8wk9htZkfSqzlxgqLGHCQJuXPDNeiXBeFxf4YKyIznUyWJKOMbX_0CE3wpZObMnWA_gMl0RTiqMM12F77T6YoiAMUg5w0HbVzac-NsRdi9VrSfReS3ZUfoQ47-E-dR6u28oyheO3m3cEdfgVGm6lW7i54nNAYP44flrRSWip6vSlpspGhvsamvkWRC72WFv0tSJCPtK3pRmpw1OiY7EkU-hd5jgXtI8UZjhQW6FXjSrzw2;ccsid=16383;adfibeg=0;cdata=8ZOziiAZRzdcYTFkDm1R8gZYIQ1ZJNSGSGRIgroSyVhPEaS8z2B_6U6pr8t8dA545doVMEcrF91fv3ebkdFtxmFaBeYOX0lCXnDTgG6Nk4y9u9ZTqalY0mxm7XPISLeG6HpPWdUiltrUBtmyS1-mwSBJyOOdpi0-nEI0JE_C2yN6rYjFhPPbI9i-sqLrQPamBJBsfxFWumfA6V9ZYS2CGoORwfIlPeIlW_5lB3K1ALtxSEYA1bWZ5uDg3TNTpkt3JuOi5hVrbG0d_Vcz9Jb4PbyWsPsyfYvsvRMFfJOYXGHhbWv98xjZDHSdY8gRConBVwcFWzKwPg5AKwVVbEeREZV_7RbRwQIHDDcvwQ-r80bHFupyiWvTq2HagJQ1JeQ4uA8SzxJOmVxPuDAuPMtxzA2;;CREFURL=https%3a%2f%2fikincieltanoto.com;C=1;cpdir=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 217.79.188.54 , Germany, ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE),
Reverse DNS: aa.adfarm1.adition.com
Software: ADITIONSERVER v1.0 /
Resource Hash: 68860be790bc1797485701ea94234e31669cfc90df2001ad8d8d0a5326ff819d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://1bb2f5328295b63271f24b3569a005c0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.68 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 28 Oct 2022 04:08:11 +0200
content-encoding: gzip
server: ADITIONSERVER v1.0
p3p: policyref="https://imagesrv.adition.com/w3c/p3p-ssl.xml",CP="NON DSP ADM DEV PSD IVDo OTPi OUR IND STP PHY PRE NAV UNI"
content-type: text/javascript
cache-control: no-cache
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 000002425013.jpg
imagesrv.adition.com/banners/3137/files/00/25/00/b5/ Frame 48A2 21 KB
21 KB 9ms
9ms Image
image/jpeg 217.79.188.11
MYLOC-AS IP Backb...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://imagesrv.adition.com/banners/3137/files/00/25/00/b5/000002425013.jpg
Requested by: Host: ad13.adfarm1.adition.com
URL: https://ad13.adfarm1.adition.com/banner?sid=4712998&adjsver=3&fvers=&iframe=1&ref=https%3A//1bb2f5328295b63271f24b3569a005c0.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html&ro=https%3A//1bb2f5328295b63271f24b3569a005c0.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html&uao=Mozilla/5.0%20%28Windows%20NT%2010.0%3B%20Win64%3B%20x64%29%20AppleWebKit/537.36%20%28KHTML%2C%20like%20Gecko%29%20Chrome/107.0.5304.68%20Safari/537.36&os=17&browser=11&userid=7159379301801198821&kid=4971351&gdpr=0&screen_res=6&wpt=J&clickurl=https%3A%2F%2Ftrack.adform.net%2FC%2F%3Fbn%3D58972845%3Bcrtbwp%3DC1PNzwr%5FS1MU8kKVt2esI6zboUFQG3yp0%3Bcrtbdata%3DBi119AxlmbCDRzKwEuMFB%2DqED51x65A%5F02OUv%2Da4DAyQL06EgLsFwhaX0%2DyMtyEf9lnj6T3CF0eV46XktEedLm30gM5bloL9Eb6dmA6kWAO0CbIUaFpfzNSPEfDRBbsxsZ6dIBoZe8wk9htZkfSqzlxgqLGHCQJuXPDNeiXBeFxf4YKyIznUyWJKOMbX%5F0CE3wpZObMnWA%5FgMl0RTiqMM12F77T6YoiAMUg5w0HbVzac%2DNsRdi9VrSfReS3ZUfoQ47%2DE%2DdR6u28oyheO3m3cEdfgVGm6lW7i54nNAYP44flrRSWip6vSlpspGhvsamvkWRC72WFv0tSJCPtK3pRmpw1OiY7EkU%2Dhd5jgXtI8UZjhQW6FXjSrzw2%3Bccsid%3D16383%3Badfibeg%3D0%3Bcdata%3D8ZOziiAZRzdcYTFkDm1R8gZYIQ1ZJNSGSGRIgroSyVhPEaS8z2B%5F6U6pr8t8dA545doVMEcrF91fv3ebkdFtxmFaBeYOX0lCXnDTgG6Nk4y9u9ZTqalY0mxm7XPISLeG6HpPWdUiltrUBtmyS1%2DmwSBJyOOdpi0%2DnEI0JE%5FC2yN6rYjFhPPbI9i%2DsqLrQPamBJBsfxFWumfA6V9ZYS2CGoORwfIlPeIlW%5F5lB3K1ALtxSEYA1bWZ5uDg3TNTpkt3JuOi5hVrbG0d%5FVcz9Jb4PbyWsPsyfYvsvRMFfJOYXGHhbWv98xjZDHSdY8gRConBVwcFWzKwPg5AKwVVbEeREZV%5F7RbRwQIHDDcvwQ%2Dr80bHFupyiWvTq2HagJQ1JeQ4uA8SzxJOmVxPuDAuPMtxzA2%3B%3BCREFURL%3Dhttps%3A%2F%2Fikincieltanoto.com%3BC%3D1%3Bcpdir%3D
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 217.79.188.11 , Germany, ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE),
Reverse DNS: imagesrv.adition.com
Software: /
Resource Hash: e4eca01d34370cdae740cd74538733cb56346ff162ed65e5cf0c97ee0fff5c73

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://1bb2f5328295b63271f24b3569a005c0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.68 Safari/537.36

Response headers

access-control-allow-origin: *
date: Fri, 28 Oct 2022 02:08:11 GMT
last-modified: Wed, 07 Sep 2022 13:06:31 GMT
accept-ranges: bytes
etag: "1949703084"
content-length: 21238
content-type: image/jpeg

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame B497 0
0 78ms
78ms Fetch
image/gif 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsvxnF6BOuv7vxvnuh3ko_fiyg72kf7RoB7TDC_eGqeWmiwqCRjeGjUmrhcoqYBefJxuMH6JxkENGfi_XmL-K7mLOczzCJcDF_ZqxvVvQA5UYL1xDUVxi-FV8VxIbPW-Ot4aisnwwyPuYPfUBso8idxWJye_g1S1wYhF7siz_Yr4cRSBZ-o7LIhuwDrFRXODhmHrIkErSEl4GqyI8HYgrndt59hF9SkmKOHwwy7cKFw2fF0j0cybwn3xeF3gB79FkVgljxZw-8hsosfAfcKESlv9rUkOWEQ0NRctnrCdIXK3qyiI_R_H80MYIAaJpE98V5Bgx259dqkRNWWq05q9DdicgJmjUhWgL7iSQ6KWQTrqqAVK7ZmowChZ7ZdQSA&sai=AMfl-YSInqWsuL48VI3pGUZhEjTc66Rr9f2CXx4rzh_3nIm1pGWvdZAHcF7tqhB8XVwAQvogqK1531ylI1i95vrtQ--y7OiLr6Qukewa-LDBurrs9FNb71RuDrFF9aVTgyLr&sig=Cg0ArKJSzBn-NbLa4-FUEAE&uach_m=[UACH]&urlfix=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://1bb2f5328295b63271f24b3569a005c0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.68 Safari/537.36

Response headers

date: Fri, 28 Oct 2022 02:08:11 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 28 Oct 2022 02:08:11 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 14 KB
11 KB 134ms
56ms XHR
application/json 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20221026&st=env

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a87e6d76822b32d6c8472148a6991dc7a071dc0045653a4576e17929d7220f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ikincieltanoto.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.68 Safari/537.36

Response headers

date: Fri, 28 Oct 2022 02:08:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11142
x-xss-protection: 0

GET
H2 200 ThirdParty Show response
s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.223/e/2gSBggDQ/i/vCAv.IAAAAAUAA/r:types/ Frame 48A2 34 KB
15 KB 25ms
25ms Script
text/javascript 37.157.6.234
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.223/e/2gSBggDQ/i/vCAv.IAAAAAUAA/r:types/ThirdParty
Requested by: Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/bootstrap.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.157.6.234 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software: nginx /
Resource Hash: 41452b2139640ecd9af6b57092cfa4c8564df9ca2f64c952667c1b8f0eea9b8e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://1bb2f5328295b63271f24b3569a005c0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.68 Safari/537.36

Response headers

date: Fri, 28 Oct 2022 02:08:11 GMT
content-encoding: gzip
last-modified: Tue, 04 Oct 2022 07:27:56 GMT
server: nginx
x-cache-status: HIT
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=100000
expires: Sat, 29 Oct 2022 05:32:06 GMT

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
6 KB 56ms
55ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ikincieltanoto.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.68 Safari/537.36

Response headers

date: Fri, 28 Oct 2022 02:08:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Fri, 28 Oct 2022 02:08:11 GMT

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 3FBD 13 KB
5 KB 36ms
35ms Document
text/html 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ikincieltanoto.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.68 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 161
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Fri, 28 Oct 2022 02:05:30 GMT
expires: Sat, 28 Oct 2023 02:05:30 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 475C 783 B
535 B 49ms
48ms Document
text/html 2a00:1450:4001:806::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

7f1a1a29f99306e4c600c91fa8f31897b4d064b55bffa9cfb7110c623de2ab68

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-VYM7VsjIADH8VUalC2EPJg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://ikincieltanoto.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.68 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private, max-age=300
content-encoding: gzip
content-length: 513
content-security-policy: script-src 'report-sample' 'nonce-VYM7VsjIADH8VUalC2EPJg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Fri, 28 Oct 2022 02:08:11 GMT
expires: Fri, 28 Oct 2022 02:08:11 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 200 HZrunHRjvTX5MIeL6Ibl7iJKqMmAAzHWmbkaKM7M3x0.js Show response
pagead2.googlesyndication.com/bg/ Frame 3FBD 36 KB
16 KB 36ms
36ms Script
text/javascript 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/HZrunHRjvTX5MIeL6Ibl7iJKqMmAAzHWmbkaKM7M3x0.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1d9aee9c7463bd35f930878be886e5ee224aa8c9800331d699b91a28ceccdf1d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.68 Safari/537.36

Response headers

date: Wed, 26 Oct 2022 18:00:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 115686
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16118
x-xss-protection: 0
last-modified: Thu, 20 Oct 2022 10:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 26 Oct 2023 18:00:05 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 475C 0
0 69ms
69ms Image
text/html 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20221026&jk=3905911433213624&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.68 Safari/537.36

Response headers

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame 3FBD 0
10 B 35ms
35ms Image
text/plain 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?IzFH6A
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.68 Safari/537.36

Response headers

date: Fri, 28 Oct 2022 02:08:11 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 1F7B 42 B
64 B 72ms
72ms Fetch
image/gif 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjssEMGOpwQqaLMxCcSWzOM32RMWxoJRUHYgOQ9jZTNE392zEgs3x6ZzF8h--MVPOcfHanijhmAqcsMv5LT4Eo6gaWhdtlS82vXEJsAaVW2cKittMgdfI&sig=Cg0ArKJSzEr8sX1yPuwHEAE&id=lidar2&mcvt=1000&p=1110,436,1200,1164&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20221027&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=19&adk=3996140887&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&vs=4&r=v&rst=1666922890852&rpt=363&isd=0&lsd=0&met=ce&wmsd=0&pbe=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://1bb2f5328295b63271f24b3569a005c0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.68 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 28 Oct 2022 02:08:12 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ 0
0 73ms
73ms Image
text/html 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gda_r20221026&jk=3905911433213624&bg=!NTalNnLNAAZPh4lnb4c7ACkAdvg8WnmWkXqHg7315kZazronHyfaeFNIGRS1hQzk-igAAgIxTsjecQIAAABIUgAAAAJoAQeZAqcTmBs2V-ymNG2RV-Qp52I9h4XGu2brLwm95svHKSoPW9T_0T4vslMgrqDavAAAVHgoOuS7DSWuB9hGRLW10Mf7Eoj28lTtwO2MPKCKTytnoDpb0OWM9RdONOzHfkbr0fWZwUPXOpFAXClGhv-q-ol8bn7UR8Pph9F0oPVqxHplGJ8TljV0O2T1nhvFMdXnCCzC8hwg4qW-zGqnRj9Qo8ErjmOq9aVmrX1EWad8DaqbJzLUZuVT_6FkPqVGxym9MrMt7yu0UNJPKx5JDO9q3n6P2VS63nbmzZ9gMOQ2traEiPRb44ToPevznJYDtKMwJN8Tr16_rkD9blUtQyKizwirQe1ILxRvKBFZFjByBU0KDsTbDkrNOjgpa8ocMkyfAhkNpWWm-T5kEWxZdf6MI-yAvTnO6whwwPQ79joPzvlFuK4AoDmUxz9-JnkhCmbuzWK2B59hPYXJwY_9bDKBprOFGJXDM9q4m2jFQ2jzF-kxl5kgFtgemW0Jk0j5fM3mX0kYKTR9pddZGnNhVpF8uvazsTOwnPNR-robywNEZw9T3H1CWqdHye3tboPNCYwGPU4hQgBPlYT69XV1L_fkw_ixLe9SGr-MRqRd0P90ZCQPRDbkD-aqAYBQhMmfKX5ik9YHtIrcV6kXp1ACERQ2PN4c_FnMfi_nFFPZyBvdqiWgVe-lJYBRPF7T2M40smpQsHuSQhRwt2OhuSHKxMPC6LKIZyuWwITtS0uxlFFTa0xcz3S6rjqWm3uNJIts3DOPNAn9kvNIv8V0ow9ACc1I_3jt6zh8eAcMxxrQDAk8SbjCeHbVR_pBBRCsgI56cmbyJerjU2kdZK07IKtJr_JKfYr_7gGT3aKb2Ti-vqkk7tEEdPyN6ybm0J1NGf1uRdDR0LIbsLNr84c3
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ikincieltanoto.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.68 Safari/537.36

Response headers

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame B497 42 B
64 B 72ms
72ms Fetch
image/gif 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjst0j6_s4LJsaNu2jjRLTEkMKk5fzRDVdEG_gFYL2DD0BgjuEzm0IRgAQolsqCwKvs0sPNy_cdn1wpR_XhVVjng6a6BiLX4eqeJHEmxTqDy0NPMB3Ere&sig=Cg0ArKJSzN8a656vHFG2EAE&id=lidar2&mcvt=1000&p=523,241,613,969&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20221027&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=19&adk=2559231325&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&vs=4&r=v&rst=1666922891279&rpt=278&isd=0&lsd=0&met=ce&wmsd=0&pbe=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://1bb2f5328295b63271f24b3569a005c0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.68 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 28 Oct 2022 02:08:12 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 /
adx.adform.net/adx/unload/ Frame 0B88 35 B
523 B 26ms
25ms Ping
image/gif 37.157.3.30
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://adx.adform.net/adx/unload/?1666922892663

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/banners/scripts/adx.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.3.30 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://1bb2f5328295b63271f24b3569a005c0.safeframe.googlesyndication.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.68 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Fri, 28 Oct 2022 02:08:12 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin: https://1bb2f5328295b63271f24b3569a005c0.safeframe.googlesyndication.com
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
expires: -1

POST
H2 200 /
adx.adform.net/adx/unload/ Frame 48A2 35 B
523 B 26ms
26ms Ping
image/gif 37.157.3.30
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://adx.adform.net/adx/unload/?1666922892749

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/banners/scripts/adx.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.3.30 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://1bb2f5328295b63271f24b3569a005c0.safeframe.googlesyndication.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.68 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Fri, 28 Oct 2022 02:08:12 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin: https://1bb2f5328295b63271f24b3569a005c0.safeframe.googlesyndication.com
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
expires: -1

POST
H2 200 /
track.adform.net/serving/unload/ Frame 0B88 35 B
503 B 27ms
27ms Ping
image/gif 37.157.3.30
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://track.adform.net/serving/unload/?version=15&pud=RfVVWCiPbNLz29iVF2dvPHPqJZ0pS-a6ehSAjxOEu-Q__p93sC5l5piGeiDzdAEnEdpK3lB4xJihPLlCoo-6Ov1lzQwDIS7-xb8gO_2LSHJucpZJaxYMVPe7SftBJOz2LntFy69BEXBsVCFeUJPK7uxszdRYqKpg0&unload=8065884683779288423@@58972845,8232691379741749184,100|1200|0|0|0|0|0|0|0||41|1|||||1|0|0|J78JyOGqX1NX7EYoWZQhUVkiUYzqeYFKC-J5ifD9rWTDYVAsrCMeCxhpnBRkvb3lA7z_uuw_WOM1|iHRnu2phscN42u1ywTJ-2qRuey6fwVqENsAj64Z3LesKLd-rcsKWO5G4dWAZeGGw3U8fA8oxS-Re5IyuuU9XsKZut4S2zc0b254nlOySZGZN1kQM0Y5fUtnltIzFqRTpfIKlvNabdZsqcxZWiY4YiP0J6LWxwVPkSY-zpcQNKrD5QamBx5nSPKTI35A1llyyHrxgA_jNeSk4vX9BSnshwOyP7S_GrBt9kqcgAIH_8co1||11||0

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/bootstrap.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.3.30 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://1bb2f5328295b63271f24b3569a005c0.safeframe.googlesyndication.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.68 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Fri, 28 Oct 2022 02:08:12 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
access-control-max-age: 86400
access-control-allow-methods: GET, POST
content-type: image/gif
access-control-allow-origin: https://1bb2f5328295b63271f24b3569a005c0.safeframe.googlesyndication.com
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Cache-Control, Accept-Encoding, X-Requested-With
expires: -1

POST
H2 200 /
track.adform.net/serving/unload/ Frame 0B88 35 B
503 B 26ms
26ms Ping
image/gif 37.157.3.30
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://track.adform.net/serving/unload/?version=15&unload=8065884683779288423@@58972845,8232691379741749184,100|1200|0|0|0|0|0|0|0||41|1|||||1|0|0|J78JyOGqX1NX7EYoWZQhUVkiUYzqeYFKC-J5ifD9rWTDYVAsrCMeCxhpnBRkvb3lA7z_uuw_WOM1|iHRnu2phscN42u1ywTJ-2qRuey6fwVqENsAj64Z3LesKLd-rcsKWO5G4dWAZeGGw3U8fA8oxS-Re5IyuuU9XsKZut4S2zc0b254nlOySZGZN1kQM0Y5fUtnltIzFqRTpfIKlvNabdZsqcxZWiY4YiP0J6LWxwVPkSY-zpcQNKrD5QamBx5nSPKTI35A1llyyHrxgA_jNeSk4vX9BSnshwOyP7S_GrBt9kqcgAIH_8co1||01||0

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/bootstrap.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.3.30 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://1bb2f5328295b63271f24b3569a005c0.safeframe.googlesyndication.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.68 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Fri, 28 Oct 2022 02:08:12 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
access-control-max-age: 86400
access-control-allow-methods: GET, POST
content-type: image/gif
access-control-allow-origin: https://1bb2f5328295b63271f24b3569a005c0.safeframe.googlesyndication.com
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Cache-Control, Accept-Encoding, X-Requested-With
expires: -1

POST
H3 200 log_event Show response
www.youtube.com/youtubei/v1/ Frame E107 28 B
54 B 51ms
51ms XHR
application/json 2a00:1450:4001:806::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/youtubei/v1/log_event?alt=json&key=AIzaSyAO_FJ2SlqU8Q4STEHLGCilw_Y9_11qcW8

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/19fc75cf/www-embed-player.vflset/www-embed-player.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

scaffolding on HTTPServer2 /

Resource Hash

d7d5e54ad1e33d7ab49c664323ced79cb9723ff15e9764cd0edc3e15208e8336

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.68 Safari/537.36
X-Goog-Request-Time: 1666922892913
Content-Type: application/json
X-YouTube-Utc-Offset: 0
X-YouTube-Client-Name: 56
Referer: https://www.youtube.com/embed/qv_ApCi4J8s?modestbranding=1
X-YouTube-Client-Version: 1.20221026.01.00
X-YouTube-Time-Zone: Etc/Unknown
X-Goog-Visitor-Id: CgtHNU9HS0hlbjJuYyiK8-yaBg%3D%3D
X-YouTube-Ad-Signals: dt=1666922890391&flash=0&frm=2&u_tz&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&bc=31&bih=-12245933&biw=-12245933&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C746%2C366&vis=1&wgl=true&ca_type=image

Response headers

date: Fri, 28 Oct 2022 02:08:12 GMT
content-encoding: br
x-content-type-options: nosniff
server: scaffolding on HTTPServer2
x-frame-options: SAMEORIGIN
vary: Origin, X-Origin, Referer
content-type: application/json; charset=UTF-8
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
cache-control: private
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 31
x-xss-protection: 0
expires: Fri, 28 Oct 2022 02:08:12 GMT

POST
H2 200 /
track.adform.net/serving/unload/ Frame 48A2 35 B
503 B 26ms
26ms Ping
image/gif 37.157.3.30
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://track.adform.net/serving/unload/?version=15&pud=RfVVWCiPbNLz29iVF2dvPHPqJZ0pS-a6ehSAjxOEu-Q__p93sC5l5piGeiDzdAEnEdpK3lB4xJihPLlCoo-6Ov1lzQwDIS7-xb8gO_2LSHJucpZJaxYMVPe7SftBJOz2LntFy69BEXBsVCFeUJPK7uxszdRYqKpg0&unload=8065884683779288423@@58972845,3547272184522615211,100|1194|0|0|0|0|0|0|0||41|1|||||1|0|0|J78JyOGqX1O48M5tcwHHbVkiUYzqeYFKGBptIDmiXbuDZAmj9FFqmxhpnBRkvb3lA7z_uuw_WOM1|GFNT8n5GN7F42u1ywTJ-2qRuey6fwVqENsAj64Z3LesKLd-rcsKWO5G4dWAZeGGw3U8fA8oxS-S8xY43J1hvFQHTA519G2m2N0kfN7UgTrCpOEW6ppG1hbcj-Vltbi_XB1SbSfX7kyndXcWSltRhOxAY6asYb3ukpBqtOQtSug75QamBx5nSPKTI35A1llyyHrxgA_jNeSk4vX9BSnshwCnmkopQwIuskqcgAIH_8co1||11||0

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/bootstrap.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.3.30 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://1bb2f5328295b63271f24b3569a005c0.safeframe.googlesyndication.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.68 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Fri, 28 Oct 2022 02:08:13 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
access-control-max-age: 86400
access-control-allow-methods: GET, POST
content-type: image/gif
access-control-allow-origin: https://1bb2f5328295b63271f24b3569a005c0.safeframe.googlesyndication.com
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Cache-Control, Accept-Encoding, X-Requested-With
expires: -1

POST
H2 200 /
track.adform.net/serving/unload/ Frame 48A2 35 B
503 B 26ms
26ms Ping
image/gif 37.157.3.30
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://track.adform.net/serving/unload/?version=15&unload=8065884683779288423@@58972845,3547272184522615211,100|1194|0|0|0|0|0|0|0||41|1|||||1|0|0|J78JyOGqX1O48M5tcwHHbVkiUYzqeYFKGBptIDmiXbuDZAmj9FFqmxhpnBRkvb3lA7z_uuw_WOM1|GFNT8n5GN7F42u1ywTJ-2qRuey6fwVqENsAj64Z3LesKLd-rcsKWO5G4dWAZeGGw3U8fA8oxS-S8xY43J1hvFQHTA519G2m2N0kfN7UgTrCpOEW6ppG1hbcj-Vltbi_XB1SbSfX7kyndXcWSltRhOxAY6asYb3ukpBqtOQtSug75QamBx5nSPKTI35A1llyyHrxgA_jNeSk4vX9BSnshwCnmkopQwIuskqcgAIH_8co1||01||0

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/bootstrap.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.3.30 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://1bb2f5328295b63271f24b3569a005c0.safeframe.googlesyndication.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.68 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Fri, 28 Oct 2022 02:08:13 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
access-control-max-age: 86400
access-control-allow-methods: GET, POST
content-type: image/gif
access-control-allow-origin: https://1bb2f5328295b63271f24b3569a005c0.safeframe.googlesyndication.com
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Cache-Control, Accept-Encoding, X-Requested-With
expires: -1

GET
H2

200

sid Show response
mug.criteo.com/
Redirect Chain

https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fikincieltanoto.com%2F&domain=ikincieltanoto.com&cw=1&lsw=1
https://mug.criteo.com/sid?cpp=L12xIHw0dTdYa3BUTk93cHE4Q0hBbm8relZNRU9oQUxKRm1zclJKMmU1a0p2emtWRk1rZUR3ekhmejJ3ckNKVHNUR2dMR1JCREZvYWlvMkxXZHNDNVFvM3J0VG1SdkFPQkUxUTlraURPY2NaWkhWOTNJR2l2YTN5NlFHZU...

359 B
647 B

277ms
16ms

XHR
application/json

178.250.0.157
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://mug.criteo.com/sid?cpp=L12xIHw0dTdYa3BUTk93cHE4Q0hBbm8relZNRU9oQUxKRm1zclJKMmU1a0p2emtWRk1rZUR3ekhmejJ3ckNKVHNUR2dMR1JCREZvYWlvMkxXZHNDNVFvM3J0VG1SdkFPQkUxUTlraURPY2NaWkhWOTNJR2l2YTN5NlFHZUJ2VHRQbHY4eDZDa0QyTGlmNE4yNnUwRmFhZWZwcDk3b1lSanR3ejVJQm5TRUFaUzlLNnd3UlVTajRBZDM1WXBtZHpzM1gvUFZMb3JTTUFZS1FwLzJyc1BLTDJoUnlFd3J3YjNqbkUzUFhnRHA1cXorZ2FpSkl5SjNPYVhoK2llSHdhdzR1NlpzfA&cppv=2

Protocol

Server

178.250.0.157 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

63f64cdf082e93bb8d1b56402683825a4fd52e739151b169bfb20116dd145358

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ikincieltanoto.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.68 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 28 Oct 2022 02:08:12 GMT
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
server: Kestrel
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/json; charset=utf-8
access-control-allow-origin: null
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
server-processing-duration-in-ticks: 1115245
expires: 0

Redirect headers

pragma: no-cache
date: Fri, 28 Oct 2022 02:08:12 GMT
strict-transport-security: max-age=31536000; preload;
server: Kestrel
access-control-allow-methods: GET
location: https://mug.criteo.com/sid?cpp=L12xIHw0dTdYa3BUTk93cHE4Q0hBbm8relZNRU9oQUxKRm1zclJKMmU1a0p2emtWRk1rZUR3ekhmejJ3ckNKVHNUR2dMR1JCREZvYWlvMkxXZHNDNVFvM3J0VG1SdkFPQkUxUTlraURPY2NaWkhWOTNJR2l2YTN5NlFHZUJ2VHRQbHY4eDZDa0QyTGlmNE4yNnUwRmFhZWZwcDk3b1lSanR3ejVJQm5TRUFaUzlLNnd3UlVTajRBZDM1WXBtZHpzM1gvUFZMb3JTTUFZS1FwLzJyc1BLTDJoUnlFd3J3YjNqbkUzUFhnRHA1cXorZ2FpSkl5SjNPYVhoK2llSHdhdzR1NlpzfA&cppv=2
access-control-allow-origin: https://ikincieltanoto.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
server-processing-duration-in-ticks: 652759
content-length: 0
expires: 0

OPTIONS
H2 200 json
gum.criteo.com/sid/ Frame 0
0 66ms
14ms Preflight
application/json 2a02:2638:1::13
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fikincieltanoto.com%2F&domain=ikincieltanoto.com&cw=1&lsw=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::13 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: GET
Origin: https://ikincieltanoto.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.68 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: content-type
access-control-allow-methods: GET
access-control-allow-origin: https://ikincieltanoto.com
cache-control: no-cache, no-store, must-revalidate
content-encoding: gzip
content-type: application/json; charset=utf-8
date: Fri, 28 Oct 2022 02:08:12 GMT
expires: 0
pragma: no-cache
server: Kestrel
server-processing-duration-in-ticks: 479405
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding

OPTIONS
H2 200 sid
mug.criteo.com/ Frame 0
0 73ms
20ms Preflight
application/json 178.250.0.157
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.0.157 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: GET
Origin: null
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.68 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: content-type
access-control-allow-methods: GET
access-control-allow-origin: null
cache-control: no-cache, no-store, must-revalidate
content-encoding: gzip
content-type: application/json; charset=utf-8
date: Fri, 28 Oct 2022 02:08:12 GMT
expires: 0
pragma: no-cache
server: Kestrel
server-processing-duration-in-ticks: 438637
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: googlecm.hit.gemius.pl
URL: https://googlecm.hit.gemius.pl/googleredir?rid=tknhntsqez&id=ndBK6L_fzwx7rssCbe8.iLes3yi8eMbF6r2JE6Xu.b7.N7&google_gid=CAESEOEO1AseBKANLCNMJVFHbX8&google_cver=1&google_push=AZmPxg_1GLXeaePnddSIf36asQyFjN4WBoGNioZ_mdXP9FPyIQlDK5XtzX2BtHjzbjseks-7UtJBY3wwXukKfLkNigBYLqmi_K0IkA

Verdicts & Comments Add Verdict or Comment

70 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

32 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.dr6.biz/	1970-01-20 07:45:14	Name: uuid Value: 7fbfb4e3-f80c-402a-91f6-08f94aaa2d99
ikincieltanoto.com/	1970-01-20 07:45:14	Name: _pbjs_userid_consent_data Value: 6683316680106290
.prebid.a-mo.net/	1970-01-20 15:47:38	Name: __amc Value: 1_1666922890_1666922890
.youtube.com/	1969-12-31 23:59:59	Name: YSC Value: _xYx_sextL4
.youtube.com/	1970-01-20 11:21:14	Name: VISITOR_INFO1_LIVE Value: G5OGKHen2nc
.ikincieltanoto.com/	1970-01-20 16:23:38	Name: __gpi Value: UID=00000b7967f50d91:T=1666922890:RT=1666922890:S=ALNI_MYKKD-L1d1_bxseCmxNF-37pAKBXg
.ikincieltanoto.com/	1970-01-20 16:23:38	Name: __gads Value: ID=54aa1578375a89b1:T=1666922890:S=ALNI_MZWaZsbbKg5BiOaSDodLLoBcmwFSw
.doubleclick.net/	1970-01-20 16:23:38	Name: IDE Value: AHWqTUkVBH1sDQSR5UUs0bI9NBNYW-gSXTp60yhwzPSYdXU4v-LwQWnm0BkZiZk7-Iw
.adform.net/	1970-01-20 07:46:44	Name: C Value: 1
.quantserve.com/	1970-01-20 09:11:38	Name: d Value: EAcBCQG4J4EA
.quantserve.com/	1970-01-20 16:32:17	Name: mc Value: 635b398b-5dd5f-315b7-3bd0b
.adform.net/	1970-01-20 08:28:26	Name: uid Value: 8065884683779288423
.adform.net/	1970-01-20 07:12:11	Name: TPC Value: 1666922891365
.pubmatic.com/	1970-01-20 07:03:29	Name: KTPCACOOKIE Value: YES
.adfarm1.adition.com/	1970-01-20 09:11:35	Name: UserID1 Value: 7159379301801198821
.pubmatic.com/	1970-01-20 09:11:38	Name: KADUSERCOOKIE Value: AFB17310-6849-4AAD-96DF-B7843399E45C
.casalemedia.com/	1970-01-20 15:47:38	Name: CMID Value: Y1s5ixDhSD4tU38iTzE4PQAA
.casalemedia.com/	1970-01-20 09:11:38	Name: CMPS Value: 5159
.casalemedia.com/	1970-01-20 09:11:38	Name: CMPRO Value: 5159
.adfarm1.adition.com/	1970-01-20 07:02:04	Name: lv_4971351 Value: w=4712998\|t=1666922891
.casalemedia.com/	1970-01-20 09:11:38	Name: CMTS Value: 5136
.e.dlx.addthis.com/	1970-01-20 16:32:17	Name: na_tc Value: Y
.addthis.com/	1970-01-20 16:32:17	Name: na_id Value: 2022102802081100012946284349
.addthis.com/	1970-01-20 16:32:17	Name: na_tc Value: Y
.addthis.com/	1970-01-20 16:32:17	Name: uid Value: 635b398b90bd6956
.addthis.com/	1970-01-20 16:32:17	Name: ouid Value: 635b398b0001cde2bed45184c9ae3683f9237da66714aa2ba22d
.dlx.addthis.com/	1970-01-20 07:45:14	Name: na_rn Value: 0
.dlx.addthis.com/	1970-01-20 07:45:14	Name: na_sr Value: 20221028
.dlx.addthis.com/	1970-01-20 07:02:02	Name: na_srp Value: 3614
.dlx.addthis.com/	1970-01-20 07:45:14	Name: na_sc_e Value: 0
ikincieltanoto.com/	1970-01-20 16:23:38	Name: cto_bundle Value: DtOdHl82RUFHWTFnbkpObW1Xa1pZOUZqb3NIQkdZSyUyQmxNZW5QbFhHaGZsJTJCbTRhZUZPdm5XRnl1eGsxOGJzcU5kUGtMaHJtTCUyRlViUUhhSWFxJTJCNm1wcDNXczBiSmVIb2tTQ1FuaVpLclVibVFIQnpvaXNSVTlaQTNpTmticU9PSEMlMkZLRmE
ikincieltanoto.com/	1970-01-20 16:23:38	Name: cto_bidid Value: zz6pUF81MXlra2I1TGVGblJWT2IyYlg2TndIalM2eEdpTE91RlN3JTJGTWlGYmJPRFU5MW5sanBsR2E2YUpkdldGYWwxcUU3dVZoaG8xOWxENUN3dEE1OEhWMkF3JTNEJTNE

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://googlecm.hit.gemius.pl/googleredir?rid=tknhntsqez&id=ndBK6L_fzwx7rssCbe8.iLes3yi8eMbF6r2JE6Xu.b7.N7&google_gid=CAESEOEO1AseBKANLCNMJVFHbX8&google_cver=1&google_push=AZmPxg_1GLXeaePnddSIf36asQyFjN4WBoGNioZ_mdXP9FPyIQlDK5XtzX2BtHjzbjseks-7UtJBY3wwXukKfLkNigBYLqmi_K0IkA Message: Failed to load resource: net::ERR_ADDRESS_UNREACHABLE

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

1bb2f5328295b63271f24b3569a005c0.safeframe.googlesyndication.com
ad13.adfarm1.adition.com
adservice.google.com
adservice.google.de
adx.adform.net
cdn.jsdelivr.net
cm.g.doubleclick.net
cms.quantserve.com
dr6.biz
e.dlx.addthis.com
fonts.googleapis.com
fonts.gstatic.com
get.optad360.io
googleads.g.doubleclick.net
googlecm.hit.gemius.pl
gum.criteo.com
i.ytimg.com
ib.adnxs.com
ikincieltanoto.com
image6.pubmatic.com
imagesrv.adition.com
jnn-pa.googleapis.com
mug.criteo.com
pagead2.googlesyndication.com
partner.googleadservices.com
pixel.rubiconproject.com
prebid-eu.creativecdn.com
prebid.a-mo.net
rtb.openx.net
s1.adform.net
script.4dex.io
securepubads.g.doubleclick.net
ssum-sec.casalemedia.com
static.doubleclick.net
tpc.googlesyndication.com
track.adform.net
www.google.com
www.googletagservices.com
www.gstatic.com
www.instagram.com
www.youtube.com
yt3.ggpht.com
googlecm.hit.gemius.pl
104.18.18.126
142.250.181.226
147.75.85.234
178.250.0.157
185.177.92.30
185.184.8.90
198.47.127.19
2.18.232.236
217.79.188.11
217.79.188.54
2600:9000:206f:1000:11:a4de:2580:93a1
2606:4700:20::681a:9a9
2606:4700:3035::ac43:cc26
2606:4700::6810:5714
2620:116:800d:21:93ca:31d8:d86e:38f6
2a00:1450:4001:800::2001
2a00:1450:4001:801::2002
2a00:1450:4001:802::2001
2a00:1450:4001:803::2002
2a00:1450:4001:806::2004
2a00:1450:4001:806::200a
2a00:1450:4001:806::200e
2a00:1450:4001:810::2016
2a00:1450:4001:813::2006
2a00:1450:4001:827::2002
2a00:1450:4001:829::2002
2a00:1450:4001:829::200a
2a00:1450:4001:82a::2003
2a00:1450:4001:82f::2001
2a00:1450:4001:82f::2002
2a00:1450:4001:82f::2003
2a02:2638:1::13
2a03:2880:f21c:81e5:face:b00c:0:4420
35.186.253.211
37.157.3.30
37.157.6.234
37.252.172.123
69.173.144.139
020e991157e30325c4022ba4bda3426cb3c7efe490f94ca76184bb8baa7fbbb9
0462437a9dbdb8c498d866d56dfb4d7e48fc9bfe8cd1f3b1cb5dfadb302a6a10
09090be0e6b984fda9a9a5f2b8abf888c217e0f4babd19c8da346736f2522a6b
092adfd68fdc4159d986e270ee6caf32d50dea0db2a9fdfd0d400216b81d1b8c
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0bcac89d72d5f0b2bef20f815406384ff05489e4294acee57409060c2eccffc5
0be0a63bf8203f2221fabbb360bf07a150a3a84bd85d7774838ba10a4f5eb93c
0c03682256f0ddbfa031d5ee3c2bbb80eea99dab4ffa12622c551dea01359656
14a94b80df7e34f355cd2a8458025cee298be841611de184fbe463ca70b9dda8
15b192d13c1d029346a73cb1b2eb3a1b8905dfe8df1aaf9ced37356de9380e32
199fb21b3ebc707aa9045279d3f380910ebe9194b8f4afc54d85ba28e1ee715e
19d9403b8b5963aaeae98991373ef1f4ec9ed98d649be55e657db8e1302578bc
19f3afc89be947784c0d016e41fd9d23b372564382315df1bbf07fda6ecc504e
1a90b972248dd9891e9b4a4a3fb2550f451cd6f436a817e306a7109d8b51e2e9
1d9aee9c7463bd35f930878be886e5ee224aa8c9800331d699b91a28ceccdf1d
2199788167cb7ebb99af4e01a99551201baaa05492a9e31d5a03ffea292db2a4
24bd212c6a353bd91d062e4a24b28e7c1e604b4fdc2a9e1d631cd4887a6b11c7
280aaa8929329764ac3213ca093c63505cfcc665347939c79905c426d33867c5
2a04fa46b4ebc4bb2c93126695f45b0acf711870e1f169bb95247592c28c24a8
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe
2bc342ab9f4dea0eb0b244afb0e55862e8f8eadf462e36b16c3bdf6b33c0f87d
2cff9f468086f8a9f70b5d34dc8fac360485cf757b2df47fe40d89ea4e7fec4c
34f1b90656ebc5d7b516c949af959b7d23a32c8e5b30124eb45dea8f8008fe30
35dbd6dbf241d5d40c606464098ab9159235be5deef1fa4421f7d584412c7c57
36d8646a0113bb1c559fb31b51e781641d6f284ab6dceea368c8edeac862ed7c
36e3553982da0c1e1e1982e81e9ed5fcfc19e0c3c355996c3a6a318afafa26bd
375e44f78ea18060feee23bbc2780464de6879cc7ff8fa46c76bc3fe77e95c4a
3c992e954f86d3cbfb25c91931e35266fa952013c28e52e62d752fa2b83ea448
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc
41452b2139640ecd9af6b57092cfa4c8564df9ca2f64c952667c1b8f0eea9b8e
425a83873e83e72e8dc653478c3eff037f6e0a321c37c7f92ae46509cfcc8811
46d1791d45e9e6840842ef90f192c2c6f1f4247baa7c1f32f2da75d3a05c0de2
498b3f2a0357fbd50a80eb18b23ab4b461b791d640e5560b799f08ed960748a9
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
529907ad6e2a3c17ef780a13d550a2fae51b89bd95c8d40b98bda94c054ceb6a
53964478a7c634e8dad34ecc303dd8048d00dce4993906de1bacf67f663486ef
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
577da1c6310d12414245f85829a25f193a56aa6a83033a235dfdfddfe5f2d15a
5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7
605b14697226eeb0be6b2c11db8206b70f4c8681c3f921e4ceca4793ce1a95ce
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
63f64cdf082e93bb8d1b56402683825a4fd52e739151b169bfb20116dd145358
67ea46bc3d15351067faccb3613bd833dd3f15137a4b4a09f2e873fd41d024d2
68860be790bc1797485701ea94234e31669cfc90df2001ad8d8d0a5326ff819d
68b6a889d67a3c06eab386055a129f6f585fbcfd9ef1ec7383eb9fe3b55e3bbc
6daf6dde869847e8df9c39234c8bab02fcffac9d4bfc9558df13bda9b151ecc1
6e140393a5c564a0373f5af25fb31419454e956674534b4acee7822a5d1586b9
6f8605346751f4f574c8796bae4fde809a42762df5d643cf930652420b1a09fc
70e0a3b2c82384039a2e4b31c305c9ef1f72a59b585acad421c54a6101a25237
7109518959a6958168f639860050324f4f063fd1697f32677cf9d0180ab02453
721a50808fd3fbf877a230a2154d325e313dbf7b54820f7811a50227f26430aa
752e6964d63cb2677d4cc6cdb6234f37170c2fa4aac435179507321d8ceff023
799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd
7a1265329bae20f5eeac1827256ff2a6d4e7198f89f945776e78957fc6d0fa01
7b3ff9ffea119f693e24c728fa98623a8dfbe58a338b3b2d6b2e7391a93aa40a
7e667c6605e929d7ea78be2628f5bab68b49068479bfb0c60660be3a7b3d3dd2
7f1a1a29f99306e4c600c91fa8f31897b4d064b55bffa9cfb7110c623de2ab68
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
839170f0a42a46cd77b4532c0e52bd1d022031f576e13a1a9b42013d195afa79
84a85c1ce63f1e17e3982561d6613e9052de76819c1b2d72010597ef75fbe3bf
8931cca3e363781b45e18c1a6d55a5fd620d881f65f54a54e063cf8c386057af
89def7428656f40331c1430ee1dc1846ed1e30d7001707b548f9f816d27264a5
8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14
8af9b9a15f8b3bf89384d4b9852e69b6f3155c765c7844ea61ad2fa39a05b1e0
8ea32c322ddba38331755ae30da47ad5d528d971a00eb402e82695c335acb1e5
8ed5540fa753385cbe0c8b8256f6163a67bcedb1de16cfa3991c622467f52e48
955568f35d7cf03a9ebc781f30932f01a7ebfe30c2e61689b4d82679a14b2348
96217f1d27fb909f92b4a6b35a0d3d6775f2f0b4d136d27aee88547d3ed87357
981c0bff12cb03203363a70e8ffe9b7fdf4af3b0b10c7a02a639eb13327574c0
983775b438c242df7cb0ceb87bd2582f96ff0d4e8043f822adf3a3e93261b9a8
989085ac4d7b8c5f37fc8ed34d64bd9ae5cdcd28dd488e7d6ef94de40eeea266
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
9fde8097b110c6b32df834cf82a2eefe32921220b889c244cc1c8208af9bc63d
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
a164367c841f1482d41dd01ac5792444100ada5cea02ee12850f288ac4aa5da5
a35ab5b5f364043f65cdffe2fd54a8821cde714f4f2c948e2b27d68bd60cfbc4
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb
a87e6d76822b32d6c8472148a6991dc7a071dc0045653a4576e17929d7220f4f
aa5ef17f578ea5d863bb5309a30b2804c11eb6a506086818d77e6168eedec3f4
b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e
b409c14a10b4caad6b54844aa63a5faf748b83eecc2dd0d4fb1d913f8de55365
b6a25ff6ea2c8c87be58e3086ef6a3369d000aa507db56571097d5ec55ec730f
bd1840830231dbf9f45eefefacfdf0b6e30cf9df60c8715ea9c296010006ae15
bf53b175405b4d81a5dbdd41dfa3811a86d504adee53fefeb3d4bf9eafbb1e5f
c12337c132fc5b05766adf8806c16a2950c0591708c0c45263bc1496979c1870
cba742853cd1aef8a27ddac9041733e212c07e9dcfbf8ab9da7c22f97972d1c6
d2a76a7ff51b1eb5f1ea0e715070bb3a31274b2a7059597dd9effe100a74a926
d68f4f6e5cc51e2d536b511b45009d80afa4c8160cfd3690c2a7f67ece53e52c
d7d2ac09154ae76e0b661b5126bdaaa7d1863c9bfb86883dd732eaf37b1d0390
d7d5e54ad1e33d7ab49c664323ced79cb9723ff15e9764cd0edc3e15208e8336
d911ee203c42e815733abb1f9f6f396ad746cadfb7e3a15c34d0152b925b73ba
d99f77a187454fecc18b59b2f520b1598b246d01e142bfdc4de56eb7221a9330
dd5a8aa00e081b02567b17fd49c69b563e2cb9eed3cfeab802ebc4688e76318a
de0e3e13ac455201d77e111b8c417ddae1ea4689e4406203baaa78d0ff9532bf
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e4eca01d34370cdae740cd74538733cb56346ff162ed65e5cf0c97ee0fff5c73
e7021c8b706ce1e983eb3ed989326f1213698229b555b851d1134d14022ebab0
e7eee0a1246a87e4ee7bda1b4b818b60e24e4b8fbc22d99cffba1124830020e9
e8fe64429e5900c16c7f8dd7861704e2f4d38e00cbb16bc18820b46d92461389
ebf7b463e2889acb14a10275820b649cd94854066e8a29dc2cbdccba50c7add7
ed87a83a9df154b61d76e8b9b53bb9d23db3eea194e66bca6b575e3e4f7a57bf
edbcd66789533fa7b2997c4b5c03a4df3042683b35384b0199fef3ad78554d2d
edf3124737205468d655adb7e78609ca0fe6bf163c44cbefb5d1f29ff2cdd37c
ee147e859ad0f09aa50367974e38ab53e7c7054c4a51d400a7f45b0eb251454f
eed0dc1fdb5d97ed188ae16fd5e1024a5bb744af47340346be2146300a6c54b9
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f7408c25067cd0a9d9fe835cb4c05e394a50751d3fcde0c461db19a309abb02a
f75e846cc83bd11432f4b1e21a45f31bc85283d11d372f7b19accd1bf6a2635c
f907e6f1bca25770d3ed520388aca640ae04c640a323f77e0e87c7c32cd3f024
f9667c4deaf7d165f552d0a67d4f607272022f5a50fa4c81187b6acbe1c2ae96
ff84803d37b50a114731aa1e6878409085d8283ca761525eac3f1a96f4efdb21

ikincieltanoto.com Open in urlscan Pro 2606:4700:3035::ac43:cc26 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

160 Requests

94 %HTTPS

61 %IPv6

30 Domains

42 Subdomains

35 IPs

6 Countries

3513 kBTransfer

7818 kBSize

32 Cookies

1 Outgoing links

Redirected requests

160 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 5 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

ikincieltanoto.com Open in urlscan Pro
2606:4700:3035::ac43:cc26 Public Scan

Screenshot
Live screenshot

Full Image

160
Requests

94 %
HTTPS

61 %
IPv6

30
Domains

42
Subdomains

35
IPs

6
Countries

3513 kB
Transfer

7818 kB
Size

32
Cookies

160 HTTP transactions
5 data transactions